- 10 11月, 2021 4 次提交
-
-
由 Xin Long 提交于
mainline inclusion from mainline-v5.15 commit a64b341b category: bugfix bugzilla: NA CVE: CVE-2021-3772 ------------------------------------------------- 1. In closed state: in sctp_sf_do_5_1D_ce(): When asoc is NULL, making packet for abort will use chunk's vtag in sctp_ootb_pkt_new(). But when asoc exists, vtag from the chunk should be verified before using peer.i.init_tag to make packet for abort in sctp_ootb_pkt_new(), and just discard it if vtag is not correct. 2. In the other states: in sctp_sf_do_5_2_4_dupcook(): asoc always exists, but duplicate cookie_echo's vtag will be handled by sctp_tietags_compare() and then take actions, so before that we only verify the vtag for the abort sent for invalid chunk length. Fixes: 1da177e4 ("Linux-2.6.12-rc2") Signed-off-by: NXin Long <lucien.xin@gmail.com> Acked-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: NJakub Kicinski <kuba@kernel.org> Signed-off-by: NHuang Guobin <huangguobin4@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: NYue Haibing <yuehaibing@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Xin Long 提交于
mainline inclusion from mainline-v5.15 commit 438b95a7 category: bugfix bugzilla: NA CVE: CVE-2021-3772 ------------------------------------------------- Currently INIT_ACK chunk in non-cookie_echoed state is processed in sctp_sf_discard_chunk() to send an abort with the existent asoc's vtag if the chunk length is not valid. But the vtag in the chunk's sctphdr is not verified, which may be exploited by one to cook a malicious chunk to terminal a SCTP asoc. sctp_sf_discard_chunk() also is called in many other places to send an abort, and most of those have this problem. This patch is to fix it by sending abort with the existent asoc's vtag only if the vtag from the chunk's sctphdr is verified in sctp_sf_discard_chunk(). Note on sctp_sf_do_9_1_abort() and sctp_sf_shutdown_pending_abort(), the chunk length has been verified before sctp_sf_discard_chunk(), so replace it with sctp_sf_discard(). On sctp_sf_do_asconf_ack() and sctp_sf_do_asconf(), move the sctp_chunk_length_valid check ahead of sctp_sf_discard_chunk(), then replace it with sctp_sf_discard(). Fixes: 1da177e4 ("Linux-2.6.12-rc2") Signed-off-by: NXin Long <lucien.xin@gmail.com> Acked-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: NJakub Kicinski <kuba@kernel.org> Signed-off-by: NHuang Guobin <huangguobin4@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: NYue Haibing <yuehaibing@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Huang Guobin 提交于
mainline inclusion from mainline-v5.15 commit eae57839 category: bugfix bugzilla: NA CVE: CVE-2021-3772 ------------------------------------------------- This patch fixes the problems below: 1. In non-shutdown_ack_sent states: in sctp_sf_do_5_1B_init() and sctp_sf_do_5_2_2_dupinit(): chunk length check should be done before any checks that may cause to send abort, as making packet for abort will access the init_tag from init_hdr in sctp_ootb_pkt_new(). 2. In shutdown_ack_sent state: in sctp_sf_do_9_2_reshutack(): The same checks as does in sctp_sf_do_5_2_2_dupinit() is needed for sctp_sf_do_9_2_reshutack(). Fixes: 1da177e4 ("Linux-2.6.12-rc2") Signed-off-by: NXin Long <lucien.xin@gmail.com> Acked-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: NJakub Kicinski <kuba@kernel.org> Signed-off-by: NHuang Guobin <huangguobin4@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: NYue Haibing <yuehaibing@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Xin Long 提交于
mainline inclusion from mainline-v5.15 commit 4f7019c7 category: bugfix bugzilla: NA CVE: CVE-2021-3772 ------------------------------------------------- Currently Linux SCTP uses the verification tag of the existing SCTP asoc when failing to process and sending the packet with the ABORT chunk. This will result in the peer accepting the ABORT chunk and removing the SCTP asoc. One could exploit this to terminate a SCTP asoc. This patch is to fix it by always using the initiate tag of the received INIT chunk for the ABORT chunk to be sent. Fixes: 1da177e4 ("Linux-2.6.12-rc2") Signed-off-by: NXin Long <lucien.xin@gmail.com> Acked-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: NJakub Kicinski <kuba@kernel.org> Signed-off-by: NHuang Guobin <huangguobin4@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: NYue Haibing <yuehaibing@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
- 09 11月, 2021 21 次提交
-
-
由 Qi Liu 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1WQ CVE: NA ------------------------------------------------- Build HISI PMU drivers as modules. Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Shaokun Zhang 提交于
mainline inclusion from mainline-v5.6-rc2 commit 55fdc1f4 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=55fdc1f44cd6bb1d61c9ca946d8f7cd67ea0bf36 ------------------------------------------------------------------------ Some new PMU events can been detected by PMCEID1_EL0, but it can't be listed, Let's expose these through sysfs. Signed-off-by: NShaokun Zhang <zhangshaokun@hisilicon.com> Cc: Will Deacon <will@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Link: https://lore.kernel.org/r/1595328573-12751-2-git-send-email-zhangshaokun@hisilicon.comSigned-off-by: NWill Deacon <will@kernel.org> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Will Deacon 提交于
mainline inclusion from mainline-v4.21-rc1 commit 2ddd5e58 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2ddd5e58252669a96018719adf60f7d078dc8a95 ------------------------------------------------------------------------ There have been some additional events added to the PMU architecture since Armv8.0, so expose them via our sysfs infrastructure. Signed-off-by: NWill Deacon <will.deacon@arm.com> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Shaokun Zhang 提交于
mainline inclusion from mainline-v5.8-rc3 commit 539707ca category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=539707caa1a89ee4efc57b4e4231c20c46575ccc ------------------------------------------------------------------------ When PMU event ID is equal or greater than 0x4000, it will be reduced by 0x4000 and it is not the raw number in the sysfs. Let's correct it and obtain the raw event ID. Before this patch: cat /sys/bus/event_source/devices/armv8_pmuv3_0/events/sample_feed event=0x001 After this patch: cat /sys/bus/event_source/devices/armv8_pmuv3_0/events/sample_feed event=0x4001 Signed-off-by: NShaokun Zhang <zhangshaokun@hisilicon.com> Cc: Will Deacon <will@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/1592487344-30555-3-git-send-email-zhangshaokun@hisilicon.com [will: fixed formatting of 'if' condition] Signed-off-by: NWill Deacon <will@kernel.org> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Will Deacon 提交于
mainline inclusion from mainline-v4.21-rc1 commit 342e53bd category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=342e53bd8548e07c6a734d2d3a6437ad6e6d3b09 ------------------------------------------------------------------------ Armv8.1 allocated the upper 32-bits of the PMCEID registers to describe the common architectural and microarchitecture events beginning at 0x4000. Add support for these registers to our probing code, so that we can advertise the SPE events when they are supported by the CPU. Signed-off-by: NWill Deacon <will.deacon@arm.com> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Robin Murphy 提交于
mainline inclusion from mainline-v5.13-rc3 commit 4c1daba1 category: Bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4c1daba15c209b99d192f147fea3dade30f72ed2 ------------------------------------------------------------------------ With global filtering, we only allow an event to be scheduled if its filter settings exactly match those of any existing events, therefore it is pointless to reapply the filter in that case. Much worse, though, is that in doing that we trample the event type of counter 0 if it's already active, and never touch the appropriate PMEVTYPERn so the new event is likely not counting the right thing either. Don't do that. CC: stable@vger.kernel.org Signed-off-by: NRobin Murphy <robin.murphy@arm.com> Link: https://lore.kernel.org/r/32c80c0e46237f49ad8da0c9f8864e13c4a803aa.1623153312.git.robin.murphy@arm.comSigned-off-by: NWill Deacon <will@kernel.org> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Shaokun Zhang 提交于
mainline inclusion from mainline-v5.9-rc3 commit d51eb416 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d51eb416fa111c1129c46ea3320faab36bf4c99c ------------------------------------------------------------------------ MODULE_*** is used in HiSilicon uncore PMU drivers and is provided by linux/module.h, but the header file is not directly included. Add the missing include. Signed-off-by: NShaokun Zhang <zhangshaokun@hisilicon.com> Cc: Will Deacon <will@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Link: https://lore.kernel.org/r/1599186097-18599-1-git-send-email-zhangshaokun@hisilicon.comSigned-off-by: NWill Deacon <will@kernel.org> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Qi Liu 提交于
mainline inclusion from mainline-v5.8-rc1 commit f32ed8eb category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1WQ CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f32ed8eb0e3f0d0ef4ddb854554d60ca5863a9f9 ------------------------------------------------------------------------ Forcefully unbinding PMU drivers during perf sampling will lead to a kernel panic, because the perf upper-layer framework call a NULL pointer in this situation. To solve this issue, "suppress_bind_attrs" should be set to true, so that bind/unbind can be disabled via sysfs and prevent unbinding PMU drivers during perf sampling. Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NJohn Garry <john.garry@huawei.com> Link: https://lore.kernel.org/r/1594975763-32966-1-git-send-email-liuqi115@huawei.comSigned-off-by: NWill Deacon <will@kernel.org> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Qi Liu 提交于
mainline inclusion from mainline-v5.8-rc1 commit bdc5c744 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1WQ CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bdc5c744c7b6457d18a95c26769dad0e7f480a08 ------------------------------------------------------------------------ When users try to remove PMU modules during perf sampling, kernel panic will happen because the pmu->read() is a NULL pointer here. INFO on HiSilicon hip08 platform as follow: pc : hisi_uncore_pmu_event_update+0x30/0xa4 [hisi_uncore_pmu] lr : hisi_uncore_pmu_read+0x20/0x2c [hisi_uncore_pmu] sp : ffff800010103e90 x29: ffff800010103e90 x28: ffff0027db0c0e40 x27: ffffa29a76f129d8 x26: ffffa29a77ceb000 x25: ffffa29a773a5000 x24: ffffa29a77392000 x23: ffffddffe5943f08 x22: ffff002784285960 x21: ffff002784285800 x20: ffff0027d2e76c80 x19: ffff0027842859e0 x18: ffff80003498bcc8 x17: ffffa29a76afe910 x16: ffffa29a7583f530 x15: 16151a1512061a1e x14: 0000000000000000 x13: ffffa29a76f1e238 x12: 0000000000000001 x11: 0000000000000400 x10: 00000000000009f0 x9 : ffff8000107b3e70 x8 : ffff0027db0c1890 x7 : ffffa29a773a7000 x6 : 00000007f5131013 x5 : 00000007f5131013 x4 : 09f257d417c00000 x3 : 00000002187bd7ce x2 : ffffa29a38f0f0d8 x1 : ffffa29a38eae268 x0 : ffff0027d2e76c80 Call trace: hisi_uncore_pmu_event_update+0x30/0xa4 [hisi_uncore_pmu] hisi_uncore_pmu_read+0x20/0x2c [hisi_uncore_pmu] __perf_event_read+0x1a0/0x1f8 flush_smp_call_function_queue+0xa0/0x160 generic_smp_call_function_single_interrupt+0x18/0x20 handle_IPI+0x31c/0x4dc gic_handle_irq+0x2c8/0x310 el1_irq+0xcc/0x180 arch_cpu_idle+0x4c/0x20c default_idle_call+0x20/0x30 do_idle+0x1b4/0x270 cpu_startup_entry+0x28/0x30 secondary_start_kernel+0x1a4/0x1fc To solve the above issue, current module should be registered to kernel, so that try_module_get() can be invoked when perf sampling starts. This adds the reference counting of module and could prevent users from removing modules during sampling. Reported-by: NHaifeng Wang <wang.wanghaifeng@huawei.com> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NJohn Garry <john.garry@huawei.com> Link: https://lore.kernel.org/r/1594891165-8228-1-git-send-email-liuqi115@huawei.comSigned-off-by: NWill Deacon <will@kernel.org> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Shaokun Zhang 提交于
mainline inclusion from mainline-v5.6-rc2 commit 961abd78 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=961abd78adcb4c72c343fcd9f9dc5e2ebbe9b448 ------------------------------------------------------------------------ In L3C uncore PMU drivers, bit16 is used to control all counters enable & disable. Wrong value is given in the driver and its default value is 1'b1, it can work because each PMU counter has its own control bits too. Let's fix the wrong value. Fixes: 2940bc43 ("perf: hisi: Add support for HiSilicon SoC L3C PMU driver") Signed-off-by: NShaokun Zhang <zhangshaokun@hisilicon.com> Cc: Will Deacon <will@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Link: https://lore.kernel.org/r/1591350221-32275-1-git-send-email-zhangshaokun@hisilicon.comSigned-off-by: NWill Deacon <will@kernel.org> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Jean-Philippe Brucker 提交于
mainline inclusion from mainline-v5.7-rc3 commit 10f6cd2a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=10f6cd2af21bb44faab31a50ec3361d7649e5a39 ------------------------------------------------------------------------ Currently when trying to remove the SMMUv3 PMU module we get a WARN_ON_ONCE from free_irq(), because the affinity hint set during probe hasn't been properly cleared. [ 238.878383] WARNING: CPU: 0 PID: 175 at kernel/irq/manage.c:1744 free_irq+0x324/0x358 ... [ 238.897263] Call trace: [ 238.897998] free_irq+0x324/0x358 [ 238.898792] devm_irq_release+0x18/0x28 [ 238.899189] release_nodes+0x1b0/0x228 [ 238.899984] devres_release_all+0x38/0x60 [ 238.900779] device_release_driver_internal+0x10c/0x1d0 [ 238.901574] driver_detach+0x50/0xe0 [ 238.902368] bus_remove_driver+0x5c/0xd8 [ 238.903448] driver_unregister+0x30/0x60 [ 238.903958] platform_driver_unregister+0x14/0x20 [ 238.905075] arm_smmu_pmu_exit+0x1c/0xecc [arm_smmuv3_pmu] [ 238.905547] __arm64_sys_delete_module+0x14c/0x260 [ 238.906342] el0_svc_common.constprop.0+0x74/0x178 [ 238.907355] do_el0_svc+0x24/0x90 [ 238.907932] el0_sync_handler+0x11c/0x198 [ 238.908979] el0_sync+0x158/0x180 Just like the other perf drivers, clear the affinity hint before releasing the device. Fixes: 7d839b4b ("perf/smmuv3: Add arm64 smmuv3 pmu driver") Signed-off-by: NJean-Philippe Brucker <jean-philippe@linaro.org> Link: https://lore.kernel.org/r/20200422084805.237738-1-jean-philippe@linaro.orgSigned-off-by: NWill Deacon <will@kernel.org> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Zhou Wang 提交于
mainline inclusion from mainline-v5.7-rc3 commit 97807325 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1WQ CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97807325a02b41de2f641d98dda1041549a23cd8 ------------------------------------------------------------------------ This patch lets HiSilicon uncore PMU driver can be built as modules. A common module and three specific uncore PMU driver modules will be built. Export necessary functions in hisi_uncore_pmu module, and change irq_set_affinity to irq_set_affinity_hint to pass compile. Signed-off-by: NZhou Wang <wangzhou1@hisilicon.com> Tested-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NShaokun Zhang <zhangshaokun@hisilicon.com> Link: https://lore.kernel.org/r/1588820305-174479-1-git-send-email-wangzhou1@hisilicon.comSigned-off-by: NWill Deacon <will@kernel.org> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Shaokun Zhang 提交于
mainline inclusion from mainline-v5.6-rc2 commit 88562f06 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=88562f06ebf56587788783e5420f25fde3ca36c8 ------------------------------------------------------------------------ Fix up one typo: wr_dr_64b -> wr_ddr_64b. Fixes: 2bab3cf9 ("perf: hisi: Add support for HiSilicon SoC HHA PMU driver") Signed-off-by: NShaokun Zhang <zhangshaokun@hisilicon.com> Cc: Will Deacon <will@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Link: https://lore.kernel.org/r/1587643530-34357-1-git-send-email-zhangshaokun@hisilicon.comSigned-off-by: NWill Deacon <will@kernel.org> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Shaokun Zhang 提交于
mainline inclusion from mainline-v5.5-rc3 commit 73daf0bb category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=73daf0bba32604a1b414b9ef429cd25aeae5b95e ------------------------------------------------------------------------ hisi_read_sccl_and_ccl_id is not readable and its comment is a little confused, so simplify the function and its comment as Mark's suggestion. Acked-by: NMark Rutland <mark.rutland@arm.com> Reviewed-by: NJohn Garry <john.garry@huawei.com> Suggested-by: NMark Rutland <mark.rutland@arm.com> Signed-off-by: NShaokun Zhang <zhangshaokun@hisilicon.com> Signed-off-by: NWill Deacon <will@kernel.org> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Shaokun Zhang 提交于
mainline inclusion from mainline-v5.4-rc1 commit 8703317a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8703317ae576c9bf3e07e5b97275e3f957e8d74b ------------------------------------------------------------------------ For some HiSilicon platform, the originally designed SCCL_ID and CCL_ID are not satisfied with much rich topology when the MT is set, so we extend the SCCL_ID to MPIDR[aff3] and CCL_ID to MPIDR[aff2]. Let's update this for HiSilicon uncore PMU driver. Cc: John Garry <john.garry@huawei.com> Cc: Hanjun Guo <guohanjun@huawei.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Will Deacon <will@kernel.org> Signed-off-by: NShaokun Zhang <zhangshaokun@hisilicon.com> Signed-off-by: NWill Deacon <will@kernel.org> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Robin Murphy 提交于
mainline inclusion from mainline-v5.3-rc1 commit 3c934735 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c9347351a6ea1234aa647b36f89052de050d2a2 ------------------------------------------------------------------------ With global filtering, it becomes possible for users to construct self-contradictory groups with conflicting filters. Make sure we cover that when initially validating events. Signed-off-by: NRobin Murphy <robin.murphy@arm.com> Signed-off-by: NWill Deacon <will@kernel.org> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Robin Murphy 提交于
mainline inclusion from mainline-v5.3-rc1 commit 33e84ea4 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=33e84ea4330da8a16bda8a871d0cd3c872bcd89f ------------------------------------------------------------------------ Ensure that a group will actually fit into the available counters. Signed-off-by: NRobin Murphy <robin.murphy@arm.com> Signed-off-by: NWill Deacon <will@kernel.org> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Will Deacon 提交于
mainline inclusion from mainline-v5.1-rc3 commit 14ae42a6 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4A1XO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=14ae42a6f0b13130a97d94d23481128961de5d38 ------------------------------------------------------------------------ Since commit 5768402f ("perf/ring_buffer: Use high order allocations for AUX buffers optimistically"), the perf core tends to back aux buffer allocations with high-order pages with the order encoded in the PagePrivate data. The Arm SPE driver explicitly rejects such pages, causing the perf tool to fail with: | failed to mmap with 12 (Cannot allocate memory) In actual fact, we can simply treat these pages just like any other since the perf core takes care to populate the page array appropriately. In theory we could try to map with PMDs where possible, but for now, let's just get things working again. Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Fixes: 5768402f ("perf/ring_buffer: Use high order allocations for AUX buffers optimistically") Reported-by: NHanjun Guo <guohanjun@huawei.com> Tested-by: NHanjun Guo <guohanjun@huawei.com> Tested-by: NSudeep Holla <sudeep.holla@arm.com> Signed-off-by: NWill Deacon <will.deacon@arm.com> Signed-off-by: NQi Liu <liuqi115@huawei.com> Reviewed-by: NYang Jihong <yangjihong1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Tian Tao 提交于
mainline inclusion from mainline-v5.14.0-rc7 commit a0d078d0 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I469VQ CVE: NA Refactoring hibmc_vdac_init, hibmc_connector_init method. --------------------------------------- Use drm_get_edid to get the resolution, if that fails, set it to a fixed resolution. Rewrite the desrtoy callback function to release resources. Signed-off-by: NTian Tao <tiantao6@hisilicon.com> Reviewed-by: NThomas Zimmermann <tzimmermann@suse.de> Link: https://patchwork.freedesktop.org/patch/msgid/1600778670-60370-3-git-send-email-tiantao6@hisilicon.comSigned-off-by: Ngouhao <gouhao@uniontech.com> Reviewed-by: Ntian tao <tiantao6@hisilicon.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Tian Tao 提交于
mainline inclusion from mainline-v5.14.0-rc7 commit 4eb4d99d category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I469VQ CVE: NA Remove #include <drm/drm_probe_helper.h> in hibmc_drm_i2c.c. ----------------------------- Adding driver implementation to support i2c driver algorithms for bit-shift adapters, so hibmc will using the interface provided by drm to read edid. Signed-off-by: NTian Tao <tiantao6@hisilicon.com> Reviewed-by: NThomas Zimmermann <tzimmermann@suse.de> Link: https://patchwork.freedesktop.org/patch/msgid/1600778670-60370-2-git-send-email-tiantao6@hisilicon.comSigned-off-by: Ngouhao <gouhao@uniontech.com> Reviewed-by: Ntian tao <tiantao6@hisilicon.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Arvind Sankar 提交于
stable inclusion from linux-4.19.164 commit b207caff4176e3a6ba273243da2db2e595e4aad2 CVE: CVE-2021-0938 -------------------------------- commit 3347acc6 upstream. Commit 815f0ddb ("include/linux/compiler*.h: make compiler-*.h mutually exclusive") neglected to copy barrier_data() from compiler-gcc.h into compiler-clang.h. The definition in compiler-gcc.h was really to work around clang's more aggressive optimization, so this broke barrier_data() on clang, and consequently memzero_explicit() as well. For example, this results in at least the memzero_explicit() call in lib/crypto/sha256.c:sha256_transform() being optimized away by clang. Fix this by moving the definition of barrier_data() into compiler.h. Also move the gcc/clang definition of barrier() into compiler.h, __memory_barrier() is icc-specific (and barrier() is already defined using it in compiler-intel.h) and doesn't belong in compiler.h. [rdunlap@infradead.org: fix ALPHA builds when SMP is not enabled] Link: https://lkml.kernel.org/r/20201101231835.4589-1-rdunlap@infradead.org Fixes: 815f0ddb ("include/linux/compiler*.h: make compiler-*.h mutually exclusive") Signed-off-by: NArvind Sankar <nivedita@alum.mit.edu> Signed-off-by: NRandy Dunlap <rdunlap@infradead.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Tested-by: NNick Desaulniers <ndesaulniers@google.com> Reviewed-by: NNick Desaulniers <ndesaulniers@google.com> Reviewed-by: NKees Cook <keescook@chromium.org> Cc: <stable@vger.kernel.org> Link: https://lkml.kernel.org/r/20201014212631.207844-1-nivedita@alum.mit.eduSigned-off-by: NLinus Torvalds <torvalds@linux-foundation.org> [nd: backport to account for missing commit e506ea45 ("compiler.h: Split {READ,WRITE}_ONCE definitions out into rwonce.h") commit d08b9f0c ("scs: Add support for Clang's Shadow Call Stack (SCS)") commit a3f8a30f ("Compiler Attributes: use feature checks instead of version checks")] Signed-off-by: NNick Desaulniers <ndesaulniers@google.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NCheng Jian <cj.chengjian@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
- 08 11月, 2021 9 次提交
-
-
由 Huang Guobin 提交于
mainline inclusion from mainline-v5.15 commit b93c6a91 category: bugfix bugzilla: 185687 CVE: NA ------------------------------------------------- When I do fuzz test for bonding device interface, I got the following use-after-free Calltrace: ================================================================== BUG: KASAN: use-after-free in bond_enslave+0x1521/0x24f0 Read of size 8 at addr ffff88825bc11c00 by task ifenslave/7365 CPU: 5 PID: 7365 Comm: ifenslave Tainted: G E 5.15.0-rc1+ #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1 04/01/2014 Call Trace: dump_stack_lvl+0x6c/0x8b print_address_description.constprop.0+0x48/0x70 kasan_report.cold+0x82/0xdb __asan_load8+0x69/0x90 bond_enslave+0x1521/0x24f0 bond_do_ioctl+0x3e0/0x450 dev_ifsioc+0x2ba/0x970 dev_ioctl+0x112/0x710 sock_do_ioctl+0x118/0x1b0 sock_ioctl+0x2e0/0x490 __x64_sys_ioctl+0x118/0x150 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f19159cf577 Code: b3 66 90 48 8b 05 11 89 2c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 78 RSP: 002b:00007ffeb3083c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ffeb3084bca RCX: 00007f19159cf577 RDX: 00007ffeb3083ce0 RSI: 0000000000008990 RDI: 0000000000000003 RBP: 00007ffeb3084bc4 R08: 0000000000000040 R09: 0000000000000000 R10: 00007ffeb3084bc0 R11: 0000000000000246 R12: 00007ffeb3083ce0 R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffeb3083cb0 Allocated by task 7365: kasan_save_stack+0x23/0x50 __kasan_kmalloc+0x83/0xa0 kmem_cache_alloc_trace+0x22e/0x470 bond_enslave+0x2e1/0x24f0 bond_do_ioctl+0x3e0/0x450 dev_ifsioc+0x2ba/0x970 dev_ioctl+0x112/0x710 sock_do_ioctl+0x118/0x1b0 sock_ioctl+0x2e0/0x490 __x64_sys_ioctl+0x118/0x150 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae Freed by task 7365: kasan_save_stack+0x23/0x50 kasan_set_track+0x20/0x30 kasan_set_free_info+0x24/0x40 __kasan_slab_free+0xf2/0x130 kfree+0xd1/0x5c0 slave_kobj_release+0x61/0x90 kobject_put+0x102/0x180 bond_sysfs_slave_add+0x7a/0xa0 bond_enslave+0x11b6/0x24f0 bond_do_ioctl+0x3e0/0x450 dev_ifsioc+0x2ba/0x970 dev_ioctl+0x112/0x710 sock_do_ioctl+0x118/0x1b0 sock_ioctl+0x2e0/0x490 __x64_sys_ioctl+0x118/0x150 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae Last potentially related work creation: kasan_save_stack+0x23/0x50 kasan_record_aux_stack+0xb7/0xd0 insert_work+0x43/0x190 __queue_work+0x2e3/0x970 delayed_work_timer_fn+0x3e/0x50 call_timer_fn+0x148/0x470 run_timer_softirq+0x8a8/0xc50 __do_softirq+0x107/0x55f Second to last potentially related work creation: kasan_save_stack+0x23/0x50 kasan_record_aux_stack+0xb7/0xd0 insert_work+0x43/0x190 __queue_work+0x2e3/0x970 __queue_delayed_work+0x130/0x180 queue_delayed_work_on+0xa7/0xb0 bond_enslave+0xe25/0x24f0 bond_do_ioctl+0x3e0/0x450 dev_ifsioc+0x2ba/0x970 dev_ioctl+0x112/0x710 sock_do_ioctl+0x118/0x1b0 sock_ioctl+0x2e0/0x490 __x64_sys_ioctl+0x118/0x150 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff88825bc11c00 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 0 bytes inside of 1024-byte region [ffff88825bc11c00, ffff88825bc12000) The buggy address belongs to the page: page:ffffea00096f0400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25bc10 head:ffffea00096f0400 order:3 compound_mapcount:0 compound_pincount:0 flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff) raw: 057ff00000010200 ffffea0009a71c08 ffff888240001968 ffff88810004dbc0 raw: 0000000000000000 00000000000a000a 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88825bc11b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88825bc11b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88825bc11c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88825bc11c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88825bc11d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Put new_slave in bond_sysfs_slave_add() will cause use-after-free problems when new_slave is accessed in the subsequent error handling process. Since new_slave will be put in the subsequent error handling process, remove the unnecessary put to fix it. In addition, when sysfs_create_file() fails, if some files have been crea- ted successfully, we need to call sysfs_remove_file() to remove them. Since there are sysfs_create_files() & sysfs_remove_files() can be used, use these two functions instead. Fixes: 7afcaec4 (bonding: use kobject_put instead of _del after kobject_add) Signed-off-by: NHuang Guobin <huangguobin4@huawei.com> Reviewed-by: NJakub Kicinski <kuba@kernel.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net> Signed-off-by: NHuang Guobin <huangguobin4@huawei.com> Reviewed-by: NYue Haibing <yuehaibing@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Hridya Valsaraju 提交于
hulk inclusion category: bugfix bugzilla: NA CVE: CVE-2021-0929 https://source.android.com/security/bulletin/2021-11-01 https://android-review.googlesource.com/c/kernel/common/+/1780045 --------------------------- Since dma_buf_begin/end_cpu_access() calls always used to bracket dma_buf_kmap/kunmap calls, ION performed kmap/kunmap invocations for the buffer during dma_buf_begin/end_cpu_access() calls and cached the results with a kmap counter. However, dma_buf_begin/end_cpu_access() invocations can be triggered from the userspace using the DMA_BUF_IOC_SYNC ioctl as well. This means that a mapping that was created by a device driver using by a dma_buf_kmap() call or an ion_map_kernel() call could be unmapped from userspace if a client accidentally(or maliciously) invoked DMA_BUF_IOCTL_SYNC IOCTL with 'DMA_BUF_SYNC_END' argument since this would inturn invoke dma_buf_end_cpu_access() which would then decrement the kmap counter and invoke kunmap() when the counter gets to 0. This patch moves the kmap/kunmap operations from the begin/end_cpu_access() DMA-BUF ops to the map/unmap DMA-BUF ops to prevent the issue. Bug: 187527909 Change-Id: I00dc8eefefb1f3aab99e770f90d624011f7740f0 Signed-off-by: NHridya Valsaraju <hridya@google.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Jouni Malinen 提交于
stable inclusion from linux-4.19.205 commit 08c613a2cb06c68ef4e7733e052af067b21e5dbb CVE: CVE-2020-3702 -------------------------------- commit ca284802 upstream. Do not delete a key cache entry that is still being referenced by pending frames in TXQs. This avoids reuse of the key cache entry while a frame might still be transmitted using it. To avoid having to do any additional operations during the main TX path operations, track pending key cache entries in a new bitmap and check whether any pending entries can be deleted before every new key add/remove operation. Also clear any remaining entries when stopping the interface. Signed-off-by: NJouni Malinen <jouni@codeaurora.org> Signed-off-by: NKalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201214172118.18100-6-jouni@codeaurora.org Cc: Pali Rohár <pali@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: NYue Haibing <yuehaibing@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Jouni Malinen 提交于
stable inclusion from linux-4.19.205 commit 7c5a966edd3c6eec4a9bdf698c1f27712d1781f0 CVE: CVE-2020-3702 -------------------------------- commit 144cd24d upstream. tkip_keymap can be used internally to avoid the reference to key->cipher and with this, only the key index value itself is needed. This allows ath_key_delete() call to be postponed to be handled after the upper layer STA and key entry have already been removed. This is needed to make ath9k key cache management safer. Signed-off-by: NJouni Malinen <jouni@codeaurora.org> Signed-off-by: NKalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201214172118.18100-5-jouni@codeaurora.org Cc: Pali Rohár <pali@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: NYue Haibing <yuehaibing@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Jouni Malinen 提交于
stable inclusion from linux-4.19.205 commit fb924bfcecc90ca63ca76b5a10f192bd0e1bb35d CVE: CVE-2020-3702 -------------------------------- commit d2d3e364 upstream. ath9k is going to use this for safer management of key cache entries. Signed-off-by: NJouni Malinen <jouni@codeaurora.org> Signed-off-by: NKalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201214172118.18100-4-jouni@codeaurora.org Cc: Pali Rohár <pali@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: NYue Haibing <yuehaibing@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Jouni Malinen 提交于
stable inclusion from linux-4.19.205 commit d2fd9d34210f34cd0ff5b33fa94e9fcc2a513cea CVE: CVE-2020-3702 -------------------------------- commit 73488cb2 upstream. Now that ath/key.c may not be explicitly clearing keys from the key cache, clear all key cache entries when disabling hardware to make sure no keys are left behind beyond this point. Signed-off-by: NJouni Malinen <jouni@codeaurora.org> Signed-off-by: NKalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201214172118.18100-3-jouni@codeaurora.org Cc: Pali Rohár <pali@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: NYue Haibing <yuehaibing@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Jouni Malinen 提交于
stable inclusion from linux-4.19.205 commit dd5815f023b89c9a28325d8a2a5f0779b57b7190 CVE: CVE-2020-3702 -------------------------------- commit 56c5485c upstream. It is possible for there to be pending frames in TXQs with a reference to the key cache entry that is being deleted. If such a key cache entry is cleared, those pending frame in TXQ might get transmitted without proper encryption. It is safer to leave the previously used key into the key cache in such cases. Instead, only clear the MAC address to prevent RX processing from using this key cache entry. This is needed in particularly in AP mode where the TXQs cannot be flushed on station disconnection. This change alone may not be able to address all cases where the key cache entry might get reused for other purposes immediately (the key cache entry should be released for reuse only once the TXQs do not have any remaining references to them), but this makes it less likely to get unprotected frames and the more complete changes may end up being significantly more complex. Signed-off-by: NJouni Malinen <jouni@codeaurora.org> Signed-off-by: NKalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201214172118.18100-2-jouni@codeaurora.org Cc: Pali Rohár <pali@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: NYue Haibing <yuehaibing@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Theodore Ts'o 提交于
mainline inclusion from mainline-5.15-rc1 commit 308c57cc category: bugfix bugzilla: 109297 CVE: NA --------------------------- If the underlying storage device is using thin-provisioning, it's possible for a zeroout operation to return ENOSPC. Commit df22291f ("ext4: Retry block allocation if we have free blocks left") added logic to retry block allocation since we might get free block after we commit a transaction. But the ENOSPC from thin-provisioning will confuse ext4, and lead to an infinite loop. Since using zeroout instead of splitting the extent node is an optimization, if it fails, we might as well fall back to splitting the extent node. Reported-by: Nyangerkun <yangerkun@huawei.com> Signed-off-by: NTheodore Ts'o <tytso@mit.edu> Signed-off-by: Nyangerkun <yangerkun@huawei.com> Reviewed-by: NZhang Yi <yi.zhang@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Lin, Zhenpeng 提交于
mainline inclusion from mainline-v5.15-rc2 commit d9ea761f category: bugfix bugzilla: 85666 CVE: CVE-2020-16119 ------------------------------------------------- Commit 2677d206 ("dccp: don't free ccid2_hc_tx_sock ...") fixed a UAF but reintroduced CVE-2017-6074. When the sock is cloned, two dccps_hc_tx_ccid will reference to the same ccid. So one can free the ccid object twice from two socks after cloning. This issue was found by "Hadar Manor" as well and assigned with CVE-2020-16119, which was fixed in Ubuntu's kernel. So here I port the patch from Ubuntu to fix it. The patch prevents cloned socks from referencing the same ccid. Fixes: 2677d206 ("dccp: don't free ccid2_hc_tx_sock ...") Signed-off-by: NZhenpeng Lin <zplin@psu.edu> Signed-off-by: NDavid S. Miller <davem@davemloft.net> Signed-off-by: NLu Wei <luwei32@huawei.com> Reviewed-by: NYue Haibing <yuehaibing@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
- 05 11月, 2021 6 次提交
-
-
由 Hou Tao 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4H3JT CVE: NA --------------------------- It attaches eBPF program into fs_file_read() and fs_file_release() respectively. The program for fs_file_read() will record read history, calculate read pattern and set f_mode for specific file, And program for fs_file_release() will clean the saved read history. Signed-off-by: NHou Tao <houtao1@huawei.com> Reviewed-by: NKuohai Xu <xukuohai@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Hou Tao 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4H3JT CVE: NA --------------------------- Identify writable tracepoint program by section prefix raw_tracepoint.w/. The correct way is back-porting from commit ccaf12d6 ("libbpf: Support detecting and attaching of writable tracepoint program"), but the refactoring of libbpf makes it hard, so using the same section prefix as ccaf12d6 and post a home-made patch instead. Signed-off-by: NHou Tao <houtao1@huawei.com> Reviewed-by: NKuohai Xu <xukuohai@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Hou Tao 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4H3JT CVE: NA --------------------------- Use fs_file_read_do_trace() and trace_fs_file_release() to do that. Signed-off-by: NHou Tao <houtao1@huawei.com> Acked-by: Nfang wei <fangwei1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Hou Tao 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4H3JT CVE: NA --------------------------- Use fs_file_read_do_trace() and trace_fs_file_release() to do that. Signed-off-by: NHou Tao <houtao1@huawei.com> Acked-by: Nfang wei <fangwei1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Hou Tao 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4H3JT CVE: NA --------------------------- fs_file_read_do_trace() uses writable-tracepoint to update f_mode for file read procedure. Also export it to make it being usable for filesystem kernel module. Signed-off-by: NHou Tao <houtao1@huawei.com> Acked-by: Nfang wei <fangwei1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-
由 Hou Tao 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4H3JT CVE: NA --------------------------- Add a writable bare tracepoint fs_file_read() and a bare tracepoint fs_file_release(). A version field is added to fs_file_read() to support extension of fs_file_read_ctx in future. These two tracepoints need to be exported and will be used by filesystem kernel module. Signed-off-by: NHou Tao <houtao1@huawei.com> Acked-by: Nfang wei <fangwei1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
-