- 19 7月, 2022 40 次提交
-
-
由 Shameer Kolothum 提交于
mainline inclusion from mainline-v5.18-rc1 commit fae74fea category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fae74feacd2d ---------------------------------------------------------------------- Move the PCI Device IDs of HiSilicon ACC VF devices to a common header and also use a uniform naming convention. This will be useful when we introduce the vfio PCI HiSilicon ACC live migration driver in subsequent patches. Cc: Bjorn Helgaas <bhelgaas@google.com> Acked-by: NZhou Wang <wangzhou1@hisilicon.com> Acked-by: NLongfang Liu <liulongfang@huawei.com> Acked-by: NKai Ye <yekai13@huawei.com> Signed-off-by: NShameer Kolothum <shameerali.kolothum.thodi@huawei.com> Acked-by: Bjorn Helgaas <bhelgaas@google.com> # pci_ids.h Link: https://lore.kernel.org/r/20220308184902.2242-4-shameerali.kolothum.thodi@huawei.comSigned-off-by: NAlex Williamson <alex.williamson@redhat.com> Signed-off-by: NJiangshui Yang <yangjiangshui@h-partners.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Longfang Liu 提交于
mainline inclusion from mainline-v5.18-rc1 commit b4b084d7 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b4b084d71332 ---------------------------------------------------------------------- Move Doorbell and Mailbox definitions to common header file. Also export QM mailbox functions. This will be useful when we introduce VFIO PCI HiSilicon ACC live migration driver. Signed-off-by: NLongfang Liu <liulongfang@huawei.com> Acked-by: NZhou Wang <wangzhou1@hisilicon.com> Signed-off-by: NShameer Kolothum <shameerali.kolothum.thodi@huawei.com> Link: https://lore.kernel.org/r/20220308184902.2242-3-shameerali.kolothum.thodi@huawei.comSigned-off-by: NAlex Williamson <alex.williamson@redhat.com> Signed-off-by: NJiangshui Yang <yangjiangshui@h-partners.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Kai Ye 提交于
mainline inclusion from mainline-v5.16-rc1 commit 8bb76527 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bb765271aded24ca724a39701c6e686234c7020 ---------------------------------------------------------------------- Allocate an extra memory page for qp in the qp memory initialization. Set a qp error flag in the extra page addr when device resetting. This error flag can be seen in the userspace. This flag can helps users to stop tasks when device resetting. After resetting, this error flag will be reset when this qp is created again. So app should release the old qp and request a new one, and do the task on the new queue again. Signed-off-by: NKai Ye <yekai13@huawei.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NJiangshui Yang <yangjiangshui@h-partners.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Shameer Kolothum 提交于
mainline inclusion from mainline-v5.18-rc1 commit ff5812e0 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff5812e00d5e ---------------------------------------------------------------------- Since we are going to introduce VFIO PCI HiSilicon ACC driver for live migration in subsequent patches, move the ACC QM header file to a common include dir. Acked-by: NZhou Wang <wangzhou1@hisilicon.com> Acked-by: NLongfang Liu <liulongfang@huawei.com> Acked-by: NKai Ye <yekai13@huawei.com> Signed-off-by: NShameer Kolothum <shameerali.kolothum.thodi@huawei.com> Link: https://lore.kernel.org/r/20220308184902.2242-2-shameerali.kolothum.thodi@huawei.comSigned-off-by: NAlex Williamson <alex.williamson@redhat.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Kai Ye 提交于
mainline inclusion from mainline-v5.18-rc1 commit f8a26528 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f8a265282644 ---------------------------------------------------------------------- It is not need to enable sm4 extra mode in at HW V3. Here is fix it. Signed-off-by: NKai Ye <yekai13@huawei.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Kai Ye 提交于
mainline inclusion from mainline-v5.18-rc1 commit aec01cc8 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aec01cc8d119 ---------------------------------------------------------------------- Added the register configuration of the SVA mode for HW V3. Signed-off-by: NKai Ye <yekai13@huawei.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Kai Ye 提交于
mainline inclusion from mainline-v5.18-rc1 commit 05b3bade category: clean up bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=05b3bade290d ---------------------------------------------------------------------- The kernel test rebot report this warning: Uninitialized variable: ret. The code flow may return value of ret directly. This value is an uninitialized variable, here is fix it. Signed-off-by: NKai Ye <yekai13@huawei.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Kai Ye 提交于
mainline inclusion from mainline-v5.18-rc1 commit 49838259 category: cleanup bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=498382593c7c ---------------------------------------------------------------------- Use the correct print format. Printing an unsigned int value should use %u instead of %d. Signed-off-by: NKai Ye <yekai13@huawei.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Tom Rix 提交于
mainline inclusion from mainline-v5.17-rc1 commit c5d692a2 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5d692a2335d ---------------------------------------------------------------------- Building with clang static analysis returns this warning: qm.c:4382:11: warning: The left operand of '==' is a garbage value if (*val == 0 || *val > QM_QOS_MAX_VAL || ret) { ~~~~ ^ The call to qm_qos_value_init() can return an error without setting *val. So check ret before checking *val. Fixes: 72b010dc ("crypto: hisilicon/qm - supports writing QoS int the host") Signed-off-by: NTom Rix <trix@redhat.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NJiangshui Yang <yangjiangshui@h-partners.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Weili Qian 提交于
mainline inclusion from mainline-v5.17-rc1 commit 4cee0700 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4cee0700cf1d ---------------------------------------------------------------------- For Kunpeng930, if qm clock-gating is enabled, rate limiter will be inaccurate. Therefore, disable clock-gating before doing task. Signed-off-by: NWeili Qian <qianweili@huawei.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Weili Qian 提交于
mainline inclusion from mainline-v5.17-rc1 commit 51fa916b category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51fa916b81e5 ---------------------------------------------------------------------- hpre_curve25519_src_init() allocates memory for 'ptr' before calling memcmp(). If memcmp() returns 0, the function will return '-EINVAL' without freeing memory. Signed-off-by: NWeili Qian <qianweili@huawei.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NJiangshui Yang <yangjiangshui@h-partners.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Weili Qian 提交于
mainline inclusion from mainline-v5.17-rc1 commit 3f9dd4c8 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f9dd4c802b9 ---------------------------------------------------------------------- When hisi_qm_resume() returns 0, it indicates that the device has started successfully. If the device fails to start, hisi_qm_resume() needs to return the actual error code to the caller instead of 0. Fixes: d7ea5339 ("crypto: hisilicon - add runtime PM ops") Signed-off-by: NWeili Qian <qianweili@huawei.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NJiangshui Yang <yangjiangshui@h-partners.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Kai Ye 提交于
mainline inclusion from mainline-v5.17-rc1 commit 13389403 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13389403fe8a ---------------------------------------------------------------------- Some optimize for the calculation of qos shaper parameters. and modify the comments. Signed-off-by: NKai Ye <yekai13@huawei.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NJiangshui Yang <yangjiangshui@h-partners.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Kai Ye 提交于
mainline inclusion from mainline-v5.17-rc1 commit 488f30d4 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=488f30d4b8b3 ---------------------------------------------------------------------- 1. Optimize overly long functions. 2. Fix the format symbol does not match the actual type. 3. Use the PCI_DEVFN to get the function id. Signed-off-by: NKai Ye <yekai13@huawei.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NJiangshui Yang <yangjiangshui@h-partners.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Kai Ye 提交于
mainline inclusion from mainline-v5.17-rc1 commit ecc7169d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecc7169d4f73 ---------------------------------------------------------------------- The value of qos should be reset after flr resetting or device resetting. So set the max of qos value for every function. Then update the value of qos when user writing the alg_qos. Signed-off-by: NKai Ye <yekai13@huawei.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NJiangshui Yang <yangjiangshui@h-partners.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Kai Ye 提交于
mainline inclusion from mainline-v5.17-rc1 commit 376a5c3c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=376a5c3cdd7c ---------------------------------------------------------------------- Modify the value of type rate from new QM spec. Signed-off-by: NKai Ye <yekai13@huawei.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NJiangshui Yang <yangjiangshui@h-partners.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Yang Guang 提交于
mainline inclusion from mainline-v5.17-rc1 commit 574c833e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=574c833ef3a6 ---------------------------------------------------------------------- Use the macro 'swap()' defined in 'include/linux/minmax.h' to avoid opencoding it. Reported-by: NZeal Robot <zealci@zte.com.cn> Signed-off-by: NYang Guang <yang.guang5@zte.com.cn> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NJiangshui Yang <yangjiangshui@h-partners.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Uwe Kleine-König 提交于
mainline inclusion from mainline-v5.16-rc1 commit 1fbbcffd category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5AFY1 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1fbbcffd0ee1 ---------------------------------------------------------------------- Replace dev->driver_name() by dev_driver_string() for the corresponding struct device. This is a step toward removing pci_dev->driver. [bhelgaas: split to separate patch] Link: https://lore.kernel.org/r/20211004125935.2300113-8-u.kleine-koenig@pengutronix.deSigned-off-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: NBjorn Helgaas <bhelgaas@google.com> Signed-off-by: NJiangshui Yang <yangjiangshui@h-partners.com> Reviewed-by: NYang Shen <shenyang39@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Oleksandr Tyshchenko 提交于
mainline inclusion from mainline-v5.19-rc6 commit b75cd218 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5G5TV CVE: CVE-2022-33744 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b75cd218274e01d026dc5240e86fdeb44bbed0c8 -------------------------------- xen/arm: Fix race in RB-tree based P2M accounting During the PV driver life cycle the mappings are added to the RB-tree by set_foreign_p2m_mapping(), which is called from gnttab_map_refs() and are removed by clear_foreign_p2m_mapping() which is called from gnttab_unmap_refs(). As both functions end up calling __set_phys_to_machine_multi() which updates the RB-tree, this function can be called concurrently. There is already a "p2m_lock" to protect against concurrent accesses, but the problem is that the first read of "phys_to_mach.rb_node" in __set_phys_to_machine_multi() is not covered by it, so this might lead to the incorrect mappings update (removing in our case) in RB-tree. In my environment the related issue happens rarely and only when PV net backend is running, the xen_add_phys_to_mach_entry() claims that it cannot add new pfn <-> mfn mapping to the tree since it is already exists which results in a failure when mapping foreign pages. But there might be other bad consequences related to the non-protected root reads such use-after-free, etc. While at it, also fix the similar usage in __pfn_to_mfn(), so initialize "struct rb_node *n" with the "p2m_lock" held in both functions to avoid possible bad consequences. This is CVE-2022-33744 / XSA-406. Signed-off-by: NOleksandr Tyshchenko <oleksandr_tyshchenko@epam.com> Reviewed-by: NStefano Stabellini <sstabellini@kernel.org> Signed-off-by: NJuergen Gross <jgross@suse.com> Signed-off-by: NZhao Wenhui <zhaowenhui8@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: NChen Hui <judy.chenhui@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Yu Kuai 提交于
mainline inclusion from mainline-v5.19-rc1 commit 09dadb59 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5H32C CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09dadb5985023e27d4740ebd17e6fea4640110e5 -------------------------------- In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for more than 368 seconds. Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca #884 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:qemu-nbd state:D stack: 0 pid:11445 ppid: 1 flags:0x00000000 Call Trace: <TASK> __schedule+0x480/0x1050 ? _raw_spin_lock_irqsave+0x3e/0xb0 schedule+0x9c/0x1b0 blk_mq_freeze_queue_wait+0x9d/0xf0 ? ipi_rseq+0x70/0x70 blk_mq_freeze_queue+0x2b/0x40 nbd_add_socket+0x6b/0x270 [nbd] nbd_ioctl+0x383/0x510 [nbd] blkdev_ioctl+0x18e/0x3e0 __x64_sys_ioctl+0xac/0x120 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd8ff706577 RSP: 002b:00007fd8fcdfebf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 00007fd8ff706577 RDX: 000000000000000d RSI: 000000000000ab00 RDI: 000000000000000f RBP: 000000000000000f R08: 000000000000fbe8 R09: 000055fe497c62b0 R10: 00000002aff20000 R11: 0000000000000246 R12: 000000000000006d R13: 0000000000000000 R14: 00007ffe82dc5e70 R15: 00007fd8fcdff9c0 "qemu-ndb -d" will call ioctl 'NBD_DISCONNECT' first, however, following message was found: block nbd0: Send disconnect failed -32 Which indicate that something is wrong with the server. Then, "qemu-nbd -d" will call ioctl 'NBD_CLEAR_SOCK', however ioctl can't clear requests after commit 2516ab15("nbd: only clear the queue on device teardown"). And in the meantime, request can't complete through timeout because nbd_xmit_timeout() will always return 'BLK_EH_RESET_TIMER', which means such request will never be completed in this situation. Now that the flag 'NBD_CMD_INFLIGHT' can make sure requests won't complete multiple times, switch back to call nbd_clear_sock() in nbd_clear_sock_ioctl(), so that inflight requests can be cleared. Signed-off-by: NYu Kuai <yukuai3@huawei.com> Reviewed-by: NJosef Bacik <josef@toxicpanda.com> Link: https://lore.kernel.org/r/20220521073749.3146892-5-yukuai3@huawei.comSigned-off-by: NJens Axboe <axboe@kernel.dk> Reviewed-by: NJason Yan <yanaijie@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Yu Kuai 提交于
mainline inclusion from mainline-v5.19-rc1 commit 2895f183 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5H32C CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2895f1831e911ca87d4efdf43e35eb72a0c7e66e -------------------------------- Otherwise io will hung because request will only be completed if the cmd has the flag 'NBD_CMD_INFLIGHT'. Fixes: 07175cb1 ("nbd: make sure request completion won't concurrent") Signed-off-by: NYu Kuai <yukuai3@huawei.com> Link: https://lore.kernel.org/r/20220521073749.3146892-4-yukuai3@huawei.comSigned-off-by: NJens Axboe <axboe@kernel.dk> Reviewed-by: NJason Yan <yanaijie@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Matthew Wilcox (Oracle) 提交于
mainline inclusion from mainline-5.19-rc4 commit 5ccc944d category: bugfix bugzilla: 186896, https://gitee.com/src-openeuler/kernel/issues/I5GZC8 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5ccc944dce3df5fd2fd683a7df4fd49d1068eba2 ------------------------------------------------- We had an off-by-one error which meant that we never marked the first page in a read as accessed. This was visible as a slowdown when re-reading a file as pages were being evicted from cache too soon. In reviewing this code, we noticed a second bug where a multi-page folio would be marked as accessed multiple times when doing reads that were less than the size of the folio. Abstract the comparison of whether two file positions are in the same folio into a new function, fixing both of these bugs. Reported-by: NYu Kuai <yukuai3@huawei.com> Reviewed-by: NKent Overstreet <kent.overstreet@gmail.com> Signed-off-by: NMatthew Wilcox (Oracle) <willy@infradead.org> Conflict: folios is not supported yet Signed-off-by: NYu Kuai <yukuai3@huawei.com> Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Yu Kuai 提交于
hulk inclusion category: bugfix bugzilla: 186896, https://gitee.com/src-openeuler/kernel/issues/I5GZC8 CVE: NA -------------------------------- This reverts commit 499ecade. Prepare to backport solution from mainline. Signed-off-by: NYu Kuai <yukuai3@huawei.com> Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Duoming Zhou 提交于
stable inclusion from stable-v5.10.129 commit 8f74cb27c2b4872fd14bf046201fa7b36a46885e category: bugfix bugzilla: 187170 https://gitee.com/src-openeuler/kernel/issues/I5FNWN CVE: CVE-2022-2318 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=8f74cb27c2b4872fd14bf046201fa7b36a46885e -------------------------------- commit 9cc02ede upstream. There are UAF bugs in rose_heartbeat_expiry(), rose_timer_expiry() and rose_idletimer_expiry(). The root cause is that del_timer() could not stop the timer handler that is running and the refcount of sock is not managed properly. One of the UAF bugs is shown below: (thread 1) | (thread 2) | rose_bind | rose_connect | rose_start_heartbeat rose_release | (wait a time) case ROSE_STATE_0 | rose_destroy_socket | rose_heartbeat_expiry rose_stop_heartbeat | sock_put(sk) | ... sock_put(sk) // FREE | | bh_lock_sock(sk) // USE The sock is deallocated by sock_put() in rose_release() and then used by bh_lock_sock() in rose_heartbeat_expiry(). Although rose_destroy_socket() calls rose_stop_heartbeat(), it could not stop the timer that is running. The KASAN report triggered by POC is shown below: BUG: KASAN: use-after-free in _raw_spin_lock+0x5a/0x110 Write of size 4 at addr ffff88800ae59098 by task swapper/3/0 ... Call Trace: <IRQ> dump_stack_lvl+0xbf/0xee print_address_description+0x7b/0x440 print_report+0x101/0x230 ? irq_work_single+0xbb/0x140 ? _raw_spin_lock+0x5a/0x110 kasan_report+0xed/0x120 ? _raw_spin_lock+0x5a/0x110 kasan_check_range+0x2bd/0x2e0 _raw_spin_lock+0x5a/0x110 rose_heartbeat_expiry+0x39/0x370 ? rose_start_heartbeat+0xb0/0xb0 call_timer_fn+0x2d/0x1c0 ? rose_start_heartbeat+0xb0/0xb0 expire_timers+0x1f3/0x320 __run_timers+0x3ff/0x4d0 run_timer_softirq+0x41/0x80 __do_softirq+0x233/0x544 irq_exit_rcu+0x41/0xa0 sysvec_apic_timer_interrupt+0x8c/0xb0 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1b/0x20 RIP: 0010:default_idle+0xb/0x10 RSP: 0018:ffffc9000012fea0 EFLAGS: 00000202 RAX: 000000000000bcae RBX: ffff888006660f00 RCX: 000000000000bcae RDX: 0000000000000001 RSI: ffffffff843a11c0 RDI: ffffffff843a1180 RBP: dffffc0000000000 R08: dffffc0000000000 R09: ffffed100da36d46 R10: dfffe9100da36d47 R11: ffffffff83cf0950 R12: 0000000000000000 R13: 1ffff11000ccc1e0 R14: ffffffff8542af28 R15: dffffc0000000000 ... Allocated by task 146: __kasan_kmalloc+0xc4/0xf0 sk_prot_alloc+0xdd/0x1a0 sk_alloc+0x2d/0x4e0 rose_create+0x7b/0x330 __sock_create+0x2dd/0x640 __sys_socket+0xc7/0x270 __x64_sys_socket+0x71/0x80 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Freed by task 152: kasan_set_track+0x4c/0x70 kasan_set_free_info+0x1f/0x40 ____kasan_slab_free+0x124/0x190 kfree+0xd3/0x270 __sk_destruct+0x314/0x460 rose_release+0x2fa/0x3b0 sock_close+0xcb/0x230 __fput+0x2d9/0x650 task_work_run+0xd6/0x160 exit_to_user_mode_loop+0xc7/0xd0 exit_to_user_mode_prepare+0x4e/0x80 syscall_exit_to_user_mode+0x20/0x40 do_syscall_64+0x4f/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 This patch adds refcount of sock when we use functions such as rose_start_heartbeat() and so on to start timer, and decreases the refcount of sock when timer is finished or deleted by functions such as rose_stop_heartbeat() and so on. As a result, the UAF bugs could be mitigated. Fixes: 1da177e4 ("Linux-2.6.12-rc2") Signed-off-by: NDuoming Zhou <duoming@zju.edu.cn> Tested-by: NDuoming Zhou <duoming@zju.edu.cn> Link: https://lore.kernel.org/r/20220629002640.5693-1-duoming@zju.edu.cnSigned-off-by: NPaolo Abeni <pabeni@redhat.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NXu Jia <xujia39@huawei.com> Reviewed-by: Wei Yongjun<weiyongjun1@huawei.com> Reviewed-by: NWang Weiyang <wangweiyang2@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Yu Kuai 提交于
mainline inclusion from mainline-v5.19-rc1 commit c55b2b98 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5G01M CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c55b2b983b0fa012942c3eb16384b2b722caa810 -------------------------------- When nbd module is being removing, nbd_alloc_config() may be called concurrently by nbd_genl_connect(), although try_module_get() will return false, but nbd_alloc_config() doesn't handle it. The race may lead to the leak of nbd_config and its related resources (e.g, recv_workq) and oops in nbd_read_stat() due to the unload of nbd module as shown below: BUG: kernel NULL pointer dereference, address: 0000000000000040 Oops: 0000 [#1] SMP PTI CPU: 5 PID: 13840 Comm: kworker/u17:33 Not tainted 5.14.0+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Workqueue: knbd16-recv recv_work [nbd] RIP: 0010:nbd_read_stat.cold+0x130/0x1a4 [nbd] Call Trace: recv_work+0x3b/0xb0 [nbd] process_one_work+0x1ed/0x390 worker_thread+0x4a/0x3d0 kthread+0x12a/0x150 ret_from_fork+0x22/0x30 Fixing it by checking the return value of try_module_get() in nbd_alloc_config(). As nbd_alloc_config() may return ERR_PTR(-ENODEV), assign nbd->config only when nbd_alloc_config() succeeds to ensure the value of nbd->config is binary (valid or NULL). Also adding a debug message to check the reference counter of nbd_config during module removal. Signed-off-by: NHou Tao <houtao1@huawei.com> Signed-off-by: NYu Kuai <yukuai3@huawei.com> Reviewed-by: NJosef Bacik <josef@toxicpanda.com> Link: https://lore.kernel.org/r/20220521073749.3146892-3-yukuai3@huawei.comSigned-off-by: NJens Axboe <axboe@kernel.dk> Reviewed-by: NJason Yan <yanaijie@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 Yu Kuai 提交于
mainline inclusion from mainline-v5.19-rc1 commit 06c4da89 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5G01M CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=06c4da89c24e7023ea448cadf8e9daf06a0aae6e -------------------------------- Otherwise there may be race between module removal and the handling of netlink command, which can lead to the oops as shown below: BUG: kernel NULL pointer dereference, address: 0000000000000098 Oops: 0002 [#1] SMP PTI CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:down_write+0x1a/0x50 Call Trace: start_creating+0x89/0x130 debugfs_create_dir+0x1b/0x130 nbd_start_device+0x13d/0x390 [nbd] nbd_genl_connect+0x42f/0x748 [nbd] genl_family_rcv_msg_doit.isra.0+0xec/0x150 genl_rcv_msg+0xe5/0x1e0 netlink_rcv_skb+0x55/0x100 genl_rcv+0x29/0x40 netlink_unicast+0x1a8/0x250 netlink_sendmsg+0x21b/0x430 ____sys_sendmsg+0x2a4/0x2d0 ___sys_sendmsg+0x81/0xc0 __sys_sendmsg+0x62/0xb0 __x64_sys_sendmsg+0x1f/0x30 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Modules linked in: nbd(E-) Signed-off-by: NHou Tao <houtao1@huawei.com> Signed-off-by: NYu Kuai <yukuai3@huawei.com> Reviewed-by: NJosef Bacik <josef@toxicpanda.com> Link: https://lore.kernel.org/r/20220521073749.3146892-2-yukuai3@huawei.comSigned-off-by: NJens Axboe <axboe@kernel.dk> Reviewed-by: NJason Yan <yanaijie@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
-
由 LeoLiuoc 提交于
zhaoxin inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I52DS7 CVE: NA -------------------------------------------- Set CONFIG_SENSORS_ZHAOXIN_CPUTEMP to 'm' by default in openeuler_defconfig. Signed-off-by: NLeoLiuoc <LeoLiu-oc@zhaoxin.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
-
由 LeoLiu-oc 提交于
zhaoxin inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I52DS7 CVE: NA -------------------------------------------- Add support for the temperature sensor inside CPU. Supported are all known variants of the Zhaoxin processors. v1: Fix some character encoding mistaken. Signed-off-by: NLeoLiu-oc <LeoLiu-oc@zhaoxin.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
-
由 Li Nan 提交于
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5HL0X CVE: NA ------------------------------- In struct iscsi_transport, "unbind_conn" was added and the kabi is broken. Fix it by using "tgt_dscvr" and caps flag. Signed-off-by: NLi Nan <linan122@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: Nlinan <linan122@huawei.com> Reviewed-by: NJason Yan <yanaijie@huawei.com>
-
由 Zhang Wensheng 提交于
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5HL0X CVE: NA ------------------------------- In struct iscsi_cls_conn, "lock", "flags", "cleanup_work" are added and the kabi is broken, fix it by wrapper. Signed-off-by: NZhang Wensheng <zhangwensheng5@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: NJason Yan <yanaijie@huawei.com>
-
由 Mike Christie 提交于
stable inclusion from stable-v5.10.112 commit 361288633bfa0927b936ed3e1f01b605fb239994 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5HL0X Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=361288633bfa0927b936ed3e1f01b605fb239994 -------------------------------- commit 03690d81 upstream. If a driver raises a connection error before the connection is bound, we can leave a cleanup_work queued that can later run and disconnect/stop a connection that is logged in. The problem is that drivers can call iscsi_conn_error_event for endpoints that are connected but not yet bound when something like the network port they are using is brought down. iscsi_cleanup_conn_work_fn will check for this and exit early, but if the cleanup_work is stuck behind other works, it might not get run until after userspace has done ep_disconnect. Because the endpoint is not yet bound there was no way for ep_disconnect to flush the work. The bug of leaving stop_conns queued was added in: Commit 23d6fefb ("scsi: iscsi: Fix in-kernel conn failure handling") and: Commit 0ab71045 ("scsi: iscsi: Perform connection failure entirely in kernel space") was supposed to fix it, but left this case. This patch moves the conn state check to before we even queue the work so we can avoid queueing. Link: https://lore.kernel.org/r/20220408001314.5014-7-michael.christie@oracle.com Fixes: 0ab71045 ("scsi: iscsi: Perform connection failure entirely in kernel space") Tested-by: NManish Rangankar <mrangankar@marvell.com> Reviewed-by: Lee Duncan <lduncan@@suse.com> Reviewed-by: NChris Leech <cleech@redhat.com> Signed-off-by: NMike Christie <michael.christie@oracle.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
-
由 Mike Christie 提交于
stable inclusion from stable-v5.10.112 commit 129db30599bc8b4a7cd0f219feb1e0154802e3d2 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5HL0X Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=129db30599bc8b4a7cd0f219feb1e0154802e3d2 -------------------------------- commit 0aadafb5 upstream. This patch fixes a bug where when using iSCSI offload we can free an endpoint while userspace still thinks it's active. That then causes the endpoint ID to be reused for a new connection's endpoint while userspace still thinks the ID is for the original connection. Userspace will then end up disconnecting a running connection's endpoint or trying to bind to another connection's endpoint. This bug is a regression added in: Commit 23d6fefb ("scsi: iscsi: Fix in-kernel conn failure handling") where we added a in kernel ep_disconnect call to fix a bug in: Commit 0ab71045 ("scsi: iscsi: Perform connection failure entirely in kernel space") where we would call stop_conn without having done ep_disconnect. This early ep_disconnect call will then free the endpoint and it's ID while userspace still thinks the ID is valid. Fix the early release of the ID by having the in kernel recovery code keep a reference to the endpoint until userspace has called into the kernel to finish cleaning up the endpoint/connection. It requires the previous commit "scsi: iscsi: Release endpoint ID when its freed" which moved the freeing of the ID until when the endpoint is released. Link: https://lore.kernel.org/r/20220408001314.5014-5-michael.christie@oracle.com Fixes: 23d6fefb ("scsi: iscsi: Fix in-kernel conn failure handling") Tested-by: NManish Rangankar <mrangankar@marvell.com> Reviewed-by: NLee Duncan <lduncan@suse.com> Reviewed-by: NChris Leech <cleech@redhat.com> Signed-off-by: NMike Christie <michael.christie@oracle.com> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
-
由 Chao Gao 提交于
stable inclusion from stable-v5.10.112 commit 26f827e095aba4141ffd684276ef54025de27574 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5HL0X Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=26f827e095aba4141ffd684276ef54025de27574 -------------------------------- commit 9e02977b upstream. When we looked into FIO performance with swiotlb enabled in VM, we found swiotlb_bounce() is always called one more time than expected for each DMA read request. It turns out that the bounce buffer is copied to original DMA buffer twice after the completion of a DMA request (one is done by in dma_direct_sync_single_for_cpu(), the other by swiotlb_tbl_unmap_single()). But the content in bounce buffer actually doesn't change between the two rounds of copy. So, one round of copy is redundant. Pass DMA_ATTR_SKIP_CPU_SYNC flag to swiotlb_tbl_unmap_single() to skip the memory copy in it. This fix increases FIO 64KB sequential read throughput in a guest with swiotlb=force by 5.6%. Fixes: 55897af6 ("dma-direct: merge swiotlb_dma_ops into the dma_direct code") Reported-by: NWang Zhaoyang1 <zhaoyang1.wang@intel.com> Reported-by: NGao Liang <liang.gao@intel.com> Signed-off-by: NChao Gao <chao.gao@intel.com> Reviewed-by: NKevin Tian <kevin.tian@intel.com> Signed-off-by: NChristoph Hellwig <hch@lst.de> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
-
由 Anna-Maria Behnsen 提交于
stable inclusion from stable-v5.10.112 commit 9a5a4d23e24d39784b643e5db2e4c3a97da4a1ac category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5HL0X Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9a5a4d23e24d39784b643e5db2e4c3a97da4a1ac -------------------------------- commit c54bc0fc upstream. When the timer base is empty, base::next_expiry is set to base::clk + NEXT_TIMER_MAX_DELTA and base::next_expiry_recalc is false. When no timer is queued until jiffies reaches base::next_expiry value, the warning for not finding any expired timer and base::next_expiry_recalc is false in __run_timers() triggers. To prevent triggering the warning in this valid scenario base::timers_pending needs to be added to the warning condition. Fixes: 31cd0e11 ("timers: Recalculate next timer interrupt only when necessary") Reported-by: NJohannes Berg <johannes@sipsolutions.net> Signed-off-by: NAnna-Maria Behnsen <anna-maria@linutronix.de> Signed-off-by: NThomas Gleixner <tglx@linutronix.de> Reviewed-by: NFrederic Weisbecker <frederic@kernel.org> Link: https://lore.kernel.org/r/20220405191732.7438-3-anna-maria@linutronix.deSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
-
由 Martin Povišer 提交于
stable inclusion from stable-v5.10.112 commit 84837f43e56fc2594f07a49399667c467de527a3 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5HL0X Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=84837f43e56fc2594f07a49399667c467de527a3 -------------------------------- commit bd8963e6 upstream. Wait for completion of write transfers before returning from the driver. At first sight it may seem advantageous to leave write transfers queued for the controller to carry out on its own time, but there's a couple of issues with it: * Driver doesn't check for FIFO space. * The queued writes can complete while the driver is in its I2C read transfer path which means it will get confused by the raising of XEN (the 'transaction ended' signal). This can cause a spurious ENODATA error due to premature reading of the MRXFIFO register. Adding the wait fixes some unreliability issues with the driver. There's some efficiency cost to it (especially with pasemi_smb_waitready doing its polling), but that will be alleviated once the driver receives interrupt support. Fixes: beb58aa3 ("i2c: PA Semi SMBus driver") Signed-off-by: NMartin Povišer <povik+lin@cutebit.org> Reviewed-by: NSven Peter <sven@svenpeter.dev> Signed-off-by: NWolfram Sang <wsa@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
-
由 Nadav Amit 提交于
stable inclusion from stable-v5.10.112 commit 89496d80bf847b49cb1349a7028b8b3c6e595d95 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5HL0X Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=89496d80bf847b49cb1349a7028b8b3c6e595d95 -------------------------------- commit 9e949a38 upstream. The check in flush_smp_call_function_queue() for callbacks that are sent to offline CPUs currently checks whether the queue is empty. However, flush_smp_call_function_queue() has just deleted all the callbacks from the queue and moved all the entries into a local list. This checks would only be positive if some callbacks were added in the short time after llist_del_all() was called. This does not seem to be the intention of this check. Change the check to look at the local list to which the entries were moved instead of the queue from which all the callbacks were just removed. Fixes: 8d056c48 ("CPU hotplug, smp: flush any pending IPI callbacks before CPU offline") Signed-off-by: NNadav Amit <namit@vmware.com> Signed-off-by: NThomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20220319072015.1495036-1-namit@vmware.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
-
由 Mikulas Patocka 提交于
stable inclusion from stable-v5.10.112 commit cd02b2687d66f0a8e716384de4b9a0671331f1dc category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5HL0X Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=cd02b2687d66f0a8e716384de4b9a0671331f1dc -------------------------------- commit 08c1af8f upstream. It is possible to set up dm-integrity in such a way that the "tag_size" parameter is less than the actual digest size. In this situation, a part of the digest beyond tag_size is ignored. In this case, dm-integrity would write beyond the end of the ic->recalc_tags array and corrupt memory. The corruption happened in integrity_recalc->integrity_sector_checksum->crypto_shash_final. Fix this corruption by increasing the tags array so that it has enough padding at the end to accomodate the loop in integrity_recalc() being able to write a full digest size for the last member of the tags array. Cc: stable@vger.kernel.org # v4.19+ Signed-off-by: NMikulas Patocka <mpatocka@redhat.com> Signed-off-by: NMike Snitzer <snitzer@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
-
由 Nathan Chancellor 提交于
stable inclusion from stable-v5.10.112 commit 0a312ec66a03133d28570f07bc52749ccfef54da category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5HL0X Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0a312ec66a03133d28570f07bc52749ccfef54da -------------------------------- commit 83a1cde5 upstream. With newer versions of GCC, there is a panic in da850_evm_config_emac() when booting multi_v5_defconfig in QEMU under the palmetto-bmc machine: Unable to handle kernel NULL pointer dereference at virtual address 00000020 pgd = (ptrval) [00000020] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper Not tainted 5.15.0 #1 Hardware name: Generic DT based system PC is at da850_evm_config_emac+0x1c/0x120 LR is at do_one_initcall+0x50/0x1e0 The emac_pdata pointer in soc_info is NULL because davinci_soc_info only gets populated on davinci machines but da850_evm_config_emac() is called on all machines via device_initcall(). Move the rmii_en assignment below the machine check so that it is only dereferenced when running on a supported SoC. Fixes: bae10587 ("davinci: DA850/OMAP-L138 EVM: implement autodetect of RMII PHY") Signed-off-by: NNathan Chancellor <nathan@kernel.org> Reviewed-by: NArnd Bergmann <arnd@arndb.de> Reviewed-by: NBartosz Golaszewski <brgl@bgdev.pl> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/YcS4xVWs6bQlQSPC@archlinux-ax161/Signed-off-by: NArnd Bergmann <arnd@arndb.de> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
-
由 Paul Gortmaker 提交于
stable inclusion from stable-v5.10.112 commit 0806f1930562c1522cef061353e3d6a8d78899d0 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5HL0X Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0806f1930562c1522cef061353e3d6a8d78899d0 -------------------------------- commit 40e97e42 upstream. While running some testing on code that happened to allow the variable tick_nohz_full_running to get set but with no "possible" NOHZ cores to back up that setting, this warning triggered: if (unlikely(tick_do_timer_cpu == TICK_DO_TIMER_NONE)) WARN_ON(tick_nohz_full_running); The console was overwhemled with an endless stream of one WARN per tick per core and there was no way to even see what was going on w/o using a serial console to capture it and then trace it back to this. Change it to WARN_ON_ONCE(). Fixes: 08ae95f4 ("nohz_full: Allow the boot CPU to be nohz_full") Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: NThomas Gleixner <tglx@linutronix.de> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20211206145950.10927-3-paul.gortmaker@windriver.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
-
由 Rei Yamamoto 提交于
stable inclusion from stable-v5.10.112 commit 0275c75955d1cdec07bc6d4f6551dbf253c2aaeb category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5HL0X Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0275c75955d1cdec07bc6d4f6551dbf253c2aaeb -------------------------------- commit 08d835df upstream. If CPUs on a node are offline at boot time, the number of nodes is different when building affinity masks for present cpus and when building affinity masks for possible cpus. This causes the following problem: In the case that the number of vectors is less than the number of nodes there are cases where bits of masks for present cpus are overwritten when building masks for possible cpus. Fix this by excluding CPUs, which are not part of the current build mask (present/possible). [ tglx: Massaged changelog and added comment ] Fixes: b8259219 ("genirq/affinity: Spread IRQs to all available NUMA nodes") Signed-off-by: NRei Yamamoto <yamamoto.rei@jp.fujitsu.com> Signed-off-by: NThomas Gleixner <tglx@linutronix.de> Reviewed-by: NMing Lei <ming.lei@redhat.com> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20220331003309.10891-1-yamamoto.rei@jp.fujitsu.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
-