提交 · b369c7b780d80cccd87cd81d006aad822e6ad74d · openeuler / Kernel

18 7月, 2023 3 次提交

perf/x86/uncore: Ignore broken units in discovery table · b369c7b7

由 Kan Liang 提交于 1月 12, 2023

mainline inclusion
from mainline-v6.3-rc1
commit bd9514a4
category: bugfix
bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I7H29Y
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd9514a4d5ec25b29728720ca8b3a9ac4e3137d7

Intel-SIG: commit bd9514a4 perf/x86/uncore: Ignore broken units in discovery table
Backport SPR MCC UPI uncore discovery warning fixes to OLK-5.10.

-------------------------------------

Some units in a discovery table may be broken, e.g., UPI of SPR MCC.
A generic method is required to ignore the broken units.

Add uncore_units_ignore in the struct intel_uncore_init_fun, which
indicates the type ID of broken units. It will be assigned by the
platform-specific code later when the platform has a broken discovery
table.
Signed-off-by: NKan Liang <kan.liang@linux.intel.com>
Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: NMichael Petlan <mpetlan@redhat.com>
Link: https://lore.kernel.org/r/20230112200105.733466-4-kan.liang@linux.intel.comSigned-off-by: NYunying Sun <yunying.sun@intel.com>

b369c7b7

perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name · fd6a6d4e

由 Kan Liang 提交于 1月 12, 2023

mainline inclusion
from mainline-v6.3-rc1
commit 3af548f2
category: bugfix
bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I7H29Y
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3af548f2361077cd53762c88d62343d4e8ea1efb

Intel-SIG: commit 3af548f2 perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name
Backport SPR MCC UPI uncore discovery warning fixes to OLK-5.10.

-------------------------------------

The current code assumes that the discovery table provides valid
box_ids for the normal units. It's not the case anymore since some units
in the discovery table are broken on some SPR variants.

Factor out uncore_get_box_id(). Check the existence of the type->box_ids
before using it. If it's not available, use pmu_idx.
Signed-off-by: NKan Liang <kan.liang@linux.intel.com>
Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: NMichael Petlan <mpetlan@redhat.com>
Link: https://lore.kernel.org/r/20230112200105.733466-3-kan.liang@linux.intel.comSigned-off-by: NYunying Sun <yunying.sun@intel.com>

fd6a6d4e

perf/x86/uncore: Factor out uncore_device_to_die() · 1a5e6039

由 Kan Liang 提交于 1月 12, 2023

mainline inclusion
from mainline-v6.3-rc1
commit dbf061b2
category: bugfix
bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I7H29Y
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbf061b26221fa1a99e6489dd61f5b4ee97a24e8

Intel-SIG: commit dbf061b2 perf/x86/uncore: Factor out uncore_device_to_die()
Backport SPR MCC UPI uncore discovery warning fixes to OLK-5.10.

-------------------------------------

The same code is used to retrieve the logical die ID with a given PCI
device in both the discovery code and the code that supports a system
with > 8 nodes.

Factor out uncore_device_to_die() to replace the duplicate code.

No functional change.
Signed-off-by: NKan Liang <kan.liang@linux.intel.com>
Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: NMichael Petlan <mpetlan@redhat.com>
Link: https://lore.kernel.org/r/20230112200105.733466-2-kan.liang@linux.intel.comSigned-off-by: NYunying Sun <yunying.sun@intel.com>

1a5e6039

17 7月, 2023 6 次提交

!1428 scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() · 9675e654

由 openeuler-ci-bot 提交于 7月 17, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Zhong Jinghua <zhongjinghua@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/2Q2MUBDGYX4ZZCIKBMR4GVCYTRF6GIG7/ 
 
https://gitee.com/openeuler/kernel/issues/I7L8DZ?from=project-issue 
 
Link:https://gitee.com/openeuler/kernel/pulls/1428 

Reviewed-by: Yu Kuai <yukuai3@huawei.com> 
Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

9675e654

!1425 loop: loop_set_status_from_info() check before assignment · e7afe78e

由 openeuler-ci-bot 提交于 7月 17, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Zhong Jinghua <zhongjinghua@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/3G4GOSWGIMJSHVPDQ6QC6X64RMPRIJIW/ 
 
https://gitee.com/openeuler/kernel/issues/I7JHOA 
 
Link:https://gitee.com/openeuler/kernel/pulls/1425 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Reviewed-by: Yu Kuai <yukuai3@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

e7afe78e

!1427 nbd: Fix debugfs_create_dir error checking · d9ee2998

由 openeuler-ci-bot 提交于 7月 17, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Zhong Jinghua <zhongjinghua@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/CXCW33MDQZLHTCOH6HEFOVC5GK2Y4TCX/ 
 
https://gitee.com/openeuler/kernel/issues/I7FF4R 
 
Link:https://gitee.com/openeuler/kernel/pulls/1427 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Reviewed-by: Yu Kuai <yukuai3@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

d9ee2998

!1426 netfilter: nf_tables: do not ignore genmask when looking up chain by id · 961759c0

由 openeuler-ci-bot 提交于 7月 17, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Liu Jian <liujian56@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/PR7IN2IHBPPN57ADATMAXCK6IOVOB3OG/ 
 
https://gitee.com/src-openeuler/kernel/issues/I7ISR3 
 
Link:https://gitee.com/openeuler/kernel/pulls/1426 

Reviewed-by: Yue Haibing <yuehaibing@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

961759c0

!1434 [sync] PR-346: anolis: bond: broadcast ARP or ND messages to all slaves · cf303cf3

由 openeuler-ci-bot 提交于 7月 17, 2023

Merge Pull Request from: @openeuler-sync-bot

Origin pull request:
https://gitee.com/openeuler/kernel/pulls/346

This is achieved by broadcasting ARP or ND packets to all of its slave devices on transmit side. The switch will take further actions based on proper configuration.
A new sysctl knob "net.bonding.broadcast_arp_or_nd" is introduced which controls the behaviour of broadcasting.

Link:https://gitee.com/openeuler/kernel/pulls/1434

Reviewed-by: Yue Haibing <yuehaibing@huawei.com>
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

cf303cf3

anolis: bond: broadcast ARP or ND messages to all slaves · 337eb92c

由 Tony Lu 提交于 1月 10, 2023

anolis inclusion
from devel-5.10-v5.10.134-12
commit b90e28f7170e1ae40c572f9f80a50bbdc8f8b99f
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I697AN
CVE: NA

Reference: https://gitee.com/anolis/cloud-kernel/commit/b90e28f7170e1ae40c572f9f80a50bbdc8f8b99f

---------------------------

OpenAnolis Bug Tracker:0000282

This is achieved by broadcasting ARP or ND packets to all of its slave
devices on transmit side. The switch will take further actions based on
proper configuration.

A new sysctl knob "net.bonding.broadcast_arp_or_nd" is introduced which
controls the behaviour of broadcasting.

Signed-off-by: Tony Lu <tonylu(a)linux.alibaba.com>
Acked-by: Dust Li <dust.li(a)linux.alibaba.com>
Signed-off-by: Qiao Ma <mqaio(a)linux.alibaba.com>
Reviewed-by: Shile Zhang <shile.zhang(a)linux.alibaba.com>
Acked-by: Dust Li <dust.li(a)linux.alibaba.com>
Signed-off-by: Wang Yufen <wangyufen(a)huawei.com>
(cherry picked from commit 7c902772)

337eb92c

14 7月, 2023 8 次提交

scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() · 3722873a

由 Zhong Jinghua 提交于 7月 14, 2023

mainline inclusion
from mainline-v6.3-rc6
commit 48b19b79
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7L8DZ?from=project-issue
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48b19b79cfa37b1e50da3b5a8af529f994c08901

----------------------------------------

The validity of sock should be checked before assignment to avoid incorrect
values. Commit 57569c37 ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref
while calling getpeername()") introduced this change which may lead to
inconsistent values of tcp_sw_conn->sendpage and conn->datadgst_en.

Fix the issue by moving the position of the assignment.

Fixes: 57569c37 ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()")
Signed-off-by: NZhong Jinghua <zhongjinghua@huawei.com>
Link: https://lore.kernel.org/r/20230329071739.2175268-1-zhongjinghua@huaweicloud.comReviewed-by: NMike Christie <michael.christie@oracle.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: NZhong Jinghua <zhongjinghua@huawei.com>

3722873a

nbd: Fix debugfs_create_dir error checking · c8ff919f

由 Ivan Orlov 提交于 7月 14, 2023

stable inclusion
from stable-v5.10.183
commit 01c3d3064975944a2edefef6e2f99db3244ca999
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7FF4R

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=01c3d3064975944a2edefef6e2f99db3244ca999

--------------------------------

[ Upstream commit 4913cfcf ]

The debugfs_create_dir function returns ERR_PTR in case of error, and the
only correct way to check if an error occurred is 'IS_ERR' inline function.
This patch will replace the null-comparison with IS_ERR.
Signed-off-by: NIvan Orlov <ivan.orlov0322@gmail.com>
Link: https://lore.kernel.org/r/20230512130533.98709-1-ivan.orlov0322@gmail.comSigned-off-by: NJens Axboe <axboe@kernel.dk>
Signed-off-by: NSasha Levin <sashal@kernel.org>
Signed-off-by: NZhong Jinghua <zhongjinghua@huaweicloud.com>

c8ff919f

netfilter: nf_tables: do not ignore genmask when looking up chain by id · ba0d52cb

由 Thadeu Lima de Souza Cascardo 提交于 7月 14, 2023

mainline inclusion
from mainline
commit 515ad530795c118f012539ed76d02bacfd426d89
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7ISR3
CVE: CVE-2023-31248

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=515ad530795c118f012539ed76d02bacfd426d89

---------------------------

When adding a rule to a chain referring to its ID, if that chain had been
deleted on the same batch, the rule might end up referring to a deleted
chain.

This will lead to a WARNING like following:

[   33.098431] ------------[ cut here ]------------
[   33.098678] WARNING: CPU: 5 PID: 69 at net/netfilter/nf_tables_api.c:2037 nf_tables_chain_destroy+0x23d/0x260
[   33.099217] Modules linked in:
[   33.099388] CPU: 5 PID: 69 Comm: kworker/5:1 Not tainted 6.4.0+ #409
[   33.099726] Workqueue: events nf_tables_trans_destroy_work
[   33.100018] RIP: 0010:nf_tables_chain_destroy+0x23d/0x260
[   33.100306] Code: 8b 7c 24 68 e8 64 9c ed fe 4c 89 e7 e8 5c 9c ed fe 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7 c3 cc cc cc cc <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7
[   33.101271] RSP: 0018:ffffc900004ffc48 EFLAGS: 00010202
[   33.101546] RAX: 0000000000000001 RBX: ffff888006fc0a28 RCX: 0000000000000000
[   33.101920] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   33.102649] RBP: ffffc900004ffc78 R08: 0000000000000000 R09: 0000000000000000
[   33.103018] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880135ef500
[   33.103385] R13: 0000000000000000 R14: dead000000000122 R15: ffff888006fc0a10
[   33.103762] FS:  0000000000000000(0000) GS:ffff888024c80000(0000) knlGS:0000000000000000
[   33.104184] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.104493] CR2: 00007fe863b56a50 CR3: 00000000124b0001 CR4: 0000000000770ee0
[   33.104872] PKRU: 55555554
[   33.104999] Call Trace:
[   33.105113]  <TASK>
[   33.105214]  ? show_regs+0x72/0x90
[   33.105371]  ? __warn+0xa5/0x210
[   33.105520]  ? nf_tables_chain_destroy+0x23d/0x260
[   33.105732]  ? report_bug+0x1f2/0x200
[   33.105902]  ? handle_bug+0x46/0x90
[   33.106546]  ? exc_invalid_op+0x19/0x50
[   33.106762]  ? asm_exc_invalid_op+0x1b/0x20
[   33.106995]  ? nf_tables_chain_destroy+0x23d/0x260
[   33.107249]  ? nf_tables_chain_destroy+0x30/0x260
[   33.107506]  nf_tables_trans_destroy_work+0x669/0x680
[   33.107782]  ? mark_held_locks+0x28/0xa0
[   33.107996]  ? __pfx_nf_tables_trans_destroy_work+0x10/0x10
[   33.108294]  ? _raw_spin_unlock_irq+0x28/0x70
[   33.108538]  process_one_work+0x68c/0xb70
[   33.108755]  ? lock_acquire+0x17f/0x420
[   33.108977]  ? __pfx_process_one_work+0x10/0x10
[   33.109218]  ? do_raw_spin_lock+0x128/0x1d0
[   33.109435]  ? _raw_spin_lock_irq+0x71/0x80
[   33.109634]  worker_thread+0x2bd/0x700
[   33.109817]  ? __pfx_worker_thread+0x10/0x10
[   33.110254]  kthread+0x18b/0x1d0
[   33.110410]  ? __pfx_kthread+0x10/0x10
[   33.110581]  ret_from_fork+0x29/0x50
[   33.110757]  </TASK>
[   33.110866] irq event stamp: 1651
[   33.111017] hardirqs last  enabled at (1659): [<ffffffffa206a209>] __up_console_sem+0x79/0xa0
[   33.111379] hardirqs last disabled at (1666): [<ffffffffa206a1ee>] __up_console_sem+0x5e/0xa0
[   33.111740] softirqs last  enabled at (1616): [<ffffffffa1f5d40e>] __irq_exit_rcu+0x9e/0xe0
[   33.112094] softirqs last disabled at (1367): [<ffffffffa1f5d40e>] __irq_exit_rcu+0x9e/0xe0
[   33.112453] ---[ end trace 0000000000000000 ]---

This is due to the nft_chain_lookup_byid ignoring the genmask. After this
change, adding the new rule will fail as it will not find the chain.

Fixes: 837830a4 ("netfilter: nf_tables: add NFTA_RULE_CHAIN_ID attribute")
Cc: stable@vger.kernel.org
Reported-by: Mingi Cho of Theori working with ZDI
Signed-off-by: NThadeu Lima de Souza Cascardo <cascardo@canonical.com>
Reviewed-by: NFlorian Westphal <fw@strlen.de>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: NLiu Jian <liujian56@huawei.com>

ba0d52cb

loop: loop_set_status_from_info() check before assignment · cfb3aa6f

由 Zhong Jinghua 提交于 7月 14, 2023

stable inclusion
from stable-v5.10.173
commit c79a924ed6afac1708dfd370ba66bcf6a852ced6
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7JHOA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c79a924ed6afac1708dfd370ba66bcf6a852ced6

--------------------------------

[ Upstream commit 9f6ad5d5 ]

In loop_set_status_from_info(), lo->lo_offset and lo->lo_sizelimit should
be checked before reassignment, because if an overflow error occurs, the
original correct value will be changed to the wrong value, and it will not
be changed back.

More, the original patch did not solve the problem, the value was set and
ioctl returned an error, but the subsequent io used the value in the loop
driver, which still caused an alarm:

loop_handle_cmd
 do_req_filebacked
  loff_t pos = ((loff_t) blk_rq_pos(rq) << 9) + lo->lo_offset;
  lo_rw_aio
   cmd->iocb.ki_pos = pos

Fixes: c490a0b5 ("loop: Check for overflow while configuring loop")
Signed-off-by: NZhong Jinghua <zhongjinghua@huawei.com>
Reviewed-by: NChaitanya Kulkarni <kch@nvidia.com>
Link: https://lore.kernel.org/r/20230221095027.3656193-1-zhongjinghua@huaweicloud.comSigned-off-by: NJens Axboe <axboe@kernel.dk>
Signed-off-by: NSasha Levin <sashal@kernel.org>
Signed-off-by: NZhong Jinghua <zhongjinghua@huawei.com>

cfb3aa6f

!1415 Fix generic/299 fail · 80e7361a

由 openeuler-ci-bot 提交于 7月 14, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Zhihao Cheng <chengzhihao1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/TSXRUVDLVGILRT2XURWM3RIMGTKSEUZT/ 
Revert origin fix, add debug message.

Zhihao Cheng (2):
  Revert "ext4: Stop trying writing pages if no free blocks generated"
  ext4: Add debug message to notify user space is out of free


-- 
2.31.1
 
https://gitee.com/openeuler/kernel/issues/I7CBCS 
 
Link:https://gitee.com/openeuler/kernel/pulls/1415 

Reviewed-by: zhangyi (F) <yi.zhang@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

80e7361a

ext4: Add debug message to notify user space is out of free · 4ae7e703

由 Zhihao Cheng 提交于 7月 14, 2023

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7CBCS
CVE: NA

--------------------------------

Add debug message to notify user that ext4_writepages is stuck in loop
caused by ENOSPC.
Signed-off-by: NZhihao Cheng <chengzhihao1@huawei.com>

4ae7e703

Revert "ext4: Stop trying writing pages if no free blocks generated" · 5f142164

由 Zhihao Cheng 提交于 7月 14, 2023

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7CBCS
CVE: NA

--------------------------------

This reverts commit 07a8109d.

When ext4 runs out of space, there could be a potential data lost in
ext4_writepages:
If there are many preallocated blocks for some files, e4b bitmap is
different from block bitmap, and there are more free blocks accounted
by block bitmap.

    ext4_writepages                         P2
ext4_mb_new_blocks                  ext4_map_blocks
 ext4_mb_regular_allocator // No free bits in e4b bitmap
 ext4_mb_discard_preallocations_should_retry
  ext4_mb_discard_preallocations
   ext4_mb_discard_group_preallocations
    ext4_mb_release_inode_pa // updates e4b bitmap by pa->pa_free
     mb_free_blocks
                                     ext4_mb_new_blocks
                                      ext4_mb_regular_allocator
                                      // Got e4b bitmap's free bits
 ext4_mb_regular_allocator  // After 3 times retrying, ret ENOSPC

ext4_writepages
 mpage_map_and_submit_extent
  mpage_map_one_extent // ret ENOSPC
  if (err == -ENOSPC && EXT4_SB(sb)->s_mb_free_pending)
  // s_mb_free_pending is 0
  *give_up_on_write = true  // Abandon writeback, data lost!

Fixes: 07a8109d ("ext4: Stop trying writing pages if no free ...")
Signed-off-by: NZhihao Cheng <chengzhihao1@huawei.com>

5f142164

!1359 bpf, sockops: Enhance the return capability of sockops · 9e4dad79

由 openeuler-ci-bot 提交于 7月 14, 2023

Merge Pull Request from: @bitcoffee 
 
hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I71USM

----------------------------------------------------

Since commit 2585cd62 ("bpf: Only reply field should be writeable"),
sockops is not allowd to modify the replylong field except replylong[0].
The reason is that the replylong[1] to replylong[3] field is not used
at that time.

But in actual use, we can call `BPF_CGROUP_RUN_PROG_SOCK_OPS` in the
kernel modules and expect sockops to return some useful data.

The design comment about bpf_sock_ops::replylong in
include/uapi/linux/bpf.h is described as follows:

```
  struct bpf_sock_ops {
        __u32 op;
        union {
                __u32 args[4];          /* Optionally passed to bpf program */
                __u32 reply;            /* Returned by bpf program          */
                __u32 replylong[4];     /* Optioznally returned by bpf prog  */
        };
  ...
```

It seems to contradict the purpose for which the field was originally
designed. Let's remove this restriction.

Fixes: 2585cd62 ("bpf: Only reply field should be writeable")

Signed-off-by: bitcoffee <liuxin350@huawei.com> 
 
Link:https://gitee.com/openeuler/kernel/pulls/1359 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

9e4dad79

13 7月, 2023 5 次提交

!1408 Replace the hulk patch with the lts patch · 29094e84

由 openeuler-ci-bot 提交于 7月 13, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Gaosheng Cui <cuigaosheng1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/KDI6HM6ETZD4MQLPN2PXX7TI3XO7ZJC5/ 
Replace the hulk patch with the lts patch, thanks!

Gaosheng Cui (1):
  Revert "cgroup: Stop task iteration when rebinding subsystem"

Xiu Jianfeng (1):
  cgroup: Do not corrupt task iteration when rebinding subsystem


-- 
2.30.0
 
https://gitee.com/openeuler/kernel/issues/I7AZ85 
 
Link:https://gitee.com/openeuler/kernel/pulls/1408 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

29094e84

cgroup: Do not corrupt task iteration when rebinding subsystem · d09e69cd

由 Xiu Jianfeng 提交于 7月 13, 2023

stable inclusion
from stable-v5.10.186
commit 63608437a83ddabe497cfc163237e654eb563701
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7AZ85
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=63608437a83ddabe497cfc163237e654eb563701

--------------------------------

commit 6f363f5a upstream.

We found a refcount UAF bug as follows:

refcount_t: addition on 0; use-after-free.
WARNING: CPU: 1 PID: 342 at lib/refcount.c:25 refcount_warn_saturate+0xa0/0x148
Workqueue: events cpuset_hotplug_workfn
Call trace:
 refcount_warn_saturate+0xa0/0x148
 __refcount_add.constprop.0+0x5c/0x80
 css_task_iter_advance_css_set+0xd8/0x210
 css_task_iter_advance+0xa8/0x120
 css_task_iter_next+0x94/0x158
 update_tasks_root_domain+0x58/0x98
 rebuild_root_domains+0xa0/0x1b0
 rebuild_sched_domains_locked+0x144/0x188
 cpuset_hotplug_workfn+0x138/0x5a0
 process_one_work+0x1e8/0x448
 worker_thread+0x228/0x3e0
 kthread+0xe0/0xf0
 ret_from_fork+0x10/0x20

then a kernel panic will be triggered as below:

Unable to handle kernel paging request at virtual address 00000000c0000010
Call trace:
 cgroup_apply_control_disable+0xa4/0x16c
 rebind_subsystems+0x224/0x590
 cgroup_destroy_root+0x64/0x2e0
 css_free_rwork_fn+0x198/0x2a0
 process_one_work+0x1d4/0x4bc
 worker_thread+0x158/0x410
 kthread+0x108/0x13c
 ret_from_fork+0x10/0x18

The race that cause this bug can be shown as below:

(hotplug cpu)                | (umount cpuset)
mutex_lock(&cpuset_mutex)    | mutex_lock(&cgroup_mutex)
cpuset_hotplug_workfn        |
 rebuild_root_domains        |  rebind_subsystems
  update_tasks_root_domain   |   spin_lock_irq(&css_set_lock)
   css_task_iter_start       |    list_move_tail(&cset->e_cset_node[ss->id]
   while(css_task_iter_next) |                  &dcgrp->e_csets[ss->id]);
   css_task_iter_end         |   spin_unlock_irq(&css_set_lock)
mutex_unlock(&cpuset_mutex)  | mutex_unlock(&cgroup_mutex)

Inside css_task_iter_start/next/end, css_set_lock is hold and then
released, so when iterating task(left side), the css_set may be moved to
another list(right side), then it->cset_head points to the old list head
and it->cset_pos->next points to the head node of new list, which can't
be used as struct css_set.

To fix this issue, switch from all css_sets to only scgrp's css_sets to
patch in-flight iterators to preserve correct iteration, and then
update it->cset_head as well.
Reported-by: NGaosheng Cui <cuigaosheng1@huawei.com>
Link: https://www.spinics.net/lists/cgroups/msg37935.htmlSuggested-by: NMichal Koutný <mkoutny@suse.com>
Link: https://lore.kernel.org/all/20230526114139.70274-1-xiujianfeng@huaweicloud.com/Signed-off-by: NXiu Jianfeng <xiujianfeng@huawei.com>
Fixes: 2d8f243a ("cgroup: implement cgroup->e_csets[]")
Cc: stable@vger.kernel.org # v3.16+
Signed-off-by: NTejun Heo <tj@kernel.org>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

Conflicts:
	kernel/cgroup/cgroup.c
Signed-off-by: NGaosheng Cui <cuigaosheng1@huawei.com>

d09e69cd

Revert "cgroup: Stop task iteration when rebinding subsystem" · 7a4d01c1

由 Gaosheng Cui 提交于 7月 13, 2023

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7AZ85

--------------------------------

This reverts commit e52586f4.
Signed-off-by: NGaosheng Cui <cuigaosheng1@huawei.com>

7a4d01c1

!1357 SUNRPC: Ensure that the gssproxy client can start in a connected state · 0a7be323

由 openeuler-ci-bot 提交于 7月 13, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Wang Hai <wanghai38@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/ABPZY77775Q23Q7ELN4XOHU24WQLFFGZ/ 
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1357 

Reviewed-by: Yue Haibing <yuehaibing@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

0a7be323

!1399 bpf: cpumap: Fix memory leak in cpu_map_update_elem · 02d86792

由 openeuler-ci-bot 提交于 7月 13, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Pu Lehui <pulehui@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/NNJDQ7II2434WOXUN5X4T4PCHSROG2K4/ 
 
https://gitee.com/openeuler/kernel/issues/I7KNGM 
 
Link:https://gitee.com/openeuler/kernel/pulls/1399 

Reviewed-by: Xu Kuohai <xukuohai@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

02d86792

12 7月, 2023 3 次提交

bpf: cpumap: Fix memory leak in cpu_map_update_elem · 28eb4213

由 Pu Lehui 提交于 7月 12, 2023

maillist inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7KNGM
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4369016497319a9635702da010d02af1ebb1849d

----------------------------------------

Syzkaller reported a memory leak as follows:

BUG: memory leak
unreferenced object 0xff110001198ef748 (size 192):
  comm "syz-executor.3", pid 17672, jiffies 4298118891 (age 9.906s)
  hex dump (first 32 bytes):
    00 00 00 00 4a 19 00 00 80 ad e3 e4 fe ff c0 00  ....J...........
    00 b2 d3 0c 01 00 11 ff 28 f5 8e 19 01 00 11 ff  ........(.......
  backtrace:
    [<ffffffffadd28087>] __cpu_map_entry_alloc+0xf7/0xb00
    [<ffffffffadd28d8e>] cpu_map_update_elem+0x2fe/0x3d0
    [<ffffffffadc6d0fd>] bpf_map_update_value.isra.0+0x2bd/0x520
    [<ffffffffadc7349b>] map_update_elem+0x4cb/0x720
    [<ffffffffadc7d983>] __se_sys_bpf+0x8c3/0xb90
    [<ffffffffb029cc80>] do_syscall_64+0x30/0x40
    [<ffffffffb0400099>] entry_SYSCALL_64_after_hwframe+0x61/0xc6

BUG: memory leak
unreferenced object 0xff110001198ef528 (size 192):
  comm "syz-executor.3", pid 17672, jiffies 4298118891 (age 9.906s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffffadd281f0>] __cpu_map_entry_alloc+0x260/0xb00
    [<ffffffffadd28d8e>] cpu_map_update_elem+0x2fe/0x3d0
    [<ffffffffadc6d0fd>] bpf_map_update_value.isra.0+0x2bd/0x520
    [<ffffffffadc7349b>] map_update_elem+0x4cb/0x720
    [<ffffffffadc7d983>] __se_sys_bpf+0x8c3/0xb90
    [<ffffffffb029cc80>] do_syscall_64+0x30/0x40
    [<ffffffffb0400099>] entry_SYSCALL_64_after_hwframe+0x61/0xc6

BUG: memory leak
unreferenced object 0xff1100010fd93d68 (size 8):
  comm "syz-executor.3", pid 17672, jiffies 4298118891 (age 9.906s)
  hex dump (first 8 bytes):
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffffade5db3e>] kvmalloc_node+0x11e/0x170
    [<ffffffffadd28280>] __cpu_map_entry_alloc+0x2f0/0xb00
    [<ffffffffadd28d8e>] cpu_map_update_elem+0x2fe/0x3d0
    [<ffffffffadc6d0fd>] bpf_map_update_value.isra.0+0x2bd/0x520
    [<ffffffffadc7349b>] map_update_elem+0x4cb/0x720
    [<ffffffffadc7d983>] __se_sys_bpf+0x8c3/0xb90
    [<ffffffffb029cc80>] do_syscall_64+0x30/0x40
    [<ffffffffb0400099>] entry_SYSCALL_64_after_hwframe+0x61/0xc6

In the cpu_map_update_elem flow, when kthread_stop is called before
calling the threadfn of rcpu->kthread, since the KTHREAD_SHOULD_STOP bit
of kthread has been set by kthread_stop, the threadfn of rcpu->kthread
will never be executed, and rcpu->refcnt will never be 0, which will
lead to the allocated rcpu, rcpu->queue and rcpu->queue->queue cannot be
released.

Calling kthread_stop before executing kthread's threadfn will return
-EINTR. We can complete the release of memory resources in this state.

Fixes: 6710e112 ("bpf: introduce new bpf cpu map type BPF_MAP_TYPE_CPUMAP")
Signed-off-by: NPu Lehui <pulehui@huawei.com>
Acked-by: NJesper Dangaard Brouer <hawk@kernel.org>
Acked-by: NHou Tao <houtao1@huawei.com>
Link: https://lore.kernel.org/r/20230711115848.2701559-1-pulehui@huaweicloud.comSigned-off-by: NAlexei Starovoitov <ast@kernel.org>

28eb4213

!1355 etmem: fix the div 0 problem in swapcache reclaim process · cd0c6a73

由 openeuler-ci-bot 提交于 7月 12, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: liubo <liubo254@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/U5CT23M5QJUQGMVYUGL6TDAA75CMGKLX/ 
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1355 

Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

cd0c6a73

!1345 dm: requeue IO if mapping table not yet · 0aa0ca11

由 openeuler-ci-bot 提交于 7月 12, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Li Lingfeng <lilingfeng3@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/2PV7QOUKZR3DCG46HYA5N3UC6X6ZZ3EU/ 
It's not proper to just abort IO when the map is not ready.
So revert this and requeue IO to keep consistent with the community.
And fix the deadlock introduced by the patch.

v1->v2:
  add patch 38d11da5 "dm: don't lock fs when the map is NULL in
process of resume"

Li Lingfeng (3):
  Revert "dm: make sure dm_table is binded before queue request"
  dm: don't lock fs when the map is NULL in process of resume
  dm: don't lock fs when the map is NULL during suspend or resume

Mike Snitzer (1):
  dm: requeue IO if mapping table not yet available


-- 
2.31.1
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1345 

Reviewed-by: Yu Kuai <yukuai3@huawei.com> 
Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

0aa0ca11

11 7月, 2023 12 次提交

!1376 jbd2: Check 'jh->b_transaction' before remove it from checkpoint · 07439c16

由 openeuler-ci-bot 提交于 7月 11, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Zhihao Cheng <chengzhihao1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/XNJZFYFNQIMIIQRPICSJB7KUZJDPS27T/ 
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1376 

Reviewed-by: zhangyi (F) <yi.zhang@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

07439c16

!1312 quota: fix race condition between dqput() and dquot_mark_dquot_dirty() · 5780d3d5

由 openeuler-ci-bot 提交于 7月 11, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Baokun Li <libaokun1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/7ATD3RNUBURBEYA34VGOOZB53J377OZQ/ 
Baokun Li (5):
  quota: factor out dquot_write_dquot()
  quota: rename dquot_active() to inode_quota_active()
  quota: add new helper dquot_active()
  quota: fix dqput() to follow the guarantees dquot_srcu should provide
  quota: simplify drop_dquot_ref()


-- 
2.31.1
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1312 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

5780d3d5

jbd2: Check 'jh->b_transaction' before remove it from checkpoint · 7723e91d

由 Zhihao Cheng 提交于 7月 11, 2023

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I70WHL
CVE: NA

--------------------------------

Following process will corrupt ext4 image:
Step 1:
jbd2_journal_commit_transaction
 __jbd2_journal_insert_checkpoint(jh, commit_transaction)
 // Put jh into trans1->t_checkpoint_list
 journal->j_checkpoint_transactions = commit_transaction
 // Put trans1 into journal->j_checkpoint_transactions

Step 2:
do_get_write_access
 test_clear_buffer_dirty(bh) // clear buffer dirty，set jbd dirty
 __jbd2_journal_file_buffer(jh, transaction) // jh belongs to trans2

Step 3:
drop_cache
 journal_shrink_one_cp_list
  jbd2_journal_try_remove_checkpoint
   if (!trylock_buffer(bh))  // lock bh, true
   if (buffer_dirty(bh))     // buffer is not dirty
   __jbd2_journal_remove_checkpoint(jh)
   // remove jh from trans1->t_checkpoint_list

Step 4:
jbd2_log_do_checkpoint
 trans1 = journal->j_checkpoint_transactions
 // jh is not in trans1->t_checkpoint_list
 jbd2_cleanup_journal_tail(journal)  // trans1 is done

Step 5: Power cut, trans2 is not committed, jh is lost in next mounting.

Fix it by checking 'jh->b_transaction' before remove it from checkpoint.

Fixes: 80079353 ("jbd2: fix a race when checking checkpoint ...")
Signed-off-by: NZhihao Cheng <chengzhihao1@huawei.com>

7723e91d

!1351 dm thin: fix deadlock when swapping to thin device · ca65ef26

由 openeuler-ci-bot 提交于 7月 11, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Li Lingfeng <lilingfeng3@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/7LQ6EXG6AUW5V5QHM5OPQF4H2EUFST7H/ 
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1351 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Reviewed-by: Yu Kuai <yukuai3@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

ca65ef26

!1346 dm thin metadata: check fail_io before using data_sm · f362b37a

由 openeuler-ci-bot 提交于 7月 11, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Li Lingfeng <lilingfeng3@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/GPIRJFVX4XM2YVPZLAGHIGOXHIEMS2DK/ 
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1346 

Reviewed-by: Yu Kuai <yukuai3@huawei.com> 
Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

f362b37a

!1207 block: don't set GD_NEED_PART_SCAN if scan partition failed · acca64ab

由 openeuler-ci-bot 提交于 7月 11, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Li Lingfeng <lilingfeng3@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/WJN7X4XFPJ4YOENEOCHGYTR3LA7WSHLU/ 
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1207 

Reviewed-by: Yu Kuai <yukuai3@huawei.com> 
Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

acca64ab

!1074 arch_topology, ACPI: populate cpu capacity from CPPC · a5924d00

由 openeuler-ci-bot 提交于 7月 11, 2023

Merge Pull Request from: @liujie-248683921 
 
Ionela Voinescu (2):
  arch_topology: obtain cpu capacity using information from CPPC
  arm64, topology: enable use of init_cpu_capacity_cppc()

Jie Liu (2):
  cppc_acpi: add acpi_cpc_valid for determining _CPC is valid
  arm64, topology: add arch_init_invariance_cppc to use information from CPPC

Mario Limonciello (1):
  ACPI: CPPC: Check present CPUs for determining _CPC is valid

 arch/arm64/include/asm/topology.h |  4 +++
 drivers/acpi/cppc_acpi.c          | 22 +++++++++++++++
 drivers/base/arch_topology.c      | 45 ++++++++++++++++++++++++++++---
 include/acpi/cppc_acpi.h          |  1 +
 include/linux/arch_topology.h     |  4 +++
 5 files changed, 73 insertions(+), 3 deletions(-)

--
2.30.0
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1074 

Reviewed-by: Xiongfeng Wang <wangxiongfeng2@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

a5924d00

!1254 Two CVE fixes of ksmbd · c372a428

由 openeuler-ci-bot 提交于 7月 11, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: ZhaoLong Wang <wangzhaolong1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/OPC4G2ZQN6WR2I5ESDGY65SMYHK4IJAH/ 
CVE fixes:
CVE-2023-32255
CVE-2023-32248

*** BLURB HERE ***

Namjae Jeon (2):
  ksmbd: fix memleak in session setup
  ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()


-- 
2.31.1
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1254 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

c372a428

!1324 io_uring: hold uring mutex around poll removal · 2c2b4b11

由 openeuler-ci-bot 提交于 7月 11, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Zhong Jinghua <zhongjinghua@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/2P2KGVU22TWAYJ5N3JDYWA7EXWJOL2OS/ 
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1324 

Reviewed-by: zhangyi (F) <yi.zhang@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

2c2b4b11

!1287 ipvlan:Fix out-of-bounds caused by unclear skb->cb · a67d5429

由 openeuler-ci-bot 提交于 7月 11, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: Zhengchao Shao <shaozhengchao@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/AM4RDLF2OSU74VL45PDNQCRW7E3VXA63/ 
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1287 

Reviewed-by: Yue Haibing <yuehaibing@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

a67d5429

!1353 ubifs mainline bugfix patch backport · 86ef346b

由 openeuler-ci-bot 提交于 7月 11, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: ZhaoLong Wang <wangzhaolong1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/LE7NH4UEHIINC2ABJ5RVIXMUW3B7UFXP/ 
ISSUE: https://gitee.com/openeuler/kernel/issues/I7JO0G

1. ubifs: Fix memory leak in do_rename
2. ubifs: Free memory for tmpfile name

Mårten Lindahl (2):
  ubifs: Free memory for tmpfile name
  ubifs: Fix memory leak in do_rename


-- 
2.31.1
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1353 

Reviewed-by: zhangyi (F) <yi.zhang@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

86ef346b

!1354 ubi: Fix return value overwrite issue in try_write_vid_and_data() · 0fc61ff0

由 openeuler-ci-bot 提交于 7月 11, 2023

Merge Pull Request from: @ci-robot 
 
PR sync from: ZhaoLong Wang <wangzhaolong1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/5ZCWK7NT2Z3XREP2FML24JTJHAGYFVEH/ 
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1354 

Reviewed-by: zhangyi (F) <yi.zhang@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

0fc61ff0

10 7月, 2023 2 次提交

SUNRPC: Ensure that the gssproxy client can start in a connected state · bfab7acc

由 Trond Myklebust 提交于 7月 10, 2023

mainline inclusion
from mainline-v5.18-rc7
commit fd13359f
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I59RN0

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd13359f54ee854f00134abc6be32da94ec53dbf

--------------------------------

Ensure that the gssproxy client connects to the server from the gssproxy
daemon process context so that the AF_LOCAL socket connection is done
using the correct path and namespaces.

Fixes: 1d658336 ("SUNRPC: Add RPC based upcall mechanism for RPCGSS auth")
Cc: stable@vger.kernel.org
Signed-off-by: NTrond Myklebust <trond.myklebust@hammerspace.com>

conflict:
	net/sunrpc/clnt.c
Signed-off-by: NWang Hai <wanghai38@huawei.com>

bfab7acc

etmem: fix the div 0 problem in swapcache reclaim process · 905e7deb

由 liubo 提交于 7月 10, 2023

euleros inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7JI6K
CVE: NA

----------------------------------------------------

In the swapcache recycling process, the number of pages
to be reclaimed on each node is obtained as follows:

nr_to_reclaim[nid_num] = (swapcache_to_reclaim / (swapcache_total_reclaimable / nr[nid_num]));

However, nr[nid_num] is obtained by traversing the number
of swapcache pages on each node.
If there are multiple nodes in the environment and
no swap process occurs on a node, no swapcache page exists.
The value of nr[nid_num] may be 0.

Therefore, division by zero errors may occur.
Signed-off-by: Nliubo <liubo254@huawei.com>

905e7deb

09 7月, 2023 1 次提交

bpf, sockops: Enhance the return capability of sockops · f2b0b6a6

由 bitcoffee 提交于 7月 09, 2023

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I71USM

----------------------------------------------------

Since commit 2585cd62 ("bpf: Only reply field should be writeable"),
sockops is not allowd to modify the replylong field except replylong[0].
The reason is that the replylong[1] to replylong[3] field is not used
at that time.

But in actual use, we can call `BPF_CGROUP_RUN_PROG_SOCK_OPS` in the
kernel modules and expect sockops to return some useful data.

The design comment about bpf_sock_ops::replylong in
include/uapi/linux/bpf.h is described as follows:

```
  struct bpf_sock_ops {
        __u32 op;
        union {
                __u32 args[4];          /* Optionally passed to bpf program */
                __u32 reply;            /* Returned by bpf program          */
                __u32 replylong[4];     /* Optioznally returned by bpf prog  */
        };
  ...
```

It seems to contradict the purpose for which the field was originally
designed. Let's remove this restriction.

Fixes: 2585cd62 ("bpf: Only reply field should be writeable")
Signed-off-by: Nbitcoffee <liuxin350@huawei.com>

f2b0b6a6

openeuler / Kernel 接近 2 年 前同步成功

openeuler / Kernel
接近 2 年前同步成功