- 13 6月, 2023 2 次提交
-
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/1090 PR sync from: ZhaoLong Wang <wangzhaolong1@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/VQ5QP4GZFTJCMRJ3WK33W5A5SSQR2MY7/ Link:https://gitee.com/openeuler/kernel/pulls/1109 Reviewed-by: zhangyi (F) <yi.zhang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 Konstantin Komarov 提交于
mainline inclusion from mainline-v6.2-rc1 commit 0e8235d2 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I79X84 CVE: CVE-2022-48502 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b -------------------------------- Added new functions index_hdr_check and index_buf_check. Now we check all stuff for correctness while reading from disk. Also fixed bug with stale nfs data. Reported-by: Nvan fantasy <g1042620637@gmail.com> Signed-off-by: NKonstantin Komarov <almaz.alexandrovich@paragon-software.com> Signed-off-by: NZhaoLong Wang <wangzhaolong1@huawei.com> Conflicts: fs/ntfs3/inode.c fs/ntfs3/xattr.c (cherry picked from commit 9fc58dcc)
-
- 09 6月, 2023 11 次提交
-
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Liu Shixin <liushixin2@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/HYR7FSMMW2DJXGIR4TNGKBNAMIZKZZYE/ Support dynamic_hugetlb on arm64 and fix some bug. Liu Shixin (6): mm/dynamic_hugetlb: fix kabi broken when enable CONFIG_DYNAMIC_HUGETLB on arm64 mm/dynamic_hugetlb: support dynamic hugetlb on arm64 mm/dynamic_hugetlb: isolate hugepage without dissolve mm/dynamic_hugetlb: replace spin_lock with mutex_lock and fix kabi broken mm/dynamic_hugetlb: set PagePool to bad page mm/dynamic_hugetlb: fix type error of pfn in __hpool_split_gigantic_page() -- 2.25.1 Link:https://gitee.com/openeuler/kernel/pulls/1062 Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/1028 PR sync from: Long Li <leo.lilong@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/SDZSQIDVZ6KO6663MZWABIKABBLHZOUS/ Link:https://gitee.com/openeuler/kernel/pulls/1058 Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 Liu Shixin 提交于
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6XOIE CVE: NA -------------------------------- The type of pfn is int, which can result in truncation. Change its type to unsigned long to fix the problem. Fixes: eef7b4fd ("mm/dynamic_hugetlb: use pfn to traverse subpages") Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 Liu Shixin 提交于
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6XOIE CVE: NA -------------------------------- Before discard the bad page, set PagePool flag to distinguish from free page. And increase used_pages to guarantee used + freed = total. Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 Liu Shixin 提交于
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6MH03 CVE: NA -------------------------------- When memory is fragmented, update_reserve_pages() may call migrate_pages() to collect continuous memory. This function can sleep, so we should use mutex lock instead of spin lock. Use KABI_EXTEND to fix kabi broken. Fixes: 0c06a1c0 ("mm/dynamic_hugetlb: add interface to configure the count of hugepages") Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 Liu Shixin 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I6XOIE CVE: NA -------------------------------- The memory hotplug and memory failure will dissolve freed hugepages to buddy system, this is not the expected behavior for dynamic hugetlb. Skip the dissolve operation for hugepages belonging to dynamic hugetlb. For memory hotplug, the hotplug operation is not allowed, if dhugetlb pool existed. For memory failure, the hugepage will be discard directly. Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 Liu Shixin 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I6XOIE CVE: NA -------------------------------- To support dynamic hugetlb on arm64, we need to do two more things. The first one is to fix kabi broken in mem_cgroup, we use kabi_reserve_5 to fix it in previous patch. The second one is to check cont-bit hugetlb since this feature only support for PMD-size and PUD-size hugepage. This feature only support for 4KB pagesize, not support for 16KB and 64KB. Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 Liu Shixin 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I6XOIE CVE: NA -------------------------------- When enable dynamic hugetlb on arm64, the new member struct dhugetlb_pool* will be added to mem_cgroup. We need to use a KABI_RESERVE to fix broken of kabi. The previous struct dhugetlb_pool* is only used on x86_64. Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/978 PR sync from: Li Lingfeng <lilingfeng3@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/DP5GHDF7ULWL52W5DGYZWS6HBE5WJ52E/ patch1: arch: setup PF_IO_WORKER threads like PF_KTHREAD pre patch of patch4 patch2: arch: ensure parisc/powerpc handle PF_IO_WORKER in copy_thread() fix patch of patch1 patch3: kernel: don't call do_exit() for PF_IO_WORKER threads fix the segfault patch4: x86/process: setup io_threads more like normal user space threads allow io worker to exit Jens Axboe (3): arch: setup PF_IO_WORKER threads like PF_KTHREAD arch: ensure parisc/powerpc handle PF_IO_WORKER in copy_thread() kernel: don't call do_exit() for PF_IO_WORKER threads Stefan Metzmacher (1): x86/process: setup io_threads more like normal user space threads -- 2.31.1 Link:https://gitee.com/openeuler/kernel/pulls/1021 Reviewed-by: Zucheng Zheng <zhengzucheng@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 Dongliang Mu 提交于
stable inclusion from stable-v5.10.167 commit ef7d71d7bd57b8b7fe514e459927696c1c6d1047 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I79LIO CVE: CVE-2023-2985 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=ef7d71d7bd57b8b7fe514e459927696c1c6d1047 -------------------------------- commit 07db5e24 upstream. The current hfsplus_put_super first calls hfs_btree_close on sbi->ext_tree, then invokes iput on sbi->hidden_dir, resulting in an use-after-free issue in hfsplus_release_folio. As shown in hfsplus_fill_super, the error handling code also calls iput before hfs_btree_close. To fix this error, we move all iput calls before hfsplus_btree_close. Note that this patch is tested on Syzbot. Link: https://lkml.kernel.org/r/20230226124948.3175736-1-mudongliangabcd@gmail.com Reported-by: syzbot+57e3e98f7e3b80f64d56@syzkaller.appspotmail.com Tested-by: NDongliang Mu <mudongliangabcd@gmail.com> Signed-off-by: NDongliang Mu <mudongliangabcd@gmail.com> Cc: Bart Van Assche <bvanassche@acm.org> Cc: Jens Axboe <axboe@kernel.dk> Cc: Muchun Song <songmuchun@bytedance.com> Cc: Roman Gushchin <roman.gushchin@linux.dev> Cc: "Theodore Ts'o" <tytso@mit.edu> Cc: <stable@vger.kernel.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NLong Li <leo.lilong@huawei.com> Reviewed-by: NYang Erkun <yangerkun@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> (cherry picked from commit 028ba66e)
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/1027 The SM2 signature for module signing is only supported with openEuler openssl 1.1.1. Fix the compile option to avoid compilation failure with openssl 3.x. Link:https://gitee.com/openeuler/kernel/pulls/1051 Reviewed-by: Zhu Jianwei <zhujianwei7@huawei.com> Signed-off-by: Zhu Jianwei <zhujianwei7@huawei.com>
-
- 08 6月, 2023 21 次提交
-
-
由 Huaxin Lu 提交于
openEuler inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7BZZ1 CVE: NA -------------------------------------------------------- The SM2 signature for module signing is only supported with openEuler openssl 1.1.1. Fix the compile option to avoid compilation failure with openssl 3.x. Fixes: c1ad2f07 ("sign-file: Support SM signature") Signed-off-by: NHuaxin Lu <luhuaxin1@huawei.com> (cherry picked from commit 78568d28)
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/990 PR sync from: ZhaoLong Wang <wangzhaolong1@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/3EWABXFSAAORW3LZWZCYAYWH3W3EEKZU/ Fix deadlock caused by recursively holding work_sem Lee Jones (1): mtd: ubi: wl: Fix a couple of kernel-doc issues ZhaoLong Wang (1): ubi: Fix deadlock caused by recursively holding work_sem -- 2.39.2 Link:https://gitee.com/openeuler/kernel/pulls/995 Reviewed-by: zhangyi (F) <yi.zhang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/928 PR sync from: ZhaoLong Wang <wangzhaolong1@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/TB3Q7BQ6ZAGBRI7WS6JPCAF77IWURUIW/ Link:https://gitee.com/openeuler/kernel/pulls/1000 Reviewed-by: zhangyi (F) <yi.zhang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/944 PR sync from: Zhong Jinghua <zhongjinghua@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/SH7IMWAMZDZBA352XEQZ4WD6CFY3EGCW/ Link:https://gitee.com/openeuler/kernel/pulls/1017 Reviewed-by: Hou Tao <houtao1@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/924 PR sync from: Li Lingfeng <lilingfeng3@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/KP2DRRZQIPU5IM7FF4GECWSW5466QLFH/ Link:https://gitee.com/openeuler/kernel/pulls/1011 Reviewed-by: zhangyi (F) <yi.zhang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/920 PR sync from: Li Lingfeng <lilingfeng3@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/XNE65PIJUOQRSLID56LFRUSB3FNDYMGE/ Link:https://gitee.com/openeuler/kernel/pulls/1014 Reviewed-by: zhangyi (F) <yi.zhang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/929 PR sync from: Long Li <leo.lilong@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/VMTODLDVORICUCP4QJE2ED6RJVAJXSFY/ Darrick J. Wong (1): xfs: fix incorrect error-out in xfs_remove Dave Chinner (17): xfs: log items should have a xlog pointer, not a mount xfs: xfs_is_shutdown vs xlog_is_shutdown cage fight xfs: rename xfs_has_attr() xfs: rework attr2 feature and mount options xfs: reflect sb features in xfs_mount xfs: replace xfs_sb_version checks with feature flag checks xfs: consolidate mount option features in m_features xfs: convert mount flags to features xfs: convert remaining mount flags to state flags xfs: replace XFS_FORCED_SHUTDOWN with xfs_is_shutdown xfs: convert xfs_fs_geometry to use mount feature checks xfs: open code sb verifier feature checks xfs: convert scrub to use mount-based feature checks xfs: convert xfs_sb_version_has checks to use mount features xfs: remove unused xfs_sb_version_has wrappers xfs: introduce xfs_sb_is_v5 helper xfs: kill xfs_sb_version_has_v3inode() -- 2.31.1 Link:https://gitee.com/openeuler/kernel/pulls/951 Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/969 PR sync from: Xia Fukun <xiafukun@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/BKNZ3SWVHTMMTKLWPREORX4R6EEUURB6/ Link:https://gitee.com/openeuler/kernel/pulls/972 Reviewed-by: Zucheng Zheng <zhengzucheng@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/954 PR sync from: Li Nan <linan122@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/VXKLPFKREQW36DJSNHXJEEDMYS5EJXSZ/ This patch series fix iocost life cycle bug. Li Nan (2): block: fix null-pointer dereference in ioc_pd_init block: fix order error in blk_release_queue -- 2.39.2 Link:https://gitee.com/openeuler/kernel/pulls/987 Reviewed-by: Hou Tao <houtao1@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/946 PR sync from: Li Nan <linan122@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/EMFAV2GNNSOMDT4IALQKWD6C4CHZT436/ This patch series fix iocost bug. Li Nan (1): blk-iocost: fix UAF in ioc_pd_free Yu Kuai (3): blk-iocost: track whether iocg is still online blk-iocost: don't throttle bio if iocg is offlined blk-iocost: dispatch all throttled bio in ioc_pd_offline -- 2.39.2 Link:https://gitee.com/openeuler/kernel/pulls/984 Reviewed-by: Hou Tao <houtao1@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 Jens Axboe 提交于
stable inclusion from stable-v5.10.162 commit 831cb78a2a5e86fe705ef4e3095c7cbc587c6a57 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6LQMS Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=831cb78a2a5e86fe705ef4e3095c7cbc587c6a57 -------------------------------- [ Upstream commit 10442994 ] Right now we're never calling get_signal() from PF_IO_WORKER threads, but in preparation for doing so, don't handle a fatal signal for them. The workers have state they need to cleanup when exiting, so just return instead of calling do_exit() on their behalf. The threads themselves will detect a fatal signal and do proper shutdown. Signed-off-by: NJens Axboe <axboe@kernel.dk> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NLi Lingfeng <lilingfeng3@huawei.com> (cherry picked from commit e7553177)
-
由 Stefan Metzmacher 提交于
stable inclusion from stable-v5.10.162 commit f0a5f0dc0131c6483908601f6e4907befb609c97 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6LQMS Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f0a5f0dc0131c6483908601f6e4907befb609c97 -------------------------------- [ Upstream commit 50b7b6f2 ] As io_threads are fully set up USER threads it's clearer to separate the code path from the KTHREAD logic. The only remaining difference to user space threads is that io_threads never return to user space again. Instead they loop within the given worker function. The fact that they never return to user space means they don't have an user space thread stack. In order to indicate that to tools like gdb we reset the stack and instruction pointers to 0. This allows gdb attach to user space processes using io-uring, which like means that they have io_threads, without printing worrying message like this: warning: Selected architecture i386:x86-64 is not compatible with reported target architecture i386 warning: Architecture rejected target-supplied description The output will be something like this: (gdb) info threads Id Target Id Frame * 1 LWP 4863 "io_uring-cp-for" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 2 LWP 4864 "iou-mgr-4863" 0x0000000000000000 in ?? () 3 LWP 4865 "iou-wrk-4863" 0x0000000000000000 in ?? () (gdb) thread 3 [Switching to thread 3 (LWP 4865)] #0 0x0000000000000000 in ?? () (gdb) bt #0 0x0000000000000000 in ?? () Backtrace stopped: Cannot access memory at address 0x0 Fixes: 4727dc20 ("arch: setup PF_IO_WORKER threads like PF_KTHREAD") Link: https://lore.kernel.org/io-uring/044d0bad-6888-a211-e1d3-159a4aeed52d@polymtl.ca/T/#m1bbf5727e3d4e839603f6ec7ed79c7eebfba6267Signed-off-by: NStefan Metzmacher <metze@samba.org> cc: Linus Torvalds <torvalds@linux-foundation.org> cc: Jens Axboe <axboe@kernel.dk> cc: Andy Lutomirski <luto@kernel.org> cc: linux-kernel@vger.kernel.org cc: io-uring@vger.kernel.org cc: x86@kernel.org Link: https://lore.kernel.org/r/20210505110310.237537-1-metze@samba.orgReviewed-by: NThomas Gleixner <tglx@linutronix.de> Signed-off-by: NJens Axboe <axboe@kernel.dk> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NLi Lingfeng <lilingfeng3@huawei.com> (cherry picked from commit 6e14bf4c)
-
由 Jens Axboe 提交于
stable inclusion from stable-v5.10.162 commit dd26e2cec74f88cb7910deec77897d04ade299bd category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6LQMS Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=dd26e2cec74f88cb7910deec77897d04ade299bd -------------------------------- [ Upstream commit 0100e6bb ] In the arch addition of PF_IO_WORKER, I missed parisc and powerpc for some reason. Fix that up, ensuring they handle PF_IO_WORKER like they do PF_KTHREAD in copy_thread(). Reported-by: NBruno Goncalves <bgoncalv@redhat.com> Fixes: 4727dc20 ("arch: setup PF_IO_WORKER threads like PF_KTHREAD") Signed-off-by: NJens Axboe <axboe@kernel.dk> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NLi Lingfeng <lilingfeng3@huawei.com> (cherry picked from commit 820fe456)
-
由 Jens Axboe 提交于
stable inclusion from stable-v5.10.162 commit 320c8057eceb18c5d836fcbe0ffb0035fcfe28ff category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6LQMS Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=320c8057eceb18c5d836fcbe0ffb0035fcfe28ff -------------------------------- PF_IO_WORKER are kernel threads too, but they aren't PF_KTHREAD in the sense that we don't assign ->set_child_tid with our own structure. Just ensure that every arch sets up the PF_IO_WORKER threads like kthreads in the arch implementation of copy_thread(). Signed-off-by: NJens Axboe <axboe@kernel.dk> Conflict: arch/s390/kernel/process.c arch/x86/kernel/process.c Signed-off-by: NLi Lingfeng <lilingfeng3@huawei.com> (cherry picked from commit 5b0c03b1)
-
由 Zhong Jinghua 提交于
hulk inclusion category: bugfix bugzilla: 188799, https://gitee.com/openeuler/kernel/issues/I79QWO CVE: NA ---------------------------------------- Config->socks in sock_shutdown may trigger a UAF problem. The reason is that sock_shutdown does not hold the config_lock, so that nbd_ioctl can release config->socks at this time. T0: NBD_SET_SOCK T1: NBD_DO_IT T0 T1 nbd_ioctl mutex_lock(&nbd->config_lock) // get lock __nbd_ioctl nbd_start_device_ioctl nbd_start_device mutex_unlock(&nbd->config_lock) // relase lock wait_event_interruptible (kill, enter sock_shutdown) sock_shutdown nbd_ioctl mutex_lock(&nbd->config_lock) // get lock __nbd_ioctl nbd_add_socket krealloc kfree(p) //config->socks is NULL nbd_sock *nsock = config->socks // error Fix it by moving config_lock up before sock_shutdown. Signed-off-by: NZhong Jinghua <zhongjinghua@huawei.com> (cherry picked from commit b3e3e34c)
-
由 Li Lingfeng 提交于
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I79ZEK CVE: NA -------------------------------- As described in commit d0dcee7d ("dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata"), ABBA deadlock will be triggered since shrinker_rwsem need to be held when operations failed on dm pool metadata. We have noticed the following three problem scenarios: 1) Described by commit d0dcee7d ("dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata") 2) shrinker_rwsem and throttle->lock P1(drop cache) P2(kworker) drop_caches_sysctl_handler drop_slab shrink_slab down_read(&shrinker_rwsem) - LOCK A do_shrink_slab super_cache_scan prune_icache_sb dispose_list evict ext4_evict_inode ext4_clear_inode ext4_discard_preallocations ext4_mb_load_buddy_gfp ext4_mb_init_cache ext4_wait_block_bitmap __ext4_error ext4_handle_error ext4_commit_super ... dm_submit_bio do_worker throttle_work_update down_write(&t->lock) -- LOCK B process_deferred_bios commit metadata_operation_failed dm_pool_abort_metadata dm_block_manager_create dm_bufio_client_create register_shrinker down_write(&shrinker_rwsem) -- LOCK A thin_map thin_bio_map thin_defer_bio_with_throttle throttle_lock down_read(&t->lock) - LOCK B 3) shrinker_rwsem and wait_on_buffer P1(drop cache) P2(kworker) drop_caches_sysctl_handler drop_slab shrink_slab down_read(&shrinker_rwsem) - LOCK A do_shrink_slab ... ext4_wait_block_bitmap __ext4_error ext4_handle_error jbd2_journal_abort jbd2_journal_update_sb_errno jbd2_write_superblock submit_bh // LOCK B // RELEASE B do_worker throttle_work_update down_write(&t->lock) - LOCK B process_deferred_bios process_bio commit metadata_operation_failed dm_pool_abort_metadata dm_block_manager_create dm_bufio_client_create register_shrinker register_shrinker_prepared down_write(&shrinker_rwsem) - LOCK A bio_endio wait_on_buffer __wait_on_buffer Fix these by resetting dm_bufio_client without holding shrinker_rwsem. Signed-off-by: NLi Lingfeng <lilingfeng3@huawei.com> (cherry picked from commit 890e730d)
-
由 Li Lingfeng 提交于
Offering: HULK hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I78SWJ CVE: NA ------------------------------- In dm_create(), alloc_dev() may trigger panic if alloc_dax() fail since del_gendisk() will be called with add_disk() wasn't called before. Call add_disk() before alloc_dax() to avoid it. Signed-off-by: NLi Lingfeng <lilingfeng3@huawei.com> Reviewed-by: NHou Tao <houtao1@huawei.com> (cherry picked from commit 6601d443)
-
由 ZhaoLong Wang 提交于
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6GS86 CVE: NA -------------------------------- When memory allocated by using the devm_kmalloc(). the matching release function should use the devm_kfree() function instead of the kfree() function. @sreg allocated: hi6421_spmi_regulator_probe hi6421_spmi_regulator_probe_ldo @sreg freed: hi6421_spmi_regulator_remove Signed-off-by: NZhaoLong Wang <wangzhaolong1@huawei.com> (cherry picked from commit 8a31aa41)
-
由 ZhaoLong Wang 提交于
maillist inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6K5OH CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f773f0a331d6c41733b17bebbc1b6cae12e016f5 -------------------------------- During the processing of the bgt, if the sync_erase() return -EBUSY or some other error code in __erase_worker(),schedule_erase() called again lead to the down_read(ubi->work_sem) hold twice and may get block by down_write(ubi->work_sem) in ubi_update_fastmap(), which cause deadlock. ubi bgt other task do_work down_read(&ubi->work_sem) ubi_update_fastmap erase_worker # Blocked by down_read __erase_worker down_write(&ubi->work_sem) schedule_erase schedule_ubi_work down_read(&ubi->work_sem) Fix this by changing input parameter @nested of the schedule_erase() to 'true' to avoid recursively acquiring the down_read(&ubi->work_sem). Also, fix the incorrect comment about @nested parameter of the schedule_erase() because when down_write(ubi->work_sem) is held, the @nested is also need be true. Link: https://bugzilla.kernel.org/show_bug.cgi?id=217093 Fixes: 2e8f08de ("ubi: Fix races around ubi_refill_pools()") Signed-off-by: NZhaoLong Wang <wangzhaolong1@huawei.com> Reviewed-by: NHou Tao <houtao1@huawei.com> (cherry picked from commit 9d8256f3)
-
由 Lee Jones 提交于
mainline inclusion from mainline-v5.11-rc1 commit ab4e4de9 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6K5OH CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ab4e4de9fd8b469823a645f05f2c142e9270b012 -------------------------------- Fixes the following W=1 kernel build warning(s): drivers/mtd/ubi/wl.c:584: warning: Function parameter or member 'nested' not described in 'schedule_erase' drivers/mtd/ubi/wl.c:1075: warning: Excess function parameter 'shutdown' description in '__erase_worker' Cc: Richard Weinberger <richard@nod.at> Cc: Miquel Raynal <miquel.raynal@bootlin.com> Cc: Vignesh Raghavendra <vigneshr@ti.com> Cc: linux-mtd@lists.infradead.org Signed-off-by: NLee Jones <lee.jones@linaro.org> Signed-off-by: NMiquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20201109182206.3037326-13-lee.jones@linaro.orgSigned-off-by: NZhaoLong Wang <wangzhaolong1@huawei.com> Reviewed-by: NHou Tao <houtao1@huawei.com> (cherry picked from commit 9fea0e12)
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/968 PR sync from: Chen Zhongjin <chenzhongjin@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/C2NOJBSCQVMEFEIEDAK3YKPNYQ67TO7J/ ISSUE: gitee.com/openeuler/kernel/issues/I6DK3O Chen Zhongjin (2): x86/unwind: Fix orc entry for paravirt {save,restore}_fl x86/unwind: Fix check_paravirt() calls orc_find() before declaration -- 2.17.1 Link:https://gitee.com/openeuler/kernel/pulls/976 Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
- 07 6月, 2023 6 次提交
-
-
由 Li Nan 提交于
hulk inclusion category: bugfix, https://gitee.com/openeuler/kernel/issues/I64SY5 bugzilla: 188093 CVE: NA -------------------------------- blk_stat_free_callback() will check stats->callbacks, and wbt's callback is freed in wbt_exit(), which is called by rq_qos_exit(). So move it in front of blk_stat_free_callback(). Fixes: 015466fc61f4 ("block: fix null-pointer dereference in ioc_pd_init") Signed-off-by: NLi Nan <linan122@huawei.com> (cherry picked from commit e539db97)
-
由 Li Nan 提交于
hulk inclusion category: bugfix bugzilla: 188044, https://gitee.com/openeuler/kernel/issues/I64SY5 CVE: NA -------------------------------- Remove block device when iocost is initializing may cause null-pointer dereference: CPU1 CPU2 ioc_qos_write blkcg_conf_open_bdev blkdev_get_no_open kobject_get_unless_zero blk_iocost_init rq_qos_add blk_cleanup_queue rq_qos_exit q->rq_qos = rqos->next //iocost is removed from q->roqs blkcg_activate_policy pd_init_fn ioc_pd_init ioc = q_to_ioc(blkg->q) //can't find iocost and return null Fix problem by moving rq_qos_exit() to blk_release_queue(). ioc_qos_write() get bd_device.kobj in blkcg_conf_open_bdev(), so blk_release_queue() will not be activated until iocost initialization is complited. Fixes: 7caa4715 ("blkcg: implement blk-iocost") Conflict: block/blk-core.c commit 4134b635 ("Revert "block: fix null-deref in percpu_ref_put"") changed context, which does not affect this patch. Signed-off-by: NLi Nan <linan122@huawei.com> (cherry picked from commit 2b9719ee)
-
由 Yu Kuai 提交于
hulk inclusion category: bugfix bugzilla: 188107, https://gitee.com/openeuler/kernel/issues/I665S2 CVE: NA -------------------------------- Otherwise io will hang because timer is canceled. And make iocg->online updated under both 'ioc->lock' and 'iocg->waitq.lock', so it can be guaranteed that iocg will stay online while holding any lock. Signed-off-by: NYu Kuai <yukuai3@huawei.com> Signed-off-by: NLi Nan <linan122@huawei.com> (cherry picked from commit bc184a0b)
-
由 Yu Kuai 提交于
hulk inclusion category: bugfix bugzilla: 188107, https://gitee.com/openeuler/kernel/issues/I665S2 CVE: NA -------------------------------- bio will grab blkg reference, however, blkcg->online_pin is not grabbed, hence cgroup can be removed after thread exit while bio is still in progress. Bypass io in this suituation since it doesn't make sense to throttle bio while cgroup is removed. Signed-off-by: NYu Kuai <yukuai3@huawei.com> Signed-off-by: NLi Nan <linan122@huawei.com> (cherry picked from commit ebe0cb55)
-
由 Yu Kuai 提交于
hulk inclusion category: bugfix bugzilla: 188107, https://gitee.com/openeuler/kernel/issues/I665S2 CVE: NA -------------------------------- blkcg_gq->online can't be used in iocost because it get cleared only after all policies are offlined. This patch add a new field 'online' in iocg. Signed-off-by: NYu Kuai <yukuai3@huawei.com> Signed-off-by: NLi Nan <linan122@huawei.com> (cherry picked from commit 3fcd5793)
-
由 Li Nan 提交于
hulk inclusion category: bugfix bugzilla: 188032, https://gitee.com/openeuler/kernel/issues/I64T3E CVE: NA -------------------------------- Our test found the following problem in kernel 5.10: BUG: KASAN: use-after-free in _raw_spin_lock_irqsave+0x71/0xe0 Write of size 4 at addr ffff8881432000e0 by task swapper/4/0 ... Call Trace: <IRQ> dump_stack+0x9c/0xd3 print_address_description.constprop.0+0x19/0x170 __kasan_report.cold+0x6c/0x84 kasan_report+0x3a/0x50 check_memory_region+0xfd/0x1f0 _raw_spin_lock_irqsave+0x71/0xe0 ioc_pd_free+0x9d/0x250 blkg_free.part.0+0x80/0x100 __blkg_release+0xf3/0x1c0 rcu_do_batch+0x292/0x700 rcu_core+0x270/0x2d0 __do_softirq+0xfd/0x402 </IRQ> asm_call_irq_on_stack+0x12/0x20 do_softirq_own_stack+0x37/0x50 irq_exit_rcu+0x134/0x1a0 sysvec_apic_timer_interrupt+0x36/0x80 asm_sysvec_apic_timer_interrupt+0x12/0x20 Freed by task 57: kfree+0xba/0x680 rq_qos_exit+0x5a/0x80 blk_cleanup_queue+0xce/0x1a0 virtblk_remove+0x77/0x130 [virtio_blk] virtio_dev_remove+0x56/0xe0 __device_release_driver+0x2ba/0x450 device_release_driver+0x29/0x40 bus_remove_device+0x1d8/0x2c0 device_del+0x333/0x7e0 device_unregister+0x27/0x90 unregister_virtio_device+0x22/0x40 virtio_pci_remove+0x53/0xb0 pci_device_remove+0x7a/0x130 __device_release_driver+0x2ba/0x450 device_release_driver+0x29/0x40 pci_stop_bus_device+0xcf/0x100 pci_stop_and_remove_bus_device+0x16/0x20 disable_slot+0xa1/0x110 acpiphp_disable_and_eject_slot+0x35/0xe0 hotplug_event+0x1b8/0x3c0 acpiphp_hotplug_notify+0x37/0x70 acpi_device_hotplug+0xee/0x320 acpi_hotplug_work_fn+0x69/0x80 process_one_work+0x3c5/0x730 worker_thread+0x93/0x650 kthread+0x1ba/0x210 ret_from_fork+0x22/0x30 It happened as follow: T1 T2 T3 T4 //delete device del_gendisk bdi_unregister bdi_remove_from_list synchronize_rcu_expedited //rmdir cgroup blkcg_destroy_blkgs blkg_destroy percpu_ref_kill blkg_release call_rcu blk_cleanup_queue rq_qos_exit ioc_rqos_exit kfree(ioc) __blkg_release blkg_free blkg_free_workfn pd_free_fn ioc_pd_free spin_lock_irqsave ->ioc is freed Fix the problem by moving the operation on ioc in ioc_pd_free() to ioc_pd_offline(), and just free resource in ioc_pd_free() like iolatency and throttle. Fixes: 7caa4715 ("blkcg: implement blk-iocost") Signed-off-by: NLi Nan <linan122@huawei.com> (cherry picked from commit 4c2d16fb)
-