[PATCH 1/3] mm/swap_state: fix a data race in swapin_nr_pages
From: Qian Cai <cai@lca.pw> mainline inclusion from mainline-v5.8-rc1 commit d6c1f098f2a7ba62627c9bc17cda28f534ef9e4a category: bugfix bugzilla: 35806 CVE: NA ------------------------------------------------- "prev_offset" is a static variable in swapin_nr_pages() that can be accessed concurrently with only mmap_sem held in read mode as noticed by KCSAN, BUG: KCSAN: data-race in swap_cluster_readahead / swap_cluster_readahead write to 0xffffffff92763830 of 8 bytes by task 14795 on cpu 17: swap_cluster_readahead+0x2a6/0x5e0 swapin_readahead+0x92/0x8dc do_swap_page+0x49b/0xf20 __handle_mm_fault+0xcfb/0xd70 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x715 page_fault+0x34/0x40 1 lock held by (dnf)/14795: #0: ffff897bd2e98858 (&mm->mmap_sem#2){++++}-{3:3}, at: do_page_fault+0x143/0x715 do_user_addr_fault at arch/x86/mm/fault.c:1405 (inlined by) do_page_fault at arch/x86/mm/fault.c:1535 irq event stamp: 83493 count_memcg_event_mm+0x1a6/0x270 count_memcg_event_mm+0x119/0x270 __do_softirq+0x365/0x589 irq_exit+0xa2/0xc0 read to 0xffffffff92763830 of 8 bytes by task 1 on cpu 22: swap_cluster_readahead+0xfd/0x5e0 swapin_readahead+0x92/0x8dc do_swap_page+0x49b/0xf20 __handle_mm_fault+0xcfb/0xd70 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x715 page_fault+0x34/0x40 1 lock held by systemd/1: #0: ffff897c38f14858 (&mm->mmap_sem#2){++++}-{3:3}, at: do_page_fault+0x143/0x715 irq event stamp: 43530289 count_memcg_event_mm+0x1a6/0x270 count_memcg_event_mm+0x119/0x270 __do_softirq+0x365/0x589 irq_exit+0xa2/0xc0 Signed-off-by: Qian Cai <cai@lca.pw> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: Marco Elver <elver@google.com> Cc: Hugh Dickins <hughd@google.com> Link: http://lkml.kernel.org/r/20200402213748.2237-1-cai@lca.pw Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Liu Shixin <liushixin2@huawei.com> Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- mm/swap_state.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mm/swap_state.c b/mm/swap_state.c index b776b472974c..2137e2d57196 100644 --- a/mm/swap_state.c +++ b/mm/swap_state.c @@ -548,10 +548,11 @@ static unsigned long swapin_nr_pages(unsigned long offset) return 1; hits = atomic_xchg(&swapin_readahead_hits, 0); - pages = __swapin_nr_pages(prev_offset, offset, hits, max_pages, + pages = __swapin_nr_pages(READ_ONCE(prev_offset), offset, hits, + max_pages, atomic_read(&last_readahead_pages)); if (!hits) - prev_offset = offset; + WRITE_ONCE(prev_offset, offset); atomic_set(&last_readahead_pages, pages); return pages; -- 2.25.1
From: Ding Tianhong <dingtianhong@huawei.com> ascend inclusion category: feature bugzilla: NA CVE: NA ------------------------------------------------- The mem_sleep_current is set to PM_SUSPEND_TO_IDLE default, it would cause the system to hang up if the wake-up device is not registered, therefore the PM_SUSPEND_ON need to be set to prevent the system from entering an endless loop. Signed-off-by: Ding Tianhong <dingtianhong@huawei.com> Reviewed-by: Hanjun Guo <guohanjun@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- arch/arm64/mm/init.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 88887e0722b7..883350f9cc42 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -41,6 +41,7 @@ #include <linux/kexec.h> #include <linux/crash_dump.h> #include <linux/iommu.h> +#include <linux/suspend.h> #include <asm/boot.h> #include <asm/fixmap.h> @@ -779,6 +780,9 @@ static int __init ascend_enable_setup(char *__unused) if (IS_ENABLED(CONFIG_ASCEND_CHARGE_MIGRATE_HUGEPAGES)) enable_charge_mighp = 1; + if (IS_ENABLED(CONFIG_SUSPEND)) + mem_sleep_current = PM_SUSPEND_ON; + return 1; } -- 2.25.1
From: jiangfangjie <jiangfangjie@huawei.com> hulk inclusion category: feature bugzilla: NA CVE: NA This patch is used to configure the TPM driver compilation option for ARM64. Signed-off-by: jiangfangjie <jiangfangjie@huawei.com> Reviewed-by: Xie XiuQi <xiexiuqi@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- arch/arm64/configs/openeuler_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig index 2225dc76df0b..51600dafff85 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -3039,7 +3039,7 @@ CONFIG_MAX_RAW_DEVS=8192 CONFIG_TCG_TPM=m CONFIG_HW_RANDOM_TPM=y CONFIG_TCG_TIS_CORE=m -# CONFIG_TCG_TIS is not set +CONFIG_TCG_TIS=m CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set -- 2.25.1
participants (1)
-
Yang Yingliang