May 2024 - Kernel - mailweb.openeuler.org

[PATCH openEuler-1.0-LTS] scsi: sd: Fix sd_do_mode_sense() buffer length handling
by Li Nan 10 May '24

10 May '24

From: Damien Le Moal <damien.lemoal(a)wdc.com> mainline inclusion from mainline-v5.16-rc1 commit c749301ebee82eb5e97dec14b6ab31a4aabe37a6 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9FNFK CVE: CVE-2021-47182 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- For devices that explicitly asked for MODE SENSE(10) use, make sure that scsi_mode_sense() is called with a buffer of at least 8 bytes so that the sense header fits. Link: https://lore.kernel.org/r/20210820070255.682775-4-damien.lemoal@wdc.com Signed-off-by: Damien Le Moal <damien.lemoal(a)wdc.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Fixes: 907ea672e30b ("scsi: core: Fix scsi_mode_sense() buffer length handling") Conflicts: drivers/scsi/sd.c [ Mianline commit 0610959fbbca ("scsi: sd: Allow user to configure command retries") changed context. ] Signed-off-by: Li Nan <linan122(a)huawei.com> --- drivers/scsi/sd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 45d6174d3458..8d3f8ac2d1ce 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -2612,6 +2612,13 @@ sd_do_mode_sense(struct scsi_device *sdp, int dbd, int modepage, unsigned char *buffer, int len, struct scsi_mode_data *data, struct scsi_sense_hdr *sshdr) { + /* + * If we must use MODE SENSE(10), make sure that the buffer length + * is at least 8 bytes so that the mode sense header fits. + */ + if (sdkp->device->use_10_for_ms && len < 8) + len = 8; + return scsi_mode_sense(sdp, dbd, modepage, buffer, len, SD_TIMEOUT, SD_MAX_RETRIES, data, sshdr); -- 2.39.2

2 1

[PATCH OLK-6.6 1/2] netfilter: bridge: confirm multicast packets before passing them up the stack
by Ziyang Xuan 10 May '24

10 May '24

From: Florian Westphal <fw(a)strlen.de> stable inclusion from stable-v6.6.21 commit 80cd0487f630b5382734997c3e5e3003a77db315 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9MPZ8 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 62e7151ae3eb465e0ab52a20c941ff33bb6332e9 ] conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges. Example: macvlan0 | br0 / \ ethX ethY ethX (or Y) receives a L2 multicast or broadcast packet containing an IP packet, flow is not yet in conntrack table. 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting. -> skb->_nfct now references a unconfirmed entry 2. skb is broad/mcast packet. bridge now passes clones out on each bridge interface. 3. skb gets passed up the stack. 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb and schedules a work queue to send them out on the lower devices. The clone skb->_nfct is not a copy, it is the same entry as the original skb. The macvlan rx handler then returns RX_HANDLER_PASS. 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb. The Macvlan broadcast worker and normal confirm path will race. This race will not happen if step 2 already confirmed a clone. In that case later steps perform skb_clone() with skb->_nfct already confirmed (in hash table). This works fine. But such confirmation won't happen when eb/ip/nftables rules dropped the packets before they reached the nf_confirm step in postrouting. Pablo points out that nf_conntrack_bridge doesn't allow use of stateful nat, so we can safely discard the nf_conn entry and let inet call conntrack again. This doesn't work for bridge netfilter: skb could have a nat transformation. Also bridge nf prevents re-invocation of inet prerouting via 'sabotage_in' hook. Work around this problem by explicit confirmation of the entry at LOCAL_IN time, before upper layer has a chance to clone the unconfirmed entry. The downside is that this disables NAT and conntrack helpers. Alternative fix would be to add locking to all code parts that deal with unconfirmed packets, but even if that could be done in a sane way this opens up other problems, for example: -m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4 -m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5 For multicast case, only one of such conflicting mappings will be created, conntrack only handles 1:1 NAT mappings. Users should set create a setup that explicitly marks such traffic NOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypass them, ruleset might have accept rules for untracked traffic already, so user-visible behaviour would change. Suggested-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217777 Signed-off-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Ziyang Xuan <william.xuanziyang(a)huawei.com> --- include/linux/netfilter.h | 1 + net/bridge/br_netfilter_hooks.c | 96 ++++++++++++++++++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 +++++++ net/netfilter/nf_conntrack_core.c | 1 + 4 files changed, 128 insertions(+) diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 94fac194a7b1..f3658dd0d28d 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -471,6 +471,7 @@ struct nf_ct_hook { const struct sk_buff *); void (*attach)(struct sk_buff *nskb, const struct sk_buff *skb); void (*set_closing)(struct nf_conntrack *nfct); + int (*confirm)(struct sk_buff *skb); KABI_RESERVE(1) KABI_RESERVE(2) diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index 92dae4c4922c..6ef67030b4db 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -43,6 +43,10 @@ #include <linux/sysctl.h> #endif +#if IS_ENABLED(CONFIG_NF_CONNTRACK) +#include <net/netfilter/nf_conntrack_core.h> +#endif + static unsigned int brnf_net_id __read_mostly; struct brnf_net { @@ -553,6 +557,90 @@ static unsigned int br_nf_pre_routing(void *priv, return NF_STOLEN; } +#if IS_ENABLED(CONFIG_NF_CONNTRACK) +/* conntracks' nf_confirm logic cannot handle cloned skbs referencing + * the same nf_conn entry, which will happen for multicast (broadcast) + * Frames on bridges. + * + * Example: + * macvlan0 + * br0 + * ethX ethY + * + * ethX (or Y) receives multicast or broadcast packet containing + * an IP packet, not yet in conntrack table. + * + * 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting. + * -> skb->_nfct now references a unconfirmed entry + * 2. skb is broad/mcast packet. bridge now passes clones out on each bridge + * interface. + * 3. skb gets passed up the stack. + * 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb + * and schedules a work queue to send them out on the lower devices. + * + * The clone skb->_nfct is not a copy, it is the same entry as the + * original skb. The macvlan rx handler then returns RX_HANDLER_PASS. + * 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb. + * + * The Macvlan broadcast worker and normal confirm path will race. + * + * This race will not happen if step 2 already confirmed a clone. In that + * case later steps perform skb_clone() with skb->_nfct already confirmed (in + * hash table). This works fine. + * + * But such confirmation won't happen when eb/ip/nftables rules dropped the + * packets before they reached the nf_confirm step in postrouting. + * + * Work around this problem by explicit confirmation of the entry at + * LOCAL_IN time, before upper layer has a chance to clone the unconfirmed + * entry. + * + */ +static unsigned int br_nf_local_in(void *priv, + struct sk_buff *skb, + const struct nf_hook_state *state) +{ + struct nf_conntrack *nfct = skb_nfct(skb); + const struct nf_ct_hook *ct_hook; + struct nf_conn *ct; + int ret; + + if (!nfct || skb->pkt_type == PACKET_HOST) + return NF_ACCEPT; + + ct = container_of(nfct, struct nf_conn, ct_general); + if (likely(nf_ct_is_confirmed(ct))) + return NF_ACCEPT; + + WARN_ON_ONCE(skb_shared(skb)); + WARN_ON_ONCE(refcount_read(&nfct->use) != 1); + + /* We can't call nf_confirm here, it would create a dependency + * on nf_conntrack module. + */ + ct_hook = rcu_dereference(nf_ct_hook); + if (!ct_hook) { + skb->_nfct = 0ul; + nf_conntrack_put(nfct); + return NF_ACCEPT; + } + + nf_bridge_pull_encap_header(skb); + ret = ct_hook->confirm(skb); + switch (ret & NF_VERDICT_MASK) { + case NF_STOLEN: + return NF_STOLEN; + default: + nf_bridge_push_encap_header(skb); + break; + } + + ct = container_of(nfct, struct nf_conn, ct_general); + WARN_ON_ONCE(!nf_ct_is_confirmed(ct)); + + return ret; +} +#endif /* PF_BRIDGE/FORWARD *************************************************/ static int br_nf_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb) @@ -962,6 +1050,14 @@ static const struct nf_hook_ops br_nf_ops[] = { .hooknum = NF_BR_PRE_ROUTING, .priority = NF_BR_PRI_BRNF, }, +#if IS_ENABLED(CONFIG_NF_CONNTRACK) + { + .hook = br_nf_local_in, + .pf = NFPROTO_BRIDGE, + .hooknum = NF_BR_LOCAL_IN, + .priority = NF_BR_PRI_LAST, + }, +#endif { .hook = br_nf_forward_ip, .pf = NFPROTO_BRIDGE, diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 0fcf357ea7ad..d32fce70d797 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -291,6 +291,30 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, return nf_conntrack_in(skb, &bridge_state); } +static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, + const struct nf_hook_state *state) +{ + enum ip_conntrack_info ctinfo; + struct nf_conn *ct; + + if (skb->pkt_type == PACKET_HOST) + return NF_ACCEPT; + + /* nf_conntrack_confirm() cannot handle concurrent clones, + * this happens for broad/multicast frames with e.g. macvlan on top + * of the bridge device. + */ + ct = nf_ct_get(skb, &ctinfo); + if (!ct || nf_ct_is_confirmed(ct) || nf_ct_is_template(ct)) + return NF_ACCEPT; + + /* let inet prerouting call conntrack again */ + skb->_nfct = 0; + nf_ct_put(ct); + + return NF_ACCEPT; +} + static void nf_ct_bridge_frag_save(struct sk_buff *skb, struct nf_bridge_frag_data *data) { @@ -385,6 +409,12 @@ static struct nf_hook_ops nf_ct_bridge_hook_ops[] __read_mostly = { .hooknum = NF_BR_PRE_ROUTING, .priority = NF_IP_PRI_CONNTRACK, }, + { + .hook = nf_ct_bridge_in, + .pf = NFPROTO_BRIDGE, + .hooknum = NF_BR_LOCAL_IN, + .priority = NF_IP_PRI_CONNTRACK_CONFIRM, + }, { .hook = nf_ct_bridge_post, .pf = NFPROTO_BRIDGE, diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 9f6f2e643575..e4ae2a08da6a 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -2766,6 +2766,7 @@ static const struct nf_ct_hook nf_conntrack_hook = { .get_tuple_skb = nf_conntrack_get_tuple_skb, .attach = nf_conntrack_attach, .set_closing = nf_conntrack_set_closing, + .confirm = __nf_conntrack_confirm, }; void nf_conntrack_init_end(void) -- 2.25.1

1 1

[PATCH OLK-6.6 0/3] Revert syscall performance degradation patches
by liwei 10 May '24

10 May '24

This patch group has about 30% impact on syscall performance. liwei (3): Revert "x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI" Revert "x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto" Revert "x86: set SPECTRE_BHI_ON as default" Documentation/admin-guide/hw-vuln/spectre.rst | 4 ++++ .../admin-guide/kernel-parameters.txt | 3 +++ arch/x86/Kconfig | 21 ++++++++++++++++--- arch/x86/kernel/cpu/bugs.c | 10 ++++++++- 4 files changed, 34 insertions(+), 4 deletions(-) -- 2.25.1

2 4

[PATCH OLK-5.10] media: usbtv: Remove useless locks in usbtv_video_free()
by Zeng Heng 10 May '24

10 May '24

From: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> mainline inclusion from mainline-v6.9-rc1 commit 65e6a2773d655172143cc0b927cdc89549842895 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9L9JS CVE: CVE-2024-27072 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000 Also remove usbtv_stop() call since it will be called when unregistering the device. Before 'c838530d230b' this issue would only be noticed if you disconnect while streaming and now it is noticeable even when disconnecting while not streaming. Fixes: c838530d230b ("media: media videobuf2: Be more flexible on the number of queue stored buffers") Fixes: f3d27f34fdd7 ("[media] usbtv: Add driver for Fushicai USBTV007 video frame grabber") Signed-off-by: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Reviewed-by: Tomasz Figa <tfiga(a)chromium.org> Tested-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> [hverkuil: fix minor spelling mistake in log message] Signed-off-by: Zeng Heng <zengheng4(a)huawei.com> --- drivers/media/usb/usbtv/usbtv-video.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/drivers/media/usb/usbtv/usbtv-video.c b/drivers/media/usb/usbtv/usbtv-video.c index 3b4a2e769230..f2aaec0f77c8 100644 --- a/drivers/media/usb/usbtv/usbtv-video.c +++ b/drivers/media/usb/usbtv/usbtv-video.c @@ -959,15 +959,8 @@ int usbtv_video_init(struct usbtv *usbtv) void usbtv_video_free(struct usbtv *usbtv) { - mutex_lock(&usbtv->vb2q_lock); - mutex_lock(&usbtv->v4l2_lock); - - usbtv_stop(usbtv); vb2_video_unregister_device(&usbtv->vdev); v4l2_device_disconnect(&usbtv->v4l2_dev); - mutex_unlock(&usbtv->v4l2_lock); - mutex_unlock(&usbtv->vb2q_lock); - v4l2_device_put(&usbtv->v4l2_dev); } -- 2.25.1

2 1

[PATCH openEuler-22.03-LTS-SP2] media: usbtv: Remove useless locks in usbtv_video_free()
by Zeng Heng 10 May '24

10 May '24

From: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> mainline inclusion from mainline-v6.9-rc1 commit 65e6a2773d655172143cc0b927cdc89549842895 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9L9JS CVE: CVE-2024-27072 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000 Also remove usbtv_stop() call since it will be called when unregistering the device. Before 'c838530d230b' this issue would only be noticed if you disconnect while streaming and now it is noticeable even when disconnecting while not streaming. Fixes: c838530d230b ("media: media videobuf2: Be more flexible on the number of queue stored buffers") Fixes: f3d27f34fdd7 ("[media] usbtv: Add driver for Fushicai USBTV007 video frame grabber") Signed-off-by: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Reviewed-by: Tomasz Figa <tfiga(a)chromium.org> Tested-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> [hverkuil: fix minor spelling mistake in log message] Signed-off-by: Zeng Heng <zengheng4(a)huawei.com> --- drivers/media/usb/usbtv/usbtv-video.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/drivers/media/usb/usbtv/usbtv-video.c b/drivers/media/usb/usbtv/usbtv-video.c index 3b4a2e769230..f2aaec0f77c8 100644 --- a/drivers/media/usb/usbtv/usbtv-video.c +++ b/drivers/media/usb/usbtv/usbtv-video.c @@ -959,15 +959,8 @@ int usbtv_video_init(struct usbtv *usbtv) void usbtv_video_free(struct usbtv *usbtv) { - mutex_lock(&usbtv->vb2q_lock); - mutex_lock(&usbtv->v4l2_lock); - - usbtv_stop(usbtv); vb2_video_unregister_device(&usbtv->vdev); v4l2_device_disconnect(&usbtv->v4l2_dev); - mutex_unlock(&usbtv->v4l2_lock); - mutex_unlock(&usbtv->vb2q_lock); - v4l2_device_put(&usbtv->v4l2_dev); } -- 2.25.1

2 1

[PATCH openEuler-1.0-LTS] media: usbtv: Remove useless locks in usbtv_video_free()
by Zeng Heng 10 May '24

10 May '24

From: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> mainline inclusion from mainline-v6.9-rc1 commit 65e6a2773d655172143cc0b927cdc89549842895 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9L9JS CVE: CVE-2024-27072 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000 Also remove usbtv_stop() call since it will be called when unregistering the device. Before 'c838530d230b' this issue would only be noticed if you disconnect while streaming and now it is noticeable even when disconnecting while not streaming. Fixes: c838530d230b ("media: media videobuf2: Be more flexible on the number of queue stored buffers") Fixes: f3d27f34fdd7 ("[media] usbtv: Add driver for Fushicai USBTV007 video frame grabber") Signed-off-by: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Reviewed-by: Tomasz Figa <tfiga(a)chromium.org> Tested-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> [hverkuil: fix minor spelling mistake in log message] Conflicts: drivers/media/usb/usbtv/usbtv-video.c [The version does not include commit 24b5836dbd45.] Signed-off-by: Zeng Heng <zengheng4(a)huawei.com> --- drivers/media/usb/usbtv/usbtv-video.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/drivers/media/usb/usbtv/usbtv-video.c b/drivers/media/usb/usbtv/usbtv-video.c index 36a9a4017185..096fca028d1f 100644 --- a/drivers/media/usb/usbtv/usbtv-video.c +++ b/drivers/media/usb/usbtv/usbtv-video.c @@ -963,15 +963,8 @@ int usbtv_video_init(struct usbtv *usbtv) void usbtv_video_free(struct usbtv *usbtv) { - mutex_lock(&usbtv->vb2q_lock); - mutex_lock(&usbtv->v4l2_lock); - - usbtv_stop(usbtv); video_unregister_device(&usbtv->vdev); v4l2_device_disconnect(&usbtv->v4l2_dev); - mutex_unlock(&usbtv->v4l2_lock); - mutex_unlock(&usbtv->vb2q_lock); - v4l2_device_put(&usbtv->v4l2_dev); } -- 2.25.1

2 1

[PATCH OLK-5.10] SUNRPC: fix some memleaks in gssx_dec_option_array
by Dong Chenchen 10 May '24

10 May '24

From: Zhipeng Lu <alexious(a)zju.edu.cn> mainline inclusion from mainline-v6.9-rc1 commit 3cfcfc102a5e57b021b786a755a38935e357797d category: bugfix bugzilla: 189901, https://gitee.com/src-openeuler/kernel/issues/I9L9J1 CVE: CVE-2024-27388 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths. Fixes: 1d658336b05f ("SUNRPC: Add RPC based upcall mechanism for RPCGSS auth") Signed-off-by: Zhipeng Lu <alexious(a)zju.edu.cn> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> --- net/sunrpc/auth_gss/gss_rpc_xdr.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c index 2ff7b7083eba..e265b8d38aa1 100644 --- a/net/sunrpc/auth_gss/gss_rpc_xdr.c +++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c @@ -250,8 +250,8 @@ static int gssx_dec_option_array(struct xdr_stream *xdr, creds = kzalloc(sizeof(struct svc_cred), GFP_KERNEL); if (!creds) { - kfree(oa->data); - return -ENOMEM; + err = -ENOMEM; + goto free_oa; } oa->data[0].option.data = CREDS_VALUE; @@ -265,29 +265,40 @@ static int gssx_dec_option_array(struct xdr_stream *xdr, /* option buffer */ p = xdr_inline_decode(xdr, 4); - if (unlikely(p == NULL)) - return -ENOSPC; + if (unlikely(p == NULL)) { + err = -ENOSPC; + goto free_creds; + } length = be32_to_cpup(p); p = xdr_inline_decode(xdr, length); - if (unlikely(p == NULL)) - return -ENOSPC; + if (unlikely(p == NULL)) { + err = -ENOSPC; + goto free_creds; + } if (length == sizeof(CREDS_VALUE) && memcmp(p, CREDS_VALUE, sizeof(CREDS_VALUE)) == 0) { /* We have creds here. parse them */ err = gssx_dec_linux_creds(xdr, creds); if (err) - return err; + goto free_creds; oa->data[0].value.len = 1; /* presence */ } else { /* consume uninteresting buffer */ err = gssx_dec_buffer(xdr, &dummy); if (err) - return err; + goto free_creds; } } return 0; + +free_creds: + kfree(creds); +free_oa: + kfree(oa->data); + oa->data = NULL; + return err; } static int gssx_dec_status(struct xdr_stream *xdr, -- 2.25.1

2 1

[PATCH openEuler-1.0-LTS] SUNRPC: fix some memleaks in gssx_dec_option_array
by Dong Chenchen 10 May '24

10 May '24

From: Zhipeng Lu <alexious(a)zju.edu.cn> mainline inclusion from mainline-v6.9-rc1 commit 3cfcfc102a5e57b021b786a755a38935e357797d category: bugfix bugzilla: 189901, https://gitee.com/src-openeuler/kernel/issues/I9L9J1 CVE: CVE-2024-27388 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths. Fixes: 1d658336b05f ("SUNRPC: Add RPC based upcall mechanism for RPCGSS auth") Signed-off-by: Zhipeng Lu <alexious(a)zju.edu.cn> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> --- net/sunrpc/auth_gss/gss_rpc_xdr.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c index 444380f968f1..730a9c4dc993 100644 --- a/net/sunrpc/auth_gss/gss_rpc_xdr.c +++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c @@ -263,8 +263,8 @@ static int gssx_dec_option_array(struct xdr_stream *xdr, creds = kzalloc(sizeof(struct svc_cred), GFP_KERNEL); if (!creds) { - kfree(oa->data); - return -ENOMEM; + err = -ENOMEM; + goto free_oa; } oa->data[0].option.data = CREDS_VALUE; @@ -278,29 +278,40 @@ static int gssx_dec_option_array(struct xdr_stream *xdr, /* option buffer */ p = xdr_inline_decode(xdr, 4); - if (unlikely(p == NULL)) - return -ENOSPC; + if (unlikely(p == NULL)) { + err = -ENOSPC; + goto free_creds; + } length = be32_to_cpup(p); p = xdr_inline_decode(xdr, length); - if (unlikely(p == NULL)) - return -ENOSPC; + if (unlikely(p == NULL)) { + err = -ENOSPC; + goto free_creds; + } if (length == sizeof(CREDS_VALUE) && memcmp(p, CREDS_VALUE, sizeof(CREDS_VALUE)) == 0) { /* We have creds here. parse them */ err = gssx_dec_linux_creds(xdr, creds); if (err) - return err; + goto free_creds; oa->data[0].value.len = 1; /* presence */ } else { /* consume uninteresting buffer */ err = gssx_dec_buffer(xdr, &dummy); if (err) - return err; + goto free_creds; } } return 0; + +free_creds: + kfree(creds); +free_oa: + kfree(oa->data); + oa->data = NULL; + return err; } static int gssx_dec_status(struct xdr_stream *xdr, -- 2.25.1

2 1

[PATCH openEuler-1.0-LTS v2] SUNRPC: fix a memleak in gss_import_v2_context
by Dong Chenchen 10 May '24

10 May '24

From: Zhipeng Lu <alexious(a)zju.edu.cn> mainline inclusion from mainline-v6.9-rc1 commit e67b652d8e8591d3b1e569dbcdfcee15993e91fa category: bugfix bugzilla: 189914, https://gitee.com/src-openeuler/kernel/issues/I9L9IF CVE: CVE-2023-52653 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2_context nor it only caller gss_krb5_import_sec_context, which frees ctx on error. Thus, this patch reform the last call of gss_import_v2_context to the gss_krb5_import_ctx_v2, preventing the memleak while keepping the return formation. Fixes: 47d848077629 ("gss_krb5: handle new context format from gssd") Signed-off-by: Zhipeng Lu <alexious(a)zju.edu.cn> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> Conflicts: net/sunrpc/auth_gss/gss_krb5_mech.c [commit 279a67cdd491 was not merged] Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> --- net/sunrpc/auth_gss/gss_krb5_mech.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 893d8a480592..f4f3ca817068 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c @@ -588,6 +588,7 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx, { int keylen; u32 time32; + int ret; p = simple_get_bytes(p, end, &ctx->flags, sizeof(ctx->flags)); if (IS_ERR(p)) @@ -644,16 +645,28 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx, switch (ctx->enctype) { case ENCTYPE_DES3_CBC_RAW: - return context_derive_keys_des3(ctx, gfp_mask); + ret = context_derive_keys_des3(ctx, gfp_mask); + break; case ENCTYPE_ARCFOUR_HMAC: - return context_derive_keys_rc4(ctx); + ret = context_derive_keys_rc4(ctx); + break; case ENCTYPE_AES128_CTS_HMAC_SHA1_96: case ENCTYPE_AES256_CTS_HMAC_SHA1_96: - return context_derive_keys_new(ctx, gfp_mask); + ret = context_derive_keys_new(ctx, gfp_mask); + break; default: - return -EINVAL; + ret = -EINVAL; } + if (ret) { + p = ERR_PTR(ret); + goto out_free; + } + + return 0; + +out_free: + kfree(ctx->mech_used.data); out_err: return PTR_ERR(p); } -- 2.25.1

2 1

[PATCH OLK-6.6 v2] openeuler_defconfig: update oedefconfig for the minimum set
by Peng Zhang 10 May '24

10 May '24

From: YGN-NDWD-Official <liuyanze1(a)huawei.com> hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I9NSB7 ---------------------------------------------- The minimum set of kconfig configuration items is different from that defined by the openEuler community. For details about the modification and reason, see the issue. Signed-off-by: YGN-NDWD-Official <liuyanze1(a)huawei.com> --- arch/arm64/configs/openeuler_defconfig | 138 ++++++++++++++----------- arch/x86/configs/openeuler_defconfig | 17 ++- 2 files changed, 94 insertions(+), 61 deletions(-) diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig index baf9159c9826..4932a6be9d6f 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -2,6 +2,7 @@ # Automatically generated file; DO NOT EDIT. # Linux/arm64 6.6.0 Kernel Configuration # +CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y @@ -96,7 +97,6 @@ CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set # CONFIG_PREEMPT_DYNAMIC is not set -# CONFIG_SCHED_CORE is not set # # CPU/Task time and stats accounting @@ -153,7 +153,8 @@ CONFIG_GENERIC_SCHED_CLOCK=y CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" -CONFIG_GCC11_NO_ARRAY_BOUNDS=y +CONFIG_GCC10_NO_ARRAY_BOUNDS=y +CONFIG_CC_NO_ARRAY_BOUNDS=y CONFIG_ARCH_SUPPORTS_INT128=y CONFIG_NUMA_BALANCING=y CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y @@ -171,14 +172,14 @@ CONFIG_CGROUP_WRITEBACK=y CONFIG_CGROUP_V1_WRITEBACK=y CONFIG_CGROUP_SCHED=y CONFIG_QOS_SCHED=y -CONFIG_QOS_SCHED_MULTILEVEL=y +CONFIG_QOS_SCHED_SMT_EXPELLER=y CONFIG_QOS_SCHED_PRIO_LB=y +CONFIG_QOS_SCHED_MULTILEVEL=y CONFIG_FAIR_GROUP_SCHED=y -CONFIG_QOS_SCHED_SMT_EXPELLER=y CONFIG_CFS_BANDWIDTH=y CONFIG_RT_GROUP_SCHED=y -CONFIG_SCHED_MM_CID=y CONFIG_QOS_SCHED_DYNAMIC_AFFINITY=y +CONFIG_SCHED_MM_CID=y CONFIG_QOS_SCHED_SMART_GRID=y CONFIG_CGROUP_PIDS=y CONFIG_CGROUP_RDMA=y @@ -274,6 +275,8 @@ CONFIG_DEBUG_PERF_USE_VMALLOC=y CONFIG_SYSTEM_DATA_VERIFICATION=y CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y +CONFIG_KABI_RESERVE=y +CONFIG_KABI_SIZE_ALIGN_CHECKS=y # # Kexec and crash features @@ -419,6 +422,7 @@ CONFIG_ARM64_ERRATUM_2038923=y CONFIG_ARM64_ERRATUM_1902691=y CONFIG_ARM64_ERRATUM_2457168=y CONFIG_ARM64_ERRATUM_2645198=y +CONFIG_ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD=y CONFIG_ARM64_ERRATUM_2966298=y CONFIG_ARM64_ERRATUM_3117295=y CONFIG_CAVIUM_ERRATUM_22375=y @@ -430,10 +434,10 @@ CONFIG_CAVIUM_TX2_ERRATUM_219=y CONFIG_FUJITSU_ERRATUM_010001=y CONFIG_HISILICON_ERRATUM_161600802=y CONFIG_HISILICON_ERRATUM_162100125=y -CONFIG_HISILICON_ERRATUM_162102203=y # CONFIG_HISILICON_ERRATUM_1980005 is not set CONFIG_HISILICON_ERRATUM_162100801=y CONFIG_HISILICON_ERRATUM_162100602=y +CONFIG_HISILICON_ERRATUM_162102203=y CONFIG_QCOM_FALKOR_ERRATUM_1003=y CONFIG_QCOM_FALKOR_ERRATUM_1009=y CONFIG_QCOM_QDF2400_ERRATUM_0065=y @@ -473,6 +477,7 @@ CONFIG_HZ=250 CONFIG_SCHED_HRTICK=y CONFIG_ARCH_SPARSEMEM_ENABLE=y CONFIG_HW_PERF_EVENTS=y +CONFIG_CC_HAVE_SHADOW_CALL_STACK=y CONFIG_PARAVIRT=y CONFIG_PARAVIRT_SCHED=y CONFIG_PARAVIRT_TIME_ACCOUNTING=y @@ -528,8 +533,8 @@ CONFIG_ARM64_PTR_AUTH_KERNEL=y # ARMv8.4 architectural features # CONFIG_ARM64_AMU_EXTN=y -CONFIG_ARM64_MPAM=y CONFIG_ARM64_TLB_RANGE=y +CONFIG_ARM64_MPAM=y # end of ARMv8.4 architectural features # @@ -567,8 +572,8 @@ CONFIG_IPI_AS_NMI=y CONFIG_NON_NMI_IPI_BACKTRACE=y CONFIG_RELOCATABLE=y CONFIG_RANDOMIZE_BASE=y -CONFIG_KASLR_SKIP_MEM_RANGE=y CONFIG_RANDOMIZE_MODULE_REGION_FULL=y +CONFIG_KASLR_SKIP_MEM_RANGE=y CONFIG_CC_HAVE_STACKPROTECTOR_SYSREG=y CONFIG_STACKPROTECTOR_PER_TASK=y CONFIG_ARM64_CONTPTE=y @@ -580,7 +585,7 @@ CONFIG_CLEAR_USER_WORKAROUND=y # CONFIG_ARM64_ACPI_PARKING_PROTOCOL=y CONFIG_CMDLINE="console=ttyAMA0" -# CONFIG_CMDLINE_FROM_BOOTLOADER is not set +CONFIG_CMDLINE_FROM_BOOTLOADER=y # CONFIG_CMDLINE_FORCE is not set CONFIG_EFI_STUB=y CONFIG_EFI=y @@ -666,7 +671,7 @@ CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y # # CONFIG_CPUFREQ_DT is not set # CONFIG_CPUFREQ_DT_PLATDEV is not set -CONFIG_ACPI_CPPC_CPUFREQ=y +CONFIG_ACPI_CPPC_CPUFREQ=m CONFIG_ACPI_CPPC_CPUFREQ_FIE=y CONFIG_ARM_SCPI_CPUFREQ=m # CONFIG_ARM_QCOM_CPUFREQ_HW is not set @@ -694,7 +699,6 @@ CONFIG_ACPI_MCFG=y CONFIG_ACPI_CPPC_LIB=y CONFIG_ACPI_PROCESSOR=y CONFIG_ACPI_IPMI=m -CONFIG_ACPI_HOTPLUG_CPU=y CONFIG_ACPI_THERMAL=y CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y CONFIG_ACPI_TABLE_UPGRADE=y @@ -725,6 +729,7 @@ CONFIG_ACPI_IORT=y CONFIG_ACPI_GTDT=y CONFIG_ACPI_AGDI=y CONFIG_ACPI_APMT=y +CONFIG_ACPI_MPAM=y CONFIG_ACPI_PPTT=y CONFIG_ACPI_PCC=y CONFIG_ACPI_FFH=y @@ -746,13 +751,16 @@ CONFIG_KVM_VFIO=y CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y CONFIG_HAVE_KVM_IRQ_BYPASS=y CONFIG_HAVE_KVM_VCPU_RUN_PID_CHANGE=y -CONFIG_KVM_HISI_VIRT=y CONFIG_KVM_XFER_TO_GUEST_WORK=y CONFIG_KVM_GENERIC_HARDWARE_ENABLING=y +CONFIG_KVM_HISI_VIRT=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=y -CONFIG_KVM_ARM_MULTI_LPI_TRANSLATE_CACHE=y # CONFIG_NVHE_EL2_DEBUG is not set +CONFIG_KVM_ARM_MULTI_LPI_TRANSLATE_CACHE=y +CONFIG_ARCH_VCPU_STAT=y +CONFIG_VIRT_VTIMER_IRQ_BYPASS=y +CONFIG_CPU_MITIGATIONS=y # # General architecture-dependent options @@ -813,6 +821,8 @@ CONFIG_HAVE_ARCH_STACKLEAK=y CONFIG_HAVE_STACKPROTECTOR=y CONFIG_STACKPROTECTOR=y CONFIG_STACKPROTECTOR_STRONG=y +CONFIG_ARCH_SUPPORTS_SHADOW_CALL_STACK=y +# CONFIG_SHADOW_CALL_STACK is not set CONFIG_ARCH_SUPPORTS_LTO_CLANG=y CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y CONFIG_LTO_NONE=y @@ -852,6 +862,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y CONFIG_STRICT_KERNEL_RWX=y CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y CONFIG_STRICT_MODULE_RWX=y +CONFIG_ARCH_HAS_CPU_RESCTRL=y CONFIG_HAVE_ARCH_COMPILER_H=y CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y CONFIG_ARCH_USE_MEMREMAP_PROT=y @@ -917,6 +928,7 @@ CONFIG_BLK_ICQ=y CONFIG_BLK_DEV_BSGLIB=y CONFIG_BLK_DEV_INTEGRITY=y CONFIG_BLK_DEV_INTEGRITY_T10=m +CONFIG_BLK_DEV_WRITE_MOUNTED=y CONFIG_BLK_DEV_ZONED=y CONFIG_BLK_DEV_THROTTLING=y # CONFIG_BLK_DEV_THROTTLING_LOW is not set @@ -932,7 +944,6 @@ CONFIG_BLK_DEBUG_FS=y CONFIG_BLK_DEBUG_FS_ZONED=y # CONFIG_BLK_SED_OPAL is not set # CONFIG_BLK_INLINE_ENCRYPTION is not set -CONFIG_BLK_DEV_WRITE_MOUNTED=y CONFIG_BLK_DEV_DETECT_WRITING_PART0=y CONFIG_BLK_DEV_WRITE_MOUNTED_DUMP=y @@ -1043,7 +1054,6 @@ CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y CONFIG_PID_MAX_PER_NAMESPACE=y CONFIG_FREEZER=y -CONFIG_KWORKER_NUMA_AFFINITY=y # # Executable file formats @@ -1185,8 +1195,8 @@ CONFIG_LRU_GEN=y CONFIG_ARCH_SUPPORTS_PER_VMA_LOCK=y CONFIG_PER_VMA_LOCK=y CONFIG_LOCK_MM_AND_FIND_VMA=y +CONFIG_IOMMU_MM_DATA=y # CONFIG_ASCEND_FEATURES is not set -# CONFIG_ASCEND_OOM is not set CONFIG_PAGE_CACHE_LIMIT=y # CONFIG_CLEAR_FREELIST_PAGE is not set CONFIG_MEMORY_RELIABLE=y @@ -1336,6 +1346,7 @@ CONFIG_IPV6_PIMSM_V2=y # CONFIG_IPV6_IOAM6_LWTUNNEL is not set CONFIG_NETLABEL=y CONFIG_MPTCP=y +CONFIG_INET_MPTCP_DIAG=m CONFIG_MPTCP_IPV6=y CONFIG_NETWORK_SECMARK=y CONFIG_NET_PTP_CLASSIFY=y @@ -1772,7 +1783,7 @@ CONFIG_NET_SCH_MQPRIO=m CONFIG_NET_SCH_CHOKE=m CONFIG_NET_SCH_QFQ=m CONFIG_NET_SCH_CODEL=m -CONFIG_NET_SCH_FQ_CODEL=m +CONFIG_NET_SCH_FQ_CODEL=y # CONFIG_NET_SCH_CAKE is not set CONFIG_NET_SCH_FQ=m CONFIG_NET_SCH_HHF=m @@ -2100,6 +2111,7 @@ CONFIG_WANT_DEV_COREDUMP=y # CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set CONFIG_HMEM_REPORTING=y # CONFIG_TEST_ASYNC_DRIVER_PROBE is not set +CONFIG_GENERIC_CPU_DEVICES=y CONFIG_GENERIC_CPU_AUTOPROBE=y CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_SOC_BUS=y @@ -2431,9 +2443,9 @@ CONFIG_SENSORS_APDS990X=m # CONFIG_XILINX_SDFEC is not set CONFIG_MISC_RTSX=m # CONFIG_HISI_HIKEY_USB is not set +CONFIG_VIRT_PLAT_DEV=y # CONFIG_OPEN_DICE is not set # CONFIG_VCPU_STALL_DETECTOR is not set -CONFIG_VIRT_PLAT_DEV=y # CONFIG_C2PORT is not set # @@ -2927,12 +2939,6 @@ CONFIG_ICE=m CONFIG_ICE_SWITCHDEV=y CONFIG_FM10K=m # CONFIG_IGC is not set -# CONFIG_JME is not set -CONFIG_NET_VENDOR_ADI=y -# CONFIG_ADIN1110 is not set -CONFIG_NET_VENDOR_LITEX=y -# CONFIG_LITEX_LITEETH is not set -# CONFIG_NET_VENDOR_MARVELL is not set CONFIG_NET_VENDOR_MUCSE=y CONFIG_MXGBE=m CONFIG_MXGBE_FIX_VF_QUEUE=y @@ -2952,6 +2958,15 @@ CONFIG_MGBE=m CONFIG_MGBE_MSIX_COUNT=26 CONFIG_MGBEVF=m # CONFIG_MGBEVF_OPTM_WITH_LARGE is not set +CONFIG_NET_VENDOR_YUNSILICON=y +CONFIG_YUNSILICON_XSC_ETH=m +CONFIG_YUNSILICON_XSC_PCI=m +# CONFIG_JME is not set +CONFIG_NET_VENDOR_ADI=y +# CONFIG_ADIN1110 is not set +CONFIG_NET_VENDOR_LITEX=y +# CONFIG_LITEX_LITEETH is not set +# CONFIG_NET_VENDOR_MARVELL is not set CONFIG_NET_VENDOR_MELLANOX=y CONFIG_MLX4_EN=m CONFIG_MLX4_EN_DCB=y @@ -3057,9 +3072,6 @@ CONFIG_SMSC9420=m # CONFIG_NET_VENDOR_SYNOPSYS is not set # CONFIG_NET_VENDOR_TEHUTI is not set # CONFIG_NET_VENDOR_TI is not set -CONFIG_NET_VENDOR_YUNSILICON=y -CONFIG_YUNSILICON_XSC_ETH=m -CONFIG_YUNSILICON_XSC_PCI=m CONFIG_NET_VENDOR_VERTEXCOM=y # CONFIG_MSE102X is not set # CONFIG_NET_VENDOR_VIA is not set @@ -3885,8 +3897,8 @@ CONFIG_PTP_1588_CLOCK_KVM=y # CONFIG_PTP_1588_CLOCK_IDTCM is not set # CONFIG_PTP_1588_CLOCK_MOCK is not set # CONFIG_PTP_1588_CLOCK_OCP is not set -# end of PTP clock support CONFIG_PTP_HISI=m +# end of PTP clock support CONFIG_PINCTRL=y CONFIG_PINMUX=y @@ -4339,7 +4351,7 @@ CONFIG_CPU_THERMAL=y CONFIG_CPU_FREQ_THERMAL=y CONFIG_THERMAL_EMULATION=y # CONFIG_THERMAL_MMIO is not set -CONFIG_HISI_THERMAL=y +CONFIG_HISI_THERMAL=m # # Qualcomm thermal drivers @@ -4483,7 +4495,6 @@ CONFIG_MFD_CORE=m # CONFIG_MFD_SKY81452 is not set # CONFIG_MFD_STMPE is not set CONFIG_MFD_SYSCON=y -# CONFIG_MFD_TI_AM335X_TSCADC is not set # CONFIG_MFD_LP3943 is not set # CONFIG_MFD_LP8788 is not set # CONFIG_MFD_TI_LMU is not set @@ -5287,9 +5298,8 @@ CONFIG_AUXDISPLAY=y # CONFIG_CHARLCD_BL_OFF is not set # CONFIG_CHARLCD_BL_ON is not set CONFIG_CHARLCD_BL_FLASH=y -CONFIG_DRM=y -# CONFIG_DRM_DEBUG_MM is not set -CONFIG_DRM_KMS_HELPER=y +CONFIG_DRM=m +CONFIG_DRM_KMS_HELPER=m # CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set # CONFIG_DRM_DEBUG_MODESET_LOCK is not set CONFIG_DRM_FBDEV_EMULATION=y @@ -6045,8 +6055,6 @@ CONFIG_MMC_CQHCI=m CONFIG_MMC_TOSHIBA_PCI=m CONFIG_MMC_MTK=m CONFIG_MMC_SDHCI_XENON=m -# CONFIG_MMC_SDHCI_OMAP is not set -# CONFIG_MMC_SDHCI_AM654 is not set # CONFIG_SCSI_UFSHCD is not set CONFIG_MEMSTICK=m # CONFIG_MEMSTICK_DEBUG is not set @@ -6207,7 +6215,8 @@ CONFIG_RTC_LIB=y CONFIG_RTC_CLASS=y CONFIG_RTC_HCTOSYS=y CONFIG_RTC_HCTOSYS_DEVICE="rtc0" -# CONFIG_RTC_SYSTOHC is not set +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" # CONFIG_RTC_DEBUG is not set CONFIG_RTC_NVMEM=y @@ -6434,7 +6443,7 @@ CONFIG_VIRTIO_PCI_LEGACY=y # CONFIG_VIRTIO_VDPA is not set # CONFIG_VIRTIO_PMEM is not set CONFIG_VIRTIO_BALLOON=m -# CONFIG_VIRTIO_MEM is not set +CONFIG_VIRTIO_MEM=m CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_MMIO=m # CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set @@ -6475,6 +6484,7 @@ CONFIG_CHROME_PLATFORMS=y # CONFIG_CROS_HPS_I2C is not set # CONFIG_CHROMEOS_PRIVACY_SCREEN is not set # CONFIG_MELLANOX_PLATFORM is not set +CONFIG_ARM_CPU_RESCTRL=y CONFIG_SURFACE_PLATFORMS=y # CONFIG_SURFACE_3_POWER_OPREGION is not set # CONFIG_SURFACE_GPE is not set @@ -6578,6 +6588,7 @@ CONFIG_IOMMU_DEFAULT_DMA_STRICT=y CONFIG_OF_IOMMU=y CONFIG_IOMMU_DMA=y CONFIG_IOMMU_SVA=y +CONFIG_IOMMU_IOPF=y CONFIG_IOMMUFD=m CONFIG_ARM_SMMU=y # CONFIG_ARM_SMMU_LEGACY_DT_BINDINGS is not set @@ -6702,7 +6713,15 @@ CONFIG_EXTCON_GPIO=m # CONFIG_EXTCON_USBC_TUSB320 is not set # CONFIG_MEMORY is not set # CONFIG_IIO is not set -# CONFIG_NTB is not set +CONFIG_NTB=m +# CONFIG_NTB_MSI is not set +# CONFIG_NTB_IDT is not set +# CONFIG_NTB_EPF is not set +# CONFIG_NTB_SWITCHTEC is not set +# CONFIG_NTB_PINGPONG is not set +# CONFIG_NTB_TOOL is not set +# CONFIG_NTB_PERF is not set +# CONFIG_NTB_TRANSPORT is not set CONFIG_PWM=y CONFIG_PWM_SYSFS=y # CONFIG_PWM_DEBUG is not set @@ -6728,7 +6747,6 @@ CONFIG_ARM_GIC_PHYTIUM_2500=y # CONFIG_AL_FIC is not set CONFIG_HISILICON_IRQ_MBIGEN=y CONFIG_IRQ_MBIGEN_ENABLE_SPI=y -CONFIG_VIRT_VTIMER_IRQ_BYPASS=y # CONFIG_XILINX_INTC is not set CONFIG_PARTITION_PERCPU=y CONFIG_QCOM_IRQ_COMBINER=y @@ -6806,14 +6824,14 @@ CONFIG_ARM_CCN=y # CONFIG_ARM_CMN is not set CONFIG_ARM_PMU=y CONFIG_ARM_PMU_ACPI=y -CONFIG_ARM_SMMU_V3_PMU=y +CONFIG_ARM_SMMU_V3_PMU=m CONFIG_ARM_PMUV3=y # CONFIG_ARM_DSU_PMU is not set CONFIG_QCOM_L2_PMU=y CONFIG_QCOM_L3_PMU=y CONFIG_THUNDERX2_PMU=m CONFIG_XGENE_PMU=y -CONFIG_ARM_SPE_PMU=y +CONFIG_ARM_SPE_PMU=m # CONFIG_ARM_DMC620_PMU is not set # CONFIG_MARVELL_CN10K_TAD_PMU is not set # CONFIG_ALIBABA_UNCORE_DRW_PMU is not set @@ -6925,8 +6943,8 @@ CONFIG_EXT4_FS=m CONFIG_EXT4_USE_FOR_EXT2=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_EXT4_FS_SECURITY=y -CONFIG_EXT4_ERROR_REPORT=y # CONFIG_EXT4_DEBUG is not set +CONFIG_EXT4_ERROR_REPORT=y CONFIG_JBD2=m # CONFIG_JBD2_DEBUG is not set CONFIG_FS_MBCACHE=m @@ -7044,6 +7062,7 @@ CONFIG_PROC_VMCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_PROC_CHILDREN=y +CONFIG_PROC_CPU_RESCTRL=y CONFIG_KERNFS=y CONFIG_SYSFS=y CONFIG_DIRTY_PAGES=y @@ -7101,6 +7120,8 @@ CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_QNX6FS_FS is not set +CONFIG_RESCTRL_FS=y +CONFIG_RESCTRL_RMID_DEPENDS_ON_CLOSID=y # CONFIG_ROMFS_FS is not set CONFIG_PSTORE=y CONFIG_PSTORE_DEFAULT_KMSG_BYTES=10240 @@ -7328,6 +7349,10 @@ CONFIG_IMA_APPRAISE_MODSIG=y CONFIG_IMA_LOAD_X509=y CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" # CONFIG_IMA_APPRAISE_SIGNED_INIT is not set +CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y +CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y +# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +# CONFIG_IMA_DISABLE_HTABLE is not set CONFIG_IMA_DIGEST_LIST=y CONFIG_IMA_DIGEST_LISTS_DIR="/etc/ima/digest_lists" CONFIG_IMA_STANDARD_DIGEST_DB_SIZE=y @@ -7335,14 +7360,11 @@ CONFIG_IMA_STANDARD_DIGEST_DB_SIZE=y # CONFIG_IMA_CUSTOM_DIGEST_DB_SIZE is not set CONFIG_IMA_DIGEST_DB_MEGABYTES=16 CONFIG_IMA_PARSER_BINARY_PATH="/usr/bin/upload_digest_lists" -CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y -CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y -# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set -# CONFIG_IMA_DISABLE_HTABLE is not set CONFIG_EVM=y -CONFIG_EVM_DEFAULT_HASH_SHA1=n +# CONFIG_EVM_DEFAULT_HASH_SHA1 is not set CONFIG_EVM_DEFAULT_HASH_SHA256=y -CONFIG_EVM_DEFAULT_HASH_SHA512=n +# CONFIG_EVM_DEFAULT_HASH_SHA512 is not set +CONFIG_EVM_DEFAULT_HASH="sha256" CONFIG_EVM_ATTR_FSUUID=y # CONFIG_EVM_ADD_XATTRS is not set CONFIG_EVM_LOAD_X509=y @@ -7360,8 +7382,11 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,appar # Memory initialization # CONFIG_INIT_STACK_NONE=y +# CONFIG_INIT_STACK_ALL_PATTERN is not set +# CONFIG_INIT_STACK_ALL_ZERO is not set # CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +# CONFIG_ZERO_CALL_USED_REGS is not set # end of Memory initialization # @@ -7617,7 +7642,6 @@ CONFIG_CAVIUM_CPT=m # CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set # CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set # CONFIG_CRYPTO_DEV_QAT_C62XVF is not set -# CONFIG_CRYPTO_DEV_QAT_ERROR_INJECTION is not set CONFIG_CRYPTO_DEV_CAVIUM_ZIP=m # CONFIG_CRYPTO_DEV_QCE is not set # CONFIG_CRYPTO_DEV_QCOM_RNG is not set @@ -7769,7 +7793,6 @@ CONFIG_BTREE=y CONFIG_INTERVAL_TREE=y CONFIG_INTERVAL_TREE_SPAN_ITER=y CONFIG_XARRAY_MULTI=y -CONFIG_ARCH_VCPU_STAT=y CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT=y @@ -7836,6 +7859,7 @@ CONFIG_SG_POOL=y CONFIG_ARCH_HAS_PMEM_API=y CONFIG_MEMREGION=y CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_ARCH_HAS_COPY_MC=y CONFIG_ARCH_STACKWALK=y CONFIG_STACKDEPOT=y CONFIG_SBITMAP=y @@ -7882,9 +7906,6 @@ CONFIG_DEBUG_INFO_COMPRESSED_NONE=y # CONFIG_DEBUG_INFO_COMPRESSED_ZLIB is not set # CONFIG_DEBUG_INFO_SPLIT is not set CONFIG_DEBUG_INFO_BTF=y -CONFIG_PAHOLE_HAS_SPLIT_BTF=y -CONFIG_DEBUG_INFO_BTF_MODULES=y -# CONFIG_MODULE_ALLOW_BTF_MISMATCH is not set # CONFIG_GDB_SCRIPTS is not set CONFIG_FRAME_WARN=2048 CONFIG_STRIP_ASM_SYMS=y @@ -7924,6 +7945,8 @@ CONFIG_KDB_CONTINUE_CATASTROPHIC=0 CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y # CONFIG_UBSAN is not set CONFIG_HAVE_ARCH_KCSAN=y +CONFIG_HAVE_KCSAN_COMPILER=y +# CONFIG_KCSAN is not set # end of Generic Kernel Debugging Instruments # @@ -7984,6 +8007,7 @@ CONFIG_LOCKUP_DETECTOR=y CONFIG_SOFTLOCKUP_DETECTOR=y # CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y +CONFIG_SDEI_WATCHDOG=y CONFIG_HARDLOCKUP_DETECTOR=y # CONFIG_HARDLOCKUP_DETECTOR_PREFER_BUDDY is not set CONFIG_HARDLOCKUP_DETECTOR_PERF=y @@ -7991,7 +8015,6 @@ CONFIG_HARDLOCKUP_DETECTOR_PERF=y # CONFIG_HARDLOCKUP_DETECTOR_ARCH is not set CONFIG_HARDLOCKUP_DETECTOR_COUNTS_HRTIMER=y CONFIG_BOOTPARAM_HARDLOCKUP_PANIC=y -CONFIG_SDEI_WATCHDOG=y CONFIG_DETECT_HUNG_TASK=y CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 # CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set @@ -8045,8 +8068,6 @@ CONFIG_DEBUG_LIST=y # CONFIG_DEBUG_MAPLE_TREE is not set # end of Debug kernel data structures -# CONFIG_DEBUG_CREDENTIALS is not set - # # RCU Debugging # @@ -8170,6 +8191,7 @@ CONFIG_ULTRASOC_SMB=m CONFIG_FUNCTION_ERROR_INJECTION=y # CONFIG_FAULT_INJECTION is not set CONFIG_ARCH_HAS_KCOV=y +# CONFIG_KCOV is not set # CONFIG_RUNTIME_TESTING_MENU is not set CONFIG_ARCH_USE_MEMTEST=y # CONFIG_MEMTEST is not set @@ -8180,5 +8202,5 @@ CONFIG_ARCH_USE_MEMTEST=y # # end of Rust hacking # end of Kernel hacking -CONFIG_KABI_SIZE_ALIGN_CHECKS=y -CONFIG_KABI_RESERVE=y + +CONFIG_KWORKER_NUMA_AFFINITY=y diff --git a/arch/x86/configs/openeuler_defconfig b/arch/x86/configs/openeuler_defconfig index e68707028ddd..9b5df8585310 100644 --- a/arch/x86/configs/openeuler_defconfig +++ b/arch/x86/configs/openeuler_defconfig @@ -2,6 +2,8 @@ # Automatically generated file; DO NOT EDIT. # Linux/x86 6.6.0 Kernel Configuration # +CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y +CONFIG_TOOLS_SUPPORT_RELR=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y @@ -170,6 +172,7 @@ CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" CONFIG_GCC10_NO_ARRAY_BOUNDS=y +CONFIG_CC_NO_ARRAY_BOUNDS=y CONFIG_ARCH_SUPPORTS_INT128=y CONFIG_NUMA_BALANCING=y CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y @@ -546,6 +549,7 @@ CONFIG_CALL_DEPTH_TRACKING=y CONFIG_CPU_IBPB_ENTRY=y CONFIG_CPU_IBRS_ENTRY=y CONFIG_CPU_SRSO=y +# CONFIG_SLS is not set # CONFIG_GDS_FORCE_MITIGATION is not set CONFIG_MITIGATION_RFDS=y CONFIG_MITIGATION_SPECTRE_BHI=y @@ -2005,7 +2009,7 @@ CONFIG_PCIEASPM_DEFAULT=y CONFIG_PCIE_PME=y CONFIG_PCIE_DPC=y # CONFIG_PCIE_PTM is not set -# CONFIG_PCIE_EDR is not set +CONFIG_PCIE_EDR=y CONFIG_PCI_MSI=y CONFIG_PCI_QUIRKS=y # CONFIG_PCI_DEBUG is not set @@ -6905,7 +6909,8 @@ CONFIG_RTC_MC146818_LIB=y CONFIG_RTC_CLASS=y CONFIG_RTC_HCTOSYS=y CONFIG_RTC_HCTOSYS_DEVICE="rtc0" -# CONFIG_RTC_SYSTOHC is not set +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" # CONFIG_RTC_DEBUG is not set CONFIG_RTC_NVMEM=y @@ -7106,7 +7111,8 @@ CONFIG_VIRTIO_PCI_LEGACY=y CONFIG_VIRTIO_BALLOON=m CONFIG_VIRTIO_MEM=m CONFIG_VIRTIO_INPUT=m -# CONFIG_VIRTIO_MMIO is not set +CONFIG_VIRTIO_MMIO=m +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set CONFIG_VIRTIO_DMA_SHARED_BUFFER=m # CONFIG_VDPA is not set CONFIG_VHOST_IOTLB=m @@ -8530,8 +8536,11 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,appar # Memory initialization # CONFIG_INIT_STACK_NONE=y +# CONFIG_INIT_STACK_ALL_PATTERN is not set +# CONFIG_INIT_STACK_ALL_ZERO is not set # CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +# CONFIG_ZERO_CALL_USED_REGS is not set # end of Memory initialization # @@ -9068,6 +9077,8 @@ CONFIG_ARCH_HAS_EARLY_DEBUG=y CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y # CONFIG_UBSAN is not set CONFIG_HAVE_ARCH_KCSAN=y +CONFIG_HAVE_KCSAN_COMPILER=y +# CONFIG_KCSAN is not set # end of Generic Kernel Debugging Instruments # -- 2.25.1

2 1

2024

2023

2022

2021

2020

2019

Kernel May 2024