- Kernel - mailweb.openeuler.org

[PATCH v2 openEuler-26.09 0/3] Introduce xsched dmem
by Liu Kai 03 Mar '26

03 Mar '26

Introduce xsched dmem Alexander Pavlenko (3): xsched/dmem: init xsched dmem region xsched/dmem: introduce xsched_dmem_alloc() xsched/dmem: introduce xsched_dmem_free() include/linux/xsched.h | 16 ++++ include/uapi/linux/xcu_vstream.h | 8 ++ kernel/xsched/Makefile | 1 + kernel/xsched/core.c | 4 + kernel/xsched/dmem.c | 135 +++++++++++++++++++++++++++++++ kernel/xsched/vstream.c | 42 ++++++++++ 6 files changed, 206 insertions(+) create mode 100644 kernel/xsched/dmem.c -- 2.34.1

2 4

[PATCH OLK-5.10] hwmon: (acpi_power_meter) Fix deadlocks related to acpi_power_meter_notify()
by Yin Tirui 03 Mar '26

03 Mar '26

From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> mainline inclusion from mainline-v6.19 commit 615901b57b7ef8eb655f71358f7e956e42bcd16b category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/13743 CVE: CVE-2026-23186 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- The acpi_power_meter driver's .notify() callback function, acpi_power_meter_notify(), calls hwmon_device_unregister() under a lock that is also acquired by callbacks in sysfs attributes of the device being unregistered which is prone to deadlocks between sysfs access and device removal. Address this by moving the hwmon device removal in acpi_power_meter_notify() outside the lock in question, but notice that doing it alone is not sufficient because two concurrent METER_NOTIFY_CONFIG notifications may be attempting to remove the same device at the same time. To prevent that from happening, add a new lock serializing the execution of the switch () statement in acpi_power_meter_notify(). For simplicity, it is a static mutex which should not be a problem from the performance perspective. The new lock also allows the hwmon_device_register_with_info() in acpi_power_meter_notify() to be called outside the inner lock because it prevents the other notifications handled by that function from manipulating the "resource" object while the hwmon device based on it is being registered. The sending of ACPI netlink messages from acpi_power_meter_notify() is serialized by the new lock too which generally helps to ensure that the order of handling firmware notifications is the same as the order of sending netlink messages related to them. In addition, notice that hwmon_device_register_with_info() may fail in which case resource->hwmon_dev will become an error pointer, so add checks to avoid attempting to unregister the hwmon device pointer to by it in that case to acpi_power_meter_notify() and acpi_power_meter_remove(). Fixes: 16746ce8adfe ("hwmon: (acpi_power_meter) Replace the deprecated hwmon_device_register") Closes: https://lore.kernel.org/linux-hwmon/CAK8fFZ58fidGUCHi5WFX0uoTPzveUUDzT=k=AA… Reported-by: Jaroslav Pulchart <jaroslav.pulchart(a)gooddata.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Yin Tirui <yintirui(a)huawei.com> --- drivers/hwmon/acpi_power_meter.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c index 95d0d39738a1..02a57ea3e566 100644 --- a/drivers/hwmon/acpi_power_meter.c +++ b/drivers/hwmon/acpi_power_meter.c @@ -47,6 +47,8 @@ static int cap_in_hardware; static bool force_cap_on; +static DEFINE_MUTEX(acpi_notify_lock); + static int can_cap_in_hardware(void) { return force_cap_on || cap_in_hardware; @@ -826,18 +828,26 @@ static void acpi_power_meter_notify(struct acpi_device *device, u32 event) resource = acpi_driver_data(device); + guard(mutex)(&acpi_notify_lock); + switch (event) { case METER_NOTIFY_CONFIG: + if (!IS_ERR(resource->hwmon_dev)) + hwmon_device_unregister(resource->hwmon_dev); + mutex_lock(&resource->lock); + free_capabilities(resource); remove_domain_devices(resource); - hwmon_device_unregister(resource->hwmon_dev); res = read_capabilities(resource); if (res) dev_err_once(&device->dev, "read capabilities failed.\n"); res = read_domain_devices(resource); if (res && res != -ENODEV) dev_err_once(&device->dev, "read domain devices failed.\n"); + + mutex_unlock(&resource->lock); + resource->hwmon_dev = hwmon_device_register_with_info(&device->dev, ACPI_POWER_METER_NAME, @@ -846,7 +856,7 @@ static void acpi_power_meter_notify(struct acpi_device *device, u32 event) power_extra_groups); if (IS_ERR(resource->hwmon_dev)) dev_err_once(&device->dev, "register hwmon device failed.\n"); - mutex_unlock(&resource->lock); + break; case METER_NOTIFY_TRIP: sysfs_notify(&device->dev.kobj, NULL, POWER_AVERAGE_NAME); @@ -956,7 +966,8 @@ static int acpi_power_meter_remove(struct acpi_device *device) return -EINVAL; resource = acpi_driver_data(device); - hwmon_device_unregister(resource->hwmon_dev); + if (!IS_ERR(resource->hwmon_dev)) + hwmon_device_unregister(resource->hwmon_dev); remove_domain_devices(resource); free_capabilities(resource); -- 2.43.0

2 1

[PATCH OLK-5.10 0/3] CVE-2025-39967
by Zicheng Qu 03 Mar '26

03 Mar '26

Kees Cook (1): overflow: Allow mixed type arguments Samasth Norway Ananda (1): fbcon: fix integer overflow in fbcon_do_set_font Thomas Zimmermann (1): fbcon: Fix OOB access in font allocation drivers/video/fbdev/core/fbcon.c | 13 ++++-- include/linux/overflow.h | 72 ++++++++++++++++++-------------- 2 files changed, 51 insertions(+), 34 deletions(-) -- 2.34.1

2 4

[PATCH v4 OLK-6.6 0/8] arm64: Add memory poison recovery support for various paths
by Wupeng Ma 03 Mar '26

03 Mar '26

This series enhances the arm64 kernel's ability to recover from memory poison (hardware memory errors) encountered during common I/O and data copy operations. The work extends the existing RAS error handling framework to gracefully handle poison in scenarios that previously could lead to kernel panics or silent data corruption. Memory errors are increasingly common in large-scale deployments; recovering from them where possible improves system reliability and availability. The patches implement recovery in key paths such as copy_{from/to}_user, iov_iter, __kernel_read, and shmem_file_read_iter, ensuring that when poison is consumed, the kernel can either complete the operation safely (by returning an error) or deliver the appropriate signal to the affected user process. Additionally, the series refines the SEA (Synchronous External Abort) handling path: it moves siaddr extraction earlier for accurate signal info, adds RAS logging for better diagnostics, and ensures a SIGBUS is sent to user tasks when APEI claims fail. The series has been tested on ARM64 platforms with RAS capabilities, using error injection to verify that poison is correctly handled and that appropriate errors or signals are delivered. Feedback and review are appreciated. Changelog since v1: - use correct issue Changelog since v2: - fix compile error on arm Linus Torvalds (1): iov_iter: get rid of 'copy_mc' flag Wupeng Ma (7): arm64: mm: support recovery from copy_{from/to}_user_page() iov_iter: add mc support for copy_page_to_iter arm64: fs: support poison recovery from __kernel_read() arm64: mm: shmem: support poison recovery from shmem_file_read_iter() arm64: move getting valid siaddr to the top of do_sea arm64: add ras log during do_sea arm64: send sig fault for user task when apei_claim_sea fails arch/arm/include/asm/cacheflush.h | 24 +++++++++++++++ arch/arm64/include/asm/cacheflush.h | 7 +++++ arch/arm64/kernel/acpi.c | 2 ++ arch/arm64/mm/extable.c | 5 +++- arch/arm64/mm/fault.c | 46 ++++++++++++++++++++++------- arch/arm64/mm/flush.c | 11 +++++++ fs/coredump.c | 45 ++++++++++++++++++++++++++-- include/asm-generic/cacheflush.h | 24 +++++++++++++++ lib/iov_iter.c | 16 ++++++++-- mm/filemap.c | 3 ++ mm/memory.c | 15 +++++++--- mm/shmem.c | 4 +++ 12 files changed, 182 insertions(+), 20 deletions(-) -- 2.43.0

2 9

[PATCH v4 openEuler-26.09 00/13] Introduce dmem cgroup
by Liu Kai 03 Mar '26

03 Mar '26

Introduce dmem cgroup Alexander Pavlenko (1): xsched/dmem: set max region size of xsched dmem root group to physical XPU memory size Chen Ridong (3): cgroup/dmem: fix NULL pointer dereference when setting max cgroup/dmem: avoid rcu warning when unregister region cgroup/dmem: avoid pool UAF Friedrich Vock (1): cgroup/dmem: Don't open-code css_for_each_descendant_pre Geert Uytterhoeven (1): cgroup/rdma: Drop bogus PAGE_COUNTER select Jiapeng Chong (1): kernel/cgroup: Remove the unused variable climit Maarten Lankhorst (2): mm/page_counter: move calculating protection values to page_counter kernel/cgroup: Add "dmem" memory accounting cgroup Maxime Ripard (3): cgroup/dmem: Select PAGE_COUNTER cgroup/dmem: Fix parameters documentation doc/cgroup: Fix title underline length Roman Gushchin (1): mm: page_counters: put page_counter_calculate_protection() under CONFIG_MEMCG Documentation/admin-guide/cgroup-v2.rst | 58 +- Documentation/core-api/cgroup.rst | 9 + Documentation/core-api/index.rst | 1 + Documentation/gpu/drm-compute.rst | 54 ++ include/linux/cgroup_dmem.h | 66 ++ include/linux/cgroup_subsys.h | 4 + include/linux/page_counter.h | 10 + init/Kconfig | 10 + kernel/cgroup/Makefile | 1 + kernel/cgroup/cgroup.c | 2 +- kernel/cgroup/dmem.c | 888 ++++++++++++++++++++++++ mm/memcontrol.c | 154 +--- mm/page_counter.c | 175 +++++ 13 files changed, 1273 insertions(+), 159 deletions(-) create mode 100644 Documentation/core-api/cgroup.rst create mode 100644 Documentation/gpu/drm-compute.rst create mode 100644 include/linux/cgroup_dmem.h create mode 100644 kernel/cgroup/dmem.c -- 2.34.1

2 14

[PATCH OLK-6.6 0/3] CVE-2026-23102
by Liu Mingrui 03 Mar '26

03 Mar '26

From: Mingrui Liu <liumingrui(a)huawei.com> CVE-2026-23102 Mark Rutland (3): arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state arm64/fpsimd: signal: Consistently read FPSIMD context arm64/fpsimd: signal: Fix restoration of SVE context arch/arm64/kernel/signal.c | 92 +++++++++++++++++++++++--------------- 1 file changed, 57 insertions(+), 35 deletions(-) -- 2.34.1

2 4

[PATCH OLK-6.6 0/3] CVE-2026-23102
by Liu Mingrui 03 Mar '26

03 Mar '26

From: Mingrui Liu <liumingrui(a)huawei.com> CVE-2026-23102 Mark Rutland (3): arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state arm64/fpsimd: signal: Consistently read FPSIMD context arm64/fpsimd: signal: Fix restoration of SVE context arch/arm64/kernel/signal.c | 92 +++++++++++++++++++++++--------------- 1 file changed, 57 insertions(+), 35 deletions(-) -- 2.34.1

1 3

[PATCH OLK-6.6 0/3] CVE-2026-23102
by Liu Mingrui 03 Mar '26

03 Mar '26

From: Mingrui Liu <liumingrui(a)huawei.com> CVE-2026-23102 Mark Rutland (3): arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state arm64/fpsimd: signal: Consistently read FPSIMD context arm64/fpsimd: signal: Fix restoration of SVE context arch/arm64/kernel/signal.c | 92 +++++++++++++++++++++++--------------- 1 file changed, 57 insertions(+), 35 deletions(-) -- 2.34.1

2 4

[PATCH v3 OLK-6.6 0/8] arm64: Add memory poison recovery support for various paths
by Wupeng Ma 03 Mar '26

03 Mar '26

This series enhances the arm64 kernel's ability to recover from memory poison (hardware memory errors) encountered during common I/O and data copy operations. The work extends the existing RAS error handling framework to gracefully handle poison in scenarios that previously could lead to kernel panics or silent data corruption. Memory errors are increasingly common in large-scale deployments; recovering from them where possible improves system reliability and availability. The patches implement recovery in key paths such as copy_{from/to}_user, iov_iter, __kernel_read, and shmem_file_read_iter, ensuring that when poison is consumed, the kernel can either complete the operation safely (by returning an error) or deliver the appropriate signal to the affected user process. Additionally, the series refines the SEA (Synchronous External Abort) handling path: it moves siaddr extraction earlier for accurate signal info, adds RAS logging for better diagnostics, and ensures a SIGBUS is sent to user tasks when APEI claims fail. The series has been tested on ARM64 platforms with RAS capabilities, using error injection to verify that poison is correctly handled and that appropriate errors or signals are delivered. Feedback and review are appreciated. Changelog since v1: - use correct issue Changelog since v2: - fix compile error on arm Linus Torvalds (1): iov_iter: get rid of 'copy_mc' flag Wupeng Ma (7): arm64: mm: support recovery from copy_{from/to}_user_page() iov_iter: add mc support for copy_page_to_iter arm64: fs: support poison recovery from __kernel_read() arm64: mm: shmem: support poison recovery from shmem_file_read_iter() arm64: move getting valid siaddr to the top of do_sea arm64: add ras log during do_sea arm64: send sig fault for user task when apei_claim_sea fails arch/arm/include/asm/cacheflush.h | 2 ++ arch/arm64/include/asm/cacheflush.h | 7 +++++ arch/arm64/kernel/acpi.c | 2 ++ arch/arm64/mm/extable.c | 5 +++- arch/arm64/mm/fault.c | 46 ++++++++++++++++++++++------- arch/arm64/mm/flush.c | 11 +++++++ fs/coredump.c | 45 ++++++++++++++++++++++++++-- include/asm-generic/cacheflush.h | 24 +++++++++++++++ lib/iov_iter.c | 16 ++++++++-- mm/filemap.c | 3 ++ mm/memory.c | 15 +++++++--- mm/shmem.c | 4 +++ 12 files changed, 160 insertions(+), 20 deletions(-) -- 2.43.0

2 9

[PATCH OLK-6.6 0/3] CVE-2026-23102
by Liu Mingrui 03 Mar '26

03 Mar '26

From: Mingrui Liu <liumingrui(a)huawei.com> CVE-2026-23102 Mark Rutland (3): arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state arm64/fpsimd: signal: Consistently read FPSIMD context arm64/fpsimd: signal: Fix restoration of SVE context arch/arm64/kernel/signal.c | 92 +++++++++++++++++++++++--------------- 1 file changed, 57 insertions(+), 35 deletions(-) -- 2.34.1

2 4