- Kernel - mailweb.openeuler.org

[[PATCH OLK-5.10] Revert feature — arm64: Add memmap parameter and register pmem] revert feature — [arm64: Add memmap parameter and register pmem]
by Zhuling 27 Dec '21

27 Dec '21

euleros inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4O31I?from=project-issue CVE: NA The reserve memory of PMEM conflicts with "add memmap interface to reserved memory for mremap syscall usage", need to rollback, resubmit after adaptation. Feature related commit： 1.PMEM function commit:94dc364f5eda10f49449ba573dc3322e1ea92280 2.PMEM feature config commit: 36d7a831e15ceb84e937122c87d01c14242dc377 Signed-off-by: Zhuling <zhuling8(a)huawei.com> --- arch/arm64/Kconfig | 21 -------- arch/arm64/configs/openeuler_defconfig | 3 -- arch/arm64/kernel/Makefile | 1 - arch/arm64/kernel/pmem.c | 35 ------------- arch/arm64/kernel/setup.c | 10 ---- arch/arm64/mm/init.c | 94 ---------------------------------- drivers/nvdimm/Kconfig | 5 -- drivers/nvdimm/Makefile | 1 - 8 files changed, 170 deletions(-) delete mode 100644 arch/arm64/kernel/pmem.c diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index df90a6e..2df4b31 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1321,27 +1321,6 @@ config RODATA_FULL_DEFAULT_ENABLED This requires the linear region to be mapped down to pages, which may adversely affect performance in some cases. -config ARM64_PMEM_RESERVE - bool "Reserve memory for persistent storage" - default n - help - Use memmap=nn[KMG]!ss[KMG](memmap=100K!0x1a0000000) reserve - memory for persistent storage. - - Say y here to enable this feature. - -config ARM64_PMEM_LEGACY_DEVICE - bool "Create persistent storage" - depends on BLK_DEV - depends on LIBNVDIMM - select ARM64_PMEM_RESERVE - help - Use reserved memory for persistent storage when the kernel - restart or update. the data in PMEM will not be lost and - can be loaded faster. - - Say y if unsure. - config ARM64_SW_TTBR0_PAN bool "Emulate Privileged Access Never using TTBR0_EL1 switching" help diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig index 17bc875..b5fc851 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -416,8 +416,6 @@ CONFIG_ARM64_CPU_PARK=y CONFIG_FORCE_MAX_ZONEORDER=11 CONFIG_UNMAP_KERNEL_AT_EL0=y CONFIG_RODATA_FULL_DEFAULT_ENABLED=y -CONFIG_ARM64_PMEM_RESERVE=y -CONFIG_ARM64_PMEM_LEGACY_DEVICE=y # CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_TAGGED_ADDR_ABI=y CONFIG_ARM64_ILP32=y @@ -6026,7 +6024,6 @@ CONFIG_ND_BTT=m CONFIG_BTT=y CONFIG_OF_PMEM=m CONFIG_NVDIMM_KEYS=y -CONFIG_PMEM_LEGACY=m CONFIG_DAX_DRIVER=y CONFIG_DAX=y CONFIG_DEV_DAX=m diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile index f615325..169d90f 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -68,7 +68,6 @@ obj-$(CONFIG_ARM64_PTR_AUTH) += pointer_auth.o obj-$(CONFIG_SHADOW_CALL_STACK) += scs.o obj-$(CONFIG_ARM64_MTE) += mte.o obj-$(CONFIG_MPAM) += mpam/ -obj-$(CONFIG_ARM64_PMEM_LEGACY_DEVICE) += pmem.o obj-y += vdso/ probes/ obj-$(CONFIG_COMPAT_VDSO) += vdso32/ diff --git a/arch/arm64/kernel/pmem.c b/arch/arm64/kernel/pmem.c deleted file mode 100644 index 16eaf70..0000000 --- a/arch/arm64/kernel/pmem.c +++ /dev/null @@ -1,35 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * Copyright(c) 2021 Huawei Technologies Co., Ltd - * - * Derived from x86 and arm64 implement PMEM. - */ -#include <linux/platform_device.h> -#include <linux/init.h> -#include <linux/ioport.h> -#include <linux/module.h> - -static int found(struct resource *res, void *data) -{ - return 1; -} - -static int __init register_e820_pmem(void) -{ - struct platform_device *pdev; - int rc; - - rc = walk_iomem_res_desc(IORES_DESC_PERSISTENT_MEMORY_LEGACY, - IORESOURCE_MEM, 0, -1, NULL, found); - if (rc <= 0) - return 0; - - /* - * See drivers/nvdimm/e820.c for the implementation, this is - * simply here to trigger the module to load on demand. - */ - pdev = platform_device_alloc("e820_pmem", -1); - - return platform_device_add(pdev); -} -device_initcall(register_e820_pmem); diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c index 88ec495..7cd0425 100644 --- a/arch/arm64/kernel/setup.c +++ b/arch/arm64/kernel/setup.c @@ -70,10 +70,6 @@ static int __init arm64_enable_cpu0_hotplug(char *str) __setup("arm64_cpu0_hotplug", arm64_enable_cpu0_hotplug); #endif -#ifdef CONFIG_ARM64_PMEM_RESERVE -extern struct resource pmem_res; -#endif - phys_addr_t __fdt_pointer __initdata; /* @@ -288,12 +284,6 @@ static void __init request_standard_resources(void) request_resource(res, &pin_memory_resource); #endif } - -#ifdef CONFIG_ARM64_PMEM_RESERVE - if (pmem_res.end && pmem_res.start) - request_resource(&iomem_resource, &pmem_res); -#endif - } static int __init reserve_memblock_reserved_regions(void) diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 3b9401e..e8d4461 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -55,7 +55,6 @@ */ s64 memstart_addr __ro_after_init = -1; EXPORT_SYMBOL(memstart_addr); -phys_addr_t start_at, mem_size; #ifdef CONFIG_PIN_MEMORY struct resource pin_memory_resource = { @@ -112,18 +111,6 @@ static void __init reserve_pin_memory_res(void) */ phys_addr_t arm64_dma_phys_limit __ro_after_init; -static unsigned long long pmem_size, pmem_start; - -#ifdef CONFIG_ARM64_PMEM_RESERVE -struct resource pmem_res = { - .name = "Persistent Memory (legacy)", - .start = 0, - .end = 0, - .flags = IORESOURCE_MEM, - .desc = IORES_DESC_PERSISTENT_MEMORY_LEGACY -}; -#endif - #ifndef CONFIG_KEXEC_CORE static void __init reserve_crashkernel(void) { @@ -417,83 +404,6 @@ static int __init reserve_park_mem(void) } #endif -static bool __init is_mem_valid(unsigned long long mem_size, unsigned long long mem_start) -{ - if (!memblock_is_region_memory(mem_start, mem_size)) { - pr_warn("cannot reserve mem: region is not memory!\n"); - return false; - } - - if (memblock_is_region_reserved(mem_start, mem_size)) { - pr_warn("cannot reserve mem: region overlaps reserved memory!\n"); - return false; - } - - if (!IS_ALIGNED(mem_start, SZ_2M)) { - pr_warn("cannot reserve mem: base address is not 2MB aligned!\n"); - return false; - } - - return true; -} - -static int __init parse_memmap_one(char *p) -{ - char *oldp; - - if (!p) - return -EINVAL; - - oldp = p; - mem_size = memparse(p, &p); - if (p == oldp) - return -EINVAL; - - if (!mem_size) - return -EINVAL; - - mem_size = PAGE_ALIGN(mem_size); - - if (*p == '!') { - start_at = memparse(p+1, &p); - - pmem_start = start_at; - pmem_size = mem_size; - } else - pr_info("Unrecognized memmap option, please check the parameter.\n"); - - return *p == '\0' ? 0 : -EINVAL; -} - -static int __init parse_memmap_opt(char *str) -{ - while (str) { - char *k = strchr(str, ','); - - if (k) - *k++ = 0; - parse_memmap_one(str); - str = k; - } - - return 0; -} -early_param("memmap", parse_memmap_opt); - -#ifdef CONFIG_ARM64_PMEM_RESERVE -static void __init reserve_pmem(void) -{ - if (!is_mem_valid(mem_size, start_at)) - return; - - memblock_remove(pmem_start, pmem_size); - pr_info("pmem reserved: 0x%016llx - 0x%016llx (%lld MB)\n", - pmem_start, pmem_start + pmem_size, pmem_size >> 20); - pmem_res.start = pmem_start; - pmem_res.end = pmem_start + pmem_size - 1; -} -#endif - void __init arm64_memblock_init(void) { const s64 linear_region_size = BIT(vabits_actual - 1); @@ -668,10 +578,6 @@ void __init bootmem_init(void) reserve_quick_kexec(); #endif -#ifdef CONFIG_ARM64_PMEM_RESERVE - reserve_pmem(); -#endif - reserve_pin_memory_res(); memblock_dump_all(); diff --git a/drivers/nvdimm/Kconfig b/drivers/nvdimm/Kconfig index ce4de75..b7d1eb3 100644 --- a/drivers/nvdimm/Kconfig +++ b/drivers/nvdimm/Kconfig @@ -132,8 +132,3 @@ config NVDIMM_TEST_BUILD infrastructure. endif - -config PMEM_LEGACY - tristate "Pmem_legacy" - select X86_PMEM_LEGACY if X86 - select ARM64_PMEM_LEGACY_DEVICE if ARM64 diff --git a/drivers/nvdimm/Makefile b/drivers/nvdimm/Makefile index 6f8dc92..0407753 100644 --- a/drivers/nvdimm/Makefile +++ b/drivers/nvdimm/Makefile @@ -3,7 +3,6 @@ obj-$(CONFIG_LIBNVDIMM) += libnvdimm.o obj-$(CONFIG_BLK_DEV_PMEM) += nd_pmem.o obj-$(CONFIG_ND_BTT) += nd_btt.o obj-$(CONFIG_ND_BLK) += nd_blk.o -obj-$(CONFIG_PMEM_LEGACY) += nd_e820.o obj-$(CONFIG_OF_PMEM) += of_pmem.o obj-$(CONFIG_VIRTIO_PMEM) += virtio_pmem.o nd_virtio.o -- 2.9.5

4 4

[PATCH openEuler-1.0-LTS] watchdog: Fix check_preemption_disabled() error
by Yang Yingliang 27 Dec '21

27 Dec '21

From: Wei Li <liwei391(a)huawei.com> hulk inclusion category: bugfix bugzilla: 173968, https://gitee.com/openeuler/kernel/issues/I3J87Y CVE: NA ------------------------------------------------- When enabling CONFIG_DEBUG_PREEMPT and CONFIG_PREEMPT, it triggers a 'BUG' in the pmu based nmi_watchdog initializaion: [ 3.341853] BUG: using smp_processor_id() in preemptible [00000000] code: swapper/0/1 [ 3.344392] caller is debug_smp_processor_id+0x17/0x20 [ 3.344395] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.10.0+ #398 [ 3.344397] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014 [ 3.344399] Call Trace: [ 3.344410] dump_stack+0x60/0x76 [ 3.344412] check_preemption_disabled+0xba/0xc0 [ 3.344415] debug_smp_processor_id+0x17/0x20 [ 3.344422] hardlockup_detector_event_create+0xf/0x60 [ 3.344427] hardlockup_detector_perf_init+0xf/0x41 [ 3.344430] watchdog_nmi_probe+0xe/0x10 [ 3.344432] lockup_detector_init+0x22/0x5b [ 3.344437] kernel_init_freeable+0x20c/0x245 [ 3.344439] ? rest_init+0xd0/0xd0 [ 3.344441] kernel_init+0xe/0x110 [ 3.344446] ret_from_fork+0x22/0x30 This issue was introduced by commit 141482cb4b01, which move down lockup_detector_init() after do_basic_setup(), after sched_init_smp() too. hardlockup_detector_event_create |- hardlockup_detector_perf_init (unsafe) |- watchdog_nmi_probe |- lockup_detector_init |- hardlockup_detector_perf_enable |- watchdog_nmi_enable |- watchdog_enable |- lockup_detector_online_cpu |- softlockup_start_fn |- softlockup_start_all |- lockup_detector_reconfigure |- lockup_detector_setup |- lockup_detector_init After analysing the calling context, it's only unsafe to use smp_processor_id() in hardlockup_detector_perf_init() as the thread 'kernel_init' is preemptible after sched_init_smp(). While it is just a test if we can enable the pmu based nmi_watchdog, the real enabling process is in softlockup_start_fn() later which ensures that watchdog_enable() is called on all cores. So it's free to disable preempt to fix this 'BUG'. Fixes: 141482cb4b01 ("lockup_detector: init lockup detector after all the init_calls") Signed-off-by: Wei Li <liwei391(a)huawei.com> Reviewed-by: Xiongfeng Wang <wangxiongfeng2(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- kernel/watchdog_hld.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/watchdog_hld.c b/kernel/watchdog_hld.c index 43832b1023693..a5aff8ffa48ce 100644 --- a/kernel/watchdog_hld.c +++ b/kernel/watchdog_hld.c @@ -508,14 +508,17 @@ void __init hardlockup_detector_perf_restart(void) */ int __init hardlockup_detector_perf_init(void) { - int ret = hardlockup_detector_event_create(); + int ret; + preempt_disable(); + ret = hardlockup_detector_event_create(); if (ret) { pr_info("Perf NMI watchdog permanently disabled\n"); } else { perf_event_release_kernel(this_cpu_read(watchdog_ev)); this_cpu_write(watchdog_ev, NULL); } + preempt_enable(); return ret; } #endif /* CONFIG_HARDLOCKUP_DETECTOR_PERF */ -- 2.25.1

1 0

[PATCH openEuler-1.0-LTS] btrfs: unlock newly allocated extent buffer after error
by Yang Yingliang 27 Dec '21

27 Dec '21

From: Qu Wenruo <wqu(a)suse.com> mainline inclusion from mainline-v5.15-rc6 commit 19ea40dddf1833db868533958ca066f368862211 category: bugfix bugzilla: NA CVE: CVE-2021-4149 -------------------------------- [BUG] There is a bug report that injected ENOMEM error could leave a tree block locked while we return to user-space: BTRFS info (device loop0): enabling ssd optimizations FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 7579 Comm: syz-executor Not tainted 5.15.0-rc1 #16 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8d/0xcf lib/dump_stack.c:106 fail_dump lib/fault-inject.c:52 [inline] should_fail+0x13c/0x160 lib/fault-inject.c:146 should_failslab+0x5/0x10 mm/slab_common.c:1328 slab_pre_alloc_hook.constprop.99+0x4e/0xc0 mm/slab.h:494 slab_alloc_node mm/slub.c:3120 [inline] slab_alloc mm/slub.c:3214 [inline] kmem_cache_alloc+0x44/0x280 mm/slub.c:3219 btrfs_alloc_delayed_extent_op fs/btrfs/delayed-ref.h:299 [inline] btrfs_alloc_tree_block+0x38c/0x670 fs/btrfs/extent-tree.c:4833 __btrfs_cow_block+0x16f/0x7d0 fs/btrfs/ctree.c:415 btrfs_cow_block+0x12a/0x300 fs/btrfs/ctree.c:570 btrfs_search_slot+0x6b0/0xee0 fs/btrfs/ctree.c:1768 btrfs_insert_empty_items+0x80/0xf0 fs/btrfs/ctree.c:3905 btrfs_new_inode+0x311/0xa60 fs/btrfs/inode.c:6530 btrfs_create+0x12b/0x270 fs/btrfs/inode.c:6783 lookup_open+0x660/0x780 fs/namei.c:3282 open_last_lookups fs/namei.c:3352 [inline] path_openat+0x465/0xe20 fs/namei.c:3557 do_filp_open+0xe3/0x170 fs/namei.c:3588 do_sys_openat2+0x357/0x4a0 fs/open.c:1200 do_sys_open+0x87/0xd0 fs/open.c:1216 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x34/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x46ae99 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f46711b9c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 RAX: ffffffffffffffda RBX: 000000000078c0a0 RCX: 000000000046ae99 RDX: 0000000000000000 RSI: 00000000000000a1 RDI: 0000000020005800 RBP: 00007f46711b9c80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 R13: 0000000000000000 R14: 000000000078c0a0 R15: 00007ffc129da6e0 ================================================ WARNING: lock held when returning to user space! 5.15.0-rc1 #16 Not tainted ------------------------------------------------ syz-executor/7579 is leaving the kernel with locks still held! 1 lock held by syz-executor/7579: #0: ffff888104b73da8 (btrfs-tree-01/1){+.+.}-{3:3}, at: __btrfs_tree_lock+0x2e/0x1a0 fs/btrfs/locking.c:112 [CAUSE] In btrfs_alloc_tree_block(), after btrfs_init_new_buffer(), the new extent buffer @buf is locked, but if later operations like adding delayed tree ref fail, we just free @buf without unlocking it, resulting above warning. [FIX] Unlock @buf in out_free_buf: label. Reported-by: Hao Sun <sunhao.th(a)gmail.com> Link: https://lore.kernel.org/linux-btrfs/CACkBjsZ9O6Zr0KK1yGn=1rQi6Crh1yeCRdTSBx… CC: stable(a)vger.kernel.org # 5.4+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> Reviewed-by: Xiu Jianfeng <xiujianfeng(a)huawei.com> Reviewed-by: Jason Yan <yanaijie(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- fs/btrfs/extent-tree.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 4bf93184362ec..dcbb76b62a0b0 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -8324,6 +8324,7 @@ struct extent_buffer *btrfs_alloc_tree_block(struct btrfs_trans_handle *trans, out_free_delayed: btrfs_free_delayed_extent_op(extent_op); out_free_buf: + btrfs_tree_unlock(buf); free_extent_buffer(buf); out_free_reserved: btrfs_free_reserved_extent(fs_info, ins.objectid, ins.offset, 0); -- 2.25.1

1 0

[PATCH openEuler-1.0-LTS] ext4: Fix null-ptr-deref in '__ext4_journal_ensure_credits'
by Yang Yingliang 25 Dec '21

25 Dec '21

From: Ye Bin <yebin10(a)huawei.com> hulk inclusion category: bugfix bugzilla: 185945, https://gitee.com/openeuler/kernel/issues/I4O33F CVE: NA ----------------------------------------------- We got issue as follows when run syzkaller test: [ 1901.130043] EXT4-fs error (device vda): ext4_remount:5624: comm syz-executor.5: Abort forced by user [ 1901.130901] Aborting journal on device vda-8. [ 1901.131437] EXT4-fs error (device vda): ext4_journal_check_start:61: comm syz-executor.16: Detected aborted journal [ 1901.131566] EXT4-fs error (device vda): ext4_journal_check_start:61: comm syz-executor.11: Detected aborted journal [ 1901.132586] EXT4-fs error (device vda): ext4_journal_check_start:61: comm syz-executor.18: Detected aborted journal [ 1901.132751] EXT4-fs error (device vda): ext4_journal_check_start:61: comm syz-executor.9: Detected aborted journal [ 1901.136149] EXT4-fs error (device vda) in ext4_reserve_inode_write:6035: Journal has aborted [ 1901.136837] EXT4-fs error (device vda): ext4_journal_check_start:61: comm syz-fuzzer: Detected aborted journal [ 1901.136915] ================================================================== [ 1901.138175] BUG: KASAN: null-ptr-deref in __ext4_journal_ensure_credits+0x74/0x140 [ext4] [ 1901.138343] EXT4-fs error (device vda): ext4_journal_check_start:61: comm syz-executor.13: Detected aborted journal [ 1901.138398] EXT4-fs error (device vda): ext4_journal_check_start:61: comm syz-executor.1: Detected aborted journal [ 1901.138808] Read of size 8 at addr 0000000000000000 by task syz-executor.17/968 [ 1901.138817] [ 1901.138852] EXT4-fs error (device vda): ext4_journal_check_start:61: comm syz-executor.30: Detected aborted journal [ 1901.144779] CPU: 1 PID: 968 Comm: syz-executor.17 Not tainted 4.19.90-vhulk2111.1.0.h893.eulerosv2r10.aarch64+ #1 [ 1901.146479] Hardware name: linux,dummy-virt (DT) [ 1901.147317] Call trace: [ 1901.147552] dump_backtrace+0x0/0x2d8 [ 1901.147898] show_stack+0x28/0x38 [ 1901.148215] dump_stack+0xec/0x15c [ 1901.148746] kasan_report+0x108/0x338 [ 1901.149207] __asan_load8+0x58/0xb0 [ 1901.149753] __ext4_journal_ensure_credits+0x74/0x140 [ext4] [ 1901.150579] ext4_xattr_delete_inode+0xe4/0x700 [ext4] [ 1901.151316] ext4_evict_inode+0x524/0xba8 [ext4] [ 1901.151985] evict+0x1a4/0x378 [ 1901.152353] iput+0x310/0x428 [ 1901.152733] do_unlinkat+0x260/0x428 [ 1901.153056] __arm64_sys_unlinkat+0x6c/0xc0 [ 1901.153455] el0_svc_common+0xc8/0x320 [ 1901.153799] el0_svc_handler+0xf8/0x160 [ 1901.154265] el0_svc+0x10/0x218 [ 1901.154682] ================================================================== This issue may happens like this: Process1 Process2 ext4_evict_inode ext4_journal_start ext4_truncate ext4_ind_truncate ext4_free_branches ext4_ind_truncate_ensure_credits ext4_journal_ensure_credits_fn ext4_journal_restart handle->h_transaction = NULL; mount -o remount,abort /mnt -> trigger JBD abort start_this_handle -> will return failed ext4_xattr_delete_inode ext4_journal_ensure_credits ext4_journal_ensure_credits_fn __ext4_journal_ensure_credits jbd2_handle_buffer_credits journal = handle->h_transaction->t_journal; ->null-ptr-deref Now, indirect truncate process didn't handle error. To solve this issue maybe simply add check handle is abort in '__ext4_journal_ensure_credits' is enough, and i also think this is necessary. Signed-off-by: Ye Bin <yebin10(a)huawei.com> Reviewed-by: Zhang Yi <yi.zhang(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- fs/ext4/ext4_jbd2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ext4/ext4_jbd2.c b/fs/ext4/ext4_jbd2.c index 022ab8afd9499..2c6dc99292fdc 100644 --- a/fs/ext4/ext4_jbd2.c +++ b/fs/ext4/ext4_jbd2.c @@ -140,6 +140,8 @@ int __ext4_journal_ensure_credits(handle_t *handle, int check_cred, { if (!ext4_handle_valid(handle)) return 0; + if (is_handle_aborted(handle)) + return -EROFS; if (jbd2_handle_buffer_credits(handle) >= check_cred && handle->h_revoke_credits >= revoke_cred) return 0; -- 2.25.1

1 0

[[PATCH OLK-5.10] Revert feature — [arm64: Add memmap parameter and register pmem]] revert feature — [arm64: Add memmap parameter and register pmem]
by Zhuling 25 Dec '21

25 Dec '21

euleros inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4O31I?from=project-issue CVE: NA The reserve memory of PMEM conflicts with "add memmap interface to reserved memory for mremap syscall usage", need to rollback, resubmit after adaptation. Feature related commit： 1.PMEM function commit:94dc364f5eda10f49449ba573dc3322e1ea92280 2.PMEM feature config commit: 36d7a831e15ceb84e937122c87d01c14242dc377 Signed-off-by: Zhuling <zhuling8(a)huawei.com> --- arch/arm64/Kconfig | 21 -------- arch/arm64/configs/openeuler_defconfig | 3 -- arch/arm64/kernel/Makefile | 1 - arch/arm64/kernel/pmem.c | 35 ------------- arch/arm64/kernel/setup.c | 10 ---- arch/arm64/mm/init.c | 94 ---------------------------------- drivers/nvdimm/Kconfig | 5 -- drivers/nvdimm/Makefile | 1 - 8 files changed, 170 deletions(-) delete mode 100644 arch/arm64/kernel/pmem.c diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index df90a6e..2df4b31 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1321,27 +1321,6 @@ config RODATA_FULL_DEFAULT_ENABLED This requires the linear region to be mapped down to pages, which may adversely affect performance in some cases. -config ARM64_PMEM_RESERVE - bool "Reserve memory for persistent storage" - default n - help - Use memmap=nn[KMG]!ss[KMG](memmap=100K!0x1a0000000) reserve - memory for persistent storage. - - Say y here to enable this feature. - -config ARM64_PMEM_LEGACY_DEVICE - bool "Create persistent storage" - depends on BLK_DEV - depends on LIBNVDIMM - select ARM64_PMEM_RESERVE - help - Use reserved memory for persistent storage when the kernel - restart or update. the data in PMEM will not be lost and - can be loaded faster. - - Say y if unsure. - config ARM64_SW_TTBR0_PAN bool "Emulate Privileged Access Never using TTBR0_EL1 switching" help diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig index 17bc875..b5fc851 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -416,8 +416,6 @@ CONFIG_ARM64_CPU_PARK=y CONFIG_FORCE_MAX_ZONEORDER=11 CONFIG_UNMAP_KERNEL_AT_EL0=y CONFIG_RODATA_FULL_DEFAULT_ENABLED=y -CONFIG_ARM64_PMEM_RESERVE=y -CONFIG_ARM64_PMEM_LEGACY_DEVICE=y # CONFIG_ARM64_SW_TTBR0_PAN is not set CONFIG_ARM64_TAGGED_ADDR_ABI=y CONFIG_ARM64_ILP32=y @@ -6026,7 +6024,6 @@ CONFIG_ND_BTT=m CONFIG_BTT=y CONFIG_OF_PMEM=m CONFIG_NVDIMM_KEYS=y -CONFIG_PMEM_LEGACY=m CONFIG_DAX_DRIVER=y CONFIG_DAX=y CONFIG_DEV_DAX=m diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile index f615325..169d90f 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -68,7 +68,6 @@ obj-$(CONFIG_ARM64_PTR_AUTH) += pointer_auth.o obj-$(CONFIG_SHADOW_CALL_STACK) += scs.o obj-$(CONFIG_ARM64_MTE) += mte.o obj-$(CONFIG_MPAM) += mpam/ -obj-$(CONFIG_ARM64_PMEM_LEGACY_DEVICE) += pmem.o obj-y += vdso/ probes/ obj-$(CONFIG_COMPAT_VDSO) += vdso32/ diff --git a/arch/arm64/kernel/pmem.c b/arch/arm64/kernel/pmem.c deleted file mode 100644 index 16eaf70..0000000 --- a/arch/arm64/kernel/pmem.c +++ /dev/null @@ -1,35 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * Copyright(c) 2021 Huawei Technologies Co., Ltd - * - * Derived from x86 and arm64 implement PMEM. - */ -#include <linux/platform_device.h> -#include <linux/init.h> -#include <linux/ioport.h> -#include <linux/module.h> - -static int found(struct resource *res, void *data) -{ - return 1; -} - -static int __init register_e820_pmem(void) -{ - struct platform_device *pdev; - int rc; - - rc = walk_iomem_res_desc(IORES_DESC_PERSISTENT_MEMORY_LEGACY, - IORESOURCE_MEM, 0, -1, NULL, found); - if (rc <= 0) - return 0; - - /* - * See drivers/nvdimm/e820.c for the implementation, this is - * simply here to trigger the module to load on demand. - */ - pdev = platform_device_alloc("e820_pmem", -1); - - return platform_device_add(pdev); -} -device_initcall(register_e820_pmem); diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c index 88ec495..7cd0425 100644 --- a/arch/arm64/kernel/setup.c +++ b/arch/arm64/kernel/setup.c @@ -70,10 +70,6 @@ static int __init arm64_enable_cpu0_hotplug(char *str) __setup("arm64_cpu0_hotplug", arm64_enable_cpu0_hotplug); #endif -#ifdef CONFIG_ARM64_PMEM_RESERVE -extern struct resource pmem_res; -#endif - phys_addr_t __fdt_pointer __initdata; /* @@ -288,12 +284,6 @@ static void __init request_standard_resources(void) request_resource(res, &pin_memory_resource); #endif } - -#ifdef CONFIG_ARM64_PMEM_RESERVE - if (pmem_res.end && pmem_res.start) - request_resource(&iomem_resource, &pmem_res); -#endif - } static int __init reserve_memblock_reserved_regions(void) diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 3b9401e..e8d4461 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -55,7 +55,6 @@ */ s64 memstart_addr __ro_after_init = -1; EXPORT_SYMBOL(memstart_addr); -phys_addr_t start_at, mem_size; #ifdef CONFIG_PIN_MEMORY struct resource pin_memory_resource = { @@ -112,18 +111,6 @@ static void __init reserve_pin_memory_res(void) */ phys_addr_t arm64_dma_phys_limit __ro_after_init; -static unsigned long long pmem_size, pmem_start; - -#ifdef CONFIG_ARM64_PMEM_RESERVE -struct resource pmem_res = { - .name = "Persistent Memory (legacy)", - .start = 0, - .end = 0, - .flags = IORESOURCE_MEM, - .desc = IORES_DESC_PERSISTENT_MEMORY_LEGACY -}; -#endif - #ifndef CONFIG_KEXEC_CORE static void __init reserve_crashkernel(void) { @@ -417,83 +404,6 @@ static int __init reserve_park_mem(void) } #endif -static bool __init is_mem_valid(unsigned long long mem_size, unsigned long long mem_start) -{ - if (!memblock_is_region_memory(mem_start, mem_size)) { - pr_warn("cannot reserve mem: region is not memory!\n"); - return false; - } - - if (memblock_is_region_reserved(mem_start, mem_size)) { - pr_warn("cannot reserve mem: region overlaps reserved memory!\n"); - return false; - } - - if (!IS_ALIGNED(mem_start, SZ_2M)) { - pr_warn("cannot reserve mem: base address is not 2MB aligned!\n"); - return false; - } - - return true; -} - -static int __init parse_memmap_one(char *p) -{ - char *oldp; - - if (!p) - return -EINVAL; - - oldp = p; - mem_size = memparse(p, &p); - if (p == oldp) - return -EINVAL; - - if (!mem_size) - return -EINVAL; - - mem_size = PAGE_ALIGN(mem_size); - - if (*p == '!') { - start_at = memparse(p+1, &p); - - pmem_start = start_at; - pmem_size = mem_size; - } else - pr_info("Unrecognized memmap option, please check the parameter.\n"); - - return *p == '\0' ? 0 : -EINVAL; -} - -static int __init parse_memmap_opt(char *str) -{ - while (str) { - char *k = strchr(str, ','); - - if (k) - *k++ = 0; - parse_memmap_one(str); - str = k; - } - - return 0; -} -early_param("memmap", parse_memmap_opt); - -#ifdef CONFIG_ARM64_PMEM_RESERVE -static void __init reserve_pmem(void) -{ - if (!is_mem_valid(mem_size, start_at)) - return; - - memblock_remove(pmem_start, pmem_size); - pr_info("pmem reserved: 0x%016llx - 0x%016llx (%lld MB)\n", - pmem_start, pmem_start + pmem_size, pmem_size >> 20); - pmem_res.start = pmem_start; - pmem_res.end = pmem_start + pmem_size - 1; -} -#endif - void __init arm64_memblock_init(void) { const s64 linear_region_size = BIT(vabits_actual - 1); @@ -668,10 +578,6 @@ void __init bootmem_init(void) reserve_quick_kexec(); #endif -#ifdef CONFIG_ARM64_PMEM_RESERVE - reserve_pmem(); -#endif - reserve_pin_memory_res(); memblock_dump_all(); diff --git a/drivers/nvdimm/Kconfig b/drivers/nvdimm/Kconfig index ce4de75..b7d1eb3 100644 --- a/drivers/nvdimm/Kconfig +++ b/drivers/nvdimm/Kconfig @@ -132,8 +132,3 @@ config NVDIMM_TEST_BUILD infrastructure. endif - -config PMEM_LEGACY - tristate "Pmem_legacy" - select X86_PMEM_LEGACY if X86 - select ARM64_PMEM_LEGACY_DEVICE if ARM64 diff --git a/drivers/nvdimm/Makefile b/drivers/nvdimm/Makefile index 6f8dc92..0407753 100644 --- a/drivers/nvdimm/Makefile +++ b/drivers/nvdimm/Makefile @@ -3,7 +3,6 @@ obj-$(CONFIG_LIBNVDIMM) += libnvdimm.o obj-$(CONFIG_BLK_DEV_PMEM) += nd_pmem.o obj-$(CONFIG_ND_BTT) += nd_btt.o obj-$(CONFIG_ND_BLK) += nd_blk.o -obj-$(CONFIG_PMEM_LEGACY) += nd_e820.o obj-$(CONFIG_OF_PMEM) += of_pmem.o obj-$(CONFIG_VIRTIO_PMEM) += virtio_pmem.o nd_virtio.o -- 2.9.5

1 0

[PATCH openEuler-1.0-LTS] net/hinic: Fix call trace when the rx_buff module parameter is grater than 2
by Yang Yingliang 25 Dec '21

25 Dec '21

From: Chiqijun <chiqijun(a)huawei.com> driver inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O2ZZ ----------------------------------------------------------------------- When rx_buff is greater than 2, the driver will alloc for more than 1 page of memory for network rx, but the __GFP_COMP gfp flag is not set, resulting in the following call trace: CPU: 3 PID: 494041 Comm: ping Kdump: loaded Tainted: G W OE 4.19.90-2106.3.0.0095.oe1.x86_64 #1 Hardware name: Huawei Technologies Co., Ltd. RH2288H V3/BC11HGSA0, BIOS 5.15 05/21/2019 RIP: 0010:copy_page_to_iter+0x154/0x310 Code: 31 b8 00 10 00 00 f7 c6 00 80 00 00 74 07 0f b6 49 51 48 d3 e0 48 39 c2 0f 86 ed fe ff ff 48 c7 c7 30 RSP: 0018:ffffbd6907d03bd8 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffffe0ffee5b3000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff9edbbfcd6858 RDI: ffff9edbbfcd6858 RBP: 0000000000000001 R08: 000000000001574a R09: 0000000000000004 R10: 000000000000004e R11: 0000000000000001 R12: ffffbd6907d03ed0 R13: 0000000000002100 R14: 0000000000000030 R15: 0000000000000000 FS: 00007f9d37244dc0(0000) GS:ffff9edbbfcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe0e715f80 CR3: 000000203c018005 CR4: 00000000001606e0 Call Trace: skb_copy_datagram_iter+0x16c/0x2a0 raw_recvmsg+0xd0/0x1f0 inet_recvmsg+0x5b/0xd0 ____sys_recvmsg+0x95/0x160 ? import_iovec+0x37/0xd0 ? copy_msghdr_from_user+0x5c/0x90 ___sys_recvmsg+0x8c/0xd0 ? __audit_syscall_exit+0x228/0x290 ? kretprobe_trampoline+0x25/0x50 ? __sys_recvmsg+0x5b/0xa0 __sys_recvmsg+0x5b/0xa0 do_syscall_64+0x5f/0x240 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Use 'dev_alloc_pages' instead of calling ’alloc_pages_node‘ directly. Signed-off-by: Chiqijun <chiqijun(a)huawei.com> Reviewed-by: Wangxiaoyun <cloud.wangxiaoyun(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- drivers/net/ethernet/huawei/hinic/hinic_rx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/huawei/hinic/hinic_rx.c b/drivers/net/ethernet/huawei/hinic/hinic_rx.c index a9047432f3053..019cd439ce696 100644 --- a/drivers/net/ethernet/huawei/hinic/hinic_rx.c +++ b/drivers/net/ethernet/huawei/hinic/hinic_rx.c @@ -67,7 +67,7 @@ static bool rx_alloc_mapped_page(struct hinic_rxq *rxq, return true; /* alloc new page for storage */ - page = alloc_pages_node(NUMA_NO_NODE, GFP_ATOMIC, nic_dev->page_order); + page = dev_alloc_pages(nic_dev->page_order); if (unlikely(!page)) { RXQ_STATS_INC(rxq, alloc_rx_buf_err); return false; -- 2.25.1

2 1

[PATCH openEuler-1.0-LTS 1/3] arm64/mpam: remove __init macro to support driver probe
by Yang Yingliang 24 Dec '21

24 Dec '21

From: Xingang Wang <wangxingang5(a)huawei.com> ascend inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I49RB2 CVE: NA --------------------------------------------------- To support device tree boot for arm64 mpam, the __init macro might be used by the dts driver. This remove the necessary __init macro for the related functions. Signed-off-by: Xingang Wang <wangxingang5(a)huawei.com> Reviewed-by: Wang ShaoBo <bobo.shaobowang(a)huawei.com> Acked-by: Xie XiuQi <xiexiuqi(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- arch/arm64/include/asm/resctrl.h | 2 +- arch/arm64/kernel/mpam/mpam_device.c | 14 +++++++------- arch/arm64/kernel/mpam/mpam_internal.h | 2 +- arch/arm64/kernel/mpam/mpam_resctrl.c | 2 +- fs/resctrlfs.c | 2 +- include/linux/arm_mpam.h | 14 +++++++------- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/arch/arm64/include/asm/resctrl.h b/arch/arm64/include/asm/resctrl.h index ff4ce56430d1f..3fceaa482e5a3 100644 --- a/arch/arm64/include/asm/resctrl.h +++ b/arch/arm64/include/asm/resctrl.h @@ -424,7 +424,7 @@ int resctrl_update_groups_config(struct rdtgroup *rdtgrp); #define RESCTRL_MAX_CLOSID 32 -int __init resctrl_group_init(void); +int resctrl_group_init(void); void post_resctrl_mount(void); diff --git a/arch/arm64/kernel/mpam/mpam_device.c b/arch/arm64/kernel/mpam/mpam_device.c index c0615f6947a1f..4139b4476a836 100644 --- a/arch/arm64/kernel/mpam/mpam_device.c +++ b/arch/arm64/kernel/mpam/mpam_device.c @@ -534,7 +534,7 @@ static void mpam_disable_irqs(void) * Scheduled by mpam_discovery_complete() once all devices have been created. * Also scheduled when new devices are probed when new CPUs come online. */ -static void __init mpam_enable(struct work_struct *work) +static void mpam_enable(struct work_struct *work) { int err; unsigned long flags; @@ -761,7 +761,7 @@ static struct mpam_class * __init mpam_class_get(u8 level_idx, * class/component structures may be allocated. * Returns the new device, or an ERR_PTR(). */ -struct mpam_device * __init +struct mpam_device * __mpam_device_create(u8 level_idx, enum mpam_class_types type, int component_id, const struct cpumask *fw_affinity, phys_addr_t hwpage_address) @@ -810,7 +810,7 @@ __mpam_device_create(u8 level_idx, enum mpam_class_types type, return dev; } -void __init mpam_device_set_error_irq(struct mpam_device *dev, u32 irq, +void mpam_device_set_error_irq(struct mpam_device *dev, u32 irq, u32 flags) { unsigned long irq_save_flags; @@ -821,7 +821,7 @@ void __init mpam_device_set_error_irq(struct mpam_device *dev, u32 irq, spin_unlock_irqrestore(&dev->lock, irq_save_flags); } -void __init mpam_device_set_overflow_irq(struct mpam_device *dev, u32 irq, +void mpam_device_set_overflow_irq(struct mpam_device *dev, u32 irq, u32 flags) { unsigned long irq_save_flags; @@ -864,7 +864,7 @@ static inline u16 mpam_cpu_max_pmg(void) /* * prepare for initializing devices. */ -int __init mpam_discovery_start(void) +int mpam_discovery_start(void) { if (!mpam_cpus_have_feature()) return -EOPNOTSUPP; @@ -1104,7 +1104,7 @@ static int mpam_cpu_offline(unsigned int cpu) return 0; } -int __init mpam_discovery_complete(void) +int mpam_discovery_complete(void) { int ret = 0; @@ -1121,7 +1121,7 @@ int __init mpam_discovery_complete(void) return ret; } -void __init mpam_discovery_failed(void) +void mpam_discovery_failed(void) { struct mpam_class *class, *tmp; diff --git a/arch/arm64/kernel/mpam/mpam_internal.h b/arch/arm64/kernel/mpam/mpam_internal.h index cfaef82428aa5..7b84ea54975aa 100644 --- a/arch/arm64/kernel/mpam/mpam_internal.h +++ b/arch/arm64/kernel/mpam/mpam_internal.h @@ -329,7 +329,7 @@ int mpam_resctrl_setup(void); struct raw_resctrl_resource * mpam_get_raw_resctrl_resource(u32 level); -int __init mpam_resctrl_init(void); +int mpam_resctrl_init(void); int mpam_resctrl_set_default_cpu(unsigned int cpu); void mpam_resctrl_clear_default_cpu(unsigned int cpu); diff --git a/arch/arm64/kernel/mpam/mpam_resctrl.c b/arch/arm64/kernel/mpam/mpam_resctrl.c index 51cdefebaeba8..1ad4cd49762a3 100644 --- a/arch/arm64/kernel/mpam/mpam_resctrl.c +++ b/arch/arm64/kernel/mpam/mpam_resctrl.c @@ -2209,7 +2209,7 @@ static int __init mpam_setup(char *str) } __setup("mpam", mpam_setup); -int __init mpam_resctrl_init(void) +int mpam_resctrl_init(void) { mpam_init_padding(); diff --git a/fs/resctrlfs.c b/fs/resctrlfs.c index 11741c87eb0af..ea9df7d77b95a 100644 --- a/fs/resctrlfs.c +++ b/fs/resctrlfs.c @@ -1029,7 +1029,7 @@ static int __init resctrl_group_setup_root(void) * * Return: 0 on success or -errno */ -int __init resctrl_group_init(void) +int resctrl_group_init(void) { int ret = 0; diff --git a/include/linux/arm_mpam.h b/include/linux/arm_mpam.h index 44d0690ae8c4b..a242d4fdff8b3 100644 --- a/include/linux/arm_mpam.h +++ b/include/linux/arm_mpam.h @@ -16,7 +16,7 @@ enum mpam_class_types { MPAM_CLASS_UNKNOWN, /* Everything else, e.g. TLBs etc */ }; -struct mpam_device * __init +struct mpam_device * __mpam_device_create(u8 level_idx, enum mpam_class_types type, int component_id, const struct cpumask *fw_affinity, phys_addr_t hwpage_address); @@ -54,9 +54,9 @@ mpam_device_create_memory(int nid, phys_addr_t hwpage_address) return __mpam_device_create(~0, MPAM_CLASS_MEMORY, nid, &dev_affinity, hwpage_address); } -int __init mpam_discovery_start(void); -int __init mpam_discovery_complete(void); -void __init mpam_discovery_failed(void); +int mpam_discovery_start(void); +int mpam_discovery_complete(void); +void mpam_discovery_failed(void); enum mpam_enable_type { MPAM_ENABLE_DENIED = 0, @@ -71,12 +71,12 @@ extern enum mpam_enable_type mpam_enabled; #define mpam_irq_flags_to_acpi(x) ((x & MPAM_IRQ_MODE_LEVEL) ? \ ACPI_LEVEL_SENSITIVE : ACPI_EDGE_SENSITIVE) -void __init mpam_device_set_error_irq(struct mpam_device *dev, u32 irq, +void mpam_device_set_error_irq(struct mpam_device *dev, u32 irq, u32 flags); -void __init mpam_device_set_overflow_irq(struct mpam_device *dev, u32 irq, +void mpam_device_set_overflow_irq(struct mpam_device *dev, u32 irq, u32 flags); -static inline int __init mpam_register_device_irq(struct mpam_device *dev, +static inline int mpam_register_device_irq(struct mpam_device *dev, u32 overflow_interrupt, u32 overflow_flags, u32 error_interrupt, u32 error_flags) { -- 2.25.1

1 2

[openEuler-5.10 01/19] drm/hisilicon: Support i2c driver algorithms for bit-shift adapters
by Zheng Zengkai 23 Dec '21

23 Dec '21

From: Ma Hai <mahai1(a)huawei.com> mainline inclusion from mainline-v5.12-rc2 commit 4eb4d99dfe3018d86f4529112aa7082f43b6996a category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4M6CD?from=project-issue CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/d… ---------------------------------------------------------------------- Adding driver implementation to support i2c driver algorithms for bit-shift adapters, so hibmc will using the interface provided by drm to read edid. Signed-off-by: Ma Hai <mahai1(a)huawei.com> Signed-off-by: Tian Tao <tiantao6(a)hisilicon.com> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reviewed-by: Li Dongming <lidongming5(a)huawei.com> Link: https://patchwork.freedesktop.org/patch/msgid/1600778670-60370-2-git-send-e… Acked-by: Xie XiuQi <xiexiuqi(a)huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai(a)huawei.com> --- drivers/gpu/drm/hisilicon/hibmc/Makefile | 2 +- .../gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h | 25 ++++- .../gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c | 99 +++++++++++++++++++ .../gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c | 2 +- 4 files changed, 125 insertions(+), 3 deletions(-) create mode 100644 drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c diff --git a/drivers/gpu/drm/hisilicon/hibmc/Makefile b/drivers/gpu/drm/hisilicon/hibmc/Makefile index f99132715597..684ef794eb7c 100644 --- a/drivers/gpu/drm/hisilicon/hibmc/Makefile +++ b/drivers/gpu/drm/hisilicon/hibmc/Makefile @@ -1,4 +1,4 @@ # SPDX-License-Identifier: GPL-2.0-only -hibmc-drm-y := hibmc_drm_drv.o hibmc_drm_de.o hibmc_drm_vdac.o hibmc_ttm.o +hibmc-drm-y := hibmc_drm_drv.o hibmc_drm_de.o hibmc_drm_vdac.o hibmc_ttm.o hibmc_drm_i2c.o obj-$(CONFIG_DRM_HISI_HIBMC) += hibmc-drm.o diff --git a/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h b/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h index 197485e2fe0b..87d2aad0bb5e 100644 --- a/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h +++ b/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h @@ -14,11 +14,23 @@ #ifndef HIBMC_DRM_DRV_H #define HIBMC_DRM_DRV_H +#include <linux/gpio/consumer.h> +#include <linux/i2c-algo-bit.h> +#include <linux/i2c.h> + +#include <drm/drm_edid.h> #include <drm/drm_fb_helper.h> #include <drm/drm_framebuffer.h> struct drm_device; +struct hibmc_connector { + struct drm_connector base; + + struct i2c_adapter adapter; + struct i2c_algo_bit_data bit_data; +}; + struct hibmc_drm_private { /* hw */ void __iomem *mmio; @@ -31,10 +43,20 @@ struct hibmc_drm_private { struct drm_plane primary_plane; struct drm_crtc crtc; struct drm_encoder encoder; - struct drm_connector connector; + struct hibmc_connector connector; bool mode_config_initialized; }; +static inline struct hibmc_connector *to_hibmc_connector(struct drm_connector *connector) +{ + return container_of(connector, struct hibmc_connector, base); +} + +static inline struct hibmc_drm_private *to_hibmc_drm_private(struct drm_device *dev) +{ + return dev->dev_private; +} + void hibmc_set_power_mode(struct hibmc_drm_private *priv, unsigned int power_mode); void hibmc_set_current_gate(struct hibmc_drm_private *priv, @@ -47,6 +69,7 @@ int hibmc_mm_init(struct hibmc_drm_private *hibmc); void hibmc_mm_fini(struct hibmc_drm_private *hibmc); int hibmc_dumb_create(struct drm_file *file, struct drm_device *dev, struct drm_mode_create_dumb *args); +int hibmc_ddc_create(struct drm_device *drm_dev, struct hibmc_connector *connector); extern const struct drm_mode_config_funcs hibmc_mode_funcs; diff --git a/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c b/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c new file mode 100644 index 000000000000..86d712090d87 --- /dev/null +++ b/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c @@ -0,0 +1,99 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* Hisilicon Hibmc SoC drm driver + * + * Based on the bochs drm driver. + * + * Copyright (c) 2016 Huawei Limited. + * + * Author: + * Tian Tao <tiantao6(a)hisilicon.com> + */ + +#include <linux/delay.h> +#include <linux/pci.h> + +#include <drm/drm_atomic_helper.h> +#include <drm/drm_probe_helper.h> + +#include "hibmc_drm_drv.h" + +#define GPIO_DATA 0x0802A0 +#define GPIO_DATA_DIRECTION 0x0802A4 + +#define I2C_SCL_MASK BIT(0) +#define I2C_SDA_MASK BIT(1) + +static void hibmc_set_i2c_signal(void *data, u32 mask, int value) +{ + struct hibmc_connector *hibmc_connector = data; + struct hibmc_drm_private *priv = to_hibmc_drm_private(hibmc_connector->base.dev); + u32 tmp_dir = readl(priv->mmio + GPIO_DATA_DIRECTION); + + if (value) { + tmp_dir &= ~mask; + writel(tmp_dir, priv->mmio + GPIO_DATA_DIRECTION); + } else { + u32 tmp_data = readl(priv->mmio + GPIO_DATA); + + tmp_data &= ~mask; + writel(tmp_data, priv->mmio + GPIO_DATA); + + tmp_dir |= mask; + writel(tmp_dir, priv->mmio + GPIO_DATA_DIRECTION); + } +} + +static int hibmc_get_i2c_signal(void *data, u32 mask) +{ + struct hibmc_connector *hibmc_connector = data; + struct hibmc_drm_private *priv = to_hibmc_drm_private(hibmc_connector->base.dev); + u32 tmp_dir = readl(priv->mmio + GPIO_DATA_DIRECTION); + + if ((tmp_dir & mask) != mask) { + tmp_dir &= ~mask; + writel(tmp_dir, priv->mmio + GPIO_DATA_DIRECTION); + } + + return (readl(priv->mmio + GPIO_DATA) & mask) ? 1 : 0; +} + +static void hibmc_ddc_setsda(void *data, int state) +{ + hibmc_set_i2c_signal(data, I2C_SDA_MASK, state); +} + +static void hibmc_ddc_setscl(void *data, int state) +{ + hibmc_set_i2c_signal(data, I2C_SCL_MASK, state); +} + +static int hibmc_ddc_getsda(void *data) +{ + return hibmc_get_i2c_signal(data, I2C_SDA_MASK); +} + +static int hibmc_ddc_getscl(void *data) +{ + return hibmc_get_i2c_signal(data, I2C_SCL_MASK); +} + +int hibmc_ddc_create(struct drm_device *drm_dev, + struct hibmc_connector *connector) +{ + connector->adapter.owner = THIS_MODULE; + connector->adapter.class = I2C_CLASS_DDC; + snprintf(connector->adapter.name, I2C_NAME_SIZE, "HIS i2c bit bus"); + connector->adapter.dev.parent = &drm_dev->pdev->dev; + i2c_set_adapdata(&connector->adapter, connector); + connector->adapter.algo_data = &connector->bit_data; + + connector->bit_data.udelay = 20; + connector->bit_data.timeout = usecs_to_jiffies(2000); + connector->bit_data.data = connector; + connector->bit_data.setsda = hibmc_ddc_setsda; + connector->bit_data.setscl = hibmc_ddc_setscl; + connector->bit_data.getsda = hibmc_ddc_getsda; + connector->bit_data.getscl = hibmc_ddc_getscl; + + return i2c_bit_add_bus(&connector->adapter); +} diff --git a/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c b/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c index 376a05ddbc2f..c8b14afbcbed 100644 --- a/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c +++ b/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c @@ -78,7 +78,7 @@ int hibmc_vdac_init(struct hibmc_drm_private *priv) { struct drm_device *dev = priv->dev; struct drm_encoder *encoder = &priv->encoder; - struct drm_connector *connector = &priv->connector; + struct drm_connector *connector = &priv->connector.base; int ret; encoder->possible_crtcs = 0x1; -- 2.20.1

1 18

[PATCH openEuler-1.0-LTS 1/3] arm64/mpam: Fix mpam corrupt when cpu online
by Yang Yingliang 23 Dec '21

23 Dec '21

From: Wang ShaoBo <bobo.shaobowang(a)huawei.com> hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I3YAI3 CVE: NA ------------------------------------------------- The following error occurred occasionally on a machine that supports MPAM: [ 13.321386][ T658] Unable to handle kernel paging request at virtual address ffff80001115816c [ 13.326013][ T684] hid-generic 0003:12D1:0003.0002: input,hidraw1: USB HID v1.10 Mouse [Keyboard/Mouse KVM 1.1.0] on usb-0000:7a:01.0-1.1/input1 [ 13.340558][ T658] Mem abort info: [ 13.340563][ T658] ESR = 0x86000007 [ 13.352567][ T5] hub 6-1:1.0: USB hub found [ 13.364750][ T658] EC = 0x21: IABT (current EL), IL = 32 bits [ 13.369891][ T5] hub 6-1:1.0: 4 ports detected [ 13.373871][ T658] SET = 0, FnV = 0 [ 13.396107][ T658] EA = 0, S1PTW = 0 [ 13.400599][ T658] swapper pgtable: 64k pages, 48-bit VAs, pgdp=0000000029540000 [ 13.408726][ T658] [ffff80001115816c] pgd=0000205fffff0003, p4d=0000205fffff0003, pud=0000205fffff0003, pmd=0000205ffffe0003, pte=0000000000000000 [ 13.423346][ T658] Internal error: Oops: 86000007 [#1] SMP [ 13.429720][ T658] Modules linked in: [ 13.434243][ T658] CPU: 72 PID: 658 Comm: kworker/72:1 Not tainted 5.10.0-4.17.0.28.oe1.aarch64 #1 [ 13.443966][ T658] Hardware name: Huawei TaiShan 200 (Model 2280)/BC82AMDDA, BIOS 1.70 01/07/2021 [ 13.453683][ T658] Workqueue: events mpam_enable [ 13.459206][ T658] pstate: 20c00009 (nzCv daif +PAN +UAO -TCO BTYPE=--) [ 13.466625][ T658] pc : mpam_enable+0x194/0x1d8 [ 13.472019][ T658] lr : mpam_enable+0x194/0x1d8 [ 13.477301][ T658] sp : ffff80004664fd70 [ 13.481937][ T658] x29: ffff80004664fd70 x28: 0000000000000000 [ 13.488578][ T658] x27: ffff00400484a648 x26: ffff800011b71080 [ 13.495306][ T658] x25: 0000000000000000 x24: ffff800011b6cda0 [ 13.502001][ T658] x23: ffff800011646f18 x22: ffff800011b6cd80 [ 13.508684][ T658] x21: ffff800011b6c000 x20: ffff800011646f08 [ 13.515425][ T658] x19: ffff800011646f70 x18: 0000000000000020 [ 13.522075][ T658] x17: 000000001790b332 x16: 0000000000000001 [ 13.528785][ T658] x15: ffffffffffffffff x14: ff00000000000000 [ 13.535464][ T658] x13: ffffffffffffffff x12: 0000000000000006 [ 13.542045][ T658] x11: 00000091cea718e2 x10: 0000000000000b90 [ 13.548735][ T658] x9 : ffff80001009ebac x8 : ffff2040061aabf0 [ 13.555383][ T658] x7 : ffffa05f8dca0000 x6 : 000000000000000f [ 13.561924][ T658] x5 : 0000000000000000 x4 : ffff2040061aa000 [ 13.568613][ T658] x3 : ffff80001164dfa0 x2 : 00000000ffffffff [ 13.575267][ T658] x1 : ffffa05f8dca0000 x0 : 00000000000000c1 [ 13.581813][ T658] Call trace: [ 13.585600][ T658] mpam_enable+0x194/0x1d8 [ 13.590450][ T658] process_one_work+0x1cc/0x390 [ 13.595654][ T658] worker_thread+0x70/0x2f0 [ 13.600499][ T658] kthread+0x118/0x120 [ 13.604935][ T658] ret_from_fork+0x10/0x18 [ 13.609717][ T658] Code: bad PC value [ 13.613944][ T658] ---[ end trace f1e305d2c339f67f ]--- [ 13.753818][ T658] Kernel panic - not syncing: Oops: Fatal exception [ 13.760885][ T658] SMP: stopping secondary CPUs [ 13.765933][ T658] Kernel Offset: disabled [ 13.770516][ T658] CPU features: 0x8040002,22208a38 [ 13.775862][ T658] Memory Limit: none [ 13.913929][ T658] ---[ end Kernel panic - not syncing: The process of MPAM devices initialization is like this: mpam_discovery_start() ... // discover devices mpam_discovery_complete() // hang up the mpam_online/offline_cpu callbacks -=> mpam_cpu_online() // probe all devices -=> mpam_enable() // prepare for resctrl (1) -=> cpuhp_remove_state() // clean resctrl internal structure (2) -=> cpuhp_setup_state() // rehang mpam_online/offline_cpu callbacks -=> mpam_cpu_online() // it does not call mpam_enable again -=> mpam_resctrl_cpu_online() // pull up resctrl Re-hang process of mpam_cpu_online/offline callbacks should not be disturbed by irqs, to ensure that CPU context is reliable before re-entering mpam_cpu_online(), which always happens between (1) and (2). Fixes: 2ab89c893faf ("arm64/mpam: resctrl: Re-synchronise resctrl's view of online CPUs") Signed-off-by: Wang ShaoBo <bobo.shaobowang(a)huawei.com> Reviewed-by: Cheng Jian <cj.chengjian(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- arch/arm64/kernel/mpam/mpam_device.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/kernel/mpam/mpam_device.c b/arch/arm64/kernel/mpam/mpam_device.c index f8840274b902f..c0615f6947a1f 100644 --- a/arch/arm64/kernel/mpam/mpam_device.c +++ b/arch/arm64/kernel/mpam/mpam_device.c @@ -593,9 +593,11 @@ static void __init mpam_enable(struct work_struct *work) pr_err("Failed to setup/init resctrl\n"); mutex_unlock(&mpam_devices_lock); + local_irq_disable(); mpam_cpuhp_state = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "mpam:online", mpam_cpu_online, mpam_cpu_offline); + local_irq_enable(); if (mpam_cpuhp_state <= 0) pr_err("Failed to re-register 'dyn' cpuhp callbacks"); mutex_unlock(&mpam_cpuhp_lock); -- 2.25.1

1 2

[PATCH openEuler-1.0-LTS 1/2] kprobes: Set unoptimized flag after unoptimizing code
by Yang Yingliang 22 Dec '21

22 Dec '21

From: Masami Hiramatsu <mhiramat(a)kernel.org> stable inclusion from stable-v4.19.108 commit 39af044d1ccb207da43af5c060bb0fb0dd548b3e category: bugfix bugzilla: NA CVE: NA ------------------------------------------------- commit f66c0447cca1281116224d474cdb37d6a18e4b5b upstream. Set the unoptimized flag after confirming the code is completely unoptimized. Without this fix, when a kprobe hits the intermediate modified instruction (the first byte is replaced by an INT3, but later bytes can still be a jump address operand) while unoptimizing, it can return to the middle byte of the modified code, which causes an invalid instruction exception in the kernel. Usually, this is a rare case, but if we put a probe on the function call while text patching, it always causes a kernel panic as below: # echo p text_poke+5 > kprobe_events # echo 1 > events/kprobes/enable # echo 0 > events/kprobes/enable invalid opcode: 0000 [#1] PREEMPT SMP PTI RIP: 0010:text_poke+0x9/0x50 Call Trace: arch_unoptimize_kprobe+0x22/0x28 arch_unoptimize_kprobes+0x39/0x87 kprobe_optimizer+0x6e/0x290 process_one_work+0x2a0/0x610 worker_thread+0x28/0x3d0 ? process_one_work+0x610/0x610 kthread+0x10d/0x130 ? kthread_park+0x80/0x80 ret_from_fork+0x3a/0x50 text_poke() is used for patching the code in optprobes. This can happen even if we blacklist text_poke() and other functions, because there is a small time window during which we show the intermediate code to other CPUs. [ mingo: Edited the changelog. ] Tested-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: bristot(a)redhat.com Fixes: 6274de4984a6 ("kprobes: Support delayed unoptimizing") Link: https://lkml.kernel.org/r/157483422375.25881.13508326028469515760.stgit@dev… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Yang Jihong <yangjihong1(a)huawei.com> Reviewed-by: Kuohai Xu <xukuohai(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- kernel/kprobes.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/kprobes.c b/kernel/kprobes.c index f6e6edaf964c1..666243fff573d 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -523,6 +523,8 @@ static void do_unoptimize_kprobes(void) arch_unoptimize_kprobes(&unoptimizing_list, &freeing_list); /* Loop free_list for disarming */ list_for_each_entry_safe(op, tmp, &freeing_list, list) { + /* Switching from detour code to origin */ + op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED; /* Disarm probes if marked disabled */ if (kprobe_disabled(&op->kp)) arch_disarm_kprobe(&op->kp); @@ -662,6 +664,7 @@ static void force_unoptimize_kprobe(struct optimized_kprobe *op) { lockdep_assert_cpus_held(); arch_unoptimize_kprobe(op); + op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED; if (kprobe_disabled(&op->kp)) arch_disarm_kprobe(&op->kp); } @@ -689,7 +692,6 @@ static void unoptimize_kprobe(struct kprobe *p, bool force) return; } - op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED; if (!list_empty(&op->list)) { /* Dequeue from the optimization queue */ list_del_init(&op->list); -- 2.25.1

1 1

2025

2024

2023

2022

2021

2020

2019

Kernel