- Kernel - mailweb.openeuler.org

[PATCH OLK-5.10 00/20] arm: reduce p2v alignment requirement to 2 MiB and adrl replacement
by Zhao Hongjiang 23 Jan '21

23 Jan '21

http://openeuler.huawei.com/bugzilla/show_bug.cgi?id=46882 Ard Biesheuvel (20): ARM: p2v: fix handling of LPAE translation in BE mode ARM: assembler: introduce adr_l, ldr_l and str_l macros ARM: module: add support for place relative relocations ARM: p2v: move patching code to separate assembler source file ARM: p2v: factor out shared loop processing ARM: p2v: factor out BE8 handling ARM: p2v: drop redundant 'type' argument from __pv_stub ARM: p2v: use relative references in patch site arrays ARM: p2v: simplify __fixup_pv_table() ARM: p2v: switch to MOVW for Thumb2 and ARM/LPAE ARM: p2v: reduce p2v alignment requirement to 2 MiB ARM: efistub: replace adrl pseudo-op with adr_l macro invocation ARM: head-common.S: use PC-relative insn sequence for __proc_info ARM: head-common.S: use PC-relative insn sequence for idmap creation ARM: head.S: use PC-relative insn sequence for secondary_data ARM: kernel: use relative references for UP/SMP alternatives ARM: head: use PC-relative insn sequence for __smp_alt ARM: sleep.S: use PC-relative insn sequence for sleep_save_sp/mpidr_hash ARM: head.S: use PC relative insn sequence to calculate PHYS_OFFSET ARM: kvm: replace open coded VA->PA calculations with adr_l call arch/arm/Kconfig | 2 +- arch/arm/boot/compressed/head.S | 18 +-- arch/arm/include/asm/assembler.h | 88 +++++++++++- arch/arm/include/asm/elf.h | 5 + arch/arm/include/asm/memory.h | 57 +++++--- arch/arm/include/asm/processor.h | 2 +- arch/arm/kernel/Makefile | 1 + arch/arm/kernel/head-common.S | 22 +-- arch/arm/kernel/head.S | 205 ++------------------------ arch/arm/kernel/hyp-stub.S | 27 ++-- arch/arm/kernel/module.c | 20 ++- arch/arm/kernel/phys2virt.S | 238 +++++++++++++++++++++++++++++++ arch/arm/kernel/sleep.S | 19 +-- 13 files changed, 431 insertions(+), 273 deletions(-) create mode 100644 arch/arm/kernel/phys2virt.S -- 2.25.1

2 21

[PATCH OLK-5.10 v2 0/2] config: add initial openeuler_defconfig for arm64 & x86
by Xie XiuQi 18 Jan '21

18 Jan '21

Add initial configs for arm64 & x86 platform. Use openEuler-20.03's config as base, re-generate it on 5.10 kernel. The major changes: - use 52 bit VA & PA - enable CONFIG_PSI - support more kunpeng drivers on arm64 Xie XiuQi (2): config: add initial openeuler_defconfig for arm64 config: add initial openeuler_defconfig for x86 arch/arm64/configs/openeuler_defconfig | 7069 ++++++++++++++++++++ arch/x86/configs/openeuler_defconfig | 8273 ++++++++++++++++++++++++ 2 files changed, 15342 insertions(+) create mode 100644 arch/arm64/configs/openeuler_defconfig create mode 100644 arch/x86/configs/openeuler_defconfig -- 2.20.1

1 2

[PATCH kernel-4.19 1/6] mm: thp: extract split_queue_* into a struct
by Yang Yingliang 18 Jan '21

18 Jan '21

From: Yang Shi <yang.shi(a)linux.alibaba.com> mainline inclusion from mainline-v5.4-rc1 commit 364c1eebe453f06f0c1e837eb155a5725c9cd272 category: bugfix bugzilla: 47240 CVE: NA ------------------------------------------------- Patch series "Make deferred split shrinker memcg aware", v6. Currently THP deferred split shrinker is not memcg aware, this may cause premature OOM with some configuration. For example the below test would run into premature OOM easily: $ cgcreate -g memory:thp $ echo 4G > /sys/fs/cgroup/memory/thp/memory/limit_in_bytes $ cgexec -g memory:thp transhuge-stress 4000 transhuge-stress comes from kernel selftest. It is easy to hit OOM, but there are still a lot THP on the deferred split queue, memcg direct reclaim can't touch them since the deferred split shrinker is not memcg aware. Convert deferred split shrinker memcg aware by introducing per memcg deferred split queue. The THP should be on either per node or per memcg deferred split queue if it belongs to a memcg. When the page is immigrated to the other memcg, it will be immigrated to the target memcg's deferred split queue too. Reuse the second tail page's deferred_list for per memcg list since the same THP can't be on multiple deferred split queues. Make deferred split shrinker not depend on memcg kmem since it is not slab. It doesn't make sense to not shrink THP even though memcg kmem is disabled. With the above change the test demonstrated above doesn't trigger OOM even though with cgroup.memory=nokmem. This patch (of 4): Put split_queue, split_queue_lock and split_queue_len into a struct in order to reduce code duplication when we convert deferred_split to memcg aware in the later patches. Link: http://lkml.kernel.org/r/1565144277-36240-2-git-send-email-yang.shi@linux.a… Signed-off-by: Yang Shi <yang.shi(a)linux.alibaba.com> Suggested-by: "Kirill A . Shutemov" <kirill.shutemov(a)linux.intel.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Kirill Tkhai <ktkhai(a)virtuozzo.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Shakeel Butt <shakeelb(a)google.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Qian Cai <cai(a)lca.pw> Cc: Vladimir Davydov <vdavydov.dev(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Liu Shixin <liushixin2(a)huawei.com> Reviewed-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- include/linux/mmzone.h | 12 ++++++++--- mm/huge_memory.c | 45 +++++++++++++++++++++++------------------- mm/page_alloc.c | 8 +++++--- 3 files changed, 39 insertions(+), 26 deletions(-) diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h index 1d7c5dd03ed89..3bd2f5e2a344f 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h @@ -612,6 +612,14 @@ struct zonelist { extern struct page *mem_map; #endif +#ifdef CONFIG_TRANSPARENT_HUGEPAGE +struct deferred_split { + spinlock_t split_queue_lock; + struct list_head split_queue; + unsigned long split_queue_len; +}; +#endif + /* * On NUMA machines, each NUMA node would have a pg_data_t to describe * it's memory layout. On UMA machines there is a single pglist_data which @@ -698,9 +706,7 @@ typedef struct pglist_data { #endif /* CONFIG_DEFERRED_STRUCT_PAGE_INIT */ #ifdef CONFIG_TRANSPARENT_HUGEPAGE - spinlock_t split_queue_lock; - struct list_head split_queue; - unsigned long split_queue_len; + struct deferred_split deferred_split_queue; #endif /* Fields commonly accessed by the page reclaim scanner */ diff --git a/mm/huge_memory.c b/mm/huge_memory.c index c2013b3e92e74..936092f8d4b16 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2697,6 +2697,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) { struct page *head = compound_head(page); struct pglist_data *pgdata = NODE_DATA(page_to_nid(head)); + struct deferred_split *ds_queue = &pgdata->deferred_split_queue; struct anon_vma *anon_vma = NULL; struct address_space *mapping = NULL; int count, mapcount, extra_pins, ret; @@ -2786,17 +2787,17 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) } /* Prevent deferred_split_scan() touching ->_refcount */ - spin_lock(&pgdata->split_queue_lock); + spin_lock(&ds_queue->split_queue_lock); count = page_count(head); mapcount = total_mapcount(head); if (!mapcount && page_ref_freeze(head, 1 + extra_pins)) { if (!list_empty(page_deferred_list(head))) { - pgdata->split_queue_len--; + ds_queue->split_queue_len--; list_del(page_deferred_list(head)); } if (mapping) __dec_node_page_state(page, NR_SHMEM_THPS); - spin_unlock(&pgdata->split_queue_lock); + spin_unlock(&ds_queue->split_queue_lock); __split_huge_page(page, list, end, flags); ret = 0; } else { @@ -2808,7 +2809,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) dump_page(page, "total_mapcount(head) > 0"); BUG(); } - spin_unlock(&pgdata->split_queue_lock); + spin_unlock(&ds_queue->split_queue_lock); fail: if (mapping) xa_unlock(&mapping->i_pages); spin_unlock_irqrestore(zone_lru_lock(page_zone(head)), flags); @@ -2831,52 +2832,56 @@ fail: if (mapping) void free_transhuge_page(struct page *page) { struct pglist_data *pgdata = NODE_DATA(page_to_nid(page)); + struct deferred_split *ds_queue = &pgdata->deferred_split_queue; unsigned long flags; - spin_lock_irqsave(&pgdata->split_queue_lock, flags); + spin_lock_irqsave(&ds_queue->split_queue_lock, flags); if (!list_empty(page_deferred_list(page))) { - pgdata->split_queue_len--; + ds_queue->split_queue_len--; list_del(page_deferred_list(page)); } - spin_unlock_irqrestore(&pgdata->split_queue_lock, flags); + spin_unlock_irqrestore(&ds_queue->split_queue_lock, flags); free_compound_page(page); } void deferred_split_huge_page(struct page *page) { struct pglist_data *pgdata = NODE_DATA(page_to_nid(page)); + struct deferred_split *ds_queue = &pgdata->deferred_split_queue; unsigned long flags; VM_BUG_ON_PAGE(!PageTransHuge(page), page); - spin_lock_irqsave(&pgdata->split_queue_lock, flags); + spin_lock_irqsave(&ds_queue->split_queue_lock, flags); if (list_empty(page_deferred_list(page))) { count_vm_event(THP_DEFERRED_SPLIT_PAGE); - list_add_tail(page_deferred_list(page), &pgdata->split_queue); - pgdata->split_queue_len++; + list_add_tail(page_deferred_list(page), &ds_queue->split_queue); + ds_queue->split_queue_len++; } - spin_unlock_irqrestore(&pgdata->split_queue_lock, flags); + spin_unlock_irqrestore(&ds_queue->split_queue_lock, flags); } static unsigned long deferred_split_count(struct shrinker *shrink, struct shrink_control *sc) { struct pglist_data *pgdata = NODE_DATA(sc->nid); - return READ_ONCE(pgdata->split_queue_len); + struct deferred_split *ds_queue = &pgdata->deferred_split_queue; + return READ_ONCE(ds_queue->split_queue_len); } static unsigned long deferred_split_scan(struct shrinker *shrink, struct shrink_control *sc) { struct pglist_data *pgdata = NODE_DATA(sc->nid); + struct deferred_split *ds_queue = &pgdata->deferred_split_queue; unsigned long flags; LIST_HEAD(list), *pos, *next; struct page *page; int split = 0; - spin_lock_irqsave(&pgdata->split_queue_lock, flags); + spin_lock_irqsave(&ds_queue->split_queue_lock, flags); /* Take pin on all head pages to avoid freeing them under us */ - list_for_each_safe(pos, next, &pgdata->split_queue) { + list_for_each_safe(pos, next, &ds_queue->split_queue) { page = list_entry((void *)pos, struct page, mapping); page = compound_head(page); if (get_page_unless_zero(page)) { @@ -2884,12 +2889,12 @@ static unsigned long deferred_split_scan(struct shrinker *shrink, } else { /* We lost race with put_compound_page() */ list_del_init(page_deferred_list(page)); - pgdata->split_queue_len--; + ds_queue->split_queue_len--; } if (!--sc->nr_to_scan) break; } - spin_unlock_irqrestore(&pgdata->split_queue_lock, flags); + spin_unlock_irqrestore(&ds_queue->split_queue_lock, flags); list_for_each_safe(pos, next, &list) { page = list_entry((void *)pos, struct page, mapping); @@ -2903,15 +2908,15 @@ static unsigned long deferred_split_scan(struct shrinker *shrink, put_page(page); } - spin_lock_irqsave(&pgdata->split_queue_lock, flags); - list_splice_tail(&list, &pgdata->split_queue); - spin_unlock_irqrestore(&pgdata->split_queue_lock, flags); + spin_lock_irqsave(&ds_queue->split_queue_lock, flags); + list_splice_tail(&list, &ds_queue->split_queue); + spin_unlock_irqrestore(&ds_queue->split_queue_lock, flags); /* * Stop shrinker if we didn't split any page, but the queue is empty. * This can happen if pages were freed under us. */ - if (!split && list_empty(&pgdata->split_queue)) + if (!split && list_empty(&ds_queue->split_queue)) return SHRINK_STOP; return split; } diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 67768c56d412c..91d820248690c 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -6371,9 +6371,11 @@ static unsigned long __init calc_memmap_size(unsigned long spanned_pages, #ifdef CONFIG_TRANSPARENT_HUGEPAGE static void pgdat_init_split_queue(struct pglist_data *pgdat) { - spin_lock_init(&pgdat->split_queue_lock); - INIT_LIST_HEAD(&pgdat->split_queue); - pgdat->split_queue_len = 0; + struct deferred_split *ds_queue = &pgdat->deferred_split_queue; + + spin_lock_init(&ds_queue->split_queue_lock); + INIT_LIST_HEAD(&ds_queue->split_queue); + ds_queue->split_queue_len = 0; } #else static void pgdat_init_split_queue(struct pglist_data *pgdat) {} -- 2.25.1

1 5

[PATCH kernel-4.19 00/43] backport stable-4.19.168
by Yang Yingliang 18 Jan '21

18 Jan '21

Andreas Kemnade (1): ARM: OMAP2+: omap_device: fix idling of devices during probe Arnd Bergmann (4): wil6210: select CONFIG_CRC32 block: rsxx: select CONFIG_CRC32 lightnvm: select CONFIG_CRC32 wan: ds26522: select CONFIG_BITREVERSE Ayush Sawal (6): chtls: Fix hardware tid leak chtls: Remove invalid set_tcb call chtls: Fix panic when route to peer not configured chtls: Replace skb_dequeue with skb_peek chtls: Added a check to avoid NULL pointer dereference chtls: Fix chtls resources release sequence Chris Wilson (1): drm/i915: Fix mismatch between misplaced vma check and vma insert Christophe JAILLET (2): net/sonic: Fix some resource leaks in error handling paths dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling path of the probe function Chunyan Zhang (1): i2c: sprd: use a specific timeout to avoid system hang up issue Colin Ian King (1): cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get() Dan Carpenter (1): regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() Dinghao Liu (3): iommu/intel: Fix memleak in intel_irq_remapping_alloc net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups net/mlx5e: Fix two double free cases Fenghua Yu (2): x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR x86/resctrl: Don't move a task to the same resource group Florian Westphal (2): net: ip: always refragment ip defragmented packets net: fix pmtu check in nopmtudisc mode Greg Kroah-Hartman (1): Linux 4.19.168 Jakub Kicinski (1): net: vlan: avoid leaks on register_vlan_dev() failures Jouni K. Seppänen (1): net: cdc_ncm: correct overhead in delayed_ndp_size Lorenzo Bianconi (1): iio: imu: st_lsm6dsx: fix edge-trigger interrupts Lukas Wunner (1): spi: pxa2xx: Fix use-after-free on unbind Marc Zyngier (1): KVM: arm64: Don't access PMCR_EL0 when no PMU is available Ming Lei (1): block: fix use-after-free in disk_part_iter_next Nick Desaulniers (1): vmlinux.lds.h: Add PGO and AutoFDO input sections Ping Cheng (1): HID: wacom: Fix memory leakage caused by kfifo_alloc Roman Guskov (1): spi: stm32: FIFO threshold level - fix align packet size Samuel Holland (2): net: stmmac: dwmac-sun8i: Balance internal PHY resource references net: stmmac: dwmac-sun8i: Balance internal PHY power Sean Nyekjaer (1): iio: imu: st_lsm6dsx: flip irq return logic Sean Tranchetti (1): net: ipv6: fib: flush exceptions when purging route Shravya Kumbham (3): dmaengine: xilinx_dma: check dma_async_device_register return value dmaengine: xilinx_dma: fix incompatible param warning in _child_probe() dmaengine: xilinx_dma: fix mixed_enum_type coverity warning Vasily Averin (1): net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet Xiaolei Wang (1): regmap: debugfs: Fix a memory leak when calling regmap_attach_dev Makefile | 2 +- arch/arm/mach-omap2/omap_device.c | 8 +- arch/arm64/kvm/sys_regs.c | 4 + arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 113 ++++++++---------- block/genhd.c | 9 +- drivers/base/regmap/regmap-debugfs.c | 9 +- drivers/block/Kconfig | 1 + drivers/cpufreq/powernow-k8.c | 9 +- drivers/crypto/chelsio/chtls/chtls_cm.c | 68 ++++------- drivers/dma/mediatek/mtk-hsdma.c | 1 + drivers/dma/xilinx/xilinx_dma.c | 11 +- drivers/gpu/drm/i915/i915_gem_execbuffer.c | 2 +- drivers/hid/wacom_sys.c | 35 +++++- drivers/i2c/busses/i2c-sprd.c | 8 +- .../iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 26 +++- drivers/iommu/intel_irq_remapping.c | 2 + drivers/lightnvm/Kconfig | 1 + .../net/ethernet/mellanox/mlx5/core/en_fs.c | 3 + drivers/net/ethernet/natsemi/macsonic.c | 12 +- drivers/net/ethernet/natsemi/xtsonic.c | 7 +- .../net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 58 ++++++--- drivers/net/usb/cdc_ncm.c | 8 +- drivers/net/wan/Kconfig | 1 + drivers/net/wireless/ath/wil6210/Kconfig | 1 + drivers/spi/spi-pxa2xx.c | 3 +- drivers/spi/spi-stm32.c | 4 +- include/asm-generic/vmlinux.lds.h | 5 +- net/8021q/vlan.c | 3 +- net/core/skbuff.c | 6 + net/ipv4/ip_output.c | 2 +- net/ipv4/ip_tunnel.c | 10 +- net/ipv6/ip6_fib.c | 5 +- 32 files changed, 265 insertions(+), 172 deletions(-) -- 2.25.1

1 43

[PATCH openEuler-1.0-LTS] HID: core: Correctly handle ReportSize being zero
by Yang Yingliang 18 Jan '21

18 Jan '21

From: Marc Zyngier <maz(a)kernel.org> stable inclusion from linux-4.19.144 commit abae259fdccc5e41ff302dd80a2b944ce385c970 CVE: CVE-2020-0465 -------------------------------- commit bce1305c0ece3dc549663605e567655dd701752c upstream. It appears that a ReportSize value of zero is legal, even if a bit non-sensical. Most of the HID code seems to handle that gracefully, except when computing the total size in bytes. When fed as input to memset, this leads to some funky outcomes. Detect the corner case and correctly compute the size. Cc: stable(a)vger.kernel.org Signed-off-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Benjamin Tissoires <benjamin.tissoires(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> Reviewed-by: Jason Yan <yanaijie(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- drivers/hid/hid-core.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index 3a359716fb38..3178580db7fa 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -1419,6 +1419,17 @@ static void hid_output_field(const struct hid_device *hid, } } +/* + * Compute the size of a report. + */ +static size_t hid_compute_report_size(struct hid_report *report) +{ + if (report->size) + return ((report->size - 1) >> 3) + 1; + + return 0; +} + /* * Create a report. 'data' has to be allocated using * hid_alloc_report_buf() so that it has proper size. @@ -1431,7 +1442,7 @@ void hid_output_report(struct hid_report *report, __u8 *data) if (report->id > 0) *data++ = report->id; - memset(data, 0, ((report->size - 1) >> 3) + 1); + memset(data, 0, hid_compute_report_size(report)); for (n = 0; n < report->maxfield; n++) hid_output_field(report->device, report->field[n], data); } @@ -1558,7 +1569,7 @@ int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size, csize--; } - rsize = ((report->size - 1) >> 3) + 1; + rsize = hid_compute_report_size(report); if (rsize > HID_MAX_BUFFER_SIZE) rsize = HID_MAX_BUFFER_SIZE; -- 2.25.1

1 0

[PATCH kernel-4.19 1/2] ascend: share pool: optimize the big lock for memory processing
by Yang Yingliang 18 Jan '21

18 Jan '21

From: Ding Tianhong <dingtianhong(a)huawei.com> ascend inclusion category: feature bugzilla: NA CVE: NA ------------------------------------------------- The sp_mutex is used to protect all critical path for share pool, it has serious affected the performance of the the memory alloc and release interface when there is a lot of process in the same memory group, it will serious break the scailability of the system, so add a new read semaphore lock to instead of the big lock for allocation and release critical path. The scailability has been greatly improved by this modification. Show the test result: number of process: alloc 4M avg time: Before the patch: 1 32us 3 96us 10 330us after the patch: 1 32us 3 40us 10 60us v2: fix some conflicts and clean some code. Signed-off-by: Ding Tianhong <dingtianhong(a)huawei.com> Reviewed-by: Tang Yizhou <tangyizhou(a)huawei.com> Reviewed-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- include/linux/share_pool.h | 5 ++ kernel/fork.c | 4 +- mm/share_pool.c | 170 ++++++++++++++++++++----------------- 3 files changed, 100 insertions(+), 79 deletions(-) diff --git a/include/linux/share_pool.h b/include/linux/share_pool.h index 70b841d0eb8e..f2d17cb85fa5 100644 --- a/include/linux/share_pool.h +++ b/include/linux/share_pool.h @@ -93,6 +93,8 @@ struct sp_group { unsigned long dvpp_va_start; unsigned long dvpp_size; atomic_t use_count; + /* protect the group internal elements */ + struct rw_semaphore rw_lock; }; struct sp_walk_data { @@ -238,6 +240,8 @@ extern void *vmalloc_hugepage_user(unsigned long size); extern void *buff_vzalloc_user(unsigned long size); extern void *buff_vzalloc_hugepage_user(unsigned long size); +void sp_exit_mm(struct mm_struct *mm); + #else static inline int sp_group_add_task(int pid, int spg_id) @@ -400,6 +404,7 @@ static inline void *buff_vzalloc_hugepage_user(unsigned long size) { return NULL; } + #endif #endif /* LINUX_SHARE_POOL_H */ diff --git a/kernel/fork.c b/kernel/fork.c index d1d8ac083c80..61496b70cfb8 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1055,8 +1055,6 @@ static inline void __mmput(struct mm_struct *mm) { VM_BUG_ON(atomic_read(&mm->mm_users)); - sp_group_exit(mm); - uprobe_clear_state(mm); exit_aio(mm); ksm_exit(mm); @@ -1084,6 +1082,8 @@ void mmput(struct mm_struct *mm) { might_sleep(); + sp_group_exit(mm); + if (atomic_dec_and_test(&mm->mm_users)) __mmput(mm); } diff --git a/mm/share_pool.c b/mm/share_pool.c index e326c95104da..27792a641401 100644 --- a/mm/share_pool.c +++ b/mm/share_pool.c @@ -197,6 +197,16 @@ static bool host_svm_sp_enable = false; int sysctl_share_pool_hugepage_enable = 1; +static void free_sp_group(struct sp_group *spg); + +static bool sp_group_get(struct sp_group *spg) +{ + if (spg_valid(spg) && atomic_inc_not_zero(&spg->use_count)) + return true; + + return false; +} + static unsigned long spa_size(struct sp_area *spa) { return spa->real_size; @@ -337,7 +347,9 @@ static struct sp_group *__sp_find_spg(int pid, int spg_id) put_task_struct(tsk); } else { + mutex_lock(&sp_mutex); spg = idr_find(&sp_group_idr, spg_id); + mutex_unlock(&sp_mutex); } return spg; @@ -392,6 +404,8 @@ static struct sp_group *find_or_alloc_sp_group(int spg_id) INIT_LIST_HEAD(&spg->procs); INIT_LIST_HEAD(&spg->spa_list); + init_rwsem(&spg->rw_lock); + ret = idr_alloc(&sp_group_idr, spg, spg_id, spg_id+1, GFP_KERNEL); if (ret < 0) { @@ -422,9 +436,8 @@ static struct sp_group *find_or_alloc_sp_group(int spg_id) goto out_fput; } } else { - if (!spg_valid(spg)) + if (!sp_group_get(spg)) return ERR_PTR(-ENODEV); - atomic_inc(&spg->use_count); } return spg; @@ -607,6 +620,8 @@ int sp_group_add_task(int pid, int spg_id) } mm->sp_group = spg; + + down_write(&spg->rw_lock); /* We reactive the spg even the spg exists already. */ spg->is_alive = true; list_add_tail(&mm->sp_node, &spg->procs); @@ -675,11 +690,14 @@ int sp_group_add_task(int pid, int spg_id) mm->sp_group = NULL; } + up_write(&spg->rw_lock); out_drop_group: if (unlikely(ret)) __sp_group_drop_locked(spg); out_put_mm: - mmput(mm); + /* No need to put the mm if the sp group add this mm success.*/ + if (unlikely(ret)) + mmput(mm); out_put_task: put_task_struct(tsk); out_unlock: @@ -712,44 +730,12 @@ static void spg_exit_unlock(bool unlock) mutex_unlock(&sp_mutex); } -/* - * Do cleanup when a process exits. - */ -void sp_group_exit(struct mm_struct *mm) -{ - bool is_alive = true; - bool unlock; - - /* - * Nothing to do if this thread group doesn't belong to any sp_group. - * No need to protect this check with lock because we can add a task - * to a group if !PF_EXITING. - */ - if (!mm->sp_group) - return; - - spg_exit_lock(&unlock); - if (list_is_singular(&mm->sp_group->procs)) - is_alive = mm->sp_group->is_alive = false; - list_del(&mm->sp_node); - spg_exit_unlock(unlock); - - /* - * To avoid calling this with sp_mutex held, we first mark the - * sp_group as dead and then send the notification and then do - * the real cleanup in sp_group_post_exit(). - */ - if (!is_alive) - blocking_notifier_call_chain(&sp_notifier_chain, 0, - mm->sp_group); -} - void sp_group_post_exit(struct mm_struct *mm) { struct sp_proc_stat *stat; bool unlock; - if (!mm->sp_group) + if (!enable_ascend_share_pool || !mm->sp_group) return; spg_exit_lock(&unlock); @@ -1139,8 +1125,6 @@ static void sp_munmap(struct mm_struct *mm, unsigned long addr, { int err; - if (!mmget_not_zero(mm)) - return; down_write(&mm->mmap_sem); err = do_munmap(mm, addr, size, NULL); @@ -1150,7 +1134,6 @@ static void sp_munmap(struct mm_struct *mm, unsigned long addr, } up_write(&mm->mmap_sem); - mmput(mm); } /* The caller must hold sp_mutex. */ @@ -1183,8 +1166,6 @@ int sp_free(unsigned long addr) check_interrupt_context(); - mutex_lock(&sp_mutex); - /* * Access control: a share pool addr can only be freed by another task * in the same spg or a kthread (such as buff_module_guard_work) @@ -1217,6 +1198,8 @@ int sp_free(unsigned long addr) sp_dump_stack(); + down_read(&spa->spg->rw_lock); + __sp_free(spa->spg, spa->va_start, spa_size(spa), NULL); /* Free the memory of the backing shmem or hugetlbfs */ @@ -1226,6 +1209,9 @@ int sp_free(unsigned long addr) if (ret) pr_err("share pool: sp free fallocate failed: %d\n", ret); + up_read(&spa->spg->rw_lock); + + mutex_lock(&sp_mutex); /* pointer stat may be invalid because of kthread buff_module_guard_work */ if (current->mm == NULL) { kthread_stat.alloc_size -= spa->real_size; @@ -1236,12 +1222,11 @@ int sp_free(unsigned long addr) else BUG(); } + mutex_unlock(&sp_mutex); drop_spa: __sp_area_drop(spa); out: - mutex_unlock(&sp_mutex); - sp_try_to_compact(); return ret; } @@ -1317,9 +1302,7 @@ void *sp_alloc(unsigned long size, unsigned long sp_flags, int spg_id) if (sp_flags & SP_HUGEPAGE_ONLY) sp_flags |= SP_HUGEPAGE; - mutex_lock(&sp_mutex); spg = __sp_find_spg(current->pid, SPG_ID_DEFAULT); - mutex_unlock(&sp_mutex); if (!spg) { /* DVPP pass through scene: first call sp_alloc() */ /* mdc scene hack */ if (enable_mdc_default_group) @@ -1336,14 +1319,16 @@ void *sp_alloc(unsigned long size, unsigned long sp_flags, int spg_id) ret); return ERR_PTR(ret); } - mutex_lock(&sp_mutex); spg = current->mm->sp_group; } else { /* other scenes */ - mutex_lock(&sp_mutex); if (spg_id != SPG_ID_DEFAULT) { + mutex_lock(&sp_mutex); /* the caller should be a member of the sp group */ - if (spg != idr_find(&sp_group_idr, spg_id)) + if (spg != idr_find(&sp_group_idr, spg_id)) { + mutex_unlock(&sp_mutex); goto out; + } + mutex_unlock(&sp_mutex); } } @@ -1352,6 +1337,7 @@ void *sp_alloc(unsigned long size, unsigned long sp_flags, int spg_id) goto out; } + down_read(&spg->rw_lock); if (sp_flags & SP_HUGEPAGE) { file = spg->file_hugetlb; size_aligned = ALIGN(size, PMD_SIZE); @@ -1376,31 +1362,25 @@ void *sp_alloc(unsigned long size, unsigned long sp_flags, int spg_id) unsigned long populate = 0; struct vm_area_struct *vma; - if (!mmget_not_zero(mm)) - continue; - down_write(&mm->mmap_sem); mmap_addr = sp_mmap(mm, file, spa, &populate); if (IS_ERR_VALUE(mmap_addr)) { up_write(&mm->mmap_sem); p = (void *)mmap_addr; __sp_free(spg, sp_addr, size_aligned, mm); - mmput(mm); pr_err("share pool: allocation sp mmap failed, ret %ld\n", mmap_addr); goto out; } - p =(void *)mmap_addr; /* success */ + p = (void *)mmap_addr; /* success */ if (populate == 0) { up_write(&mm->mmap_sem); - mmput(mm); continue; } vma = find_vma(mm, sp_addr); if (unlikely(!vma)) { up_write(&mm->mmap_sem); - mmput(mm); pr_err("share pool: allocation failed due to find %pK vma failure\n", (void *)sp_addr); p = ERR_PTR(-EINVAL); @@ -1461,24 +1441,22 @@ void *sp_alloc(unsigned long size, unsigned long sp_flags, int spg_id) size_aligned = ALIGN(size, PAGE_SIZE); sp_flags &= ~SP_HUGEPAGE; __sp_area_drop(spa); - mmput(mm); goto try_again; } } - - mmput(mm); break; } - mmput(mm); } +out: + up_read(&spg->rw_lock); + + mutex_lock(&sp_mutex); if (!IS_ERR(p)) { stat = idr_find(&sp_stat_idr, current->mm->sp_stat_id); if (stat) stat->alloc_size += size_aligned; } - -out: mutex_unlock(&sp_mutex); /* this will free spa if mmap failed */ @@ -1556,10 +1534,6 @@ static unsigned long sp_remap_kva_to_vma(unsigned long kva, struct sp_area *spa, } } - if (!mmget_not_zero(mm)) { - ret_addr = -ESPGMMEXIT; - goto put_file; - } down_write(&mm->mmap_sem); ret_addr = sp_mmap(mm, file, spa, &populate); @@ -1604,8 +1578,7 @@ static unsigned long sp_remap_kva_to_vma(unsigned long kva, struct sp_area *spa, put_mm: up_write(&mm->mmap_sem); - mmput(mm); -put_file: + if (!spa->spg && file) fput(file); @@ -1769,10 +1742,12 @@ void *sp_make_share_k2u(unsigned long kva, unsigned long size, */ stat = sp_init_proc_stat(tsk, mm); if (IS_ERR(stat)) { + mutex_unlock(&sp_mutex); uva = stat; pr_err("share pool: init proc stat failed, ret %lx\n", PTR_ERR(stat)); goto out_unlock; } + mutex_unlock(&sp_mutex); spg = __sp_find_spg(pid, SPG_ID_DEFAULT); if (spg == NULL) { @@ -1794,6 +1769,7 @@ void *sp_make_share_k2u(unsigned long kva, unsigned long size, } if (!vmalloc_area_set_flag(spa, kva_aligned, VM_SHAREPOOL)) { + up_read(&spg->rw_lock); pr_err("share pool: %s: the kva %pK is not valid\n", __func__, (void *)kva_aligned); goto out_drop_spa; } @@ -1808,12 +1784,14 @@ void *sp_make_share_k2u(unsigned long kva, unsigned long size, goto out_unlock; } + down_read(&spg->rw_lock); if (enable_share_k2u_spg) spa = sp_alloc_area(size_aligned, sp_flags, spg, SPA_TYPE_K2SPG); else spa = sp_alloc_area(size_aligned, sp_flags, NULL, SPA_TYPE_K2TASK); if (IS_ERR(spa)) { + up_read(&spg->rw_lock); if (printk_ratelimit()) pr_err("share pool: k2u(spg) failed due to alloc spa failure " "(potential no enough virtual memory when -75): %ld\n", @@ -1831,14 +1809,18 @@ void *sp_make_share_k2u(unsigned long kva, unsigned long size, uva = sp_make_share_kva_to_spg(kva_aligned, spa, spg); else uva = sp_make_share_kva_to_task(kva_aligned, spa, mm); + + up_read(&spg->rw_lock); } else { /* group is dead, return -ENODEV */ pr_err("share pool: failed to make k2u, sp group is dead\n"); } if (!IS_ERR(uva)) { + mutex_lock(&sp_mutex); uva = uva + (kva - kva_aligned); stat->k2u_size += size_aligned; + mutex_unlock(&sp_mutex); } else { /* associate vma and spa */ if (!vmalloc_area_clr_flag(spa, kva_aligned, VM_SHAREPOOL)) @@ -1849,7 +1831,6 @@ void *sp_make_share_k2u(unsigned long kva, unsigned long size, out_drop_spa: __sp_area_drop(spa); out_unlock: - mutex_unlock(&sp_mutex); mmput(mm); out_put_task: put_task_struct(tsk); @@ -2144,7 +2125,6 @@ static int sp_unshare_uva(unsigned long uva, unsigned long size, int pid, int sp unsigned int page_size; struct sp_proc_stat *stat; - mutex_lock(&sp_mutex); /* * at first we guess it's a hugepage addr * we can tolerate at most PMD_SIZE or PAGE_SIZE which is matched in k2u @@ -2157,7 +2137,7 @@ static int sp_unshare_uva(unsigned long uva, unsigned long size, int pid, int sp if (printk_ratelimit()) pr_err("share pool: invalid input uva %pK in unshare uva\n", (void *)uva); - goto out_unlock; + goto out; } } @@ -2259,10 +2239,14 @@ static int sp_unshare_uva(unsigned long uva, unsigned long size, int pid, int sp goto out_drop_area; } + down_read(&spa->spg->rw_lock); __sp_free(spa->spg, uva_aligned, size_aligned, NULL); + up_read(&spa->spg->rw_lock); } sp_dump_stack(); + + mutex_lock(&sp_mutex); /* pointer stat may be invalid because of kthread buff_module_guard_work */ if (current->mm == NULL) { kthread_stat.k2u_size -= spa->real_size; @@ -2273,6 +2257,7 @@ static int sp_unshare_uva(unsigned long uva, unsigned long size, int pid, int sp else WARN(1, "share_pool: %s: null process stat\n", __func__); } + mutex_unlock(&sp_mutex); out_clr_flag: /* deassociate vma and spa */ @@ -2281,8 +2266,7 @@ static int sp_unshare_uva(unsigned long uva, unsigned long size, int pid, int sp out_drop_area: __sp_area_drop(spa); -out_unlock: - mutex_unlock(&sp_mutex); +out: return ret; } @@ -2446,7 +2430,7 @@ bool sp_config_dvpp_range(size_t start, size_t size, int device_id, int pid) check_interrupt_context(); if (device_id < 0 || device_id >= MAX_DEVID || pid < 0 || size <= 0 || - size> MMAP_SHARE_POOL_16G_SIZE) + size > MMAP_SHARE_POOL_16G_SIZE) return false; mutex_lock(&sp_mutex); @@ -2468,9 +2452,10 @@ EXPORT_SYMBOL_GPL(sp_config_dvpp_range); /* Check whether the address belongs to the share pool. */ bool is_sharepool_addr(unsigned long addr) { - if (host_svm_sp_enable == false) - return addr >= MMAP_SHARE_POOL_START && addr < (MMAP_SHARE_POOL_16G_START + MMAP_SHARE_POOL_16G_SIZE); - return addr >= MMAP_SHARE_POOL_START && addr < MMAP_SHARE_POOL_END; + if (host_svm_sp_enable == false) + return addr >= MMAP_SHARE_POOL_START && addr < (MMAP_SHARE_POOL_16G_START + MMAP_SHARE_POOL_16G_SIZE); + + return addr >= MMAP_SHARE_POOL_START && addr < MMAP_SHARE_POOL_END; } EXPORT_SYMBOL_GPL(is_sharepool_addr); @@ -2515,7 +2500,8 @@ int proc_sp_group_state(struct seq_file *m, struct pid_namespace *ns, return 0; } -static void rb_spa_stat_show(struct seq_file *seq) { +static void rb_spa_stat_show(struct seq_file *seq) +{ struct rb_node *node; struct sp_area *spa; @@ -2814,6 +2800,36 @@ vm_fault_t sharepool_no_page(struct mm_struct *mm, } EXPORT_SYMBOL(sharepool_no_page); +#define MM_WOULD_FREE 2 + +void sp_group_exit(struct mm_struct *mm) +{ + struct sp_group *spg = NULL; + bool is_alive = true, unlock; + + if (!enable_ascend_share_pool) + return; + + spg = mm->sp_group; + + /* If the mm_users is 2, it means that the mm is ready to be freed + because the last owner of this mm is in exiting process. + */ + if (spg_valid(spg) && atomic_read(&mm->mm_users) == MM_WOULD_FREE) { + spg_exit_lock(&unlock); + down_write(&spg->rw_lock); + if (list_is_singular(&spg->procs)) + is_alive = spg->is_alive = false; + list_del(&mm->sp_node); + up_write(&spg->rw_lock); + if (!is_alive) + blocking_notifier_call_chain(&sp_notifier_chain, 0, + mm->sp_group); + atomic_dec(&mm->mm_users); + spg_exit_unlock(unlock); + } +} + struct page *sp_alloc_pages(struct vm_struct *area, gfp_t mask, unsigned int page_order, int node) { -- 2.25.1

1 1

[PATCH kernel-4.19 1/5] share_pool: Remove redundant null pointer check
by Yang Yingliang 14 Jan '21

14 Jan '21

From: Tang Yizhou <tangyizhou(a)huawei.com> ascend inclusion category: bugfix bugzilla: 46925 CVE: NA ------------------------------------------------- __sp_area_drop_locked() checks null pointer of spa, so remove null pointer checks before calling __sp_area_drop_locked(). Reported-by: Cui Bixuan <cuibixuan(a)huawei.com> Signed-off-by: Tang Yizhou <tangyizhou(a)huawei.com> Reviewed-by: Ding Tianhong <dingtianhong(a)huawei.com> Reviewed-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- mm/share_pool.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/mm/share_pool.c b/mm/share_pool.c index 4316625defac..2cfac4642e0b 100644 --- a/mm/share_pool.c +++ b/mm/share_pool.c @@ -443,8 +443,7 @@ static void sp_munmap_task_areas(struct mm_struct *mm, struct list_head *stop) if (&spa->link == stop) break; - if (prev) - __sp_area_drop_locked(prev); + __sp_area_drop_locked(prev); prev = spa; atomic_inc(&spa->use_count); @@ -459,8 +458,7 @@ static void sp_munmap_task_areas(struct mm_struct *mm, struct list_head *stop) spin_lock(&sp_area_lock); } - if (prev) - __sp_area_drop_locked(prev); + __sp_area_drop_locked(prev); spin_unlock(&sp_area_lock); } @@ -607,8 +605,7 @@ int sp_group_add_task(int pid, int spg_id) struct file *file = spa_file(spa); unsigned long addr; - if (prev) - __sp_area_drop_locked(prev); + __sp_area_drop_locked(prev); prev = spa; atomic_inc(&spa->use_count); @@ -651,8 +648,7 @@ int sp_group_add_task(int pid, int spg_id) spin_lock(&sp_area_lock); } - if (prev) - __sp_area_drop_locked(prev); + __sp_area_drop_locked(prev); spin_unlock(&sp_area_lock); if (unlikely(ret)) { -- 2.25.1

1 4

[PATCH kernel-4.19 00/78] backport stable-4.19.167
by Yang Yingliang 14 Jan '21

14 Jan '21

Adrian Hunter (1): scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() Alexey Dobriyan (2): proc: change ->nlink under proc_subdir_lock proc: fix lookup in /proc/net subdirectories after setns(2) Antoine Tenart (4): net-sysfs: take the rtnl lock when storing xps_cpus net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc net-sysfs: take the rtnl lock when storing xps_rxqs net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc Ard Biesheuvel (1): crypto: ecdh - avoid buffer overflow in ecdh_set_secret() Arnd Bergmann (1): usb: gadget: select CONFIG_CRC32 Bard Liao (1): Revert "device property: Keep secondary firmware node secondary by type" Bart Van Assche (2): scsi: ide: Do not set the RQF_PREEMPT flag for sense requests scsi: scsi_transport_spi: Set RQF_PM for domain validation commands Bean Huo (1): scsi: ufs: Fix wrong print message in dev_err() Bjørn Mork (2): net: usb: qmi_wwan: add Quectel EM160R-GL USB: serial: option: add Quectel EM160R-GL Chandana Kishori Chiluveru (1): usb: gadget: configfs: Preserve function ordering after bind failure Christophe JAILLET (1): staging: mt7621-dma: Fix a resource leak in an error handling path Cong Wang (1): erspan: fix version 1 check in gre_parse_header() Dan Carpenter (1): atm: idt77252: call pci_disable_device() on error path Dan Williams (1): x86/mm: Fix leak of pmd ptlock Daniel Palmer (1): USB: serial: option: add LongSung M5710 module support David Disseldorp (1): scsi: target: Fix XCOPY NAA identifier lookup Dexuan Cui (1): video: hyperv_fb: Fix the mmap() regression for v5.4.y and older Dinghao Liu (1): net: ethernet: Fix memleak in ethoc_probe Dominique Martinet (1): kbuild: don't hardcode depmod path Eddie Hung (1): usb: gadget: configfs: Fix use-after-free issue with udc_name Filipe Manana (1): btrfs: send: fix wrong file path when there is an inode with a pending rmdir Florian Fainelli (1): net: systemport: set dev->max_mtu to UMAC_MAX_MTU_SIZE Florian Westphal (1): netfilter: xt_RATEEST: reject non-null terminated string from userspace Greg Kroah-Hartman (1): Linux 4.19.167 Grygorii Strashko (1): net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered Guillaume Nault (1): ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst() Hans de Goede (1): Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close Heiner Kallweit (1): r8169: work around power-saving bug on some chip versions Huang Shijie (1): lib/genalloc: fix the overflow when size is too big Jeff Dike (1): virtio_net: Fix recursive call to cpus_read_lock() Jerome Brunet (1): usb: gadget: f_uac2: reset wMaxPacketSize Johan Hovold (4): USB: serial: iuu_phoenix: fix DMA from stack USB: yurex: fix control-URB timeout handling USB: usblp: fix DMA to stack USB: serial: keyspan_pda: remove unused variable John Wang (1): net/ncsi: Use real net-device for response handler Kailang Yang (1): ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 Linus Torvalds (1): depmod: handle the case of /sbin/depmod without /sbin in PATH Manish Chopra (1): qede: fix offload for IPIP tunnel packets Manish Narani (1): usb: gadget: u_ether: Fix MTU size mismatch with RX packet size Michael Grzeschik (1): USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set Paolo Bonzini (1): KVM: x86: fix shift out of bounds reported by UBSAN Randy Dunlap (2): net: sched: prevent invalid Scell_log shift count usb: usbip: vhci_hcd: protect shift size Rasmus Villemoes (2): ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() ethernet: ucc_geth: set dev->max_mtu to 1518 Roger Pau Monne (1): xen/pvh: correctly setup the PV EFI interface for dom0 Roland Dreier (1): CDC-NCM: remove "connected" log message Sean Young (1): USB: cdc-acm: blacklist another IR Droid device Serge Semin (1): usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion Sriharsha Allenki (1): usb: gadget: Fix spinlock lockup on usb_function_deactivate Stefan Chulski (3): net: mvpp2: Add TCAM entry to drop flow control pause frames net: mvpp2: prs: fix PPPoE with ipv6 packet parse net: mvpp2: Fix GoP port 3 Networking Complex Control configurations Subash Abhinov Kasiviswanathan (1): netfilter: x_tables: Update remaining dereference to RCU Sylwester Dziedziuch (1): i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs Takashi Iwai (2): ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks ALSA: hda/via: Fix runtime PM for Clevo W35xSS Tetsuo Handa (1): USB: cdc-wdm: Fix use after free in service_outstanding_interrupt(). Thinh Nguyen (1): usb: uas: Add PNY USB Portable SSD to unusual_uas Vasily Averin (1): netfilter: ipset: fix shift-out-of-bounds in htable_bits() Xie He (1): net: hdlc_ppp: Fix issues when mod_timer is called while timer is running Yang Yingliang (1): USB: gadget: legacy: fix return error code in acm_ms_bind() Ying-Tsun Huang (1): x86/mtrr: Correct the range check before performing MTRR type lookups Yu Kuai (1): usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() Yunfeng Ye (1): workqueue: Kick a worker based on the actual activation of delayed works Yunjian Wang (3): tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS net: hns: fix return value check in __lb_other_process() vhost_net: fix ubuf refcount incorrectly when sendmsg fails Zqiang (1): usb: gadget: function: printer: Fix a memory leak for interface descriptor bo liu (1): ALSA: hda/conexant: add a new hda codec CX11970 taehyun.cho (1): usb: gadget: enable super speed plus Makefile | 4 +- arch/x86/kernel/cpu/mtrr/generic.c | 6 +- arch/x86/kvm/mmu.h | 2 +- arch/x86/mm/pgtable.c | 2 + arch/x86/xen/efi.c | 12 +- arch/x86/xen/enlighten_pv.c | 2 +- arch/x86/xen/enlighten_pvh.c | 4 + arch/x86/xen/xen-ops.h | 4 +- crypto/ecdh.c | 3 +- drivers/atm/idt77252.c | 2 +- drivers/base/core.c | 2 +- drivers/bluetooth/hci_h5.c | 8 +- drivers/ide/ide-atapi.c | 1 - drivers/ide/ide-io.c | 5 - drivers/net/ethernet/broadcom/bcmsysport.c | 1 + drivers/net/ethernet/ethoc.c | 3 +- drivers/net/ethernet/freescale/ucc_geth.c | 3 +- .../net/ethernet/hisilicon/hns/hns_ethtool.c | 4 + drivers/net/ethernet/intel/i40e/i40e.h | 3 + drivers/net/ethernet/intel/i40e/i40e_main.c | 10 ++ .../ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 +- .../net/ethernet/marvell/mvpp2/mvpp2_main.c | 2 +- .../net/ethernet/marvell/mvpp2/mvpp2_prs.c | 38 +++++- .../net/ethernet/marvell/mvpp2/mvpp2_prs.h | 2 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 + drivers/net/ethernet/realtek/r8169.c | 6 +- drivers/net/ethernet/ti/cpts.c | 2 + drivers/net/tun.c | 2 +- drivers/net/usb/cdc_ncm.c | 3 - drivers/net/usb/qmi_wwan.c | 1 + drivers/net/virtio_net.c | 12 +- drivers/net/wan/hdlc_ppp.c | 7 ++ drivers/scsi/scsi_transport_spi.c | 27 ++-- drivers/scsi/ufs/ufshcd-pci.c | 34 ++++- drivers/scsi/ufs/ufshcd.c | 2 +- drivers/staging/mt7621-dma/mtk-hsdma.c | 4 +- drivers/target/target_core_xcopy.c | 119 ++++++++++-------- drivers/target/target_core_xcopy.h | 1 + drivers/usb/chipidea/ci_hdrc_imx.c | 6 +- drivers/usb/class/cdc-acm.c | 4 + drivers/usb/class/cdc-wdm.c | 16 ++- drivers/usb/class/usblp.c | 21 +++- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/ulpi.c | 2 +- drivers/usb/gadget/Kconfig | 2 + drivers/usb/gadget/composite.c | 10 +- drivers/usb/gadget/configfs.c | 19 ++- drivers/usb/gadget/function/f_printer.c | 1 + drivers/usb/gadget/function/f_uac2.c | 69 +++++++--- drivers/usb/gadget/function/u_ether.c | 9 +- drivers/usb/gadget/legacy/acm_ms.c | 4 +- drivers/usb/host/xhci.c | 24 ++-- drivers/usb/misc/yurex.c | 3 + drivers/usb/serial/iuu_phoenix.c | 20 ++- drivers/usb/serial/keyspan_pda.c | 2 - drivers/usb/serial/option.c | 3 + drivers/usb/storage/unusual_uas.h | 7 ++ drivers/usb/usbip/vhci_hcd.c | 2 + drivers/vhost/net.c | 6 +- drivers/video/fbdev/hyperv_fb.c | 6 +- fs/btrfs/send.c | 49 +++++--- fs/proc/generic.c | 55 +++++--- fs/proc/internal.h | 7 ++ fs/proc/proc_net.c | 16 --- include/linux/proc_fs.h | 8 +- include/net/red.h | 4 +- kernel/workqueue.c | 13 +- lib/genalloc.c | 25 ++-- net/core/net-sysfs.c | 65 ++++++++-- net/ipv4/fib_frontend.c | 2 +- net/ipv4/gre_demux.c | 2 +- net/ipv4/netfilter/arp_tables.c | 2 +- net/ipv4/netfilter/ip_tables.c | 2 +- net/ipv6/netfilter/ip6_tables.c | 2 +- net/ncsi/ncsi-rsp.c | 2 +- net/netfilter/ipset/ip_set_hash_gen.h | 20 +-- net/netfilter/xt_RATEEST.c | 3 + net/sched/sch_choke.c | 2 +- net/sched/sch_gred.c | 2 +- net/sched/sch_red.c | 2 +- net/sched/sch_sfq.c | 2 +- scripts/depmod.sh | 2 + sound/pci/hda/hda_intel.c | 2 - sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_realtek.c | 6 + sound/pci/hda/patch_via.c | 13 ++ sound/usb/midi.c | 4 + 87 files changed, 624 insertions(+), 278 deletions(-) -- 2.25.1

1 78

[PATCH kernel-4.19 0/8] backport stable-4.19.166
by Yang Yingliang 11 Jan '21

11 Jan '21

Felix Fietkau (1): Revert "mtd: spinand: Fix OOB read" Greg Kroah-Hartman (1): Linux 4.19.166 Jonathan Cameron (2): iio:imu:bmi160: Fix alignment and data leak issues iio:magnetometer:mag3110: Fix alignment and data leak issues. Josh Poimboeuf (1): kdev_t: always inline major/minor helper functions Tudor Ambarus (1): dmaengine: at_hdmac: Substitute kzalloc with kmalloc Yu Kuai (2): dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate() dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate() Makefile | 2 +- drivers/dma/at_hdmac.c | 11 ++++++++--- drivers/iio/imu/bmi160/bmi160_core.c | 13 +++++++++---- drivers/iio/magnetometer/mag3110.c | 13 +++++++++---- drivers/mtd/nand/spi/core.c | 4 ---- include/linux/kdev_t.h | 22 +++++++++++----------- 6 files changed, 38 insertions(+), 27 deletions(-) -- 2.25.1

1 8

[PATCH kernel-4.19 1/5] arm64/ascend: mm: Fix hugetlb check node error
by Yang Yingliang 11 Jan '21

11 Jan '21

From: Fang Lijun <fanglijun3(a)huawei.com> ascend inclusion category: bugfix bugzilla: NA CVE: NA ------------------------------------------------- The vm_flags will changed by MAP_CHECKNODE, so we must use it for output argument. Fixes: 66bd45db2b03 ("arm64/ascend: mm: Fix arm32 compile warnings") Signed-off-by: Fang Lijun <fanglijun3(a)huawei.com> Reviewed-by: Ding Tianhong <dingtianhong(a)huawei.com> Reviewed-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- include/linux/mman.h | 7 ++++--- mm/mmap.c | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/linux/mman.h b/include/linux/mman.h index d35d984c058c..a8ea591faed7 100644 --- a/include/linux/mman.h +++ b/include/linux/mman.h @@ -76,15 +76,16 @@ static inline int dvpp_mmap_zone(unsigned long addr) { return 0; } #ifdef CONFIG_COHERENT_DEVICE #define CHECKNODE_BITS 48 #define CHECKNODE_MASK (~((_AC(1, UL) << CHECKNODE_BITS) - 1)) -static inline void set_vm_checknode(vm_flags_t vm_flags, unsigned long flags) +static inline void set_vm_checknode(vm_flags_t *vm_flags, unsigned long flags) { if (is_set_cdmmask()) - vm_flags |= VM_CHECKNODE | ((((flags >> MAP_HUGE_SHIFT) & + *vm_flags |= VM_CHECKNODE | ((((flags >> MAP_HUGE_SHIFT) & MAP_HUGE_MASK) << CHECKNODE_BITS) & CHECKNODE_MASK); } #else #define CHECKNODE_BITS (0) -static inline void set_vm_checknode(vm_flags_t vm_flags, unsigned long flags) {} +static inline void set_vm_checknode(vm_flags_t *vm_flags, unsigned long flags) +{} #endif /* diff --git a/mm/mmap.c b/mm/mmap.c index 9dfef56dd0e8..e0399b087430 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1579,7 +1579,7 @@ unsigned long __do_mmap(struct mm_struct *mm, struct file *file, * hugetlbfs file mmap will use it to check node */ if (flags & MAP_CHECKNODE) - set_vm_checknode(vm_flags, flags); + set_vm_checknode(&vm_flags, flags); addr = __mmap_region(mm, file, addr, len, vm_flags, pgoff, uf); if (!IS_ERR_VALUE(addr) && -- 2.25.1

1 4

2025

2024

2023

2022

2021

2020

2019

Kernel