- Kernel - mailweb.openeuler.org

[PATCH openEuler-1.0-LTS 1/5] mm/memcg_memfs_info: fix potential oom_lock recursion deadlock
by Yongqiang Liu 16 Feb '23

16 Feb '23

From: Liu Shixin <liushixin2(a)huawei.com> hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6AXGS CVE: NA -------------------------------- syzbot is reporting GFP_KERNEL allocation with oom_lock held when reporting memcg OOM [1]. If this allocation triggers the global OOM situation then the system can livelock because the GFP_KERNEL allocation with oom_lock held cannot trigger the global OOM killer because __alloc_pages_may_oom() fails to hold oom_lock. The problem mentioned above has been fixed by patch[2]. The is the same problem in memcg_memfs_info feature too. Refer to the patch[2], fix it by removing the allocation from mem_cgroup_print_memfs_info() completely, and pass static buffer when calling from memcg OOM path. Link: https://syzkaller.appspot.com/bug?extid=2d2aeadc6ce1e1f11d45 [1] Link: https://lkml.kernel.org/r/86afb39f-8c65-bec2-6cfc-c5e3cd600c0b@I-love.SAKUR… [2] Fixes: 6b1d4d3a3713 ("mm/memcg_memfs_info: show files that having pages charged in mem_cgroup") Signed-off-by: Liu Shixin <liushixin2(a)huawei.com> Reviewed-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Signed-off-by: Yongqiang Liu <liuyongqiang13(a)huawei.com> --- include/linux/memcg_memfs_info.h | 4 +++- mm/memcg_memfs_info.c | 20 ++++++++++---------- mm/memcontrol.c | 3 ++- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/include/linux/memcg_memfs_info.h b/include/linux/memcg_memfs_info.h index 658a91e22bd7..b5e3709baa9e 100644 --- a/include/linux/memcg_memfs_info.h +++ b/include/linux/memcg_memfs_info.h @@ -6,11 +6,13 @@ #include <linux/seq_file.h> #ifdef CONFIG_MEMCG_MEMFS_INFO -void mem_cgroup_print_memfs_info(struct mem_cgroup *memcg, struct seq_file *m); +void mem_cgroup_print_memfs_info(struct mem_cgroup *memcg, char *pathbuf, + struct seq_file *m); int mem_cgroup_memfs_files_show(struct seq_file *m, void *v); void mem_cgroup_memfs_info_init(void); #else static inline void mem_cgroup_print_memfs_info(struct mem_cgroup *memcg, + char *pathbuf, struct seq_file *m) { } diff --git a/mm/memcg_memfs_info.c b/mm/memcg_memfs_info.c index 346175026cae..632e03da673b 100644 --- a/mm/memcg_memfs_info.c +++ b/mm/memcg_memfs_info.c @@ -162,7 +162,8 @@ static void memfs_show_files_in_mem_cgroup(struct super_block *sb, void *data) mntput(pfc->vfsmnt); } -void mem_cgroup_print_memfs_info(struct mem_cgroup *memcg, struct seq_file *m) +void mem_cgroup_print_memfs_info(struct mem_cgroup *memcg, char *pathbuf, + struct seq_file *m) { struct print_files_control pfc = { .memcg = memcg, @@ -170,17 +171,11 @@ void mem_cgroup_print_memfs_info(struct mem_cgroup *memcg, struct seq_file *m) .max_print_files = memfs_max_print_files, .size_threshold = memfs_size_threshold, }; - char *pathbuf; int i; if (!memfs_enable || !memcg) return; - pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); - if (!pathbuf) { - SEQ_printf(m, "Show memfs failed due to OOM\n"); - return; - } pfc.pathbuf = pathbuf; pfc.pathbuf_size = PATH_MAX; @@ -197,15 +192,20 @@ void mem_cgroup_print_memfs_info(struct mem_cgroup *memcg, struct seq_file *m) SEQ_printf(m, "total files: %lu, total memory-size: %lukB\n", pfc.total_print_files, pfc.total_files_size >> 10); } - - kfree(pfc.pathbuf); } int mem_cgroup_memfs_files_show(struct seq_file *m, void *v) { struct mem_cgroup *memcg = mem_cgroup_from_css(seq_css(m)); + char *pathbuf; - mem_cgroup_print_memfs_info(memcg, m); + pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); + if (!pathbuf) { + SEQ_printf(m, "Show memfs abort: failed to allocate memory\n"); + return 0; + } + mem_cgroup_print_memfs_info(memcg, pathbuf, m); + kfree(pathbuf); return 0; } diff --git a/mm/memcontrol.c b/mm/memcontrol.c index bdc90e6fc082..fd40fef49e45 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -1490,6 +1490,7 @@ void mem_cgroup_print_oom_meminfo(struct mem_cgroup *memcg) { struct mem_cgroup *iter; unsigned int i; + static char pathbuf[PATH_MAX]; pr_info("memory: usage %llukB, limit %llukB, failcnt %lu\n", K((u64)page_counter_read(&memcg->memory)), @@ -1522,7 +1523,7 @@ void mem_cgroup_print_oom_meminfo(struct mem_cgroup *memcg) pr_cont("\n"); } - mem_cgroup_print_memfs_info(memcg, NULL); + mem_cgroup_print_memfs_info(memcg, pathbuf, NULL); } /* -- 2.25.1

1 4

[PATCH openEuler-5.10-LTS-SP1 001/263] KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs
by Jialin Zhang 15 Feb '23

15 Feb '23

From: Nicholas Piggin <npiggin(a)gmail.com> stable inclusion from stable-v5.10.145 commit 6bae47548188ae957578e6d92d4b8753dec435e4 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6D0VF Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 112665286d08c87e66d699e7cba43c1497ad165f ] Interrupts that occur in kernel mode expect that context tracking is set to kernel. Enabling local irqs before context tracking switches from guest to host means interrupts can come in and trigger warnings about wrong context, and possibly worse. Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://lore.kernel.org/r/20210130130852.2952424-3-npiggin@gmail.com Stable-dep-of: 235cee162459 ("KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling") Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Jialin Zhang <zhangjialin11(a)huawei.com> Reviewed-by: Zheng Zengkai <zhengzengkai(a)huawei.com> --- arch/powerpc/kvm/book3s_hv.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c index 38b7a3491aac..d6c4e27f7ed9 100644 --- a/arch/powerpc/kvm/book3s_hv.c +++ b/arch/powerpc/kvm/book3s_hv.c @@ -3399,8 +3399,9 @@ static noinline void kvmppc_run_core(struct kvmppc_vcore *vc) kvmppc_set_host_core(pcpu); + guest_exit_irqoff(); + local_irq_enable(); - guest_exit(); /* Let secondaries go back to the offline loop */ for (i = 0; i < controlled_threads; ++i) { @@ -4235,8 +4236,9 @@ int kvmhv_run_single_vcpu(struct kvm_vcpu *vcpu, u64 time_limit, kvmppc_set_host_core(pcpu); + guest_exit_irqoff(); + local_irq_enable(); - guest_exit(); cpumask_clear_cpu(pcpu, &kvm->arch.cpu_in_guest); -- 2.25.1

1 262

[PATCH openEuler-1.0-LTS 1/2] net: bridge: mcast: add and enforce startup query interval minimum
by Yongqiang Liu 15 Feb '23

15 Feb '23

From: Nikolay Aleksandrov <nikolay(a)nvidia.com> mainline inclusion from mainline-v5.16-rc8 commit f83a112bd91a494cdee671aec74e777470fb4a07 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6DKZJ CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- As reported[1] if startup query interval is set too low in combination with large number of startup queries and we have multiple bridges or even a single bridge with multiple querier vlans configured we can crash the machine. Add a 1 second minimum which must be enforced by overwriting the value if set lower (i.e. without returning an error) to avoid breaking user-space. If that happens a log message is emitted to let the admin know that the startup interval has been set to the minimum. It doesn't make sense to make the startup interval lower than the normal query interval so use the same value of 1 second. The issue has been present since these intervals could be user-controlled. [1] https://lore.kernel.org/netdev/e8b9ce41-57b9-b6e2-a46a-ff9c791cf0ba@gmail.c… Fixes: d902eee43f19 ("bridge: Add multicast count/interval sysfs entries") Reported-by: Eric Dumazet <eric.dumazet(a)gmail.com> Signed-off-by: Nikolay Aleksandrov <nikolay(a)nvidia.com> Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Conflicts: net/bridge/br_multicast.c net/bridge/br_netlink.c net/bridge/br_private.h net/bridge/br_sysfs_br.c Signed-off-by: Zhengchao Shao <shaozhengchao(a)huawei.com> Reviewed-by: Yue Haibing <yuehaibing(a)huawei.com> Signed-off-by: Yongqiang Liu <liuyongqiang13(a)huawei.com> --- net/bridge/br_multicast.c | 16 ++++++++++++++++ net/bridge/br_netlink.c | 2 +- net/bridge/br_private.h | 5 +++++ net/bridge/br_sysfs_br.c | 2 +- 4 files changed, 23 insertions(+), 2 deletions(-) diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c index 3504c3acd38f..ed67a43efdef 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c @@ -2351,6 +2351,22 @@ int br_multicast_set_mld_version(struct net_bridge *br, unsigned long val) } #endif +void br_multicast_set_startup_query_intvl(struct net_bridge *br, + unsigned long val) +{ + unsigned long intvl_jiffies = clock_t_to_jiffies(val); + + if (intvl_jiffies < BR_MULTICAST_STARTUP_QUERY_INTVL_MIN) { + br_info(br, + "trying to set multicast startup query interval below minimum, setting to %lu (%ums)\n", + jiffies_to_clock_t(BR_MULTICAST_STARTUP_QUERY_INTVL_MIN), + jiffies_to_msecs(BR_MULTICAST_STARTUP_QUERY_INTVL_MIN)); + intvl_jiffies = BR_MULTICAST_STARTUP_QUERY_INTVL_MIN; + } + + br->multicast_startup_query_interval = intvl_jiffies; +} + /** * br_multicast_list_adjacent - Returns snooped multicast addresses * @dev: The bridge port adjacent to which to retrieve addresses diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index c00cb376263a..b3bcfb77077a 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -1237,7 +1237,7 @@ static int br_changelink(struct net_device *brdev, struct nlattr *tb[], if (data[IFLA_BR_MCAST_STARTUP_QUERY_INTVL]) { u64 val = nla_get_u64(data[IFLA_BR_MCAST_STARTUP_QUERY_INTVL]); - br->multicast_startup_query_interval = clock_t_to_jiffies(val); + br_multicast_set_startup_query_intvl(br, val); } if (data[IFLA_BR_MCAST_STATS_ENABLED]) { diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 23fed55942fa..877fbc65a2fe 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -31,6 +31,9 @@ #define BR_PORT_BITS 10 #define BR_MAX_PORTS (1<<BR_PORT_BITS) +#define BR_MULTICAST_QUERY_INTVL_MIN msecs_to_jiffies(1000) +#define BR_MULTICAST_STARTUP_QUERY_INTVL_MIN BR_MULTICAST_QUERY_INTVL_MIN + #define BR_VERSION "2.3" /* Control of forwarding link local multicast */ @@ -1200,4 +1203,6 @@ void br_do_proxy_suppress_arp(struct sk_buff *skb, struct net_bridge *br, void br_do_suppress_nd(struct sk_buff *skb, struct net_bridge *br, u16 vid, struct net_bridge_port *p, struct nd_msg *msg); struct nd_msg *br_is_nd_neigh_msg(struct sk_buff *skb, struct nd_msg *m); +void br_multicast_set_startup_query_intvl(struct net_bridge *br, + unsigned long val); #endif diff --git a/net/bridge/br_sysfs_br.c b/net/bridge/br_sysfs_br.c index 0318a69888d4..bfbffc5088ac 100644 --- a/net/bridge/br_sysfs_br.c +++ b/net/bridge/br_sysfs_br.c @@ -618,7 +618,7 @@ static ssize_t multicast_startup_query_interval_show( static int set_startup_query_interval(struct net_bridge *br, unsigned long val) { - br->multicast_startup_query_interval = clock_t_to_jiffies(val); + br_multicast_set_startup_query_intvl(br, val); return 0; } -- 2.25.1

1 1

[PATCH openEuler-5.10-LTS 1/6] cifs: sanitize multiple delimiters in prepath
by Jialin Zhang 14 Feb '23

14 Feb '23

From: Thiago Rafael Becker <trbecker(a)gmail.com> mainline inclusion from mainline-v5.16-rc6 commit a31080899d5fdafcccf7f39dd214a814a2c82626 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6D6RL CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- mount.cifs can pass a device with multiple delimiters in it. This will cause rename(2) to fail with ENOENT. V2: - Make sanitize_path more readable. - Fix multiple delimiters between UNC and prepath. - Avoid a memory leak if a bad user starts putting a lot of delimiters in the path on purpose. BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=2031200 Fixes: 24e0a1eff9e2 ("cifs: switch to new mount api") Cc: stable(a)vger.kernel.org # 5.11+ Acked-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Thiago Rafael Becker <trbecker(a)gmail.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> conflicts: fs/cifs/fs_context.c Signed-off-by: ZhaoLong Wang <wangzhaolong1(a)huawei.com> Reviewed-by: Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11(a)huawei.com> --- fs/cifs/connect.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 7f5d173760cf..0a2eced46e35 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1316,6 +1316,42 @@ static int get_option_gid(substring_t args[], kgid_t *result) return 0; } +/* + * Remove duplicate path delimiters. Windows is supposed to do that + * but there are some bugs that prevent rename from working if there are + * multiple delimiters. + * + * Returns a sanitized duplicate of @path. The caller is responsible for + * cleaning up the original. + */ +#define IS_DELIM(c) ((c) == '/' || (c) == '\\') +static char *sanitize_path(char *path) +{ + char *cursor1 = path, *cursor2 = path; + + /* skip all prepended delimiters */ + while (IS_DELIM(*cursor1)) + cursor1++; + + /* copy the first letter */ + *cursor2 = *cursor1; + + /* copy the remainder... */ + while (*(cursor1++)) { + /* ... skipping all duplicated delimiters */ + if (IS_DELIM(*cursor1) && IS_DELIM(*cursor2)) + continue; + *(++cursor2) = *cursor1; + } + + /* if the last character is a delimiter, skip it */ + if (IS_DELIM(*(cursor2 - 1))) + cursor2--; + + *(cursor2) = '\0'; + return kstrdup(path, GFP_KERNEL); +} + /* * Parse a devname into substrings and populate the vol->UNC and vol->prepath * fields with the result. Returns 0 on success and an error otherwise. @@ -1364,7 +1400,7 @@ cifs_parse_devname(const char *devname, struct smb_vol *vol) if (!*pos) return 0; - vol->prepath = kstrdup(pos, GFP_KERNEL); + vol->prepath = sanitize_path(pos); if (!vol->prepath) return -ENOMEM; -- 2.25.1

1 5

[PATCH openEuler-5.10-LTS-SP1 1/8] bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues
by Jialin Zhang 14 Feb '23

14 Feb '23

From: Wang Yufen <wangyufen(a)huawei.com> mainline inclusion from mainline-v6.0-rc1 commit d8616ee2affcff37c5d315310da557a694a3303d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6BRTY CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- During TCP sockmap redirect pressure test, the following warning is triggered: WARNING: CPU: 3 PID: 2145 at net/core/stream.c:205 sk_stream_kill_queues+0xbc/0xd0 CPU: 3 PID: 2145 Comm: iperf Kdump: loaded Tainted: G W 5.10.0+ #9 Call Trace: inet_csk_destroy_sock+0x55/0x110 inet_csk_listen_stop+0xbb/0x380 tcp_close+0x41b/0x480 inet_release+0x42/0x80 __sock_release+0x3d/0xa0 sock_close+0x11/0x20 __fput+0x9d/0x240 task_work_run+0x62/0x90 exit_to_user_mode_prepare+0x110/0x120 syscall_exit_to_user_mode+0x27/0x190 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The reason we observed is that: When the listener is closing, a connection may have completed the three-way handshake but not accepted, and the client has sent some packets. The child sks in accept queue release by inet_child_forget()->inet_csk_destroy_sock(), but psocks of child sks have not released. To fix, add sock_map_destroy to release psocks. Signed-off-by: Wang Yufen <wangyufen(a)huawei.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jakub Sitnicki <jakub(a)cloudflare.com> Acked-by: John Fastabend <john.fastabend(a)gmail.com> Link: https://lore.kernel.org/bpf/20220524075311.649153-1-wangyufen@huawei.com Signed-off-by: Liu Jian <liujian56(a)huawei.com> Conflicts: include/linux/bpf.h Reviewed-by: Wang Yufen <wangyufen(a)huawei.com> Reviewed-by: Yue Haibing <yuehaibing(a)huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11(a)huawei.com> --- include/linux/bpf.h | 1 + include/linux/skmsg.h | 1 + net/core/skmsg.c | 1 + net/core/sock_map.c | 23 +++++++++++++++++++++++ net/ipv4/tcp_bpf.c | 1 + 5 files changed, 27 insertions(+) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 8d95f4c66275..79fb7c1be8fd 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1845,6 +1845,7 @@ static inline bool bpf_map_is_dev_bound(struct bpf_map *map) struct bpf_map *bpf_map_offload_map_alloc(union bpf_attr *attr); void bpf_map_offload_map_free(struct bpf_map *map); +void sock_map_destroy(struct sock *sk); #else static inline int bpf_prog_offload_init(struct bpf_prog *prog, union bpf_attr *attr) diff --git a/include/linux/skmsg.h b/include/linux/skmsg.h index 1899a1c8421c..a83885c5bb86 100644 --- a/include/linux/skmsg.h +++ b/include/linux/skmsg.h @@ -105,6 +105,7 @@ struct sk_psock { spinlock_t link_lock; refcount_t refcnt; void (*saved_unhash)(struct sock *sk); + void (*saved_destroy)(struct sock *sk); void (*saved_close)(struct sock *sk, long timeout); void (*saved_write_space)(struct sock *sk); struct proto *sk_proto; diff --git a/net/core/skmsg.c b/net/core/skmsg.c index 622d93d56953..925863fab5bd 100644 --- a/net/core/skmsg.c +++ b/net/core/skmsg.c @@ -616,6 +616,7 @@ struct sk_psock *sk_psock_init(struct sock *sk, int node) psock->eval = __SK_NONE; psock->sk_proto = prot; psock->saved_unhash = prot->unhash; + psock->saved_destroy = prot->destroy; psock->saved_close = prot->close; psock->saved_write_space = sk->sk_write_space; diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 28e518da4bcb..85df06298c98 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -1560,6 +1560,29 @@ void sock_map_unhash(struct sock *sk) saved_unhash(sk); } +void sock_map_destroy(struct sock *sk) +{ + void (*saved_destroy)(struct sock *sk); + struct sk_psock *psock; + + rcu_read_lock(); + psock = sk_psock_get(sk); + if (unlikely(!psock)) { + rcu_read_unlock(); + if (sk->sk_prot->destroy) + sk->sk_prot->destroy(sk); + return; + } + + saved_destroy = psock->saved_destroy; + sock_map_remove_links(sk, psock); + rcu_read_unlock(); + sk_psock_stop(psock, true); + sk_psock_put(sk, psock); + saved_destroy(sk); +} +EXPORT_SYMBOL_GPL(sock_map_destroy); + void sock_map_close(struct sock *sk, long timeout) { void (*saved_close)(struct sock *sk, long timeout); diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c index afeaf35194de..1a8f129fb309 100644 --- a/net/ipv4/tcp_bpf.c +++ b/net/ipv4/tcp_bpf.c @@ -577,6 +577,7 @@ static void tcp_bpf_rebuild_protos(struct proto prot[TCP_BPF_NUM_CFGS], struct proto *base) { prot[TCP_BPF_BASE] = *base; + prot[TCP_BPF_BASE].destroy = sock_map_destroy; prot[TCP_BPF_BASE].close = sock_map_close; prot[TCP_BPF_BASE].recvmsg = tcp_bpf_recvmsg; prot[TCP_BPF_BASE].stream_memory_read = tcp_bpf_stream_read; -- 2.25.1

1 7

[PATCH openEuler-1.0-LTS 1/2] x86/bugs: Flush IBP in ib_prctl_set()
by Yongqiang Liu 14 Feb '23

14 Feb '23

From: Rodrigo Branco <bsdaemon(a)google.com> stable inclusion from stable-v4.19.270 commit 940ede60d74d2fc7291b96cb38072d705333c8e0 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6CU98 CVE: CVE-2023-0045 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… -------------------------------- commit a664ec9158eeddd75121d39c9a0758016097fa96 upstream. We missed the window between the TIF flag update and the next reschedule. Signed-off-by: Rodrigo Branco <bsdaemon(a)google.com> Reviewed-by: Borislav Petkov (AMD) <bp(a)alien8.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Yuyao Lin <linyuyao1(a)huawei.com> Reviewed-by: Wei Li <liwei391(a)huawei.com> Reviewed-by: Xiu Jianfeng <xiujianfeng(a)huawei.com> Signed-off-by: Yongqiang Liu <liuyongqiang13(a)huawei.com> --- arch/x86/kernel/cpu/bugs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 3ba948bbd77d..d4d114d62e2e 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1547,6 +1547,8 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl) if (ctrl == PR_SPEC_FORCE_DISABLE) task_set_spec_ib_force_disable(task); task_update_spec_tif(task); + if (task == current) + indirect_branch_prediction_barrier(); break; default: return -ERANGE; -- 2.25.1

1 1

[PATCH] vfio/migration: Modify the vf id acquisition method
by Longfang Liu 14 Feb '23

14 Feb '23

driver inclusion category:feature bugzilla: https://gitee.com/openeuler/kernel/issues/I6DRLU CVE: NA When using the old PCI_FUNC method to obtain the vf id, if the number of vf big than 8, the obtained id number will be wrong, and the new method needs to be used to correct it. Signed-off-by: Longfang Liu <liulongfang(a)huawei.com> Signed-off-by: JiangShui Yang <yangjiangshui(a)h-partners.com> --- .../hisilicon/migration/acc_vf_migration.c | 17 ++++++++++-- .../hisilicon/migration/acc_vf_migration.h | 26 +++++++++++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/hisilicon/migration/acc_vf_migration.c b/drivers/crypto/hisilicon/migration/acc_vf_migration.c index 920f19916fea..7c5fc4eb02ac 100644 --- a/drivers/crypto/hisilicon/migration/acc_vf_migration.c +++ b/drivers/crypto/hisilicon/migration/acc_vf_migration.c @@ -1610,6 +1610,19 @@ static int acc_vf_dev_init(struct pci_dev *pdev, struct hisi_qm *pf_qm, return -ENOMEM; } +static int hisi_acc_get_vf_id(struct pci_dev *dev) +{ + struct pci_dev *pf; + + if (!dev->is_virtfn) + return -EINVAL; + + pf = pci_physfn(dev); + return (((dev->bus->number << 8) + dev->devfn) - + ((pf->bus->number << 8) + pf->devfn + pf->sriov->offset)) / + pf->sriov->stride; +} + static void *acc_vf_probe(struct pci_dev *pdev) { struct acc_vf_migration *acc_vf_dev; @@ -1635,7 +1648,7 @@ static void *acc_vf_probe(struct pci_dev *pdev) return ERR_PTR(-EINVAL); } - vf_id = PCI_FUNC(vf_dev->devfn); + vf_id = hisi_acc_get_vf_id(vf_dev); if (vf_id < 0) { dev_info(&pdev->dev, "vf device: %s, vf id: %d\n", pf_qm->dev_name, vf_id); @@ -1652,7 +1665,7 @@ static void *acc_vf_probe(struct pci_dev *pdev) return ERR_PTR(-ENOMEM); } - acc_vf_dev->vf_id = vf_id; + acc_vf_dev->vf_id = vf_id + 1; acc_vf_dev->vf_vendor = pdev->vendor; acc_vf_dev->vf_device = pdev->device; acc_vf_dev->pf_dev = pf_dev; diff --git a/drivers/crypto/hisilicon/migration/acc_vf_migration.h b/drivers/crypto/hisilicon/migration/acc_vf_migration.h index 2f459eecb8f0..8b38b9943d35 100644 --- a/drivers/crypto/hisilicon/migration/acc_vf_migration.h +++ b/drivers/crypto/hisilicon/migration/acc_vf_migration.h @@ -215,6 +215,32 @@ struct acc_vf_region_ops { struct vfio_info_cap *caps); }; +/* Single Root I/O Virtualization */ +struct pci_sriov { + int pos; /* Capability position */ + int nres; /* Number of resources */ + u32 cap; /* SR-IOV Capabilities */ + u16 ctrl; /* SR-IOV Control */ + u16 total_VFs; /* Total VFs associated with the PF */ + u16 initial_VFs; /* Initial VFs associated with the PF */ + u16 num_VFs; /* Number of VFs available */ + u16 offset; /* First VF Routing ID offset */ + u16 stride; /* Following VF stride */ + u16 vf_device; /* VF device ID */ + u32 pgsz; /* Page size for BAR alignment */ + u8 link; /* Function Dependency Link */ + u8 max_VF_buses; /* Max buses consumed by VFs */ + u16 driver_max_VFs; /* Max num VFs driver supports */ + struct pci_dev *dev; /* Lowest numbered PF */ + struct pci_dev *self; /* This PF */ + u32 class; /* VF device */ + u8 hdr_type; /* VF header type */ + u16 subsystem_vendor; /* VF subsystem vendor */ + u16 subsystem_device; /* VF subsystem device */ + resource_size_t barsz[PCI_SRIOV_NUM_BARS]; /* VF BAR size */ + bool drivers_autoprobe; /* Auto probing of VFs by driver */ +}; + struct acc_vf_region { u32 type; u32 subtype; -- 2.33.0

1 0

Intel Arch SIG 例会
by openEuler conference 14 Feb '23

14 Feb '23

您好！ sig-Intel-Arch SIG 邀请您参加 2023-02-21 10:00 召开的Zoom会议会议主题：Intel Arch SIG 例会会议内容： 1. Intel几个复杂特性的支持计划 2. QEMU和kernel选型对未来lntel平台支持和release安排讨论 3. openEuler在SPR上的用户诉求和反馈会议链接：https://us06web.zoom.us/j/87058792984?pwd=UFlzSzA4OHNyMEIvRkpCdWFwdEdRQT09 会议纪要：https://etherpad.openeuler.org/p/sig-Intel-Arch-meetings 温馨提醒：建议接入会议后修改参会人的姓名，也可以使用您在gitee.com的ID 更多资讯尽在：https://openeuler.org/zh/ Hello! openEuler sig-Intel-Arch SIG invites you to attend the Zoom conference will be held at 2023-02-21 10:00, The subject of the conference is Intel Arch SIG 例会, Summary: 1. Intel几个复杂特性的支持计划 2. QEMU和kernel选型对未来lntel平台支持和release安排讨论 3. openEuler在SPR上的用户诉求和反馈 You can join the meeting at https://us06web.zoom.us/j/87058792984?pwd=UFlzSzA4OHNyMEIvRkpCdWFwdEdRQT09. Add topics at https://etherpad.openeuler.org/p/sig-Intel-Arch-meetings. Note: You are advised to change the participant name after joining the conference or use your ID at gitee.com. More information: https://openeuler.org/en/

1 0

[Cancel] Intel Arch SIG 例会
by openEuler conference 14 Feb '23

14 Feb '23

Sorry! The Zoom meeting will be held at 2023-02-20 10:00 scheduled by openEuler sig-Intel-Arch SIG has been cancelled.

1 0

Intel Arch SIG 例会
by openEuler conference 14 Feb '23

14 Feb '23

您好！ sig-Intel-Arch SIG 邀请您参加 2023-02-20 10:00 召开的Zoom会议会议主题：Intel Arch SIG 例会会议内容： 1. Intel几个复杂特性的支持计划 2. QEMU和kernel选型对未来lntel平台支持和release安排讨论 3. openEuler在SPR上的用户诉求和反馈会议链接：https://us06web.zoom.us/j/87427026722?pwd=eE9lQXBNck9KS0kzek9Da2VYV2VRdz09 会议纪要：https://etherpad.openeuler.org/p/sig-Intel-Arch-meetings 温馨提醒：建议接入会议后修改参会人的姓名，也可以使用您在gitee.com的ID 更多资讯尽在：https://openeuler.org/zh/ Hello! openEuler sig-Intel-Arch SIG invites you to attend the Zoom conference will be held at 2023-02-20 10:00, The subject of the conference is Intel Arch SIG 例会, Summary: 1. Intel几个复杂特性的支持计划 2. QEMU和kernel选型对未来lntel平台支持和release安排讨论 3. openEuler在SPR上的用户诉求和反馈 You can join the meeting at https://us06web.zoom.us/j/87427026722?pwd=eE9lQXBNck9KS0kzek9Da2VYV2VRdz09. Add topics at https://etherpad.openeuler.org/p/sig-Intel-Arch-meetings. Note: You are advised to change the participant name after joining the conference or use your ID at gitee.com. More information: https://openeuler.org/en/

1 0

2024

2023

2022

2021

2020

2019

Kernel