- Kernel - mailweb.openeuler.org

[PATCH openEuler-22.03-LTS-SP2 0/3] CVE-2024-26807
by Guo Mengqi 13 May '24

13 May '24

CVE-2024-26807 Théo Lebrun (1): spi: cadence-qspi: fix pointer reference in runtime PM hooks Vaishnav Achath (2): spi: cadence-quadspi: Handle spi_unregister_master() in remove() spi: cadence-quadspi: Remove spi_master_put() in probe failure path drivers/spi/spi-cadence-quadspi.c | 35 +++++++++++++------------------ 1 file changed, 14 insertions(+), 21 deletions(-) -- 2.17.1

2 4

[PATCH openEuler-22.03-LTS-SP2] net: ip_tunnel: prevent perpetual headroom growth
by Guo Mengqi 13 May '24

13 May '24

From: Florian Westphal <fw(a)strlen.de> stable inclusion from stable-v5.10.212 commit 2e95350fe9db9d53c701075060ac8ac883b68aee category: bugfix bugzilla: 189268 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f ] syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 Read of size 1 at addr ffff88812fb4000e by task syz-executor183/5191 [..] kasan_report+0xda/0x110 mm/kasan/report.c:588 __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline] ___skb_get_hash net/core/flow_dissector.c:1791 [inline] __skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856 skb_get_hash include/linux/skbuff.h:1556 [inline] ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748 ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592 ... ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235 ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323 .. iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831 ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 ... The splat occurs because skb->data points past skb->head allocated area. This is because neigh layer does: __skb_pull(skb, skb_network_offset(skb)); ... but skb_network_offset() returns a negative offset and __skb_pull() arg is unsigned. IOW, we skb->data gets "adjusted" by a huge value. The negative value is returned because skb->head and skb->data distance is more than 64k and skb->network_header (u16) has wrapped around. The bug is in the ip_tunnel infrastructure, which can cause dev->needed_headroom to increment ad infinitum. The syzkaller reproducer consists of packets getting routed via a gre tunnel, and route of gre encapsulated packets pointing at another (ipip) tunnel. The ipip encapsulation finds gre0 as next output device. This results in the following pattern: 1). First packet is to be sent out via gre0. Route lookup found an output device, ipip0. 2). ip_tunnel_xmit for gre0 bumps gre0->needed_headroom based on the future output device, rt.dev->needed_headroom (ipip0). 3). ip output / start_xmit moves skb on to ipip0. which runs the same code path again (xmit recursion). 4). Routing step for the post-gre0-encap packet finds gre0 as output device to use for ipip0 encapsulated packet. tunl0->needed_headroom is then incremented based on the (already bumped) gre0 device headroom. This repeats for every future packet: gre0->needed_headroom gets inflated because previous packets' ipip0 step incremented rt->dev (gre0) headroom, and ipip0 incremented because gre0 needed_headroom was increased. For each subsequent packet, gre/ipip0->needed_headroom grows until post-expand-head reallocations result in a skb->head/data distance of more than 64k. Once that happens, skb->network_header (u16) wraps around when pskb_expand_head tries to make sure that skb_network_offset() is unchanged after the headroom expansion/reallocation. After this skb_network_offset(skb) returns a different (and negative) result post headroom expansion. The next trip to neigh layer (or anything else that would __skb_pull the network header) makes skb->data point to a memory location outside skb->head area. v2: Cap the needed_headroom update to an arbitarily chosen upperlimit to prevent perpetual increase instead of dropping the headroom increment completely. Reported-and-tested-by: syzbot+bfde3bef047a81b8fde6(a)syzkaller.appspotmail.com Closes: https://groups.google.com/g/syzkaller-bugs/c/fL9G6GtWskY/m/VKk_PR5FBAAJ Fixes: 243aad830e8a ("ip_gre: include route header_len in max_headroom calculation") Signed-off-by: Florian Westphal <fw(a)strlen.de> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://lore.kernel.org/r/20240220135606.4939-1-fw@strlen.de Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Wang Hai <wanghai38(a)huawei.com> --- net/ipv4/ip_tunnel.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c index 99f70b990eb1..50f8231e9dae 100644 --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -540,6 +540,20 @@ static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb, return 0; } +static void ip_tunnel_adj_headroom(struct net_device *dev, unsigned int headroom) +{ + /* we must cap headroom to some upperlimit, else pskb_expand_head + * will overflow header offsets in skb_headers_offset_update(). + */ + static const unsigned int max_allowed = 512; + + if (headroom > max_allowed) + headroom = max_allowed; + + if (headroom > READ_ONCE(dev->needed_headroom)) + WRITE_ONCE(dev->needed_headroom, headroom); +} + void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, u8 proto, int tunnel_hlen) { @@ -613,13 +627,13 @@ void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, } headroom += LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len; - if (headroom > READ_ONCE(dev->needed_headroom)) - WRITE_ONCE(dev->needed_headroom, headroom); - - if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom))) { + if (skb_cow_head(skb, headroom)) { ip_rt_put(rt); goto tx_dropped; } + + ip_tunnel_adj_headroom(dev, headroom); + iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, proto, tos, ttl, df, !net_eq(tunnel->net, dev_net(dev))); return; @@ -797,16 +811,16 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, max_headroom = LL_RESERVED_SPACE(rt->dst.dev) + sizeof(struct iphdr) + rt->dst.header_len + ip_encap_hlen(&tunnel->encap); - if (max_headroom > READ_ONCE(dev->needed_headroom)) - WRITE_ONCE(dev->needed_headroom, max_headroom); - if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom))) { + if (skb_cow_head(skb, max_headroom)) { ip_rt_put(rt); dev->stats.tx_dropped++; kfree_skb(skb); return; } + ip_tunnel_adj_headroom(dev, max_headroom); + iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, protocol, tos, ttl, df, !net_eq(tunnel->net, dev_net(dev))); return; -- 2.17.1

2 1

[PATCH openEuler-22.03-LTS-SP2 0/3] CVE-2024-26807
by Guo Mengqi 13 May '24

13 May '24

CVE-2024-26807 Cristian Marussi (1): firmware: arm_scmi: Harden accesses to the reset domains Florian Westphal (1): net: ip_tunnel: prevent perpetual headroom growth Théo Lebrun (1): spi: cadence-qspi: fix pointer reference in runtime PM hooks drivers/firmware/arm_scmi/reset.c | 6 +++++- drivers/spi/spi-cadence-quadspi.c | 6 ++---- net/ipv4/ip_tunnel.c | 28 +++++++++++++++++++++------- 3 files changed, 28 insertions(+), 12 deletions(-) -- 2.17.1

2 4

[PATCH OLK-5.10 0/3] CVE-2024-26807
by g30012805 13 May '24

13 May '24

CVE-2024-26807 Cristian Marussi (1): firmware: arm_scmi: Harden accesses to the reset domains Théo Lebrun (1): spi: cadence-qspi: fix pointer reference in runtime PM hooks Toke Høiland-Jørgensen (1): bpf: Fix stackmap overflow check on 32-bit arches drivers/firmware/arm_scmi/reset.c | 6 +++++- drivers/spi/spi-cadence-quadspi.c | 6 ++---- kernel/bpf/stackmap.c | 9 ++++++--- 3 files changed, 13 insertions(+), 8 deletions(-) -- 2.17.1

2 4

[PATCH OLK-6.6] sched/eevdf: Revert "Skip eligibility check for current entity during wakeup preemption"
by Zhang Qiao 13 May '24

13 May '24

hulk inclusion category: performance bugzilla: https://gitee.com/openeuler/kernel/issues/I9EHKI CVE: NA -------------------------------- This reverts commit 0d46b757739655ce3f324fd25e67b667b928eb67. Signed-off-by: Zhang Qiao <zhangqiao22(a)huawei.com> --- kernel/sched/fair.c | 24 ++++-------------------- kernel/sched/features.h | 1 - 2 files changed, 4 insertions(+), 21 deletions(-) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 8de28b182763..c19ba84af8e4 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -1038,7 +1038,7 @@ struct sched_entity *__pick_first_entity(struct cfs_rq *cfs_rq) * * Which allows tree pruning through eligibility. */ -static struct sched_entity *pick_eevdf(struct cfs_rq *cfs_rq, bool wakeup_preempt) +static struct sched_entity *pick_eevdf(struct cfs_rq *cfs_rq) { struct rb_node *node = cfs_rq->tasks_timeline.rb_root.rb_node; struct sched_entity *se = __pick_first_entity(cfs_rq); @@ -1052,23 +1052,7 @@ static struct sched_entity *pick_eevdf(struct cfs_rq *cfs_rq, bool wakeup_preemp if (cfs_rq->nr_running == 1) return curr && curr->on_rq ? curr : se; - if (curr && !curr->on_rq) - curr = NULL; - - /* - * When an entity with positive lag wakes up, it pushes the - * avg_vruntime of the runqueue backwards. This may causes the - * current entity to be ineligible soon into its run leading to - * wakeup preemption. - * - * To prevent such aggressive preemption of the current running - * entity during task wakeups, skip the eligibility check if the - * slice promised to the entity since its selection has not yet - * elapsed. - */ - if (curr && - !(sched_feat(RUN_TO_PARITY_WAKEUP) && wakeup_preempt && curr->vlag == curr->deadline) && - !entity_eligible(cfs_rq, curr)) + if (curr && (!curr->on_rq || !entity_eligible(cfs_rq, curr))) curr = NULL; /* @@ -5598,7 +5582,7 @@ pick_next_entity(struct cfs_rq *cfs_rq, struct sched_entity *curr) cfs_rq->next && entity_eligible(cfs_rq, cfs_rq->next)) return cfs_rq->next; - return pick_eevdf(cfs_rq, false); + return pick_eevdf(cfs_rq); } static bool check_cfs_rq_runtime(struct cfs_rq *cfs_rq); @@ -9267,7 +9251,7 @@ static void check_preempt_wakeup(struct rq *rq, struct task_struct *p, int wake_ /* * XXX pick_eevdf(cfs_rq) != se ? */ - if (pick_eevdf(cfs_rq, true) == pse) + if (pick_eevdf(cfs_rq) == pse) goto preempt; return; diff --git a/kernel/sched/features.h b/kernel/sched/features.h index 26b1a03bd3d2..e4789d09f58e 100644 --- a/kernel/sched/features.h +++ b/kernel/sched/features.h @@ -7,7 +7,6 @@ SCHED_FEAT(PLACE_LAG, true) SCHED_FEAT(PLACE_DEADLINE_INITIAL, true) SCHED_FEAT(RUN_TO_PARITY, true) -SCHED_FEAT(RUN_TO_PARITY_WAKEUP, true) /* * Prefer to schedule the task we woke last (assuming it failed -- 2.18.0.huawei.25

1 0

[PATCH v2 OLK-5.10] cpufreq/cppc: fix perf_to_khz/khz_to_perf conversion
by liwei 13 May '24

13 May '24

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I99VPY CVE: NA -------------------------------- When the nominal_freq recorded by the kernel is equal to the lowest_freq, and the frequency adjustment operation is triggered externally, there is a logic error in cppc_perf_to_khz()/cppc_khz_to_perf(), resulting in perf and khz conversion errors. Fix this by adding the branch processing logic when nominal_freq is equal to lowest_freq. Fixes: ec1c7ad47664 ("cpufreq: CPPC: Fix performance/frequency conversion") Signed-off-by: liwei <liwei728(a)huawei.com> --- drivers/cpufreq/cppc_cpufreq.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index 156ef2c40464..5ceededf514c 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -98,7 +98,7 @@ static u64 cppc_get_dmi_max_khz(void) * use them to convert perf to freq and vice versa. The conversion is * extrapolated as an affine function passing by the 2 points: * - (Low perf, Low freq) - * - (Nominal perf, Nominal perf) + * - (Nominal perf, Nominal freq) */ static unsigned int cppc_cpufreq_perf_to_khz(struct cppc_cpudata *cpu_data, unsigned int perf) @@ -109,8 +109,14 @@ static unsigned int cppc_cpufreq_perf_to_khz(struct cppc_cpudata *cpu_data, u64 mul, div; if (caps->lowest_freq && caps->nominal_freq) { - mul = caps->nominal_freq - caps->lowest_freq; - div = caps->nominal_perf - caps->lowest_perf; + /* Avoid the special case when nominal_freq is equal to lowest_freq */ + if (caps->nominal_freq == caps->lowest_freq) { + mul = caps->nominal_freq; + div = caps->nominal_perf; + } else { + mul = caps->nominal_freq - caps->lowest_freq; + div = caps->nominal_perf - caps->lowest_perf; + } offset = caps->nominal_freq - div64_u64(caps->nominal_perf * mul, div); } else { if (!max_khz) @@ -134,8 +140,14 @@ static unsigned int cppc_cpufreq_khz_to_perf(struct cppc_cpudata *cpu_data, u64 mul, div; if (caps->lowest_freq && caps->nominal_freq) { - mul = caps->nominal_perf - caps->lowest_perf; - div = caps->nominal_freq - caps->lowest_freq; + /* Avoid special case when nominal_freq is equal to lowest_freq */ + if (caps->nominal_freq == caps->lowest_freq) { + mul = caps->nominal_perf; + div = caps->nominal_freq; + } else { + mul = caps->nominal_perf - caps->lowest_perf; + div = caps->nominal_freq - caps->lowest_freq; + } offset = caps->nominal_perf - div64_u64(caps->nominal_freq * mul, div); } else { if (!max_khz) -- 2.25.1

2 1

[openeuler:openEuler-1.0-LTS 5421/22422] drivers/infiniband/ulp/iser/iser_initiator.o: warning: objtool: missing symbol for section .text
by kernel test robot 13 May '24

13 May '24

tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: a54e5de9c3b87415db1fe656918e1c6d50706b5f commit: 71e217e85c3dff8a9151707ed3afc7b4b054a2d4 [5421/22422] selinux: use kernel linux/socket.h for genheaders and mdp config: x86_64-buildonly-randconfig-006-20240513 (https://download.01.org/0day-ci/archive/20240513/202405131614.cwAhXvTF-lkp@…) compiler: gcc-13 (Ubuntu 13.2.0-4ubuntu3) 13.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240513/202405131614.cwAhXvTF-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202405131614.cwAhXvTF-lkp@intel.com/ All warnings (new ones prefixed by >>): drivers/infiniband/ulp/iser/iser_initiator.c: In function 'iser_alloc_rx_descriptors': drivers/infiniband/ulp/iser/iser_initiator.c:277:25: warning: taking address of packed member of 'struct iser_rx_desc' may result in an unaligned pointer value [-Waddress-of-packed-member] 277 | rx_sg = &rx_desc->rx_sg; | ^~~~~~~~~~~~~~~ drivers/infiniband/ulp/iser/iser_initiator.c: In function 'iser_task_rsp': drivers/infiniband/ulp/iser/iser_initiator.c:661:15: warning: taking address of packed member of 'struct iser_rx_desc' may result in an unaligned pointer value [-Waddress-of-packed-member] 661 | hdr = &desc->iscsi_header; | ^~~~~~~~~~~~~~~~~~~ drivers/infiniband/ulp/iser/iser_initiator.c:364: warning: Function parameter or member 'conn' not described in 'iser_send_command' drivers/infiniband/ulp/iser/iser_initiator.c:364: warning: Function parameter or member 'task' not described in 'iser_send_command' drivers/infiniband/ulp/iser/iser_initiator.c:436: warning: Function parameter or member 'conn' not described in 'iser_send_data_out' drivers/infiniband/ulp/iser/iser_initiator.c:436: warning: Function parameter or member 'task' not described in 'iser_send_data_out' drivers/infiniband/ulp/iser/iser_initiator.c:436: warning: Function parameter or member 'hdr' not described in 'iser_send_data_out' >> drivers/infiniband/ulp/iser/iser_initiator.o: warning: objtool: missing symbol for section .text -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-6.6] sched/eevdf: Revert "Skip eligibility check for current entity during wakeup preemption"
by Zhang Qiao 13 May '24

13 May '24

hulk inclusion category: performance bugzilla: https://gitee.com/openeuler/kernel/issues/I9EHKI CVE: NA This reverts commit 0d46b757739655ce3f324fd25e67b667b928eb67. Signed-off-by: Zhang Qiao <zhangqiao22(a)huawei.com> --- kernel/sched/fair.c | 24 ++++-------------------- kernel/sched/features.h | 1 - 2 files changed, 4 insertions(+), 21 deletions(-) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 8de28b182763..c19ba84af8e4 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -1038,7 +1038,7 @@ struct sched_entity *__pick_first_entity(struct cfs_rq *cfs_rq) * * Which allows tree pruning through eligibility. */ -static struct sched_entity *pick_eevdf(struct cfs_rq *cfs_rq, bool wakeup_preempt) +static struct sched_entity *pick_eevdf(struct cfs_rq *cfs_rq) { struct rb_node *node = cfs_rq->tasks_timeline.rb_root.rb_node; struct sched_entity *se = __pick_first_entity(cfs_rq); @@ -1052,23 +1052,7 @@ static struct sched_entity *pick_eevdf(struct cfs_rq *cfs_rq, bool wakeup_preemp if (cfs_rq->nr_running == 1) return curr && curr->on_rq ? curr : se; - if (curr && !curr->on_rq) - curr = NULL; - - /* - * When an entity with positive lag wakes up, it pushes the - * avg_vruntime of the runqueue backwards. This may causes the - * current entity to be ineligible soon into its run leading to - * wakeup preemption. - * - * To prevent such aggressive preemption of the current running - * entity during task wakeups, skip the eligibility check if the - * slice promised to the entity since its selection has not yet - * elapsed. - */ - if (curr && - !(sched_feat(RUN_TO_PARITY_WAKEUP) && wakeup_preempt && curr->vlag == curr->deadline) && - !entity_eligible(cfs_rq, curr)) + if (curr && (!curr->on_rq || !entity_eligible(cfs_rq, curr))) curr = NULL; /* @@ -5598,7 +5582,7 @@ pick_next_entity(struct cfs_rq *cfs_rq, struct sched_entity *curr) cfs_rq->next && entity_eligible(cfs_rq, cfs_rq->next)) return cfs_rq->next; - return pick_eevdf(cfs_rq, false); + return pick_eevdf(cfs_rq); } static bool check_cfs_rq_runtime(struct cfs_rq *cfs_rq); @@ -9267,7 +9251,7 @@ static void check_preempt_wakeup(struct rq *rq, struct task_struct *p, int wake_ /* * XXX pick_eevdf(cfs_rq) != se ? */ - if (pick_eevdf(cfs_rq, true) == pse) + if (pick_eevdf(cfs_rq) == pse) goto preempt; return; diff --git a/kernel/sched/features.h b/kernel/sched/features.h index 26b1a03bd3d2..e4789d09f58e 100644 --- a/kernel/sched/features.h +++ b/kernel/sched/features.h @@ -7,7 +7,6 @@ SCHED_FEAT(PLACE_LAG, true) SCHED_FEAT(PLACE_DEADLINE_INITIAL, true) SCHED_FEAT(RUN_TO_PARITY, true) -SCHED_FEAT(RUN_TO_PARITY_WAKEUP, true) /* * Prefer to schedule the task we woke last (assuming it failed -- 2.18.0.huawei.25

1 0

[PATCH OLK-5.10] cpufreq/cppc: fix perf_to_khz/khz_to_perf conversion
by liwei 13 May '24

13 May '24

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I99VPY CVE: NA -------------------------------- When the nominal_freq recorded by the kernel is equal to the lowest_freq, and the frequency adjustment operation is triggered externally, there is a logic error in cppc_perf_to_khz()/cppc_khz_to_perf(), resulting in perf and khz conversion errors. Fix this by adding the branch processing logic when nominal_freq is equal to lowest_freq. Signed-off-by: liwei <liwei728(a)huawei.com> --- drivers/cpufreq/cppc_cpufreq.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index 156ef2c40464..5ceededf514c 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -98,7 +98,7 @@ static u64 cppc_get_dmi_max_khz(void) * use them to convert perf to freq and vice versa. The conversion is * extrapolated as an affine function passing by the 2 points: * - (Low perf, Low freq) - * - (Nominal perf, Nominal perf) + * - (Nominal perf, Nominal freq) */ static unsigned int cppc_cpufreq_perf_to_khz(struct cppc_cpudata *cpu_data, unsigned int perf) @@ -109,8 +109,14 @@ static unsigned int cppc_cpufreq_perf_to_khz(struct cppc_cpudata *cpu_data, u64 mul, div; if (caps->lowest_freq && caps->nominal_freq) { - mul = caps->nominal_freq - caps->lowest_freq; - div = caps->nominal_perf - caps->lowest_perf; + /* Avoid the special case when nominal_freq is equal to lowest_freq */ + if (caps->nominal_freq == caps->lowest_freq) { + mul = caps->nominal_freq; + div = caps->nominal_perf; + } else { + mul = caps->nominal_freq - caps->lowest_freq; + div = caps->nominal_perf - caps->lowest_perf; + } offset = caps->nominal_freq - div64_u64(caps->nominal_perf * mul, div); } else { if (!max_khz) @@ -134,8 +140,14 @@ static unsigned int cppc_cpufreq_khz_to_perf(struct cppc_cpudata *cpu_data, u64 mul, div; if (caps->lowest_freq && caps->nominal_freq) { - mul = caps->nominal_perf - caps->lowest_perf; - div = caps->nominal_freq - caps->lowest_freq; + /* Avoid special case when nominal_freq is equal to lowest_freq */ + if (caps->nominal_freq == caps->lowest_freq) { + mul = caps->nominal_perf; + div = caps->nominal_freq; + } else { + mul = caps->nominal_perf - caps->lowest_perf; + div = caps->nominal_freq - caps->lowest_freq; + } offset = caps->nominal_perf - div64_u64(caps->nominal_freq * mul, div); } else { if (!max_khz) -- 2.25.1

2 1

[PATCH OLK-6.6 v2] sched: programmable: Allow set tag for pid 1.
by Hui Tang 13 May '24

13 May '24

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9NQM5 CVE: NA -------------------------------- There is no reason to prevent user from setting tag for pid 1, which should be up to the user to decide it. So removing the check for pid 1. Fixes: 34239429b125 ("sched: programmable: Add user interface of task tag") Signed-off-by: Hui Tang <tanghui20(a)huawei.com> --- v1 -> v2 - Add commit message --- fs/proc/base.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 78f41a207767..d6d3b9f55f46 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -3773,11 +3773,6 @@ static ssize_t pid_tag_write(struct file *file, const char __user *buf, if (!tsk) return -ESRCH; - if (unlikely(tsk->pid == 1)) { - err = -EPERM; - goto out; - } - err = kstrtol_from_user(buf, count, 0, &tag); if (err) goto out; -- 2.34.1

2 1