- Kernel - mailweb.openeuler.org

[PATCH 1/2] perf/x86: Make perf callchains work without CONFIG_FRAME_POINTER
by Yang Yingliang 15 Jun '20

15 Jun '20

From: Kairui Song <kasong(a)redhat.com> mainline inclusion from mainline-5.2-rc1 commit d15d356887e7 category: bugfix bugzilla: 35738 CVE: NA ------------------------------------------------- Currently perf callchain doesn't work well with ORC unwinder when sampling from trace point. We'll get useless in kernel callchain like this: perf 6429 [000] 22.498450: kmem:mm_page_alloc: page=0x176a17 pfn=1534487 order=0 migratetype=0 gfp_flags=GFP_KERNEL ffffffffbe23e32e __alloc_pages_nodemask+0x22e (/lib/modules/5.1.0-rc3+/build/vmlinux) 7efdf7f7d3e8 __poll+0x18 (/usr/lib64/libc-2.28.so) 5651468729c1 [unknown] (/usr/bin/perf) 5651467ee82a main+0x69a (/usr/bin/perf) 7efdf7eaf413 __libc_start_main+0xf3 (/usr/lib64/libc-2.28.so) 5541f689495641d7 [unknown] ([unknown]) The root cause is that, for trace point events, it doesn't provide a real snapshot of the hardware registers. Instead perf tries to get required caller's registers and compose a fake register snapshot which suppose to contain enough information for start a unwinding. However without CONFIG_FRAME_POINTER, if failed to get caller's BP as the frame pointer, so current frame pointer is returned instead. We get a invalid register combination which confuse the unwinder, and end the stacktrace early. So in such case just don't try dump BP, and let the unwinder start directly when the register is not a real snapshot. Use SP as the skip mark, unwinder will skip all the frames until it meet the frame of the trace point caller. Tested with frame pointer unwinder and ORC unwinder, this makes perf callchain get the full kernel space stacktrace again like this: perf 6503 [000] 1567.570191: kmem:mm_page_alloc: page=0x16c904 pfn=1493252 order=0 migratetype=0 gfp_flags=GFP_KERNEL ffffffffb523e2ae __alloc_pages_nodemask+0x22e (/lib/modules/5.1.0-rc3+/build/vmlinux) ffffffffb52383bd __get_free_pages+0xd (/lib/modules/5.1.0-rc3+/build/vmlinux) ffffffffb52fd28a __pollwait+0x8a (/lib/modules/5.1.0-rc3+/build/vmlinux) ffffffffb521426f perf_poll+0x2f (/lib/modules/5.1.0-rc3+/build/vmlinux) ffffffffb52fe3e2 do_sys_poll+0x252 (/lib/modules/5.1.0-rc3+/build/vmlinux) ffffffffb52ff027 __x64_sys_poll+0x37 (/lib/modules/5.1.0-rc3+/build/vmlinux) ffffffffb500418b do_syscall_64+0x5b (/lib/modules/5.1.0-rc3+/build/vmlinux) ffffffffb5a0008c entry_SYSCALL_64_after_hwframe+0x44 (/lib/modules/5.1.0-rc3+/build/vmlinux) 7f71e92d03e8 __poll+0x18 (/usr/lib64/libc-2.28.so) 55a22960d9c1 [unknown] (/usr/bin/perf) 55a22958982a main+0x69a (/usr/bin/perf) 7f71e9202413 __libc_start_main+0xf3 (/usr/lib64/libc-2.28.so) 5541f689495641d7 [unknown] ([unknown]) Co-developed-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Signed-off-by: Kairui Song <kasong(a)redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: Alexei Starovoitov <alexei.starovoitov(a)gmail.com> Cc: Arnaldo Carvalho de Melo <acme(a)kernel.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dave Young <dyoung(a)redhat.com> Cc: Jiri Olsa <jolsa(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Namhyung Kim <namhyung(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Link: https://lkml.kernel.org/r/20190422162652.15483-1-kasong@redhat.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Wei Li <liwei391(a)huawei.com> Reviewed-by: Jian Cheng <cj.chengjian(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- arch/x86/events/core.c | 21 +++++++++++++++++---- arch/x86/include/asm/perf_event.h | 7 +------ arch/x86/include/asm/stacktrace.h | 13 ------------- include/linux/perf_event.h | 14 ++++++++++---- 4 files changed, 28 insertions(+), 27 deletions(-) diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c index c89e6c6e26f6..0a6b48afeb05 100644 --- a/arch/x86/events/core.c +++ b/arch/x86/events/core.c @@ -2332,6 +2332,15 @@ void arch_perf_update_userpage(struct perf_event *event, cyc2ns_read_end(); } +/* + * Determine whether the regs were taken from an irq/exception handler rather + * than from perf_arch_fetch_caller_regs(). + */ +static bool perf_hw_regs(struct pt_regs *regs) +{ + return regs->flags & X86_EFLAGS_FIXED; +} + void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs) { @@ -2343,11 +2352,15 @@ perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *re return; } - if (perf_callchain_store(entry, regs->ip)) - return; + if (perf_hw_regs(regs)) { + if (perf_callchain_store(entry, regs->ip)) + return; + unwind_start(&state, current, regs, NULL); + } else { + unwind_start(&state, current, NULL, (void *)regs->sp); + } - for (unwind_start(&state, current, regs, NULL); !unwind_done(&state); - unwind_next_frame(&state)) { + for (; !unwind_done(&state); unwind_next_frame(&state)) { addr = unwind_get_return_address(&state); if (!addr || perf_callchain_store(entry, addr)) return; diff --git a/arch/x86/include/asm/perf_event.h b/arch/x86/include/asm/perf_event.h index f6c4915a863e..620c3e3564be 100644 --- a/arch/x86/include/asm/perf_event.h +++ b/arch/x86/include/asm/perf_event.h @@ -264,14 +264,9 @@ extern unsigned long perf_misc_flags(struct pt_regs *regs); */ #define perf_arch_fetch_caller_regs(regs, __ip) { \ (regs)->ip = (__ip); \ - (regs)->bp = caller_frame_pointer(); \ + (regs)->sp = (unsigned long)__builtin_frame_address(0); \ (regs)->cs = __KERNEL_CS; \ regs->flags = 0; \ - asm volatile( \ - _ASM_MOV "%%"_ASM_SP ", %0\n" \ - : "=m" ((regs)->sp) \ - :: "memory" \ - ); \ } struct perf_guest_switch_msr { diff --git a/arch/x86/include/asm/stacktrace.h b/arch/x86/include/asm/stacktrace.h index f335aad404a4..beef7ad9e43a 100644 --- a/arch/x86/include/asm/stacktrace.h +++ b/arch/x86/include/asm/stacktrace.h @@ -98,19 +98,6 @@ struct stack_frame_ia32 { u32 return_address; }; -static inline unsigned long caller_frame_pointer(void) -{ - struct stack_frame *frame; - - frame = __builtin_frame_address(0); - -#ifdef CONFIG_FRAME_POINTER - frame = frame->next_frame; -#endif - - return (unsigned long)frame; -} - void show_opcodes(struct pt_regs *regs, const char *loglvl); void show_ip(struct pt_regs *regs, const char *loglvl); #endif /* _ASM_X86_STACKTRACE_H */ diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index d8b4d31acd18..cf3da70056f7 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h @@ -1050,12 +1050,18 @@ static inline void perf_arch_fetch_caller_regs(struct pt_regs *regs, unsigned lo #endif /* - * Take a snapshot of the regs. Skip ip and frame pointer to - * the nth caller. We only need a few of the regs: + * When generating a perf sample in-line, instead of from an interrupt / + * exception, we lack a pt_regs. This is typically used from software events + * like: SW_CONTEXT_SWITCHES, SW_MIGRATIONS and the tie-in with tracepoints. + * + * We typically don't need a full set, but (for x86) do require: * - ip for PERF_SAMPLE_IP * - cs for user_mode() tests - * - bp for callchains - * - eflags, for future purposes, just in case + * - sp for PERF_SAMPLE_CALLCHAIN + * - eflags for MISC bits and CALLCHAIN (see: perf_hw_regs()) + * + * NOTE: assumes @regs is otherwise already 0 filled; this is important for + * things like PERF_SAMPLE_REGS_INTR. */ static inline void perf_fetch_caller_regs(struct pt_regs *regs) { -- 2.25.1

1 1

[PATCH] ext4: stop overwrite the errcode in ext4_setup_super
by Yang Yingliang 15 Jun '20

15 Jun '20

From: yangerkun <yangerkun(a)huawei.com> hulk inclusion category: bugfix bugzilla: 35487 CVE: NA ----------------------------------------------- Now the errcode from ext4_commit_super will overwrite EROFS exists in ext4_setup_super. Actually, no need to call ext4_commit_super since we will return EROFS. Fix it by goto done directly. Fixes: c89128a00838 ("ext4: handle errors on ext4_commit_super") Signed-off-by: yangerkun <yangerkun(a)huawei.com> Reviewed-by: zhangyi (F) <yi.zhang(a)huawei.com> Signed-off-by: Ye Bin <yebin10(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- fs/ext4/super.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index cc057001961e..b10f96860dd8 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2305,6 +2305,7 @@ static int ext4_setup_super(struct super_block *sb, struct ext4_super_block *es, ext4_msg(sb, KERN_ERR, "revision level too high, " "forcing read-only mode"); err = -EROFS; + goto done; } if (read_only) goto done; -- 2.25.1

1 0

[PATCH] panic/printk: fix zap_lock
by Yang Yingliang 15 Jun '20

15 Jun '20

From: Cheng Jian <cj.chengjian(a)huawei.com> hulk inclusion category: bugfix bugzilla: 34546 CVE: NA ---------------------------------------- There are two problems with the implementation and use of zap_lock(). Firstly, This console_sem does not require reinit in zap_lock(), this is because: 1). printk() itself does try_lock() and skips console handling when the semaphore is not available. 2). panic() tries to push the messages later in console_flush_on_panic(). It ignores the semaphore. Also most console drivers ignore their internal locks because oops_in_progress is set by bust_spinlocks(). Secondly, The situation is more complicated when NMI is not used. 1). Non-stopped CPUs are in unknown state, most likely in a busy loop. Nobody knows whether printk() is repeatedly called in the loop. When it was called, re-initializing any lock would cause double unlock and deadlock. 2). It would be possible to add some more hacks. One problem is that there are two groups of users. One prefer to risk a deadlock and have a chance to see the messages. Others prefer to always reach emergency_restart() and reboot the machine. Fixes: b15f5676d00e ("printk/panic: Avoid deadlock in printk()") Signed-off-by: Cheng Jian <cj.chengjian(a)huawei.com> Reviewed-by: Xie XiuQi <xiexiuqi(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- kernel/panic.c | 25 +++++++++++++++++++++++++ kernel/printk/printk.c | 3 --- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/kernel/panic.c b/kernel/panic.c index 9434f6c2da9e..ebdb58e761c0 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -238,7 +238,32 @@ void panic(const char *fmt, ...) crash_smp_send_stop(); } + /* + * ZAP console related locks when nmi broadcast. If a crash is occurring, + * make sure we can't deadlock. And make sure that we print immediately. + * + * A deadlock caused by logbuf_lock can be occured when panic: + * a) Panic CPU is running in non-NMI context; + * b) Panic CPU sends out shutdown IPI via NMI vector; + * c) One of the CPUs that we bring down via NMI vector holded logbuf_lock; + * d) Panic CPU try to hold logbuf_lock, then deadlock occurs. + * + * At present, only try to solve this problem for the ARCH with NMI, + * by reinit lock, this situation is more complicated when NMI is not + * used. + * 1). Non-stopped CPUs are in unknown state, most likely in a busy loop. + * Nobody knows whether printk() is repeatedly called in the loop. + * When it was called, re-initializing any lock would cause double + * unlock and deadlock. + * + * 2). It would be possible to add some more hacks. One problem is that + * there are two groups of users. One prefer to risk a deadlock and + * have a chance to see the messages. Others prefer to always + * reach emergency_restart() and reboot the machine. + */ +#ifdef CONFIG_X86 zap_locks(); +#endif /* * Run any panic handlers, including those that might need to diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index 7225f5ef0f54..f67b6a1c8f74 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -1592,9 +1592,6 @@ void zap_locks(void) if (raw_spin_is_locked(&logbuf_lock)) { debug_locks_off(); raw_spin_lock_init(&logbuf_lock); - - console_suspended = 1; - sema_init(&console_sem, 1); } if (raw_spin_is_locked(&console_owner_lock)) { -- 2.25.1

1 0

[PATCH 1/3] net: hns3: add device name valid check
by Yang Yingliang 15 Jun '20

15 Jun '20

From: Junxin Chen <chenjunxin1(a)huawei.com> driver inclusion category: bugfix bugzilla: NA CVE: NA ---------------------------------- Nowadays, we have checked device name at user tool, and have limited length of device name at kernel driver. But when get_netdev_by_ifname return NULL, it would cause print device name without check terminator. This patch fixes this bug, when device name's last character isn't a '\0', kernel driver would return -EINVAL to user. Signed-off-by: Junxin Chen <chenjunxin1(a)huawei.com> Reviewed-by: Weiwei Deng <dengweiwei(a)huawei.com> Reviewed-by: Shengzui You <youshengzui(a)huawei.com> Reviewed-by: Zhaohui Zhong <zhongzhaohui(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- drivers/net/ethernet/hisilicon/hns3/hns3_cae/hns3_cae_init.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_cae/hns3_cae_init.c b/drivers/net/ethernet/hisilicon/hns3/hns3_cae/hns3_cae_init.c index 7c084a6fbe18..1e012917e010 100644 --- a/drivers/net/ethernet/hisilicon/hns3/hns3_cae/hns3_cae_init.c +++ b/drivers/net/ethernet/hisilicon/hns3/hns3_cae/hns3_cae_init.c @@ -335,6 +335,11 @@ static long hns3_cae_k_unlocked_ioctl(struct file *pfile, unsigned int cmd, * code yet, so we don't need lock. */ rtnl_lock(); + if (nt_msg.device_name[IFNAMSIZ - 1] != '\0') { + pr_err("the device name is invalid.\n"); + ret = -EINVAL; + goto out_invalid; + } ret = hns3_cae_k_get_netdev_by_ifname(nt_msg.device_name, &nic_dev); if (ret) { pr_err("can not get the netdevice correctly\n"); -- 2.25.1

1 2

[PATCH] netdevsim: Fix error handling in nsim_fib_init and nsim_fib_exit
by liaichun 15 Jun '20

15 Jun '20

From: YueHaibing <yuehaibing(a)huawei.com> mainline inclusion from mainline-5.4 commit 33902b4a4227877896dd9368ac10f4ca0d100de5 category: bugfix issue: I1JZHT bugzilla: NA ------------------------------ In nsim_fib_init(), if register_fib_notifier failed, nsim_fib_net_ops should be unregistered before return. In nsim_fib_exit(), unregister_fib_notifier should be called before nsim_fib_net_ops be unregistered, otherwise may cause use-after-free: BUG: KASAN: use-after-free in nsim_fib_event_nb+0x342/0x570 [netdevsim] Read of size 8 at addr ffff8881daaf4388 by task kworker/0:3/3499 CPU: 0 PID: 3499 Comm: kworker/0:3 Not tainted 5.3.0-rc7+ #30 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Workqueue: ipv6_addrconf addrconf_dad_work [ipv6] Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xa9/0x10e lib/dump_stack.c:113 print_address_description+0x65/0x380 mm/kasan/report.c:351 __kasan_report+0x149/0x18d mm/kasan/report.c:482 kasan_report+0xe/0x20 mm/kasan/common.c:618 nsim_fib_event_nb+0x342/0x570 [netdevsim] notifier_call_chain+0x52/0xf0 kernel/notifier.c:95 __atomic_notifier_call_chain+0x78/0x140 kernel/notifier.c:185 call_fib_notifiers+0x30/0x60 net/core/fib_notifier.c:30 call_fib6_entry_notifiers+0xc1/0x100 [ipv6] fib6_add+0x92e/0x1b10 [ipv6] __ip6_ins_rt+0x40/0x60 [ipv6] ip6_ins_rt+0x84/0xb0 [ipv6] __ipv6_ifa_notify+0x4b6/0x550 [ipv6] ipv6_ifa_notify+0xa5/0x180 [ipv6] addrconf_dad_completed+0xca/0x640 [ipv6] addrconf_dad_work+0x296/0x960 [ipv6] process_one_work+0x5c0/0xc00 kernel/workqueue.c:2269 worker_thread+0x5c/0x670 kernel/workqueue.c:2415 kthread+0x1d7/0x200 kernel/kthread.c:255 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Allocated by task 3388: save_stack+0x19/0x80 mm/kasan/common.c:69 set_track mm/kasan/common.c:77 [inline] __kasan_kmalloc.constprop.3+0xa0/0xd0 mm/kasan/common.c:493 kmalloc include/linux/slab.h:557 [inline] kzalloc include/linux/slab.h:748 [inline] ops_init+0xa9/0x220 net/core/net_namespace.c:127 __register_pernet_operations net/core/net_namespace.c:1135 [inline] register_pernet_operations+0x1d4/0x420 net/core/net_namespace.c:1212 register_pernet_subsys+0x24/0x40 net/core/net_namespace.c:1253 nsim_fib_init+0x12/0x70 [netdevsim] veth_get_link_ksettings+0x2b/0x50 [veth] do_one_initcall+0xd4/0x454 init/main.c:939 do_init_module+0xe0/0x330 kernel/module.c:3490 load_module+0x3c2f/0x4620 kernel/module.c:3841 __do_sys_finit_module+0x163/0x190 kernel/module.c:3931 do_syscall_64+0x72/0x2e0 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 3534: save_stack+0x19/0x80 mm/kasan/common.c:69 set_track mm/kasan/common.c:77 [inline] __kasan_slab_free+0x130/0x180 mm/kasan/common.c:455 slab_free_hook mm/slub.c:1423 [inline] slab_free_freelist_hook mm/slub.c:1474 [inline] slab_free mm/slub.c:3016 [inline] kfree+0xe9/0x2d0 mm/slub.c:3957 ops_free net/core/net_namespace.c:151 [inline] ops_free_list.part.7+0x156/0x220 net/core/net_namespace.c:184 ops_free_list net/core/net_namespace.c:182 [inline] __unregister_pernet_operations net/core/net_namespace.c:1165 [inline] unregister_pernet_operations+0x221/0x2a0 net/core/net_namespace.c:1224 unregister_pernet_subsys+0x1d/0x30 net/core/net_namespace.c:1271 nsim_fib_exit+0x11/0x20 [netdevsim] nsim_module_exit+0x16/0x21 [netdevsim] __do_sys_delete_module kernel/module.c:1015 [inline] __se_sys_delete_module kernel/module.c:958 [inline] __x64_sys_delete_module+0x244/0x330 kernel/module.c:958 do_syscall_64+0x72/0x2e0 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe Reported-by: Hulk Robot <hulkci(a)huawei.com> Fixes: 59c84b9fcf42 ("netdevsim: Restore per-network namespace accounting for fib entries") Signed-off-by: YueHaibing <yuehaibing(a)huawei.com> Acked-by: Jakub Kicinski <jakub.kicinski(a)netronome.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: LiAichun <liaichun(a)huawei.com> --- drivers/net/netdevsim/fib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/netdevsim/fib.c b/drivers/net/netdevsim/fib.c index f61d094746c0..1a251f76d09b 100644 --- a/drivers/net/netdevsim/fib.c +++ b/drivers/net/netdevsim/fib.c @@ -241,8 +241,8 @@ static struct pernet_operations nsim_fib_net_ops = { void nsim_fib_exit(void) { - unregister_pernet_subsys(&nsim_fib_net_ops); unregister_fib_notifier(&nsim_fib_nb); + unregister_pernet_subsys(&nsim_fib_net_ops); } int nsim_fib_init(void) @@ -258,6 +258,7 @@ int nsim_fib_init(void) err = register_fib_notifier(&nsim_fib_nb, nsim_fib_dump_inconsistent); if (err < 0) { pr_err("Failed to register fib notifier\n"); + unregister_pernet_subsys(&nsim_fib_net_ops); goto err_out; } -- 2.20.1

4 3

[PATCH] scsi: Fix kabi change due to add offline_already member in struct scsi_device
by Yang Yingliang 12 Jun '20

12 Jun '20

From: Ye Bin <yebin10(a)huawei.com> hulk inclusion category: bugfix bugzilla: 34604 CVE: NA ----------------------------------------------- Signed-off-by: Ye Bin <yebin10(a)huawei.com> Reviewed-by: Xie XiuQi <xiexiuqi(a)huawei.com> Reviewed-by: Hou Tao <houtao1(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- drivers/scsi/scsi_lib.c | 4 ++-- include/scsi/scsi_device.h | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index a8043039f53e..bdb90f5c9eeb 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -1438,7 +1438,7 @@ scsi_prep_state_check(struct scsi_device *sdev, struct request *req) * before trying any recovery commands. */ if (!sdev->offline_already) { - sdev->offline_already = true; + sdev->offline_already = 1; sdev_printk(KERN_ERR, sdev, "rejecting I/O to offline device\n"); } @@ -2859,7 +2859,7 @@ scsi_device_set_state(struct scsi_device *sdev, enum scsi_device_state state) break; } - sdev->offline_already = false; + sdev->offline_already = 0; sdev->sdev_state = state; return 0; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index 52b255e868a9..550739a5ea96 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -201,8 +201,6 @@ struct scsi_device { unsigned lun_in_cdb:1; /* Store LUN bits in CDB[1] */ unsigned unmap_limit_for_ws:1; /* Use the UNMAP limit for WRITE SAME */ - bool offline_already; /* Device offline message logged */ - atomic_t disk_events_disable_depth; /* disable depth for disk events */ DECLARE_BITMAP(supported_events, SDEV_EVT_MAXBITS); /* supported events */ @@ -230,8 +228,11 @@ struct scsi_device { struct mutex state_mutex; enum scsi_device_state sdev_state; struct task_struct *quiesced_by; - +#ifndef __GENKSYMS__ + unsigned long offline_already; /* Device offline message logged */ +#else KABI_RESERVE(1) +#endif KABI_RESERVE(2) KABI_RESERVE(3) KABI_RESERVE(4) -- 2.25.1

1 0

[PATCH] ALSA: proc: Avoid possible leaks of snd_info_entry objects
by Yang Yingliang 12 Jun '20

12 Jun '20

From: Takashi Iwai <tiwai(a)suse.de> mainline inclusion from mainline-v5.1-rc1 commit 3a55437141a1d287dead685b37fe240185144f15 category: bugfix bugzilla: 34614 CVE: NA ----------------------------------------------- This patch changes the parent pointer assignment of snd_info_entry object to be always non-NULL. More specifically,check the parent argument in snd_info_create_module_entry() & co, and assign snd_proc_root if NULL is passed there. This assures that the proc object is always freed when the root is freed, so avoid possible memory leaks. For example, some error paths (e.g. snd_info_register() error at snd_minor_info_init()) may leave snd_info_entry object although the proc file itself is freed. Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Ye Bin <yebin10(a)huawei.com> Reviewed-by: Yang Yingliang <yangyingliang(a)huawei.com> Signed-off-by: Ye Bin <yebin10(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- sound/core/info.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/sound/core/info.c b/sound/core/info.c index 679136fba730..3411bea54d66 100644 --- a/sound/core/info.c +++ b/sound/core/info.c @@ -744,7 +744,11 @@ struct snd_info_entry *snd_info_create_module_entry(struct module * module, const char *name, struct snd_info_entry *parent) { - struct snd_info_entry *entry = snd_info_create_entry(name, parent); + struct snd_info_entry *entry; + + if (!parent) + parent = snd_proc_root; + entry = snd_info_create_entry(name, parent); if (entry) entry->module = module; return entry; @@ -765,7 +769,11 @@ struct snd_info_entry *snd_info_create_card_entry(struct snd_card *card, const char *name, struct snd_info_entry * parent) { - struct snd_info_entry *entry = snd_info_create_entry(name, parent); + struct snd_info_entry *entry; + + if (!parent) + parent = card->proc_root; + entry = snd_info_create_entry(name, parent); if (entry) { entry->module = card->module; entry->card = card; -- 2.25.1

1 0

[PATCH 01/12] jbd2: clean __jbd2_journal_abort_hard() and __journal_abort_soft()
by Yang Yingliang 12 Jun '20

12 Jun '20

From: "zhangyi (F)" <yi.zhang(a)huawei.com> mainline inclusion from mainline-5.6-rc1 commit 7f6225e446cc8dfa4c3c7959a4de3dd03ec277bf category: bugfix bugzilla: 34619 CVE: NA --------------------------- __jbd2_journal_abort_hard() is no longer used, so now we can merge __jbd2_journal_abort_hard() and __journal_abort_soft() these two functions into jbd2_journal_abort() and remove them. Signed-off-by: zhangyi (F) <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20191204124614.45424-5-yi.zhang@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reviewed-by: Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> --- fs/jbd2/journal.c | 103 ++++++++++++++++++------------------------- include/linux/jbd2.h | 1 - 2 files changed, 42 insertions(+), 62 deletions(-) diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c index 1f085f0bf908..7301bb766172 100644 --- a/fs/jbd2/journal.c +++ b/fs/jbd2/journal.c @@ -101,7 +101,6 @@ EXPORT_SYMBOL(jbd2_journal_release_jbd_inode); EXPORT_SYMBOL(jbd2_journal_begin_ordered_truncate); EXPORT_SYMBOL(jbd2_inode_cache); -static void __journal_abort_soft (journal_t *journal, int errno); static int jbd2_journal_create_slab(size_t slab_size); #ifdef CONFIG_JBD2_DEBUG @@ -810,7 +809,7 @@ int jbd2_journal_bmap(journal_t *journal, unsigned long blocknr, "at offset %lu on %s\n", __func__, blocknr, journal->j_devname); err = -EIO; - __journal_abort_soft(journal, err); + jbd2_journal_abort(journal, err); } } else { *retp = blocknr; /* +journal->j_blk_offset */ @@ -2108,64 +2107,6 @@ int jbd2_journal_wipe(journal_t *journal, int write) return err; } -/* - * Journal abort has very specific semantics, which we describe - * for journal abort. - * - * Two internal functions, which provide abort to the jbd layer - * itself are here. - */ - -/* - * Quick version for internal journal use (doesn't lock the journal). - * Aborts hard --- we mark the abort as occurred, but do _nothing_ else, - * and don't attempt to make any other journal updates. - */ -void __jbd2_journal_abort_hard(journal_t *journal) -{ - transaction_t *transaction; - - if (journal->j_flags & JBD2_ABORT) - return; - - printk(KERN_ERR "Aborting journal on device %s.\n", - journal->j_devname); - - write_lock(&journal->j_state_lock); - journal->j_flags |= JBD2_ABORT; - transaction = journal->j_running_transaction; - if (transaction) - __jbd2_log_start_commit(journal, transaction->t_tid); - write_unlock(&journal->j_state_lock); -} - -/* Soft abort: record the abort error status in the journal superblock, - * but don't do any other IO. */ -static void __journal_abort_soft (journal_t *journal, int errno) -{ - int old_errno; - - write_lock(&journal->j_state_lock); - old_errno = journal->j_errno; - if (!journal->j_errno || errno == -ESHUTDOWN) - journal->j_errno = errno; - - if (journal->j_flags & JBD2_ABORT) { - write_unlock(&journal->j_state_lock); - if (old_errno != -ESHUTDOWN && errno == -ESHUTDOWN) - jbd2_journal_update_sb_errno(journal); - return; - } - write_unlock(&journal->j_state_lock); - - __jbd2_journal_abort_hard(journal); - - jbd2_journal_update_sb_errno(journal); - write_lock(&journal->j_state_lock); - journal->j_flags |= JBD2_REC_ERR; - write_unlock(&journal->j_state_lock); -} - /** * void jbd2_journal_abort () - Shutdown the journal immediately. * @journal: the journal to shutdown. @@ -2209,7 +2150,47 @@ static void __journal_abort_soft (journal_t *journal, int errno) void jbd2_journal_abort(journal_t *journal, int errno) { - __journal_abort_soft(journal, errno); + transaction_t *transaction; + + /* + * ESHUTDOWN always takes precedence because a file system check + * caused by any other journal abort error is not required after + * a shutdown triggered. + */ + write_lock(&journal->j_state_lock); + if (journal->j_flags & JBD2_ABORT) { + int old_errno = journal->j_errno; + + write_unlock(&journal->j_state_lock); + if (old_errno != -ESHUTDOWN && errno == -ESHUTDOWN) { + journal->j_errno = errno; + jbd2_journal_update_sb_errno(journal); + } + return; + } + + /* + * Mark the abort as occurred and start current running transaction + * to release all journaled buffer. + */ + pr_err("Aborting journal on device %s.\n", journal->j_devname); + + journal->j_flags |= JBD2_ABORT; + journal->j_errno = errno; + transaction = journal->j_running_transaction; + if (transaction) + __jbd2_log_start_commit(journal, transaction->t_tid); + write_unlock(&journal->j_state_lock); + + /* + * Record errno to the journal super block, so that fsck and jbd2 + * layer could realise that a filesystem check is needed. + */ + jbd2_journal_update_sb_errno(journal); + + write_lock(&journal->j_state_lock); + journal->j_flags |= JBD2_REC_ERR; + write_unlock(&journal->j_state_lock); } /** diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h index 7dd9d25a9cbb..12b935c9ec1e 100644 --- a/include/linux/jbd2.h +++ b/include/linux/jbd2.h @@ -1427,7 +1427,6 @@ extern int jbd2_journal_skip_recovery (journal_t *); extern void jbd2_journal_update_sb_errno(journal_t *); extern int jbd2_journal_update_sb_log_tail (journal_t *, tid_t, unsigned long, int); -extern void __jbd2_journal_abort_hard (journal_t *); extern void jbd2_journal_abort (journal_t *, int); extern int jbd2_journal_errno (journal_t *); extern void jbd2_journal_ack_err (journal_t *); -- 2.25.1

1 11

Minutes of the meeting //: 【Meeting Notice】Kernel & testing sync between Linaro and openEuler Time: 2020-06-10 16:00-17:30
by Guohanjun (Hanjun Guo) 11 Jun '20

11 Jun '20

Attendees (I can see more people join later but can’t remember now): [cid:image001.png@01D63F6C.270B2CF0] Following action items: * Vincent to share the JIRA link for thermal pressure * Vincent to share the JIRA link for scheduler improvements * Anmar to work on the opening of Power and Performance Project * Hanjun/Jonathan to share some plan for openEuler kernel in the coming 6 or 12 months * Anmar to create the open mailing list for LKQ project, so that Fengguang and the team can participate And see attached for Linaro slide, thanks! 发件人: Meeting Book via Kernel [mailto:kernel@openeuler.org] 发送时间: 2020年6月3日 16:01 收件人: kernel(a)openeuler.org 主题: 【Meeting Notice】Kernel & testing sync between Linaro and openEuler Time: 2020-06-10 16:00-17:30 Topic Kernel & testing sync between Linaro and openEuler Time 2020-06-10 16:00-17:30((UTC+08:00)Beijing) Join Conference Join (External) >><https://welink-meeting.zoom.us/j/834726983> Meeting ID 834 726 983 Convener 郭寒军 Agenda * Linux Kernel Update by Linaro - 15 mins * Linux Kernel Functional Testing (LKFT) introduction - 15mins * Brief introduction for openEuler and the kernel - 15mins * Brief introduction for Crystal testing system - 15 mins * Open discussions - about 30 mins Tips: Dial the access number to join conference<http://app.huawei.com/eshare/voiceMeetings> 注：仅支持部分国家和地区。( Only some countries and regions are supported.) 请点击会议链接按照提示下载Zoom客户端入会，并升级Zoom最新版本。 Please click the conference link and download the Zoom to join the conference, and upgrade to the latest version of Zoom.

2 1

[PATCH] irqchip/gic-v3-its: its supoport s3/s4
by Hongbo Yao 09 Jun '20

09 Jun '20

commit dba0bc7b76dcf(irqchip/gic-v3-its: add ability to save/restore ITS state) add support to save/restore its suspend state. However, it needs to set ITS_FLAGS_SAVE_SUSPEND_STATE to 1 when we want to resend MAPC. In GIC500, GITS_typer.HCC is not zero, and it can be used to judge if we can resend MAPC if the firmware restores the state, but when GITS_typer.HCC is zero, and it will never have chance to set the flag, which will lead to a failuer to power off GIC logic in suspend. Signed-off-by: Hongbo Yao <yaohongbo(a)huawei.com> --- drivers/irqchip/irq-gic-v3-its.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c index 881466163c99..6ea2809b8680 100644 --- a/drivers/irqchip/irq-gic-v3-its.c +++ b/drivers/irqchip/irq-gic-v3-its.c @@ -3733,8 +3733,7 @@ static int __init its_probe_one(struct resource *res, ctlr |= GITS_CTLR_ImDe; writel_relaxed(ctlr, its->base + GITS_CTLR); - if (GITS_TYPER_HCC(typer)) - its->flags |= ITS_FLAGS_SAVE_SUSPEND_STATE; + its->flags |= ITS_FLAGS_SAVE_SUSPEND_STATE; err = its_init_domain(handle, its); if (err) -- 2.20.1

1 0

2024

2023

2022

2021

2020

2019

Kernel