hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IB42W1
--------------------------------
Commit 573573887e0b ("nfs: pass flags to second superblock") directly
assigns fc->sb_flags to dentry->d_sb->s_flags, which will cause the loss
of the initialized flags in dentry->d_sb->s_flags.
Fix it by just passing SB_RDONLY from fc->sb_flags to
dentry->d_sb->s_flags.
Fixes: 573573887e0b ("nfs: pass flags to second superblock")
Signed-off-by: Li Lingfeng <lilingfeng3(a)huawei.com>
---
fs/nfs/nfs4super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/nfs4super.c b/fs/nfs/nfs4super.c
index bb13894ad152..e87f878178f3 100644
--- a/fs/nfs/nfs4super.c
+++ b/fs/nfs/nfs4super.c
@@ -209,7 +209,7 @@ static int do_nfs4_mount(struct nfs_server *server,
if (IS_ERR(dentry))
return PTR_ERR(dentry);
- dentry->d_sb->s_flags = fc->sb_flags;
+ dentry->d_sb->s_flags |= (fc->sb_flags & SB_RDONLY);
fc->root = dentry;
return 0;
}
--
2.31.1
tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS
head: 098a595b2caf96f57cda68f082b4dc0019d7814d
commit: 44983705e56ab22fda801d66e2a6bd0d1be7ca0b [1327/1327] etmem: add original kernel swap enabled options
config: arm64-allnoconfig (https://download.01.org/0day-ci/archive/20241216/202412161514.E1aRqHqY-lkp@…)
compiler: aarch64-linux-gcc (GCC) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241216/202412161514.E1aRqHqY-lkp@…)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp(a)intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202412161514.E1aRqHqY-lkp@intel.com/
All errors (new ones prefixed by >>):
mm/vmscan.c: In function 'kernel_swap_check':
>> mm/vmscan.c:3257:28: error: implicit declaration of function 'kernel_swap_enabled'; did you mean 'kernfs_ns_enabled'? [-Werror=implicit-function-declaration]
3257 | if (sc != NULL && !kernel_swap_enabled())
| ^~~~~~~~~~~~~~~~~~~
| kernfs_ns_enabled
cc1: some warnings being treated as errors
vim +3257 mm/vmscan.c
3250
3251 /*
3252 * Check if original kernel swap is enabled
3253 * turn off kernel swap,but leave page cache reclaim on
3254 */
3255 static inline void kernel_swap_check(struct scan_control *sc)
3256 {
> 3257 if (sc != NULL && !kernel_swap_enabled())
3258 sc->may_swap = 0;
3259 }
3260
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
From: Thomas Gleixner <tglx(a)linutronix.de>
stable inclusion
from stable-v5.10.224
commit 19f108b3d1cafab159078a26ac93a64cab47258b
category: bugfix
bugzilla: 189268
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
--------------------------------
commit f944ffcbc2e1c759764850261670586ddf3bdabb upstream.
For systems on which the performance counter can expire early due to turbo
modes the watchdog handler has a safety net in place which validates that
since the last watchdog event there has at least 4/5th of the watchdog
period elapsed.
This works reliably only after the first watchdog event because the per
CPU variable which holds the timestamp of the last event is never
initialized.
So a first spurious event will validate against a timestamp of 0 which
results in a delta which is likely to be way over the 4/5 threshold of the
period. As this might happen before the first watchdog hrtimer event
increments the watchdog counter, this can lead to false positives.
Fix this by initializing the timestamp before enabling the hardware event.
Reset the rearm counter as well, as that might be non zero after the
watchdog was disabled and reenabled.
Link: https://lkml.kernel.org/r/87frsfu15a.ffs@tglx
Fixes: 7edaeb6841df ("kernel/watchdog: Prevent false positives with turbo modes")
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Cc: Arjan van de Ven <arjan(a)linux.intel.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Conflicts:
kernel/watchdog_hld.c
[Fix context conflicts]
Signed-off-by: Luo Gengkun <luogengkun2(a)huawei.com>
---
kernel/watchdog_hld.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/kernel/watchdog_hld.c b/kernel/watchdog_hld.c
index cb7053a6ba49..e4f158f56eda 100644
--- a/kernel/watchdog_hld.c
+++ b/kernel/watchdog_hld.c
@@ -290,11 +290,15 @@ void refresh_hld_last_timestamp(void)
__this_cpu_write(last_timestamp, now);
}
-#else
-static inline bool watchdog_check_timestamp(void)
+
+static void watchdog_init_timestamp(void)
{
- return true;
+ __this_cpu_write(nmi_rearmed, 0);
+ __this_cpu_write(last_timestamp, ktime_get_mono_fast_ns());
}
+#else
+static inline bool watchdog_check_timestamp(void) { return true; }
+static inline void watchdog_init_timestamp(void) { }
#endif
void watchdog_hardlockup_check(struct pt_regs *regs)
@@ -416,6 +420,7 @@ void hardlockup_detector_perf_enable(void)
if (!atomic_fetch_inc(&watchdog_cpus))
pr_info("Enabled. Permanently consumes one hw-PMU counter.\n");
+ watchdog_init_timestamp();
perf_event_enable(this_cpu_read(watchdog_ev));
}
--
2.34.1
Hi Weilong,
FYI, the error/warning still remains.
tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS
head: 098a595b2caf96f57cda68f082b4dc0019d7814d
commit: 18f49509eef01d1ee6ed81899298994f2f88dd2a [1327/1327] ascend: share_pool: Use remap_pfn_range to share kva to uva
config: arm64-allnoconfig (https://download.01.org/0day-ci/archive/20241216/202412161346.WAg6a7B0-lkp@…)
compiler: aarch64-linux-gcc (GCC) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241216/202412161346.WAg6a7B0-lkp@…)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp(a)intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202412161346.WAg6a7B0-lkp@intel.com/
All errors (new ones prefixed by >>):
mm/memory.c: In function 'vm_insert_page':
>> mm/memory.c:1546:24: error: implicit declaration of function 'hugetlb_insert_hugepage_pte_by_pa'; did you mean 'hugetlb_insert__hugepage_pte_by_pa'? [-Werror=implicit-function-declaration]
1546 | return hugetlb_insert_hugepage_pte_by_pa(vma->vm_mm, addr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| hugetlb_insert__hugepage_pte_by_pa
In file included from arch/arm64/include/asm/atomic.h:36,
from include/linux/atomic.h:7,
from include/asm-generic/bitops/atomic.h:5,
from arch/arm64/include/asm/bitops.h:37,
from include/linux/bitops.h:19,
from include/linux/kernel.h:11,
from include/linux/list.h:9,
from include/linux/smp.h:12,
from include/linux/kernel_stat.h:5,
from mm/memory.c:41:
In function '__cmpxchg_case_acq_4',
inlined from '__cmpxchg_acq' at arch/arm64/include/asm/cmpxchg.h:141:1,
inlined from 'queued_spin_lock' at include/asm-generic/qspinlock.h:85:8,
inlined from 'do_raw_spin_lock' at include/linux/spinlock.h:180:2,
inlined from '__raw_spin_lock' at include/linux/spinlock_api_smp.h:143:2,
inlined from 'spin_lock' at include/linux/spinlock.h:329:2,
inlined from 'copy_one_pte' at mm/memory.c:731:5,
inlined from 'copy_pte_range' at mm/memory.c:869:15:
arch/arm64/include/asm/atomic_ll_sc.h:259:9: warning: array subscript 'long unsigned int[0]' is partly outside array bounds of 'spinlock_t[1]' {aka 'struct spinlock[1]'} [-Warray-bounds=]
259 | asm volatile( \
| ^~~
arch/arm64/include/asm/atomic_ll_sc.h:283:1: note: in expansion of macro '__CMPXCHG_CASE'
283 | __CMPXCHG_CASE(w, , acq_4, , a, , "memory")
| ^~~~~~~~~~~~~~
In file included from mm/memory.c:46:
include/linux/sched/task.h: In function 'copy_pte_range':
include/linux/sched/task.h:23:19: note: object 'mmlist_lock' of size 4
23 | extern spinlock_t mmlist_lock;
| ^~~~~~~~~~~
In function '__cmpxchg_case_acq_4',
inlined from '__cmpxchg_acq' at arch/arm64/include/asm/cmpxchg.h:141:1,
inlined from 'queued_spin_lock' at include/asm-generic/qspinlock.h:85:8,
inlined from 'do_raw_spin_lock' at include/linux/spinlock.h:180:2,
inlined from '__raw_spin_lock' at include/linux/spinlock_api_smp.h:143:2,
inlined from 'spin_lock' at include/linux/spinlock.h:329:2,
inlined from 'copy_one_pte' at mm/memory.c:731:5,
inlined from 'copy_pte_range' at mm/memory.c:869:15:
arch/arm64/include/asm/atomic_ll_sc.h:259:9: warning: array subscript 'long unsigned int[0]' is partly outside array bounds of 'spinlock_t[1]' {aka 'struct spinlock[1]'} [-Warray-bounds=]
259 | asm volatile( \
| ^~~
arch/arm64/include/asm/atomic_ll_sc.h:283:1: note: in expansion of macro '__CMPXCHG_CASE'
283 | __CMPXCHG_CASE(w, , acq_4, , a, , "memory")
| ^~~~~~~~~~~~~~
include/linux/sched/task.h: In function 'copy_pte_range':
include/linux/sched/task.h:23:19: note: object 'mmlist_lock' of size 4
23 | extern spinlock_t mmlist_lock;
| ^~~~~~~~~~~
cc1: some warnings being treated as errors
vim +1546 mm/memory.c
1504
1505 /**
1506 * vm_insert_page - insert single page into user vma
1507 * @vma: user vma to map to
1508 * @addr: target user address of this page
1509 * @page: source kernel page
1510 *
1511 * This allows drivers to insert individual pages they've allocated
1512 * into a user vma.
1513 *
1514 * The page has to be a nice clean _individual_ kernel allocation.
1515 * If you allocate a compound page, you need to have marked it as
1516 * such (__GFP_COMP), or manually just split the page up yourself
1517 * (see split_page()).
1518 *
1519 * NOTE! Traditionally this was done with "remap_pfn_range()" which
1520 * took an arbitrary page protection parameter. This doesn't allow
1521 * that. Your vma protection will have to be set up correctly, which
1522 * means that if you want a shared writable mapping, you'd better
1523 * ask for a shared writable mapping!
1524 *
1525 * The page does not need to be reserved.
1526 *
1527 * Usually this function is called from f_op->mmap() handler
1528 * under mm->mmap_sem write-lock, so it can change vma->vm_flags.
1529 * Caller must set VM_MIXEDMAP on vma if it wants to call this
1530 * function from other places, for example from page-fault handler.
1531 */
1532 int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
1533 struct page *page)
1534 {
1535 if (addr < vma->vm_start || addr >= vma->vm_end)
1536 return -EFAULT;
1537 if (!page_count(page))
1538 return -EINVAL;
1539 if (!(vma->vm_flags & VM_MIXEDMAP)) {
1540 BUG_ON(down_read_trylock(&vma->vm_mm->mmap_sem));
1541 BUG_ON(vma->vm_flags & VM_PFNMAP);
1542 vma->vm_flags |= VM_MIXEDMAP;
1543 }
1544
1545 if (sp_check_hugepage(page))
> 1546 return hugetlb_insert_hugepage_pte_by_pa(vma->vm_mm, addr,
1547 vma->vm_page_prot, page_to_phys(page));
1548 else
1549 return insert_page(vma, addr, page, vma->vm_page_prot);
1550 }
1551 EXPORT_SYMBOL(vm_insert_page);
1552
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
hulk inclusion
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB8UN5
--------------------------------
Commit aa1e2bfdc899 attempt to fix a CVE problem, but the patch
conflicted with current version. When the patch is adapted,
an error is introduced in the function of gpiochip_add_data_with_key.
After the gdev is released, the gdev is still accessed, resulting in
use-after-free.
The value of gdev->ngpio is assigned from gc->ngpio and is not changed
during the processing of function. Therefore, this patch changes
gdev->ngpio to gc->ngpio to solve the above use-after-free problem.
Fixes: aa1e2bfdc899 ("gpiolib: fix memory leak in gpiochip_setup_dev()")
Signed-off-by: He Yujie <coka.heyujie(a)huawei.com>
---
drivers/gpio/gpiolib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index ae000b513bc1..9e717cf180d4 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -795,7 +795,7 @@ int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data,
err_print_message:
/* failures here can mean systems won't boot... */
pr_err("%s: GPIOs %d..%d (%s) failed to register, %d\n", __func__,
- base, base + gdev->ngpio - 1,
+ base, base + (int)gc->ngpio - 1,
gc->label ? : "generic", ret);
return ret;
}
--
2.34.1
From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
stable inclusion
from stable-v4.19.325
commit 085556bf8c70e2629e02e79268dac3016a08b8bf
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB956P
CVE: CVE-2024-53131
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
--------------------------------
commit cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471 upstream.
Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints".
This series fixes null pointer dereference bugs that occur when using
nilfs2 and two block-related tracepoints.
This patch (of 2):
It has been reported that when using "block:block_touch_buffer"
tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a
NULL pointer dereference, or a general protection fault when KASAN is
enabled.
This happens because since the tracepoint was added in touch_buffer(), it
references the dev_t member bh->b_bdev->bd_dev regardless of whether the
buffer head has a pointer to a block_device structure. In the current
implementation, the block_device structure is set after the function
returns to the caller.
Here, touch_buffer() is used to mark the folio/page that owns the buffer
head as accessed, but the common search helper for folio/page used by the
caller function was optimized to mark the folio/page as accessed when it
was reimplemented a long time ago, eliminating the need to call
touch_buffer() here in the first place.
So this solves the issue by eliminating the touch_buffer() call itself.
Link: https://lkml.kernel.org/r/20241106160811.3316-1-konishi.ryusuke@gmail.com
Link: https://lkml.kernel.org/r/20241106160811.3316-2-konishi.ryusuke@gmail.com
Fixes: 5305cb830834 ("block: add block_{touch|dirty}_buffer tracepoint")
Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
Reported-by: Ubisectech Sirius <bugreport(a)valiantsec.com>
Closes: https://lkml.kernel.org/r/86bd3013-887e-4e38-960f-ca45c657f032.bugreport@va…
Reported-by: syzbot+9982fb8d18eba905abe2(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=9982fb8d18eba905abe2
Tested-by: syzbot+9982fb8d18eba905abe2(a)syzkaller.appspotmail.com
Cc: Tejun Heo <tj(a)kernel.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Signed-off-by: He Yujie <coka.heyujie(a)huawei.com>
---
fs/nilfs2/page.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/nilfs2/page.c b/fs/nilfs2/page.c
index 360808b39b6d..cc3308d1c61d 100644
--- a/fs/nilfs2/page.c
+++ b/fs/nilfs2/page.c
@@ -39,7 +39,6 @@ __nilfs_get_page_block(struct page *page, unsigned long block, pgoff_t index,
first_block = (unsigned long)index << (PAGE_SHIFT - blkbits);
bh = nilfs_page_get_nth_block(page, block - first_block);
- touch_buffer(bh);
wait_on_buffer(bh);
return bh;
}
--
2.34.1