[PATCH openEuler-5.10 1/9] crypto: Add PMULL judgment during initialization to prevent oops

List overview All Threads
Download

newer

older

[PATCH openEuler-5.10 01/47] net:...

Re: [PATCH openEuler-1.0-LTS V3...

Zheng Zengkai

26 Jan 2022 26 Jan '22

8 p.m.

From: wangshouping wangshouping@huawei.com

openEuler inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4OKIE?from=project-issue CVE: NA

----------------------------------------

For servers that do not support PMULL on the cpu, execute "modprobe crct10dif-ce", and accur oops.

Signed-off-by: wangshouping wangshouping@huawei.com Reviewed-by: Yue Haibing yuehaibing@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- arch/arm64/crypto/crct10dif-neon_glue.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/crypto/crct10dif-neon_glue.c b/arch/arm64/crypto/crct10dif-neon_glue.c index e0c4a9acee27..af731b3ec30e 100644 --- a/arch/arm64/crypto/crct10dif-neon_glue.c +++ b/arch/arm64/crypto/crct10dif-neon_glue.c @@ -97,7 +97,11 @@ static struct shash_alg alg = {

static int __init crct10dif_arm64_mod_init(void) { - return crypto_register_shash(&alg); + if (cpu_have_named_feature(PMULL)) { + return crypto_register_shash(&alg); + } else { + return -ENODEV; + } }

static void __exit crct10dif_arm64_mod_fini(void)

-- 2.20.1

Show replies by date

Zheng Zengkai

26 Jan 26 Jan

8 p.m.

New subject: [PATCH openEuler-5.10 2/9] ext4: report error to userspace by netlink

From: Zhao Minmin zhaominmin1@huawei.com

hulk inclusion category: feature bugzilla: 34592 https://gitee.com/openeuler/kernel/issues/I4RF6M CVE: NA

-------------------------------------------------

Implement the ext3/ext4 file system error report.

This patch is used to implement abnormal alarm of ext3/ext4 filesystem. You can archieve this by setting "FILESYSTEM_MONITOR" or "FILESYSTEM_ALARM" on in configuration file. With this setting, alarm will be raised when ext3/ext4 file system expection occurs.

Signed-off-by: Zhao Minmin zhaominmin1@huawei.com Reviewed-by: Yi Zhang yi.zhang@huawei.com Link: http://hulk.huawei.com/pipermail/kernel.openeuler/2016-March/009711.html Signed-off-by: Wang Hui john.wanghui@huawei.com Signed-off-by: Kefeng Wang wangkefeng.wang@huawei.com

[yebin: cherry-pick this patch from openeuler, commit 6636f4434a9c] conflicts : fs/ext4/super.c fs/ext4/ext4.h

Signed-off-by: Ye Bin yebin10@huawei.com Reviewed-by: Zhang Yi yi.zhang@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- fs/ext4/ext4.h | 9 ++++++ fs/ext4/super.c | 55 +++++++++++++++++++++++++++++++++++- include/uapi/linux/netlink.h | 1 + 3 files changed, 64 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index bb3adca53d93..85dae812c933 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -45,6 +45,15 @@

#include <linux/compiler.h>

+#define NL_EXT4_ERROR_GROUP 1 +#define EXT4_ERROR_MAGIC 0xAE32014U +struct ext4_err_msg { + int magic; + char s_id[32]; + unsigned long s_flags; + int ext4_errno; +}; + /* * The fourth extended filesystem constants/structures */ diff --git a/fs/ext4/super.c b/fs/ext4/super.c index ee717b73c2b1..856733f756cf 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -55,6 +55,10 @@ #include "mballoc.h" #include "fsmap.h"

+#include <uapi/linux/netlink.h> +#include <net/sock.h> +#include <net/net_namespace.h> + #define CREATE_TRACE_POINTS #include <trace/events/ext4.h>

@@ -86,6 +90,8 @@ static void ext4_unregister_li_request(struct super_block *sb); static void ext4_clear_request_list(void); static struct inode *ext4_get_journal_inode(struct super_block *sb, unsigned int journal_inum); +static void ext4_netlink_send_info(struct super_block *sb, int ext4_errno); +static struct sock *ext4nl;

/* * Lock ordering @@ -616,6 +622,42 @@ static void save_error_info(struct super_block *sb, int error, spin_unlock(&sbi->s_error_lock); }

+static void ext4_netlink_send_info(struct super_block *sb, int ext4_errno) +{ + int size; + sk_buff_data_t old_tail; + struct sk_buff *skb; + struct nlmsghdr *nlh; + struct ext4_err_msg *msg; + + if (ext4nl) { + size = NLMSG_SPACE(sizeof(struct ext4_err_msg)); + skb = alloc_skb(size, GFP_ATOMIC); + if (!skb) { + printk(KERN_ERR "Cannot alloc skb!"); + return; + } + old_tail = skb->tail; + nlh = nlmsg_put(skb, 0, 0, NLMSG_ERROR, size - sizeof(*nlh), 0); + if (!nlh) + goto nlmsg_failure; + msg = (struct ext4_err_msg *)NLMSG_DATA(nlh); + msg->magic = EXT4_ERROR_MAGIC; + memcpy(msg->s_id, sb->s_id, sizeof(sb->s_id)); + msg->s_flags = sb->s_flags; + msg->ext4_errno = ext4_errno; + nlh->nlmsg_len = skb->tail - old_tail; + NETLINK_CB(skb).portid = 0; + NETLINK_CB(skb).dst_group = NL_EXT4_ERROR_GROUP; + netlink_broadcast(ext4nl, skb, 0, NL_EXT4_ERROR_GROUP, + GFP_ATOMIC); + return; +nlmsg_failure: + if (skb) + kfree_skb(skb); + } +} + /* Deal with the reporting of failure conditions on a filesystem such as * inconsistencies detected or read IO failures. * @@ -677,9 +719,13 @@ static void ext4_handle_error(struct super_block *sb, bool force_ro, int error, sb->s_id); }

- if (sb_rdonly(sb) || continue_fs) + if (sb_rdonly(sb)) return;

+ if (continue_fs) + goto out; + + ext4_msg(sb, KERN_CRIT, "Remounting filesystem read-only"); /* * Make sure updated value of ->s_mount_flags will be visible before @@ -687,6 +733,8 @@ static void ext4_handle_error(struct super_block *sb, bool force_ro, int error, */ smp_wmb(); sb->s_flags |= SB_RDONLY; +out: + ext4_netlink_send_info(sb, force_ro ? 2 : 1); }

static void flush_stashed_error_work(struct work_struct *work) @@ -6693,6 +6741,7 @@ wait_queue_head_t ext4__ioend_wq[EXT4_WQ_HASH_SZ]; static int __init ext4_init_fs(void) { int i, err; + struct netlink_kernel_cfg cfg = {.groups = NL_EXT4_ERROR_GROUP,};

ratelimit_state_init(&ext4_mount_msg_ratelimit, 30 * HZ, 64); ext4_li_info = NULL; @@ -6745,6 +6794,9 @@ static int __init ext4_init_fs(void) if (err) goto out;

+ ext4nl = netlink_kernel_create(&init_net, NETLINK_FILESYSTEM, &cfg); + if (!ext4nl) + printk(KERN_ERR "EXT4-fs: Cannot create netlink socket.\n"); return 0; out: unregister_as_ext2(); @@ -6783,6 +6835,7 @@ static void __exit ext4_exit_fs(void) ext4_exit_post_read_processing(); ext4_exit_es(); ext4_exit_pending(); + netlink_kernel_release(ext4nl); }

MODULE_AUTHOR("Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others"); diff --git a/include/uapi/linux/netlink.h b/include/uapi/linux/netlink.h index 3d94269bbfa8..a7a91ba005b5 100644 --- a/include/uapi/linux/netlink.h +++ b/include/uapi/linux/netlink.h @@ -29,6 +29,7 @@ #define NETLINK_RDMA 20 #define NETLINK_CRYPTO 21 /* Crypto layer */ #define NETLINK_SMC 22 /* SMC monitoring */ +#define NETLINK_FILESYSTEM 28 /* filesystem alarm*/

#define NETLINK_INET_DIAG NETLINK_SOCK_DIAG

-- 2.20.1

Zheng Zengkai

8 p.m.

New subject: [PATCH openEuler-5.10 3/9] block, bfq: move bfqq to root_group if parent group is offlined

From: Yu Kuai yukuai3@huawei.com

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4RYCD

---------------------------

Our test report a uaf problem:

[ 154.237639] ================================================================== [ 154.239896] BUG: KASAN: use-after-free in __bfq_deactivate_entity+0x25/0x290 [ 154.241910] Read of size 1 at addr ffff88824501f7b8 by task rmmod/2447

[ 154.244248] CPU: 7 PID: 2447 Comm: rmmod Not tainted 4.19.90+ #1 [ 154.245962] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 154.248184] Call Trace: [ 154.248532] dump_stack+0x7a/0xac [ 154.248995] print_address_description+0x6c/0x237 [ 154.249649] ? __bfq_deactivate_entity+0x25/0x290 [ 154.250297] kasan_report.cold+0x88/0x29c [ 154.250853] __bfq_deactivate_entity+0x25/0x290 [ 154.251483] bfq_pd_offline+0x13e/0x790 [ 154.252017] ? blk_mq_freeze_queue_wait+0x165/0x180 [ 154.252687] ? bfq_reparent_leaf_entity+0xa0/0xa0 [ 154.253333] ? bfq_put_queue+0x12c/0x1e0 [ 154.253877] ? kmem_cache_free+0x8e/0x1e0 [ 154.254433] ? hrtimer_active+0x53/0xa0 [ 154.254966] ? hrtimer_try_to_cancel+0x6d/0x1c0 [ 154.255576] ? __hrtimer_get_remaining+0xf0/0xf0 [ 154.256197] ? __bfq_deactivate_entity+0x11b/0x290 [ 154.256843] blkcg_deactivate_policy+0x106/0x1f0 [ 154.257464] bfq_exit_queue+0xf1/0x110 [ 154.257975] blk_mq_exit_sched+0x114/0x140 [ 154.258530] elevator_exit+0x9a/0xa0 [ 154.259023] blk_exit_queue+0x3d/0x70 [ 154.259523] blk_cleanup_queue+0x160/0x1e0 [ 154.260099] null_del_dev+0xda/0x1f0 [null_blk] [ 154.260723] null_exit+0x5f/0xab [null_blk] [ 154.261298] __x64_sys_delete_module+0x20e/0x2f0 [ 154.261931] ? __ia32_sys_delete_module+0x2f0/0x2f0 [ 154.262597] ? exit_to_usermode_loop+0x45/0xe0 [ 154.263219] do_syscall_64+0x73/0x280 [ 154.263731] ? page_fault+0x8/0x30 [ 154.264197] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 154.264882] RIP: 0033:0x7f033bf63acb [ 154.265370] Code: 73 01 c3 48 8b 0d bd 33 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 33 0c 00 f7 d8 64 89 01 48 [ 154.267880] RSP: 002b:00007ffc7fe52548 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 [ 154.268900] RAX: ffffffffffffffda RBX: 00005583e2b8e530 RCX: 00007f033bf63acb [ 154.269865] RDX: 000000000000000a RSI: 0000000000000800 RDI: 00005583e2b8e598 [ 154.270837] RBP: 00007ffc7fe525a8 R08: 0000000000000000 R09: 0000000000000000 [ 154.271802] R10: 00007f033bfd7ac0 R11: 0000000000000206 R12: 00007ffc7fe52770 [ 154.272763] R13: 00007ffc7fe536f8 R14: 00005583e2b8d2a0 R15: 00005583e2b8e530

[ 154.273939] Allocated by task 2350: [ 154.274419] kasan_kmalloc+0xc6/0xe0 [ 154.274916] kmem_cache_alloc_node_trace+0x119/0x240 [ 154.275594] bfq_pd_alloc+0x50/0x510 [ 154.276081] blkg_alloc+0x237/0x310 [ 154.276557] blkg_create+0x48a/0x5e0 [ 154.277044] blkg_lookup_create+0x144/0x1c0 [ 154.277614] generic_make_request_checks+0x5cf/0xad0 [ 154.278290] generic_make_request+0xdd/0x6c0 [ 154.278877] submit_bio+0xaa/0x250 [ 154.279342] mpage_readpages+0x2a2/0x3b0 [ 154.279878] read_pages+0xdf/0x3a0 [ 154.280343] __do_page_cache_readahead+0x27c/0x2a0 [ 154.280989] ondemand_readahead+0x275/0x460 [ 154.281556] generic_file_read_iter+0xc4e/0x1790 [ 154.282182] aio_read+0x174/0x260 [ 154.282635] io_submit_one+0x7d4/0x14b0 [ 154.283164] __x64_sys_io_submit+0x102/0x230 [ 154.283749] do_syscall_64+0x73/0x280 [ 154.284250] entry_SYSCALL_64_after_hwframe+0x44/0xa9

[ 154.285159] Freed by task 2315: [ 154.285588] __kasan_slab_free+0x12f/0x180 [ 154.286150] kfree+0xab/0x1d0 [ 154.286561] blkg_free.part.0+0x4a/0xe0 [ 154.287089] rcu_process_callbacks+0x424/0x6d0 [ 154.287689] __do_softirq+0x10d/0x370 [ 154.288395] The buggy address belongs to the object at ffff88824501f700 which belongs to the cache kmalloc-2048 of size 2048 [ 154.290083] The buggy address is located 184 bytes inside of 2048-byte region [ffff88824501f700, ffff88824501ff00) [ 154.291661] The buggy address belongs to the page: [ 154.292306] page:ffffea0009140600 count:1 mapcount:0 mapping:ffff88824bc0e800 index:0x0 compound_mapcount: 0 [ 154.293610] flags: 0x17ffffc0008100(slab|head) [ 154.294211] raw: 0017ffffc0008100 ffffea000896da00 0000000200000002 ffff88824bc0e800 [ 154.295247] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 154.296294] page dumped because: kasan: bad access detected

[ 154.297261] Memory state around the buggy address: [ 154.297913] ffff88824501f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 154.298884] ffff88824501f700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.299858] >ffff88824501f780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.300824] ^ [ 154.301505] ffff88824501f800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.302479] ffff88824501f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.303459] ==================================================================

This is because when bfq_group is offlined, if the bfq_queues are not in active tree, their parents(bfqq->entity.partent) are still point to the offlined bfq_group. And after some ios are issued to such bfq_queues, the offlined bfq_group is reinserted to service tree.

Fix the problem by move bfq_queue to root_group if we found it's parent is offlined.

Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support") Signed-off-by: Yu Kuai yukuai3@huawei.com Reviewed-by: Tao Hou houtao1@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- block/bfq-cgroup.c | 16 +++++++++++----- block/bfq-wf2q.c | 9 +++++++++ 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c index a6bcc779c912..ee9f24ca7eea 100644 --- a/block/bfq-cgroup.c +++ b/block/bfq-cgroup.c @@ -643,6 +643,7 @@ void bfq_bfqq_move(struct bfq_data *bfqd, struct bfq_queue *bfqq, struct bfq_group *bfqg) { struct bfq_entity *entity = &bfqq->entity; + struct bfq_group *old_parent = bfqq_group(bfqq);

/* * Get extra reference to prevent bfqq from being freed in @@ -664,18 +665,22 @@ void bfq_bfqq_move(struct bfq_data *bfqd, struct bfq_queue *bfqq, bfq_deactivate_bfqq(bfqd, bfqq, false, false); else if (entity->on_st_or_in_serv) bfq_put_idle_entity(bfq_entity_service_tree(entity), entity); - bfqg_and_blkg_put(bfqq_group(bfqq));

entity->parent = bfqg->my_entity; entity->sched_data = &bfqg->sched_data; /* pin down bfqg and its associated blkg */ bfqg_and_blkg_get(bfqg);

- if (bfq_bfqq_busy(bfqq)) { - if (unlikely(!bfqd->nonrot_with_queueing)) - bfq_pos_tree_add_move(bfqd, bfqq); + /* + * Don't leave the bfqq->pos_root to old bfqg, since the ref to old + * bfqg will be released and the bfqg might be freed. + */ + if (unlikely(!bfqd->nonrot_with_queueing)) + bfq_pos_tree_add_move(bfqd, bfqq); + bfqg_and_blkg_put(old_parent); + + if (bfq_bfqq_busy(bfqq)) bfq_activate_bfqq(bfqd, bfqq); - }

if (!bfqd->in_service_queue && !bfqd->rq_in_driver) bfq_schedule_dispatch(bfqd); @@ -927,6 +932,7 @@ static void bfq_pd_offline(struct blkg_policy_data *pd)

put_async_queues: bfq_put_async_queues(bfqd, bfqg); + pd->plid = BLKCG_MAX_POLS;

spin_unlock_irqrestore(&bfqd->lock, flags); /* diff --git a/block/bfq-wf2q.c b/block/bfq-wf2q.c index 26776bdbdf36..5a6cb0513c4f 100644 --- a/block/bfq-wf2q.c +++ b/block/bfq-wf2q.c @@ -1695,6 +1695,15 @@ void bfq_del_bfqq_busy(struct bfq_data *bfqd, struct bfq_queue *bfqq, */ void bfq_add_bfqq_busy(struct bfq_data *bfqd, struct bfq_queue *bfqq) { +#ifdef CONFIG_BFQ_GROUP_IOSCHED + /* If parent group is offlined, move the bfqq to root group */ + if (bfqq->entity.parent) { + struct bfq_group *bfqg = bfq_bfqq_to_bfqg(bfqq); + + if (bfqg->pd.plid >= BLKCG_MAX_POLS) + bfq_bfqq_move(bfqd, bfqq, bfqd->root_group); + } +#endif bfq_log_bfqq(bfqd, bfqq, "add to busy");

bfq_activate_bfqq(bfqd, bfqq);

-- 2.20.1

Zheng Zengkai

8 p.m.

New subject: [PATCH openEuler-5.10 4/9] x86/fpu: Add address range checks to copy_user_to_xstate()

From: Andy Lutomirski luto@kernel.org

mainline inclusion from mainline-v5.13-rc7 commit f72a249b0ba85564c6bfa94d609a70567485a061 category: feature feature: milan cpu bugzilla: https://gitee.com/openeuler/kernel/issues/I4M9PB CVE: NA

--------------------------------

copy_user_to_xstate() uses __copy_from_user(), which provides a negligible speedup. Fortunately, both call sites are at least almost correct.

__fpu__restore_sig() checks access_ok() with xstate_sigframe_size() length and ptrace regset access uses fpu_user_xstate_size. These should be valid upper bounds on the length, so, at worst, this would cause spurious failures and not accesses to kernel memory.

Nonetheless, this is far more fragile than necessary and none of these callers are in a hotpath.

Use copy_from_user() instead.

Signed-off-by: Andy Lutomirski luto@kernel.org Signed-off-by: Thomas Gleixner tglx@linutronix.de Signed-off-by: Borislav Petkov bp@suse.de Acked-by: Dave Hansen dave.hansen@linux.intel.com Acked-by: Rik van Riel riel@surriel.com Link: https://lkml.kernel.org/r/20210608144346.140254130@linutronix.de Reviewed-by: Yunfeng Ye yeyunfeng@huawei.com Reviewed-by: Xie XiuQi xiexiuqi@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- arch/x86/kernel/fpu/xstate.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 80836b94189e..6655e0df2fb7 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -1242,7 +1242,7 @@ int copy_user_to_xstate(struct xregs_state *xsave, const void __user *ubuf) offset = offsetof(struct xregs_state, header); size = sizeof(hdr);

- if (__copy_from_user(&hdr, ubuf + offset, size)) + if (copy_from_user(&hdr, ubuf + offset, size)) return -EFAULT;

if (validate_user_xstate_header(&hdr)) @@ -1257,7 +1257,7 @@ int copy_user_to_xstate(struct xregs_state *xsave, const void __user *ubuf) offset = xstate_offsets[i]; size = xstate_sizes[i];

- if (__copy_from_user(dst, ubuf + offset, size)) + if (copy_from_user(dst, ubuf + offset, size)) return -EFAULT; } } @@ -1265,7 +1265,7 @@ int copy_user_to_xstate(struct xregs_state *xsave, const void __user *ubuf) if (xfeatures_mxcsr_quirk(hdr.xfeatures)) { offset = offsetof(struct fxregs_state, mxcsr); size = MXCSR_AND_FLAGS_SIZE; - if (__copy_from_user(&xsave->i387.mxcsr, ubuf + offset, size)) + if (copy_from_user(&xsave->i387.mxcsr, ubuf + offset, size)) return -EFAULT; }

-- 2.20.1

Zheng Zengkai

8 p.m.

New subject: [PATCH openEuler-5.10 5/9] selftests/x86: Test signal frame XSTATE header corruption handling

From: Andy Lutomirski luto@kernel.org

mainline inclusion from mainline-5.13-rc7 commit b7c11876d24bdd7ae3feeaa771b8f903f6cf05eb category: feature feature: milan cpu bugzilla: https://gitee.com/openeuler/kernel/issues/I4M9PB CVE: NA

--------------------------------

This is very heavily based on some code from Thomas Gleixner. On a system without XSAVES, it triggers the WARN_ON():

Bad FPU state detected at copy_kernel_to_fpregs+0x2f/0x40, reinitializing FPU registers.

[ bp: Massage in nitpicks. ]

Signed-off-by: Andy Lutomirski luto@kernel.org Signed-off-by: Thomas Gleixner tglx@linutronix.de Signed-off-by: Borislav Petkov bp@suse.de Acked-by: Dave Hansen dave.hansen@linux.intel.com Acked-by: Rik van Riel riel@surriel.com Link: https://lkml.kernel.org/r/20210608144346.234764986@linutronix.de Reviewed-by: Yunfeng Ye yeyunfeng@huawei.com Reviewed-by: Xie XiuQi xiexiuqi@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- tools/testing/selftests/x86/Makefile | 3 +- .../selftests/x86/corrupt_xstate_header.c | 114 ++++++++++++++++++ 2 files changed, 116 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/x86/corrupt_xstate_header.c

diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile index 6703c7906b71..458ca0209dcf 100644 --- a/tools/testing/selftests/x86/Makefile +++ b/tools/testing/selftests/x86/Makefile @@ -17,7 +17,8 @@ TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt test_mremap TARGETS_C_32BIT_ONLY := entry_from_vm86 test_syscall_vdso unwind_vdso \ test_FCMOV test_FCOMI test_FISTTP \ vdso_restorer -TARGETS_C_64BIT_ONLY := fsgsbase sysret_rip syscall_numbering +TARGETS_C_64BIT_ONLY := fsgsbase sysret_rip syscall_numbering \ + corrupt_xstate_header # Some selftests require 32bit support enabled also on 64bit systems TARGETS_C_32BIT_NEEDED := ldt_gdt ptrace_syscall

diff --git a/tools/testing/selftests/x86/corrupt_xstate_header.c b/tools/testing/selftests/x86/corrupt_xstate_header.c new file mode 100644 index 000000000000..ab8599c10ce5 --- /dev/null +++ b/tools/testing/selftests/x86/corrupt_xstate_header.c @@ -0,0 +1,114 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Corrupt the XSTATE header in a signal frame + * + * Based on analysis and a test case from Thomas Gleixner. + */ + +#define _GNU_SOURCE + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <sched.h> +#include <signal.h> +#include <err.h> +#include <unistd.h> +#include <stdint.h> +#include <sys/wait.h> + +static inline void __cpuid(unsigned int *eax, unsigned int *ebx, + unsigned int *ecx, unsigned int *edx) +{ + asm volatile( + "cpuid;" + : "=a" (*eax), + "=b" (*ebx), + "=c" (*ecx), + "=d" (*edx) + : "0" (*eax), "2" (*ecx)); +} + +static inline int xsave_enabled(void) +{ + unsigned int eax, ebx, ecx, edx; + + eax = 0x1; + ecx = 0x0; + __cpuid(&eax, &ebx, &ecx, &edx); + + /* Is CR4.OSXSAVE enabled ? */ + return ecx & (1U << 27); +} + +static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *), + int flags) +{ + struct sigaction sa; + + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction = handler; + sa.sa_flags = SA_SIGINFO | flags; + sigemptyset(&sa.sa_mask); + if (sigaction(sig, &sa, 0)) + err(1, "sigaction"); +} + +static void sigusr1(int sig, siginfo_t *info, void *uc_void) +{ + ucontext_t *uc = uc_void; + uint8_t *fpstate = (uint8_t *)uc->uc_mcontext.fpregs; + uint64_t *xfeatures = (uint64_t *)(fpstate + 512); + + printf("\tWreck XSTATE header\n"); + /* Wreck the first reserved bytes in the header */ + *(xfeatures + 2) = 0xfffffff; +} + +static void sigsegv(int sig, siginfo_t *info, void *uc_void) +{ + printf("\tGot SIGSEGV\n"); +} + +int main(void) +{ + cpu_set_t set; + + sethandler(SIGUSR1, sigusr1, 0); + sethandler(SIGSEGV, sigsegv, 0); + + if (!xsave_enabled()) { + printf("[SKIP] CR4.OSXSAVE disabled.\n"); + return 0; + } + + CPU_ZERO(&set); + CPU_SET(0, &set); + + /* + * Enforce that the child runs on the same CPU + * which in turn forces a schedule. + */ + sched_setaffinity(getpid(), sizeof(set), &set); + + printf("[RUN]\tSend ourselves a signal\n"); + raise(SIGUSR1); + + printf("[OK]\tBack from the signal. Now schedule.\n"); + pid_t child = fork(); + if (child < 0) + err(1, "fork"); + if (child == 0) + return 0; + if (child) + waitpid(child, NULL, 0); + printf("[OK]\tBack in the main thread.\n"); + + /* + * We could try to confirm that extended state is still preserved + * when we schedule. For now, the only indication of failure is + * a warning in the kernel logs. + */ + + return 0; +}

-- 2.20.1

Zheng Zengkai

8 p.m.

New subject: [PATCH openEuler-5.10 6/9] x86/kdump: add log before booting crash kernel

From: Bin Wang wangbin224@huawei.com

from euler inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4S9W4?from=project-issue CVE: NA

---------------------------

Just like arm64, print "Bye!" before booting crash kernel.

Signed-off-by: Bin Wang wangbin224@huawei.com Reviewed-by: luo chunsheng luochunsheng@huawei.com Reviewed-by: Yang Jihong yangjihong1@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- arch/x86/kernel/machine_kexec_64.c | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c index 055c18a6f7bf..ab5163f6ae00 100644 --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -364,6 +364,8 @@ void machine_kexec(struct kimage *image) page_list[PA_SWAP_PAGE] = (page_to_pfn(image->swap_page) << PAGE_SHIFT);

+ pr_info("Bye!\n"); + /* * The segment registers are funny things, they have both a * visible and an invisible part. Whenever the visible part is

-- 2.20.1

Zheng Zengkai

8 p.m.

New subject: [PATCH openEuler-5.10 7/9] tools/bpftool: Force clean of out-of-tree build

From: Jean-Philippe Brucker jean-philippe@linaro.org

mainline inclusion from mainline-v5.11-rc1 commit 9e8929fdbb9c9026bd3a732e9ac7dc9617c86309 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4S84A CVE: NA

--------------------------------

Cleaning a partial build can fail if the output directory for libbpf wasn't created:

$ make -C tools/bpf/bpftool O=/tmp/bpf clean /bin/sh: line 0: cd: /tmp/bpf/libbpf/: No such file or directory tools/scripts/Makefile.include:17: *** output directory "/tmp/bpf/libbpf/" does not exist. Stop. make: *** [Makefile:36: /tmp/bpf/libbpf/libbpf.a-clean] Error 2

As a result make never gets around to clearing the leftover objects. Add the libbpf output directory as clean dependency to ensure clean always succeeds (similarly to the "descend" macro). The directory is later removed by the clean recipe.

Signed-off-by: Jean-Philippe Brucker jean-philippe@linaro.org Signed-off-by: Andrii Nakryiko andrii@kernel.org Link: https://lore.kernel.org/bpf/20201110164310.2600671-3-jean-philippe@linaro.or... Signed-off-by: Pu Lehui pulehui@huawei.com Reviewed-by: Kuohai Xu xukuohai@huawei.com Reviewed-by: Kuohai Xu xukuohai@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- tools/bpf/bpftool/Makefile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/tools/bpf/bpftool/Makefile b/tools/bpf/bpftool/Makefile index f60e6ad3a1df..1358c093b812 100644 --- a/tools/bpf/bpftool/Makefile +++ b/tools/bpf/bpftool/Makefile @@ -27,11 +27,13 @@ LIBBPF = $(LIBBPF_PATH)libbpf.a

BPFTOOL_VERSION ?= $(shell make -rR --no-print-directory -sC ../../.. kernelversion)

-$(LIBBPF): FORCE - $(if $(LIBBPF_OUTPUT),@mkdir -p $(LIBBPF_OUTPUT)) +$(LIBBPF_OUTPUT): + $(QUIET_MKDIR)mkdir -p $@ + +$(LIBBPF): FORCE | $(LIBBPF_OUTPUT) $(Q)$(MAKE) -C $(BPF_DIR) OUTPUT=$(LIBBPF_OUTPUT) $(LIBBPF_OUTPUT)libbpf.a

-$(LIBBPF)-clean: +$(LIBBPF)-clean: $(LIBBPF_OUTPUT) $(call QUIET_CLEAN, libbpf) $(Q)$(MAKE) -C $(BPF_DIR) OUTPUT=$(LIBBPF_OUTPUT) clean >/dev/null

-- 2.20.1

Zheng Zengkai

8 p.m.

New subject: [PATCH openEuler-5.10 8/9] tools/bpftool: Fix cross-build

From: Jean-Philippe Brucker jean-philippe@linaro.org

mainline inclusion from mainline-v5.11-rc1 commit 8859b0da5aac28e4e9651c8971e7af344f8ffec1 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4S84A CVE: NA

--------------------------------

The bpftool build first creates an intermediate binary, executed on the host, to generate skeletons required by the final build. When cross-building bpftool for an architecture different from the host, the intermediate binary should be built using the host compiler (gcc) and the final bpftool using the cross compiler (e.g. aarch64-linux-gnu-gcc).

Generate the intermediate objects into the bootstrap/ directory using the host toolchain.

Signed-off-by: Jean-Philippe Brucker jean-philippe@linaro.org Signed-off-by: Andrii Nakryiko andrii@kernel.org Acked-by: Andrii Nakryiko andrii@kernel.org Link: https://lore.kernel.org/bpf/20201110164310.2600671-4-jean-philippe@linaro.or... Signed-off-by: Pu Lehui pulehui@huawei.com Reviewed-by: Kuohai Xu xukuohai@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- tools/bpf/bpftool/Makefile | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-)

diff --git a/tools/bpf/bpftool/Makefile b/tools/bpf/bpftool/Makefile index 1358c093b812..d566bced135e 100644 --- a/tools/bpf/bpftool/Makefile +++ b/tools/bpf/bpftool/Makefile @@ -19,24 +19,37 @@ BPF_DIR = $(srctree)/tools/lib/bpf/ ifneq ($(OUTPUT),) LIBBPF_OUTPUT = $(OUTPUT)/libbpf/ LIBBPF_PATH = $(LIBBPF_OUTPUT) + BOOTSTRAP_OUTPUT = $(OUTPUT)/bootstrap/ else + LIBBPF_OUTPUT = LIBBPF_PATH = $(BPF_DIR) + BOOTSTRAP_OUTPUT = $(CURDIR)/bootstrap/ endif

LIBBPF = $(LIBBPF_PATH)libbpf.a +LIBBPF_BOOTSTRAP_OUTPUT = $(BOOTSTRAP_OUTPUT)libbpf/ +LIBBPF_BOOTSTRAP = $(LIBBPF_BOOTSTRAP_OUTPUT)libbpf.a

BPFTOOL_VERSION ?= $(shell make -rR --no-print-directory -sC ../../.. kernelversion)

-$(LIBBPF_OUTPUT): +$(LIBBPF_OUTPUT) $(BOOTSTRAP_OUTPUT) $(LIBBPF_BOOTSTRAP_OUTPUT): $(QUIET_MKDIR)mkdir -p $@

$(LIBBPF): FORCE | $(LIBBPF_OUTPUT) $(Q)$(MAKE) -C $(BPF_DIR) OUTPUT=$(LIBBPF_OUTPUT) $(LIBBPF_OUTPUT)libbpf.a

+$(LIBBPF_BOOTSTRAP): FORCE | $(LIBBPF_BOOTSTRAP_OUTPUT) + $(Q)$(MAKE) -C $(BPF_DIR) OUTPUT=$(LIBBPF_BOOTSTRAP_OUTPUT) \ + ARCH= CC=$(HOSTCC) LD=$(HOSTLD) $@ + $(LIBBPF)-clean: $(LIBBPF_OUTPUT) $(call QUIET_CLEAN, libbpf) $(Q)$(MAKE) -C $(BPF_DIR) OUTPUT=$(LIBBPF_OUTPUT) clean >/dev/null

+$(LIBBPF_BOOTSTRAP)-clean: $(LIBBPF_BOOTSTRAP_OUTPUT) + $(call QUIET_CLEAN, libbpf-bootstrap) + $(Q)$(MAKE) -C $(BPF_DIR) OUTPUT=$(LIBBPF_BOOTSTRAP_OUTPUT) clean >/dev/null + prefix ?= /usr/local bash_compdir ?= /usr/share/bash-completion/completions

@@ -94,6 +107,7 @@ CFLAGS += -DCOMPAT_NEED_REALLOCARRAY endif

LIBS = $(LIBBPF) -lelf -lz +LIBS_BOOTSTRAP = $(LIBBPF_BOOTSTRAP) -lelf -lz ifeq ($(feature-libcap), 1) CFLAGS += -DUSE_LIBCAP LIBS += -lcap @@ -120,9 +134,9 @@ CFLAGS += -DHAVE_LIBBFD_SUPPORT SRCS += $(BFD_SRCS) endif

-BPFTOOL_BOOTSTRAP := $(if $(OUTPUT),$(OUTPUT)bpftool-bootstrap,./bpftool-bootstrap) +BPFTOOL_BOOTSTRAP := $(BOOTSTRAP_OUTPUT)bpftool

-BOOTSTRAP_OBJS = $(addprefix $(OUTPUT),main.o common.o json_writer.o gen.o btf.o) +BOOTSTRAP_OBJS = $(addprefix $(BOOTSTRAP_OUTPUT),main.o common.o json_writer.o gen.o btf.o) OBJS = $(patsubst %.c,$(OUTPUT)%.o,$(SRCS)) $(OUTPUT)disasm.o

VMLINUX_BTF_PATHS ?= $(if $(O),$(O)/vmlinux) \ @@ -169,12 +183,16 @@ $(OUTPUT)disasm.o: $(srctree)/kernel/bpf/disasm.c

$(OUTPUT)feature.o: | zdep

-$(BPFTOOL_BOOTSTRAP): $(BOOTSTRAP_OBJS) $(LIBBPF) - $(QUIET_LINK)$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(BOOTSTRAP_OBJS) $(LIBS) +$(BPFTOOL_BOOTSTRAP): $(BOOTSTRAP_OBJS) $(LIBBPF_BOOTSTRAP) + $(QUIET_LINK)$(HOSTCC) $(CFLAGS) $(LDFLAGS) -o $@ $(BOOTSTRAP_OBJS) \ + $(LIBS_BOOTSTRAP)

$(OUTPUT)bpftool: $(OBJS) $(LIBBPF) $(QUIET_LINK)$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)

+$(BOOTSTRAP_OUTPUT)%.o: %.c | $(BOOTSTRAP_OUTPUT) + $(QUIET_CC)$(HOSTCC) $(CFLAGS) -c -MMD -o $@ $< + $(OUTPUT)%.o: %.c $(QUIET_CC)$(CC) $(CFLAGS) -c -MMD -o $@ $<

@@ -182,11 +200,11 @@ feature-detect-clean: $(call QUIET_CLEAN, feature-detect) $(Q)$(MAKE) -C $(srctree)/tools/build/feature/ clean >/dev/null

-clean: $(LIBBPF)-clean feature-detect-clean +clean: $(LIBBPF)-clean $(LIBBPF_BOOTSTRAP)-clean feature-detect-clean $(call QUIET_CLEAN, bpftool) $(Q)$(RM) -- $(OUTPUT)bpftool $(OUTPUT)*.o $(OUTPUT)*.d - $(Q)$(RM) -- $(BPFTOOL_BOOTSTRAP) $(OUTPUT)*.skel.h $(OUTPUT)vmlinux.h - $(Q)$(RM) -r -- $(OUTPUT)libbpf/ + $(Q)$(RM) -- $(OUTPUT)*.skel.h $(OUTPUT)vmlinux.h + $(Q)$(RM) -r -- $(LIBBPF_OUTPUT) $(BOOTSTRAP_OUTPUT) $(call QUIET_CLEAN, core-gen) $(Q)$(RM) -- $(OUTPUT)FEATURE-DUMP.bpftool $(Q)$(RM) -r -- $(OUTPUT)feature/

-- 2.20.1

Zheng Zengkai

8 p.m.

New subject: [PATCH openEuler-5.10 9/9] openeuler_defconfig: Enable CONFIG_DEBUG_INFO_BTF

From: Pu Lehui pulehui@huawei.com

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4S7DA CVE: NA

-------------------------------

When compiling bpftool, the following error will occur:

$ make -C tools/bpf/bpftool ... GEN vmlinux.h Error: failed to load BTF from vmlinux: No such file or directory

The reason is that bpftool depends on vmlinux.h, which is generated from vmlinux's BTF info. Moreover, BTF will provide rich debugging info for ebpf progs and the eBPF CO-RE feature will strongly depend on it. So let's turn on this feature.

Signed-off-by: Pu Lehui pulehui@huawei.com Reviewed-by: Kuohai Xu xukuohai@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- arch/arm64/configs/openeuler_defconfig | 2 +- arch/x86/configs/openeuler_defconfig | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig index f4b62b7b5766..9c0d2af297f7 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -6910,7 +6910,7 @@ CONFIG_DEBUG_INFO=y # CONFIG_DEBUG_INFO_COMPRESSED is not set # CONFIG_DEBUG_INFO_SPLIT is not set CONFIG_DEBUG_INFO_DWARF4=y -# CONFIG_DEBUG_INFO_BTF is not set +CONFIG_DEBUG_INFO_BTF=y # CONFIG_GDB_SCRIPTS is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=2048 diff --git a/arch/x86/configs/openeuler_defconfig b/arch/x86/configs/openeuler_defconfig index dd41eb690608..40b4d8391b93 100644 --- a/arch/x86/configs/openeuler_defconfig +++ b/arch/x86/configs/openeuler_defconfig @@ -8264,7 +8264,7 @@ CONFIG_DEBUG_INFO=y # CONFIG_DEBUG_INFO_REDUCED is not set # CONFIG_DEBUG_INFO_SPLIT is not set CONFIG_DEBUG_INFO_DWARF4=y -# CONFIG_DEBUG_INFO_BTF is not set +CONFIG_DEBUG_INFO_BTF=y # CONFIG_GDB_SCRIPTS is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=2048

-- 2.20.1

1035

Age (days ago)

1035

Last active (days ago)

kernel@openeuler.org

8 comments

1 participants

tags (0)

participants (1)

Zheng Zengkai