From: Evan Green evgreen@chromium.org
mainline inclusion from mainline-v5.7-rc1 commit 8cd55087dc45b2e1a73ed2a197cbf405f32deb08 category: bugfix bugzilla: 38877 CVE: NA
Properly plumb out EOPNOTSUPP from loop driver operations, which may get returned when for instance a discard operation is attempted but not supported by the underlying block device. Before this change, everything was reported in the log as an I/O error, which is scary and not helpful in debugging.
Signed-off-by: Evan Green evgreen@chromium.org Reviewed-by: Gwendal Grignou gwendal@chromium.org Reviewed-by: Bart Van Assche bvanassche@acm.org Signed-off-by: Andrzej Pietrasiewicz andrzej.p@collabora.com Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: Luo Meng luomeng12@huawei.com Reviewed-by: Hou Tao houtao1@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- drivers/block/loop.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 19042b42a8ba..d0687e90e5d4 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -461,7 +461,7 @@ static void lo_complete_rq(struct request *rq) if (!cmd->use_aio || cmd->ret < 0 || cmd->ret == blk_rq_bytes(rq) || req_op(rq) != REQ_OP_READ) { if (cmd->ret < 0) - ret = BLK_STS_IOERR; + ret = errno_to_blk_status(cmd->ret); goto end_io; }
@@ -1927,7 +1927,10 @@ static void loop_handle_cmd(struct loop_cmd *cmd) failed: /* complete non-aio request */ if (!cmd->use_aio || ret) { - cmd->ret = ret ? -EIO : 0; + if (ret == -EOPNOTSUPP) + cmd->ret = ret; + else + cmd->ret = ret ? -EIO : 0; blk_mq_complete_request(rq); } }
From: Roberto Sassu roberto.sassu@huawei.com
hulk inclusion category: feature feature: digest-lists
---------------------------
Enable digest lists and PGP keys preload.
Signed-off-by: Roberto Sassu roberto.sassu@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- arch/arm64/configs/openeuler_defconfig | 73 +++++++++++++++++++------- 1 file changed, 54 insertions(+), 19 deletions(-)
diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig index 809350e03968..b2abedf899b5 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -3048,20 +3048,23 @@ CONFIG_HW_RANDOM_CAVIUM=y # CONFIG_RAW_DRIVER=y CONFIG_MAX_RAW_DEVS=8192 -CONFIG_TCG_TPM=m +CONFIG_TCG_TPM=y CONFIG_HW_RANDOM_TPM=y -CONFIG_TCG_TIS_CORE=m -CONFIG_TCG_TIS=m -CONFIG_TCG_TIS_SPI=m -# CONFIG_TCG_TIS_I2C_ATMEL is not set -# CONFIG_TCG_TIS_I2C_INFINEON is not set -# CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_ATMEL=m -# CONFIG_TCG_INFINEON is not set -CONFIG_TCG_CRB=m +CONFIG_TCG_TIS_CORE=y +CONFIG_TCG_TIS=y +CONFIG_TCG_TIS_SPI=y +CONFIG_TCG_TIS_I2C_ATMEL=y +CONFIG_TCG_TIS_I2C_INFINEON=y +CONFIG_TCG_TIS_I2C_NUVOTON=y +CONFIG_TCG_NSC=y +CONFIG_TCG_ATMEL=y +CONFIG_TCG_INFINEON=y +# CONFIG_TCG_XEN is not set +CONFIG_TCG_CRB=y # CONFIG_TCG_VTPM_PROXY is not set -# CONFIG_TCG_TIS_ST33ZP24_I2C is not set -# CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS_ST33ZP24=y +CONFIG_TCG_TIS_ST33ZP24_I2C=y +CONFIG_TCG_TIS_ST33ZP24_SPI=y # CONFIG_DEVPORT is not set # CONFIG_XILLYBUS is not set CONFIG_HISI_SVM=y @@ -5425,8 +5428,8 @@ CONFIG_KEYS=y CONFIG_KEYS_COMPAT=y CONFIG_PERSISTENT_KEYRINGS=y CONFIG_BIG_KEYS=y -CONFIG_TRUSTED_KEYS=m -CONFIG_ENCRYPTED_KEYS=m +CONFIG_TRUSTED_KEYS=y +CONFIG_ENCRYPTED_KEYS=y # CONFIG_KEY_DH_OPERATIONS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y @@ -5459,7 +5462,39 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y # CONFIG_SECURITY_APPARMOR_DEBUG is not set # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_YAMA=y -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_IMA=y +CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_LSM_RULES=y +# CONFIG_IMA_TEMPLATE is not set +CONFIG_IMA_NG_TEMPLATE=y +# CONFIG_IMA_SIG_TEMPLATE is not set +CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y +CONFIG_IMA_DEFAULT_HASH="sha256" +# CONFIG_IMA_WRITE_POLICY is not set +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_TRUSTED_KEYRING=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_LOAD_X509=y +CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" +# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set +CONFIG_IMA_DIGEST_LIST=y +CONFIG_IMA_DIGEST_LISTS_DIR="/etc/ima/digest_lists" +CONFIG_IMA_PARSER_BINARY_PATH="/usr/bin/upload_digest_lists" +CONFIG_EVM=y +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_LOAD_X509=y +CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" CONFIG_DEFAULT_SECURITY_SELINUX=y # CONFIG_DEFAULT_SECURITY_APPARMOR is not set # CONFIG_DEFAULT_SECURITY_DAC is not set @@ -5646,9 +5681,9 @@ CONFIG_X509_CERTIFICATE_PARSER=y CONFIG_PKCS7_MESSAGE_PARSER=y # CONFIG_PKCS7_TEST_KEY is not set CONFIG_SIGNED_PE_FILE_VERIFICATION=y -# CONFIG_PGP_LIBRARY is not set -# CONFIG_PGP_KEY_PARSER is not set -# CONFIG_PGP_PRELOAD is not set +CONFIG_PGP_LIBRARY=y +CONFIG_PGP_KEY_PARSER=y +CONFIG_PGP_PRELOAD=y
# # Certificates for signature checking @@ -5659,7 +5694,7 @@ CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set # CONFIG_SECONDARY_TRUSTED_KEYRING is not set # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set -# CONFIG_PGP_PRELOAD_PUBLIC_KEYS is not set +CONFIG_PGP_PRELOAD_PUBLIC_KEYS=y CONFIG_BINARY_PRINTF=y
#
From: Zhang Xiaoxu zhangxiaoxu5@huawei.com
hulk inclusion category: bugfix bugzilla: 42532 CVE: NA
-------------------------------------------------
If some errors has occurred on the device, and the orphan list not empty, then mount the device with 'ro', the bdev write error check will failed: ext4_check_bdev_write_error:193: comm mount: Error while async write back metadata
Since the sbi->s_bdev_wb_err wouldn't be initialized when mount file system with 'ro', when clean up the orphan list and access the iloc buffer, bdev write error check will failed.
So we should always initialize the sbi->s_bdev_wb_err even if mount the file system with 'ro'.
Fixes: bc71726c7257 ("ext4: abort the filesystem if failed to async write metadata buffer") Signed-off-by: Zhang Xiaoxu zhangxiaoxu5@huawei.com Signed-off-by: Luo Meng luomeng12@huawei.com Reviewed-by: zhangyi (F) yi.zhang@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- fs/ext4/super.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 7b68f8d5750c..fe14d233a695 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -4596,9 +4596,8 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) * used to detect the metadata async write error. */ spin_lock_init(&sbi->s_bdev_wb_lock); - if (!sb_rdonly(sb)) - errseq_check_and_advance(&sb->s_bdev->bd_inode->i_mapping->wb_err, - &sbi->s_bdev_wb_err); + errseq_check_and_advance(&sb->s_bdev->bd_inode->i_mapping->wb_err, + &sbi->s_bdev_wb_err); sb->s_bdev->bd_super = sb; EXT4_SB(sb)->s_mount_state |= EXT4_ORPHAN_FS; ext4_orphan_cleanup(sb, es);
From: "zhangyi (F)" yi.zhang@huawei.com
hulk inclusion category: bugfix bugzilla: 41833 CVE: NA
-----------------------------------------------
The metadata buffer is no longer trusted after we read it from disk again because it is not uptodate for some reasons (e.g. failed to async write back). Otherwise we may get below memory corruption problem if we read stale data from the newly allocated extent block on disk which has been failed to async write back but miss verify again since the verified bit has been set on the buffer.
[ 29.774674] BUG: unable to handle kernel paging request at ffff88841949d000 ... [ 29.775267] RIP: 0010:rb_insert_color+0x18/0x240 ... [ 29.783317] Oops: 0002 [#2] SMP [ 29.784219] R10: 00000000000f4240 R11: 0000000000002e28 R12: ffff88842fa1c800 [ 29.784627] CPU: 1 PID: 126 Comm: kworker/u4:3 Tainted: G D W [ 29.785546] R13: ffffffff9cddcc20 R14: ffffffff9cddd420 R15: ffff88842fa1c2f8 [ 29.786679] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),BIOS ?-20190727_0738364 [ 29.787588] FS: 0000000000000000(0000) GS:ffff88842fa00000(0000) knlGS:0000000000000000 [ 29.789288] Workqueue: writeback wb_workfn [ 29.790319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.790321] (flush-8:0) [ 29.790844] CR2: 0000000000000008 CR3: 00000004234f2000 CR4: 00000000000006f0 [ 29.791924] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.792839] RIP: 0010:__memset+0x24/0x30 [ 29.793739] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.794256] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 033 [ 29.795161] Kernel panic - not syncing: Fatal exception in interrupt ... [ 29.808149] Call Trace: [ 29.808475] ext4_ext_insert_extent+0x102e/0x1be0 [ 29.809085] ext4_ext_map_blocks+0xa89/0x1bb0 [ 29.809652] ext4_map_blocks+0x290/0x8a0 [ 29.809085] ext4_ext_map_blocks+0xa89/0x1bb0 [ 29.809652] ext4_map_blocks+0x290/0x8a0 [ 29.810161] ext4_writepages+0xc85/0x17c0 ...
Fix this by clear buffer's verified bit if we read it from disk again.
Signed-off-by: zhangyi (F) yi.zhang@huawei.com Signed-off-by: Ye Bin yebin10@huawei.com Reviewed-by: Zhang Xiaoxu zhangxiaoxu5@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- fs/ext4/balloc.c | 1 + fs/ext4/extents.c | 1 + fs/ext4/ialloc.c | 1 + fs/ext4/inode.c | 5 ++++- fs/ext4/super.c | 1 + 5 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c index 04c445ff638c..904fe348084f 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c @@ -486,6 +486,7 @@ ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group) * submit the buffer_head for reading */ set_buffer_new(bh); + clear_buffer_verified(bh); trace_ext4_read_block_bitmap_load(sb, block_group); bh->b_end_io = ext4_end_bitmap_read; get_bh(bh); diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 56f1ff5eae78..46af383809c5 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -548,6 +548,7 @@ __read_extent_tree_block(const char *function, unsigned int line,
if (!bh_uptodate_or_lock(bh)) { trace_ext4_ext_load_extent(inode, pblk, _RET_IP_); + clear_buffer_verified(bh); err = bh_submit_read(bh); if (err < 0) goto errout; diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c index baab3a74183a..9b04dac91248 100644 --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c @@ -187,6 +187,7 @@ ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group) /* * submit the buffer_head for reading */ + clear_buffer_verified(bh); trace_ext4_load_inode_bitmap(sb, block_group); bh->b_end_io = ext4_end_bitmap_read; get_bh(bh); diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index f2a82cdc6b1e..0bde4afe6b7f 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1020,6 +1020,7 @@ struct buffer_head *ext4_bread(handle_t *handle, struct inode *inode, return bh; if (!bh || ext4_buffer_uptodate(bh)) return bh; + clear_buffer_verified(bh); ll_rw_block(REQ_OP_READ, REQ_META | REQ_PRIO, 1, &bh); wait_on_buffer(bh); if (buffer_uptodate(bh)) @@ -1045,9 +1046,11 @@ int ext4_bread_batch(struct inode *inode, ext4_lblk_t block, int bh_count,
for (i = 0; i < bh_count; i++) /* Note that NULL bhs[i] is valid because of holes. */ - if (bhs[i] && !ext4_buffer_uptodate(bhs[i])) + if (bhs[i] && !ext4_buffer_uptodate(bhs[i])) { + clear_buffer_verified(bhs[i]); ll_rw_block(REQ_OP_READ, REQ_META | REQ_PRIO, 1, &bhs[i]); + }
if (!wait) return 0; diff --git a/fs/ext4/super.c b/fs/ext4/super.c index fe14d233a695..1af560c0b9f6 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -163,6 +163,7 @@ ext4_sb_bread(struct super_block *sb, sector_t block, int op_flags) return ERR_PTR(-ENOMEM); if (buffer_uptodate(bh)) return bh; + clear_buffer_verified(bh); ll_rw_block(REQ_OP_READ, REQ_META | op_flags, 1, &bh); wait_on_buffer(bh); if (buffer_uptodate(bh))
From: Ding Tianhong dingtianhong@huawei.com
ascend inclusion category: feature bugzilla: NA CVE: NA
-------------------------------------------------
The read_persistend_clock and read_persistend_clock64 is designed to be implemented at the platform level, which make it impossible to compile these platform in a single kernel.
Implement the functions at the architecture level, and provide a registration interface for read_persistend_clock64, the platform private drivers no need to be compiled in a single kernel.
This patch is like the commit bd0493eaaf5c7 ("ARM: 7413/1: move read...")
Signed-off-by: Ding Tianhong dingtianhong@huawei.com Reviewed-by: Hanjun Guo guohanjun@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- arch/arm64/include/asm/arch_timer.h | 3 +++ arch/arm64/kernel/time.c | 26 ++++++++++++++++++++++++++ 2 files changed, 29 insertions(+)
diff --git a/arch/arm64/include/asm/arch_timer.h b/arch/arm64/include/asm/arch_timer.h index 93e07512b4b6..837648870002 100644 --- a/arch/arm64/include/asm/arch_timer.h +++ b/arch/arm64/include/asm/arch_timer.h @@ -194,4 +194,7 @@ static inline int arch_timer_arch_init(void) return 0; }
+typedef void (*clock_access_fn)(struct timespec64 *); +extern int register_persistent_clock(clock_access_fn read_persistent); + #endif diff --git a/arch/arm64/kernel/time.c b/arch/arm64/kernel/time.c index f258636273c9..c06c3feb6772 100644 --- a/arch/arm64/kernel/time.c +++ b/arch/arm64/kernel/time.c @@ -64,6 +64,32 @@ unsigned long profile_pc(struct pt_regs *regs) } EXPORT_SYMBOL(profile_pc);
+static void dummy_clock_access(struct timespec64 *ts) +{ + ts->tv_sec = 0; + ts->tv_nsec = 0; +} + +static clock_access_fn __read_persistent_clock = dummy_clock_access; + +void read_persistent_clock64(struct timespec64 *ts) +{ + __read_persistent_clock(ts); +} + +int __init register_persistent_clock(clock_access_fn read_persistent) +{ + /* Only allow the clockaccess functions to be registered once */ + if (__read_persistent_clock == dummy_clock_access) { + if (read_persistent) + __read_persistent_clock = read_persistent; + return 0; + } + + return -EINVAL; +} +EXPORT_SYMBOL(register_persistent_clock); + void __init time_init(void) { u32 arch_timer_rate;
-
Yang Yingliang