[PATCH openEuler-5.10 1/6] sysctl: returns -EINVAL when a negative value is passed to proc_doulongvec_minmax

List overview All Threads
Download

newer

older

[PATCH] modify arm64 and x86...

[PATCH openEuler-5.10 01/23]...

Zheng Zengkai

10 Feb 2022 10 Feb '22

7:55 p.m.

From: Baokun Li libaokun1@huawei.com

mainline inclusion from mainline-5.17-rc1 commit 1622ed7d0743201293094162c26019d2573ecacb category: bugfix bugzilla: 185873, https://gitee.com/openeuler/kernel/issues/I4MTTR Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

-------------------------------------------------

When we pass a negative value to the proc_doulongvec_minmax() function, the function returns 0, but the corresponding interface value does not change.

we can easily reproduce this problem with the following commands:

cd /proc/sys/fs/epoll echo -1 > max_user_watches; echo $?; cat max_user_watches

This function requires a non-negative number to be passed in, so when a negative number is passed in, -EINVAL is returned.

Link: https://lkml.kernel.org/r/20211220092627.3744624-1-libaokun1@huawei.com Signed-off-by: Baokun Li libaokun1@huawei.com Reported-by: Hulk Robot hulkci@huawei.com Acked-by: Luis Chamberlain mcgrof@kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Baokun Li libaokun1@huawei.com Reviewed-by: Zhang Yi yi.zhang@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- kernel/sysctl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c index d7473cd5e72b..89ef0c1a1642 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1186,10 +1186,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, err = proc_get_long(&p, &left, &val, &neg, proc_wspace_sep, sizeof(proc_wspace_sep), NULL); - if (err) + if (err || neg) { + err = -EINVAL; break; - if (neg) - continue; + } + val = convmul * val / convdiv; if ((min && val < *min) || (max && val > *max)) { err = -EINVAL;

-- 2.20.1

Show replies by date

Zheng Zengkai

10 Feb 10 Feb

7:55 p.m.

New subject: [PATCH openEuler-5.10 2/6] mm/page_alloc.c: fix 'zone_id' may be used uninitialized in this function warning

From: Nico Pache npache@redhat.com

mainline inclusion from mainline-v5.15-rc1 commit b346075fcf5dda7f9e9ae671703aae60e8a94564 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4S7MA CVE: NA

--------------------------------

When compiling with -Werror, cc1 will warn that 'zone_id' may be used uninitialized in this function warning.

Initialize the zone_id as 0.

Its safe to assume that if the code reaches this point it has at least one numa node with memory, so no need for an assertion before init_unavilable_range.

Link: https://lkml.kernel.org/r/20210716210336.1114114-1-npache@redhat.com Fixes: 122e093c1734 ("mm/page_alloc: fix memory map initialization for descending nodes") Signed-off-by: Nico Pache npache@redhat.com Cc: Mike Rapoport rppt@linux.ibm.com Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Ma Wupeng mawupeng1@huawei.com Reviewed-by: Kefeng Wang wangkefeng.wang@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- mm/page_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/page_alloc.c b/mm/page_alloc.c index e078e3acb3de..3791bdc958bd 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -6510,7 +6510,7 @@ void __init __weak memmap_init(void) { unsigned long start_pfn, end_pfn; unsigned long hole_pfn = 0; - int i, j, zone_id, nid; + int i, j, zone_id = 0, nid;

for_each_mem_pfn_range(i, MAX_NUMNODES, &start_pfn, &end_pfn, &nid) { struct pglist_data *node = NODE_DATA(nid);

-- 2.20.1

Zheng Zengkai

7:55 p.m.

New subject: [PATCH openEuler-5.10 3/6] x509: Detect sm2 keys by their parameters OID

From: Stefan Berger stefanb@linux.ibm.com

mainline inclusion from mainline-v5.13-rc1 commit d1a303e8616c5ba1260722bb9068bbc0d1704847 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4S9XR CVE: NA

--------------------------------

Detect whether a key is an sm2 type of key by its OID in the parameters array rather than assuming that everything under OID_id_ecPublicKey is sm2, which is not the case.

Cc: David Howells dhowells@redhat.com Cc: keyrings@vger.kernel.org Signed-off-by: Stefan Berger stefanb@linux.ibm.com Reviewed-by: Tianjia Zhang tianjia.zhang@linux.alibaba.com Tested-by: Tianjia Zhang tianjia.zhang@linux.alibaba.com Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: GUO Zihua guozihua@huawei.com Reviewed-by: weiyang wang wangweiyang2@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- crypto/asymmetric_keys/x509_cert_parser.c | 12 +++++++++++- include/linux/oid_registry.h | 1 + lib/oid_registry.c | 24 +++++++++++++++++++++++ 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 52c9b455fc7d..1621ceaf5c95 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -459,6 +459,7 @@ int x509_extract_key_data(void *context, size_t hdrlen, const void *value, size_t vlen) { struct x509_parse_context *ctx = context; + enum OID oid;

ctx->key_algo = ctx->last_oid; switch (ctx->last_oid) { @@ -470,7 +471,16 @@ int x509_extract_key_data(void *context, size_t hdrlen, ctx->cert->pub->pkey_algo = "ecrdsa"; break; case OID_id_ecPublicKey: - ctx->cert->pub->pkey_algo = "sm2"; + if (parse_OID(ctx->params, ctx->params_size, &oid) != 0) + return -EBADMSG; + + switch (oid) { + case OID_sm2: + ctx->cert->pub->pkey_algo = "sm2"; + break; + default: + return -ENOPKG; + } break; default: return -ENOPKG; diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h index b504e2f36b25..f32d91895e4d 100644 --- a/include/linux/oid_registry.h +++ b/include/linux/oid_registry.h @@ -121,6 +121,7 @@ enum OID { };

extern enum OID look_up_OID(const void *data, size_t datasize); +extern int parse_OID(const void *data, size_t datasize, enum OID *oid); extern int sprint_oid(const void *, size_t, char *, size_t); extern int sprint_OID(enum OID, char *, size_t);

diff --git a/lib/oid_registry.c b/lib/oid_registry.c index f7ad43f28579..3dfaa836e7c5 100644 --- a/lib/oid_registry.c +++ b/lib/oid_registry.c @@ -11,6 +11,7 @@ #include <linux/kernel.h> #include <linux/errno.h> #include <linux/bug.h> +#include <linux/asn1.h> #include "oid_registry_data.c"

MODULE_DESCRIPTION("OID Registry"); @@ -92,6 +93,29 @@ enum OID look_up_OID(const void *data, size_t datasize) } EXPORT_SYMBOL_GPL(look_up_OID);

+/** + * parse_OID - Parse an OID from a bytestream + * @data: Binary representation of the header + OID + * @datasize: Size of the binary representation + * @oid: Pointer to oid to return result + * + * Parse an OID from a bytestream that holds the OID in the format + * ASN1_OID | length | oid. The length indicator must equal to datasize - 2. + * -EBADMSG is returned if the bytestream is too short. + */ +int parse_OID(const void *data, size_t datasize, enum OID *oid) +{ + const unsigned char *v = data; + + /* we need 2 bytes of header and at least 1 byte for oid */ + if (datasize < 3 || v[0] != ASN1_OID || v[1] != datasize - 2) + return -EBADMSG; + + *oid = look_up_OID(data + 2, datasize - 2); + return 0; +} +EXPORT_SYMBOL_GPL(parse_OID); + /* * sprint_OID - Print an Object Identifier into a buffer * @data: The encoded OID to print

-- 2.20.1

Zheng Zengkai

7:55 p.m.

New subject: [PATCH openEuler-5.10 4/6] mm, hwpoison: fix condition in free hugetlb page path

From: Naoya Horiguchi naoya.horiguchi@nec.com

mainline inclusion from mainline-v5.16-rc7 commit e37e7b0b3bd52ec4f8ab71b027bcec08f57f1b3b category: bugfix bugzilla: https://e.gitee.com/open_euler/issues/list?issue=I4SJ2V CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

--------------------------------

When a memory error hits a tail page of a free hugepage, __page_handle_poison() is expected to be called to isolate the error in 4kB unit, but it's not called due to the outdated if-condition in memory_failure_hugetlb(). This loses the chance to isolate the error in the finer unit, so it's not optimal. Drop the condition.

This "(p != head && TestSetPageHWPoison(head)" condition is based on the old semantics of PageHWPoison on hugepage (where PG_hwpoison flag was set on the subpage), so it's not necessray any more. By getting to set PG_hwpoison on head page for hugepages, concurrent error events on different subpages in a single hugepage can be prevented by TestSetPageHWPoison(head) at the beginning of memory_failure_hugetlb(). So dropping the condition should not reopen the race window originally mentioned in commit b985194c8c0a ("hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage")

[naoya.horiguchi@linux.dev: fix "HardwareCorrupted" counter] Link: https://lkml.kernel.org/r/20211220084851.GA1460264@u2004

Link: https://lkml.kernel.org/r/20211210110208.879740-1-naoya.horiguchi@linux.dev Signed-off-by: Naoya Horiguchi naoya.horiguchi@nec.com Reported-by: Fei Luo luofei@unicloud.com Reviewed-by: Mike Kravetz mike.kravetz@oracle.com Cc: stable@vger.kernel.org [5.14+] Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Bin Wang wangbin224@huawei.com Reviewed-by: luo chunsheng luochunsheng@huawei.com Reviewed-by: Kefeng Wang wangkefeng.wang@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- mm/memory-failure.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/mm/memory-failure.c b/mm/memory-failure.c index b7cd29a26c1b..fb74e61e5aa4 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1163,17 +1163,12 @@ static int memory_failure_hugetlb(unsigned long pfn, int flags) num_poisoned_pages_inc();

if (!(flags & MF_COUNT_INCREASED) && !get_hwpoison_page(p)) { - /* - * Check "filter hit" and "race with other subpage." - */ lock_page(head); - if (PageHWPoison(head)) { - if ((hwpoison_filter(p) && TestClearPageHWPoison(p)) - || (p != head && TestSetPageHWPoison(head))) { + if (hwpoison_filter(p)) { + if (TestClearPageHWPoison(head)) num_poisoned_pages_dec(); - unlock_page(head); - return 0; - } + unlock_page(head); + return 0; } unlock_page(head); dissolve_free_huge_page(p);

-- 2.20.1

Zheng Zengkai

7:55 p.m.

New subject: [PATCH openEuler-5.10 5/6] x86/kdump: make crash kernel boot faster

From: Bin Wang wangbin224@huawei.com

euleros inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4SJBG?from=project-issue CVE: NA

---------------------------

If other cpus offline before handle the crash NMI, the waiting_for_crash_ipi can not be decreased to 0, and current cpu will wait 1 second. So break if all other cpus offline.

Signed-off-by: Bin Wang wangbin224@huawei.com Reviewed-by: luo chunsheng luochunsheng@huawei.com Reviewed-by: Yang Jihong yangjihong1@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- arch/x86/kernel/reboot.c | 8 ++++++++ 1 file changed, 8 insertions(+)

diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c index 798a6f73f894..e50da62a67a2 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -871,6 +871,14 @@ void nmi_shootdown_cpus(nmi_shootdown_cb callback)

msecs = 1000; /* Wait at most a second for the other cpus to stop */ while ((atomic_read(&waiting_for_crash_ipi) > 0) && msecs) { + /* + * If other cpus offline before handle the crash NMI, the + * waiting_for_crash_ipi can not be decreased to 0, and + * current cpu will wait 1 second. So break if all other + * cpus offline. + */ + if (num_online_cpus() == 1) + break; mdelay(1); msecs--; }

-- 2.20.1

Zheng Zengkai

7:55 p.m.

New subject: [PATCH openEuler-5.10 6/6] rcu: Make TASKS_TRACE_RCU select IRQ_WORK

From: "Paul E. McKenney" paulmck@kernel.org

mainline inclusion from mainline-v5.12-rc1 commit c26165efac41bce0c7764262b21f5897e771f34f category: bugfix bugzilla: https://e.gitee.com/open_euler/issues/list?issue=I4SV19 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

-------------------------------------------------------------------------

Tasks Trace RCU uses irq_work_queue() to safely awaken its grace-period kthread, so this commit therefore causes the TASKS_TRACE_RCU Kconfig option select the IRQ_WORK Kconfig option.

Reported-by: kernel test robot lkp@intel.com Acked-by: Randy Dunlap rdunlap@infradead.org # build-tested Signed-off-by: Paul E. McKenney paulmck@kernel.org Signed-off-by: Zhen Lei thunder.leizhen@huawei.com Reviewed-by: Hanjun Guo guohanjun@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- kernel/rcu/Kconfig | 1 + 1 file changed, 1 insertion(+)

diff --git a/kernel/rcu/Kconfig b/kernel/rcu/Kconfig index b71e21f73c40..84dfa8dae1b2 100644 --- a/kernel/rcu/Kconfig +++ b/kernel/rcu/Kconfig @@ -95,6 +95,7 @@ config TASKS_RUDE_RCU

config TASKS_TRACE_RCU def_bool 0 + select IRQ_WORK help This option enables a task-based RCU implementation that uses explicit rcu_read_lock_trace() read-side markers, and allows

-- 2.20.1

1016

Age (days ago)

1016

Last active (days ago)

kernel@openeuler.org

5 comments

1 participants

tags (0)

participants (1)

Zheng Zengkai