Open Build Service

_service:tar_scm_kernel_repo:kernel.spec Changed

@@ -12,7 +12,7 @@
 
 %global KernelVer %{version}-%{release}.%{_target_cpu}
 
-%global hulkrelease 2401.5.0
+%global hulkrelease 2402.1.0
 
 %define with_patch 0
 
@@ -32,7 +32,7 @@
 
 Name:	 kernel
 Version: 4.19.90
-Release: %{hulkrelease}.0236
+Release: %{hulkrelease}.0237
 Summary: Linux Kernel
 License: GPLv2
 URL:	 http://www.kernel.org/
@@ -809,6 +809,38 @@
 
 %changelog
 
+* Tue Jan 30 2024 Zhang Changzhong <zhangchangzhong@huawei.com> - 4.19.90-2402.1.0.0237
+- !4277  fs:/dcache.c: fix negative dentry limit not complete problem
+- !4288  net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
+- !4299  smb: client: fix NULL deref in asn1_ber_decoder()
+- smb: client: fix NULL deref in asn1_ber_decoder()
+- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
+- !4228  fix spinlock already unlocked in inet_csk_reqsk_queue_add' bug
+- fs:/dcache.c: fix negative dentry limit not complete problem
+- !4235  nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
+- !4255  drm/amdgpu: Fix potential fence use-after-free v2
+- !4209  dhugetlb: skip unexpected migration
+- drm/amdgpu: Fix potential fence use-after-free v2
+- !4231  crypto: hisilicon/qm - drop unnecessary IS_ENABLE(CONFIG_NUMA) check
+- nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
+- crypto: hisilicon/qm - drop unnecessary IS_ENABLE(CONFIG_NUMA) check
+- ipv6: init the accept_queue's spinlocks in inet6_create
+- tcp: make sure init the accept_queue's spinlocks once
+- !4212  netlink: fix potential sleeping issue in mqueue_flush_file
+- netlink: fix potential sleeping issue in mqueue_flush_file
+- dhugetlb: skip unexpected migration
+- dhugetlb: introduce page_belong_to_dynamic_hugetlb() function
+- !3944  time: Handle negative seconds correctly in timespec64_to_ns()
+- !3943  timerqueue: Use rb_entry_safe() in timerqueue_getnext()
+- !3942  efi/x86: Map the entire EFI vendor string before copying it
+- !4166  sched/fair: Fix qos_timer deadlock when cpuhp offline
+- sched/fair: Fix qos_timer deadlock when cpuhp offline
+- !4137  sctp: fix potential deadlock on &net->sctp.addr_wq_lock
+- sctp: fix potential deadlock on &net->sctp.addr_wq_lock
+- time: Handle negative seconds correctly in timespec64_to_ns()
+- timerqueue: Use rb_entry_safe() in timerqueue_getnext()
+- efi/x86: Map the entire EFI vendor string before copying it
+
 * Tue Jan 23 2024 Zhang Changzhong <zhangchangzhong@huawei.com> - 4.19.90-2401.5.0.0236
 - !4101  netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
 - !2954 spi: phytium: fix phytium_spi_irq panic on boot

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/arch/x86/platform/efi/efi.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/drivers/crypto/hisilicon/qm.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/fs/cifs/smb2misc.c Changed

@@ -302,6 +302,9 @@
 char *
 smb2_get_data_area_len(int *off, int *len, struct smb2_sync_hdr *shdr)
 {
+	const int max_off = 4096;
+	const int max_len = 128 * 1024;
+
 	*off = 0;
 	*len = 0;
 
@@ -369,29 +372,20 @@
 	 * Invalid length or offset probably means data area is invalid, but
 	 * we have little choice but to ignore the data area in this case.
 	 */
-	if (*off > 4096) {
-		cifs_dbg(VFS, "offset %d too large, data area ignored\n", *off);
-		*len = 0;
-		*off = 0;
-	} else if (*off < 0) {
-		cifs_dbg(VFS, "negative offset %d to data invalid ignore data area\n",
-			 *off);
+	if (unlikely(*off < 0 || *off > max_off ||
+		     *len < 0 || *len > max_len)) {
+		cifs_dbg(VFS, "%s: invalid data area (off=%d len=%d)\n",
+			 __func__, *off, *len);
 		*off = 0;
 		*len = 0;
-	} else if (*len < 0) {
-		cifs_dbg(VFS, "negative data length %d invalid, data area ignored\n",
-			 *len);
-		*len = 0;
-	} else if (*len > 128 * 1024) {
-		cifs_dbg(VFS, "data area larger than 128K: %d\n", *len);
+	} else if (*off == 0) {
 		*len = 0;
 	}
 
 	/* return pointer to beginning of data area, ie offset from SMB start */
-	if ((*off != 0) && (*len != 0))
+	if (*off > 0 && *len > 0)
 		return (char *)shdr + *off;
-	else
-		return NULL;
+	return NULL;
 }
 
 /*

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/fs/dcache.c Changed

@@ -636,10 +636,36 @@
 	return __lock_parent(dentry);
 }
 
-static inline bool retain_dentry(struct dentry *dentry)
+/*
+ * Return true if dentry is negative and exceed negative dentry limit.
+ */
+static inline bool limit_negative_dentry(struct dentry *dentry)
 {
 	struct dentry *parent;
 
+	parent = dentry->d_parent;
+	if (unlikely(!parent))
+		return false;
+
+	WARN_ON((atomic_read(&parent->d_neg_dnum) < 0));
+	if (!dentry->d_inode) {
+		if (!(dentry->d_flags & DCACHE_NEGATIVE_ACCOUNT)) {
+			unsigned int flags = READ_ONCE(dentry->d_flags);
+
+			flags |= DCACHE_NEGATIVE_ACCOUNT;
+			WRITE_ONCE(dentry->d_flags, flags);
+			atomic_inc(&parent->d_neg_dnum);
+		}
+
+		if (atomic_read(&parent->d_neg_dnum) >= NEG_DENTRY_LIMIT)
+			return true;
+	}
+
+	return false;
+}
+
+static inline bool retain_dentry(struct dentry *dentry)
+{
 	WARN_ON(d_in_lookup(dentry));
 
 	/* Unreachable? Get rid of it */
@@ -654,27 +680,9 @@
 			return false;
 	}
 
-	if (unlikely(!dentry->d_parent))
-		goto noparent;
-
-	parent = dentry->d_parent;
-	/* Return false if it's negative */
-	WARN_ON((atomic_read(&parent->d_neg_dnum) < 0));
-	if (!dentry->d_inode) {
-		if (!(dentry->d_flags & DCACHE_NEGATIVE_ACCOUNT)) {
-			unsigned flags = READ_ONCE(dentry->d_flags);
-
-			flags |= DCACHE_NEGATIVE_ACCOUNT;
-			WRITE_ONCE(dentry->d_flags, flags);
-			atomic_inc(&parent->d_neg_dnum);
-		}
-	}
-
-	if (!dentry->d_inode &&
-	    atomic_read(&parent->d_neg_dnum) >= NEG_DENTRY_LIMIT)
+	if (unlikely(limit_negative_dentry(dentry)))
 		return false;
 
-noparent:
 	/* retain; LRU fodder */
 	dentry->d_lockref.count--;
 	if (unlikely(!(dentry->d_flags & DCACHE_LRU_LIST)))
@@ -808,8 +816,25 @@
 	d_flags &= DCACHE_REFERENCED | DCACHE_LRU_LIST | DCACHE_DISCONNECTED;
 
 	/* Nothing to do? Dropping the reference was all we needed? */
-	if (d_flags == (DCACHE_REFERENCED | DCACHE_LRU_LIST) && !d_unhashed(dentry))
-		return true;
+	if (d_flags == (DCACHE_REFERENCED | DCACHE_LRU_LIST) && !d_unhashed(dentry)) {
+		/*
+		 * If the dentry is not negative dentry, return true directly,
+		 * avoid holding dentry lock in the fast put path.
+		 */
+		if (dentry->d_inode)
+			return true;
+		/*
+		 * If dentry is negative and need to be limitted, it maybe need
+		 * to be killed, so shouldn't fast put and retain in memory.
+		 */
+		spin_lock(&dentry->d_lock);
+		if (likely(!limit_negative_dentry(dentry))) {
+			spin_unlock(&dentry->d_lock);
+			return true;
+		}
+
+		goto dentry_locked;
+	}
 
 	/*
 	 * Not the fast normal case? Get the lock. We've already decremented
@@ -818,6 +843,7 @@
 	 */
 	spin_lock(&dentry->d_lock);
 
+dentry_locked:
 	/*
 	 * Did somebody else grab a reference to it in the meantime, and
 	 * we're no longer the last user after all? Alternatively, somebody

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/include/linux/hugetlb.h Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/include/linux/migrate.h Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/include/linux/time64.h Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/include/linux/timerqueue.h Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/include/net/inet_connection_sock.h Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/kernel/sched/fair.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/mm/compaction.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/mm/hugetlb.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/mm/mempolicy.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/mm/migrate.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/mm/page_isolation.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/core/request_sock.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/ipv4/af_inet.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/ipv4/inet_connection_sock.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/ipv6/af_inet6.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/netlink/af_netlink.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/nfc/nci/spi.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/rds/af_rds.c Changed

_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/sctp/socket.c Changed

_service:tar_scm_kernel_repo:SOURCE Changed

Changes of Revision 349