Projects
openEuler:20.03:LTS:SP1
kernel
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 349
View file
_service:tar_scm_kernel_repo:kernel.spec
Changed
@@ -12,7 +12,7 @@ %global KernelVer %{version}-%{release}.%{_target_cpu} -%global hulkrelease 2401.5.0 +%global hulkrelease 2402.1.0 %define with_patch 0 @@ -32,7 +32,7 @@ Name: kernel Version: 4.19.90 -Release: %{hulkrelease}.0236 +Release: %{hulkrelease}.0237 Summary: Linux Kernel License: GPLv2 URL: http://www.kernel.org/ @@ -809,6 +809,38 @@ %changelog +* Tue Jan 30 2024 Zhang Changzhong <zhangchangzhong@huawei.com> - 4.19.90-2402.1.0.0237 +- !4277 fs:/dcache.c: fix negative dentry limit not complete problem +- !4288 net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv +- !4299 smb: client: fix NULL deref in asn1_ber_decoder() +- smb: client: fix NULL deref in asn1_ber_decoder() +- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv +- !4228 fix spinlock already unlocked in inet_csk_reqsk_queue_add' bug +- fs:/dcache.c: fix negative dentry limit not complete problem +- !4235 nfc: nci: fix possible NULL pointer dereference in send_acknowledge() +- !4255 drm/amdgpu: Fix potential fence use-after-free v2 +- !4209 dhugetlb: skip unexpected migration +- drm/amdgpu: Fix potential fence use-after-free v2 +- !4231 crypto: hisilicon/qm - drop unnecessary IS_ENABLE(CONFIG_NUMA) check +- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() +- crypto: hisilicon/qm - drop unnecessary IS_ENABLE(CONFIG_NUMA) check +- ipv6: init the accept_queue's spinlocks in inet6_create +- tcp: make sure init the accept_queue's spinlocks once +- !4212 netlink: fix potential sleeping issue in mqueue_flush_file +- netlink: fix potential sleeping issue in mqueue_flush_file +- dhugetlb: skip unexpected migration +- dhugetlb: introduce page_belong_to_dynamic_hugetlb() function +- !3944 time: Handle negative seconds correctly in timespec64_to_ns() +- !3943 timerqueue: Use rb_entry_safe() in timerqueue_getnext() +- !3942 efi/x86: Map the entire EFI vendor string before copying it +- !4166 sched/fair: Fix qos_timer deadlock when cpuhp offline +- sched/fair: Fix qos_timer deadlock when cpuhp offline +- !4137 sctp: fix potential deadlock on &net->sctp.addr_wq_lock +- sctp: fix potential deadlock on &net->sctp.addr_wq_lock +- time: Handle negative seconds correctly in timespec64_to_ns() +- timerqueue: Use rb_entry_safe() in timerqueue_getnext() +- efi/x86: Map the entire EFI vendor string before copying it + * Tue Jan 23 2024 Zhang Changzhong <zhangchangzhong@huawei.com> - 4.19.90-2401.5.0.0236 - !4101 netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() - !2954 spi: phytium: fix phytium_spi_irq panic on boot
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/arch/x86/platform/efi/efi.c
Changed
@@ -446,7 +446,6 @@ efi_char16_t *c16; char vendor[100] = "unknown"; int i = 0; - void *tmp; #ifdef CONFIG_X86_32 if (boot_params.efi_info.efi_systab_hi || @@ -471,14 +470,16 @@ /* * Show what we know for posterity */ - c16 = tmp = early_memremap(efi.systab->fw_vendor, 2); + c16 = early_memremap_ro(efi.systab->fw_vendor, + sizeof(vendor) * sizeof(efi_char16_t)); if (c16) { - for (i = 0; i < sizeof(vendor) - 1 && *c16; ++i) - vendor[i] = *c16++; + for (i = 0; i < sizeof(vendor) - 1 && c16[i]; ++i) + vendor[i] = c16[i]; vendor[i] = '\0'; - } else + early_memunmap(c16, sizeof(vendor) * sizeof(efi_char16_t)); + } else { pr_err("Could not map the firmware vendor!\n"); - early_memunmap(tmp, 2); + } pr_info("EFI v%u.%.02u by %s\n", efi.systab->hdr.revision >> 16,
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/drivers/crypto/hisilicon/qm.c
Changed
@@ -3503,16 +3503,14 @@ struct hisi_qm *qm; struct list_head *n; struct device *dev; - int dev_node = 0; + int dev_node; list_for_each_entry(qm, &qm_list->list, list) { dev = &qm->pdev->dev; - if (IS_ENABLED(CONFIG_NUMA)) { - dev_node = dev->numa_node; - if (dev_node < 0) - dev_node = 0; - } + dev_node = dev_to_node(dev); + if (dev_node < 0) + dev_node = 0; if (qm_list->check && !qm_list->check(qm)) continue;
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
Changed
@@ -1501,15 +1501,15 @@ continue; r = dma_fence_wait_timeout(fence, true, timeout); + if (r > 0 && fence->error) + r = fence->error; + dma_fence_put(fence); if (r < 0) return r; if (r == 0) break; - - if (fence->error) - return fence->error; } memset(wait, 0, sizeof(*wait));
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/fs/cifs/smb2misc.c
Changed
@@ -302,6 +302,9 @@ char * smb2_get_data_area_len(int *off, int *len, struct smb2_sync_hdr *shdr) { + const int max_off = 4096; + const int max_len = 128 * 1024; + *off = 0; *len = 0; @@ -369,29 +372,20 @@ * Invalid length or offset probably means data area is invalid, but * we have little choice but to ignore the data area in this case. */ - if (*off > 4096) { - cifs_dbg(VFS, "offset %d too large, data area ignored\n", *off); - *len = 0; - *off = 0; - } else if (*off < 0) { - cifs_dbg(VFS, "negative offset %d to data invalid ignore data area\n", - *off); + if (unlikely(*off < 0 || *off > max_off || + *len < 0 || *len > max_len)) { + cifs_dbg(VFS, "%s: invalid data area (off=%d len=%d)\n", + __func__, *off, *len); *off = 0; *len = 0; - } else if (*len < 0) { - cifs_dbg(VFS, "negative data length %d invalid, data area ignored\n", - *len); - *len = 0; - } else if (*len > 128 * 1024) { - cifs_dbg(VFS, "data area larger than 128K: %d\n", *len); + } else if (*off == 0) { *len = 0; } /* return pointer to beginning of data area, ie offset from SMB start */ - if ((*off != 0) && (*len != 0)) + if (*off > 0 && *len > 0) return (char *)shdr + *off; - else - return NULL; + return NULL; } /*
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/fs/dcache.c
Changed
@@ -636,10 +636,36 @@ return __lock_parent(dentry); } -static inline bool retain_dentry(struct dentry *dentry) +/* + * Return true if dentry is negative and exceed negative dentry limit. + */ +static inline bool limit_negative_dentry(struct dentry *dentry) { struct dentry *parent; + parent = dentry->d_parent; + if (unlikely(!parent)) + return false; + + WARN_ON((atomic_read(&parent->d_neg_dnum) < 0)); + if (!dentry->d_inode) { + if (!(dentry->d_flags & DCACHE_NEGATIVE_ACCOUNT)) { + unsigned int flags = READ_ONCE(dentry->d_flags); + + flags |= DCACHE_NEGATIVE_ACCOUNT; + WRITE_ONCE(dentry->d_flags, flags); + atomic_inc(&parent->d_neg_dnum); + } + + if (atomic_read(&parent->d_neg_dnum) >= NEG_DENTRY_LIMIT) + return true; + } + + return false; +} + +static inline bool retain_dentry(struct dentry *dentry) +{ WARN_ON(d_in_lookup(dentry)); /* Unreachable? Get rid of it */ @@ -654,27 +680,9 @@ return false; } - if (unlikely(!dentry->d_parent)) - goto noparent; - - parent = dentry->d_parent; - /* Return false if it's negative */ - WARN_ON((atomic_read(&parent->d_neg_dnum) < 0)); - if (!dentry->d_inode) { - if (!(dentry->d_flags & DCACHE_NEGATIVE_ACCOUNT)) { - unsigned flags = READ_ONCE(dentry->d_flags); - - flags |= DCACHE_NEGATIVE_ACCOUNT; - WRITE_ONCE(dentry->d_flags, flags); - atomic_inc(&parent->d_neg_dnum); - } - } - - if (!dentry->d_inode && - atomic_read(&parent->d_neg_dnum) >= NEG_DENTRY_LIMIT) + if (unlikely(limit_negative_dentry(dentry))) return false; -noparent: /* retain; LRU fodder */ dentry->d_lockref.count--; if (unlikely(!(dentry->d_flags & DCACHE_LRU_LIST))) @@ -808,8 +816,25 @@ d_flags &= DCACHE_REFERENCED | DCACHE_LRU_LIST | DCACHE_DISCONNECTED; /* Nothing to do? Dropping the reference was all we needed? */ - if (d_flags == (DCACHE_REFERENCED | DCACHE_LRU_LIST) && !d_unhashed(dentry)) - return true; + if (d_flags == (DCACHE_REFERENCED | DCACHE_LRU_LIST) && !d_unhashed(dentry)) { + /* + * If the dentry is not negative dentry, return true directly, + * avoid holding dentry lock in the fast put path. + */ + if (dentry->d_inode) + return true; + /* + * If dentry is negative and need to be limitted, it maybe need + * to be killed, so shouldn't fast put and retain in memory. + */ + spin_lock(&dentry->d_lock); + if (likely(!limit_negative_dentry(dentry))) { + spin_unlock(&dentry->d_lock); + return true; + } + + goto dentry_locked; + } /* * Not the fast normal case? Get the lock. We've already decremented @@ -818,6 +843,7 @@ */ spin_lock(&dentry->d_lock); +dentry_locked: /* * Did somebody else grab a reference to it in the meantime, and * we're no longer the last user after all? Alternatively, somebody
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/include/linux/hugetlb.h
Changed
@@ -745,6 +745,7 @@ struct small_page_pool *smpool); void dhugetlb_reserve_hugepages(struct dhugetlb_pool *hpool, unsigned long count, bool gigantic); +bool page_belong_to_dynamic_hugetlb(struct page *page); #else #define enable_dhugetlb 0 #define dhugetlb_enabled 0 @@ -760,6 +761,10 @@ return NULL; } static inline void dhugetlb_pool_put(struct dhugetlb_pool *hpool) { return; } +static inline bool page_belong_to_dynamic_hugetlb(struct page *page) +{ + return false; +} #endif /* CONFIG_DYNAMIC_HUGETLB */ static inline spinlock_t *huge_pte_lock(struct hstate *h,
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/include/linux/migrate.h
Changed
@@ -38,9 +38,13 @@ unsigned int order = 0; struct page *new_page = NULL; - if (PageHuge(page)) + if (PageHuge(page)) { + if (page_belong_to_dynamic_hugetlb(page)) + return NULL; + return alloc_huge_page_nodemask(page_hstate(compound_head(page)), preferred_nid, nodemask); + } if (PageTransHuge(page)) { gfp_mask |= GFP_TRANSHUGE;
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/include/linux/time64.h
Changed
@@ -39,7 +39,9 @@ /* Located here for timespec[64]_valid_strict */ #define TIME64_MAX ((s64)~((u64)1 << 63)) #define KTIME_MAX ((s64)~((u64)1 << 63)) +#define KTIME_MIN (-KTIME_MAX - 1) #define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC) +#define KTIME_SEC_MIN (KTIME_MIN / NSEC_PER_SEC) /* * Limits for settimeofday(): @@ -140,10 +142,13 @@ */ static inline s64 timespec64_to_ns(const struct timespec64 *ts) { - /* Prevent multiplication overflow */ - if ((unsigned long long)ts->tv_sec >= KTIME_SEC_MAX) + /* Prevent multiplication overflow / underflow */ + if (ts->tv_sec >= KTIME_SEC_MAX) return KTIME_MAX; + if (ts->tv_sec <= KTIME_SEC_MIN) + return KTIME_MIN; + return ((s64) ts->tv_sec * NSEC_PER_SEC) + ts->tv_nsec; }
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/include/linux/timerqueue.h
Changed
@@ -40,7 +40,7 @@ { struct rb_node *leftmost = rb_first_cached(&head->rb_root); - return rb_entry(leftmost, struct timerqueue_node, node); + return rb_entry_safe(leftmost, struct timerqueue_node, node); } static inline void timerqueue_init(struct timerqueue_node *node)
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/include/net/inet_connection_sock.h
Changed
@@ -318,4 +318,13 @@ struct sock *sk); struct dst_entry *inet_csk_update_pmtu(struct sock *sk, u32 mtu); + +static inline void inet_init_csk_locks(struct sock *sk) +{ + struct inet_connection_sock *icsk = inet_csk(sk); + + spin_lock_init(&icsk->icsk_accept_queue.rskq_lock); + spin_lock_init(&icsk->icsk_accept_queue.fastopenq.lock); +} + #endif /* _INET_CONNECTION_SOCK_H */
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/kernel/sched/fair.c
Changed
@@ -116,7 +116,7 @@ static DEFINE_PER_CPU(int, qos_cpu_overload); unsigned int sysctl_overload_detect_period = 5000; /* in ms */ unsigned int sysctl_offline_wait_interval = 100; /* in ms */ -static int unthrottle_qos_cfs_rqs(int cpu); +static int __unthrottle_qos_cfs_rqs(int cpu); #endif #ifdef CONFIG_CFS_BANDWIDTH @@ -5218,7 +5218,7 @@ lockdep_assert_held(&rq->lock); #ifdef CONFIG_QOS_SCHED - unthrottle_qos_cfs_rqs(cpu_of(rq)); + __unthrottle_qos_cfs_rqs(cpu_of(rq)); #endif rcu_read_lock();
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/mm/compaction.c
Changed
@@ -1271,6 +1271,9 @@ if (!page) continue; + if (page_belong_to_dynamic_hugetlb(page)) + continue; + /* If isolation recently failed, do not retry */ if (!isolation_suitable(cc, page)) continue;
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/mm/hugetlb.c
Changed
@@ -1762,7 +1762,6 @@ int dissolve_free_huge_page(struct page *page) { int rc = -EBUSY; - struct dhugetlb_pool *hpool; retry: /* Not to disrupt normal path by vainly holding hugetlb_lock */ @@ -1770,11 +1769,8 @@ return 0; /* Skip dissolve hugepage for dynamic hugetlb */ - hpool = get_dhugetlb_pool_from_dhugetlb_pagelist(page); - if (hpool) { - dhugetlb_pool_put(hpool); + if (page_belong_to_dynamic_hugetlb(page)) return -EBUSY; - } spin_lock(&hugetlb_lock); if (!PageHuge(page)) { @@ -4210,6 +4206,16 @@ return ret; } + +bool page_belong_to_dynamic_hugetlb(struct page *page) +{ + struct dhugetlb_pool *hpool; + + hpool = get_dhugetlb_pool_from_dhugetlb_pagelist(page); + dhugetlb_pool_put(hpool); + + return !!hpool; +} #else static int dhugetlb_acct_memory(struct hstate *h, long delta, struct dhugetlb_pool *hpool)
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/mm/mempolicy.c
Changed
@@ -1040,10 +1040,13 @@ /* page allocation callback for NUMA node migration */ struct page *alloc_new_node_page(struct page *page, unsigned long node) { - if (PageHuge(page)) + if (PageHuge(page)) { + if (page_belong_to_dynamic_hugetlb(page)) + return NULL; + return alloc_huge_page_node(page_hstate(compound_head(page)), node); - else if (PageTransHuge(page)) { + } else if (PageTransHuge(page)) { struct page *thp; thp = alloc_pages_node(node, @@ -1217,6 +1220,9 @@ } if (PageHuge(page)) { + if (page_belong_to_dynamic_hugetlb(page)) + return NULL; + return alloc_huge_page_vma(page_hstate(compound_head(page)), vma, address); } else if (PageTransHuge(page)) {
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/mm/migrate.c
Changed
@@ -1907,6 +1907,9 @@ if (!migrate_balanced_pgdat(pgdat, 1UL << compound_order(page))) return 0; + if (page_belong_to_dynamic_hugetlb(page)) + return 0; + if (isolate_lru_page(page)) return 0;
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/mm/page_isolation.c
Changed
@@ -220,7 +220,8 @@ pfn += pageblock_nr_pages) { page = __first_valid_page(pfn, pageblock_nr_pages); if (page) { - if (set_migratetype_isolate(page, migratetype, flags)) { + if (page_belong_to_dynamic_hugetlb(page) || + set_migratetype_isolate(page, migratetype, flags)) { undo_pfn = pfn; goto undo; }
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/core/request_sock.c
Changed
@@ -37,9 +37,6 @@ void reqsk_queue_alloc(struct request_sock_queue *queue) { - spin_lock_init(&queue->rskq_lock); - - spin_lock_init(&queue->fastopenq.lock); queue->fastopenq.rskq_rst_head = NULL; queue->fastopenq.rskq_rst_tail = NULL; queue->fastopenq.qlen = 0;
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/ipv4/af_inet.c
Changed
@@ -326,6 +326,9 @@ if (INET_PROTOSW_REUSE & answer_flags) sk->sk_reuse = SK_CAN_REUSE; + if (INET_PROTOSW_ICSK & answer_flags) + inet_init_csk_locks(sk); + inet = inet_sk(sk); inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) != 0;
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/ipv4/inet_connection_sock.c
Changed
@@ -524,6 +524,10 @@ } if (req) reqsk_put(req); + + if (newsk) + inet_init_csk_locks(newsk); + return newsk; out_err: newsk = NULL;
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/ipv6/af_inet6.c
Changed
@@ -197,6 +197,9 @@ if (INET_PROTOSW_REUSE & answer_flags) sk->sk_reuse = SK_CAN_REUSE; + if (INET_PROTOSW_ICSK & answer_flags) + inet_init_csk_locks(sk); + inet = inet_sk(sk); inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) != 0;
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/netlink/af_netlink.c
Changed
@@ -374,7 +374,7 @@ if (is_vmalloc_addr(skb->head)) { if (!skb->cloned || !atomic_dec_return(&(skb_shinfo(skb)->dataref))) - vfree(skb->head); + vfree_atomic(skb->head); skb->head = NULL; }
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/nfc/nci/spi.c
Changed
@@ -163,6 +163,8 @@ int ret; skb = nci_skb_alloc(nspi->ndev, 0, GFP_KERNEL); + if (!skb) + return -ENOMEM; /* add the NCI SPI header to the start of the buffer */ hdr = skb_push(skb, NCI_SPI_HDR_LEN);
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/rds/af_rds.c
Changed
@@ -385,7 +385,7 @@ rs->rs_rx_traces = trace.rx_traces; for (i = 0; i < rs->rs_rx_traces; i++) { - if (trace.rx_trace_pos[i] > RDS_MSG_RX_DGRAM_TRACE_MAX) { + if (trace.rx_trace_pos[i] >= RDS_MSG_RX_DGRAM_TRACE_MAX) { rs->rs_rx_traces = 0; return -EFAULT; }
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/sctp/socket.c
Changed
@@ -380,9 +380,9 @@ struct net *net = sock_net(&sp->inet.sk); if (net->sctp.default_auto_asconf) { - spin_lock(&net->sctp.addr_wq_lock); + spin_lock_bh(&net->sctp.addr_wq_lock); list_add_tail(&sp->auto_asconf_list, &net->sctp.auto_asconf_splist); - spin_unlock(&net->sctp.addr_wq_lock); + spin_unlock_bh(&net->sctp.addr_wq_lock); sp->do_auto_asconf = 1; } }
View file
_service:tar_scm_kernel_repo:SOURCE
Changed
@@ -1 +1 @@ -4.19.90-2401.5.0 +4.19.90-2402.1.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.