Commits · 76704c53c51042eebeb76feced0e48419ac9c2f9 · Summer2022 / 22b970497

May 24, 2021

irqchip/git-v3-its: Implement irq_retrigger callback for device-triggered LPIs · 76704c53

Marc Zyngier authored 3 years ago


mainline inclusion
from mainline-5.10
commit 5f774f5e
category: bugfix
bugzilla: NA
CVE: NA

-------------------------------------------------

It is pretty easy to provide a retrigger callback for the ITS,
as it we already have the required support in terms of
irq_set_irqchip_state().

Note that this only works for device-generated LPIs, and not
the GICv4 doorbells, which should never have to be retriggered
anyway.

Reviewed-by: Valentin Schneider <valentin.schneider@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Liao Chang <liaochang1@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

76704c53

irqchip/gic-v2, v3: Implement irq_chip->irq_retrigger() · 25a66234

Valentin Schneider authored 3 years ago


mainline inclusion
from mainline-5.10
commit 17f644e9
category: bugfix
bugzilla: NA
CVE: NA

-------------------------------------------------

While digging around IRQCHIP_EOI_IF_HANDLED and irq/resend.c, it has come
to my attention that the IRQ resend situation seems a bit precarious for
the GIC(s).

When marking an IRQ with IRQS_PENDING, handle_fasteoi_irq() will bail out
and issue an irq_eoi(). Should the IRQ in question be re-enabled,
check_irq_resend() will trigger a SW resend, which will go through the flow
handler again and issue *another* irq_eoi() on the *same* IRQ
activation. This is something the GIC spec clearly describes as a bad idea:
any EOI must match a previous ACK.

Implement irq_chip.irq_retrigger() for the GIC chips by setting the GIC
pending bit of the relevant IRQ. After being called by check_irq_resend(),
this will eventually trigger a *new* interrupt which we will handle as usual.

Signed-off-by: Valentin Schneider <valentin.schneider@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20200730170321.31228-2-valentin.schneider@arm.com


Signed-off-by: Liao Chang <liaochang1@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

25a66234

genirq: Walk the irq_data hierarchy when resending an interrupt · 5fa78216

Marc Zyngier authored 3 years ago


mainline inclusion
from mainline-5.10
commit cd1752d3
category: bugfix
bugzilla: NA
CVE: NA

-------------------------------------------------

On resending an interrupt, we only check the outermost irqchip for
a irq_retrigger callback. However, this callback could be implemented
at an inner level. Use irq_chip_retrigger_hierarchy() in this case.

Reviewed-by: Valentin Schneider <valentin.schneider@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Liao Chang <liaochang1@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

5fa78216

genirq: Add protection against unsafe usage of generic_handle_irq() · d6b5fc6d

Thomas Gleixner authored 3 years ago


mainline inclusion
from mainline-5.7
commit c16816ac
category: bugfix
bugzilla: NA
CVE: NA

-------------------------------------------------

In general calling generic_handle_irq() with interrupts disabled from non
interrupt context is harmless. For some interrupt controllers like the x86
trainwrecks this is outright dangerous as it might corrupt state if an
interrupt affinity change is pending.

Add infrastructure which allows to mark interrupts as unsafe and catch such
usage in generic_handle_irq().

Reported-by:  <sathyanarayanan.kuppuswamy@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Marc Zyngier <maz@kernel.org>
Link: https://lkml.kernel.org/r/20200306130623.590923677@linutronix.de


Signed-off-by: Liao Chang <liaochang1@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

d6b5fc6d

jbd2: don't abort the journal when freeing buffers · b8ac39c4

Zhang Yi authored 3 years ago


hulk inclusion
category: bugfix
bugzilla: 50788
CVE: NA
---------------------------

Now that we can be sure the journal is aborted once a buffer has failed
to be written back to disk, we can remove the journal abort logic in
jbd2_journal_try_to_free_buffers() which was introduced in c044f3d8
("jbd2: abort journal if free a async write error metadata buffer"),
because it may cost and propably is not safe.

Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Reviewed-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

4.19.90-2105.3.0

b8ac39c4

jbd2: ensure abort the journal if detect IO error when writing original buffer back · 72c9e4df

Zhang Yi authored 3 years ago


hulk inclusion
category: bugfix
bugzilla: 50788
CVE: NA
---------------------------

Although we merged c044f3d8 ("jbd2: abort journal if free a async
write error metadata buffer"), there is a race between
jbd2_journal_try_to_free_buffers() and jbd2_journal_destroy(), so the
jbd2_log_do_checkpoint() may still fail to detect the buffer write
io error flag which may lead to filesystem inconsistency.

jbd2_journal_try_to_free_buffers()     ext4_put_super()
                                        jbd2_journal_destroy()
  __jbd2_journal_remove_checkpoint()
  detect buffer write error              jbd2_log_do_checkpoint()
                                         jbd2_cleanup_journal_tail()
                                           <--- lead to inconsistency
  jbd2_journal_abort()

Fix this issue by introducing a new atomic flag which only have one
JBD2_CHECKPOINT_IO_ERROR bit now, and set it in
__jbd2_journal_remove_checkpoint() when freeing a checkpoint buffer
which has write_io_error flag. Then jbd2_journal_destroy() will detect
this mark and abort the journal to prevent updating log tail.

Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Reviewed-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

72c9e4df

jbd2: remove the out label in __jbd2_journal_remove_checkpoint() · 4561b9ac

Zhang Yi authored 3 years ago


hulk inclusion
category: bugfix
bugzilla: 50788
CVE: NA
---------------------------

The 'out' lable just return the 'ret' value and seems not required, so
remove this label and switch to return appropriate value immediately.
This patch also do some minor cleanup, no logical change.

Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

4561b9ac

May 22, 2021

x86/unwind/orc: Remove boot-time ORC unwind tables sorting · badd79c4

Shile Zhang authored 3 years ago


mainline inclusion
from mainline-v5.6-rc1
commit f14bf6a3
category: feature
bugzilla: NA
CVE: NA

-------------------------------------------------

Now that the orc_unwind and orc_unwind_ip tables are sorted at build time,
remove the boot time sorting pass.

No change in functionality.

[ mingo: Rewrote the changelog and code comments. ]

Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: linux-kbuild@vger.kernel.org
Link: https://lkml.kernel.org/r/20191204004633.88660-8-shile.zhang@linux.alibaba.com


Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Jian Cheng <cj.chengjian@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

badd79c4

scripts/sorttable: Implement build-time ORC unwind table sorting · 2f25dcd2

Shile Zhang authored 3 years ago


mainline inclusion
from mainline-v5.6-rc1
commit 57fa1899
category: feature
bugzilla: NA
CVE: NA

-------------------------------------------------

The ORC unwinder has two tables: .orc_unwind_ip and .orc_unwind, which
need to be sorted for binary search. Previously this sorting was done
during bootup.

Sort them at build time to speed up booting.

Add the ORC tables sorting in a parallel build process to speed up the build.

[ mingo: Rewrote the changelog and fixed some comments. ]

Suggested-by: Andy Lutomirski <luto@amacapital.net>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: linux-kbuild@vger.kernel.org
Link: https://lkml.kernel.org/r/20191204004633.88660-7-shile.zhang@linux.alibaba.com


Signed-off-by: Ingo Molnar <mingo@kernel.org>
Conflicts:
  scripts/Makefile
[yyl: use orc_types.h in tools/objtool/arch/x86/include]
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Jian Cheng <cj.chengjian@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

2f25dcd2

scripts/sorttable: Rename 'sortextable' to 'sorttable' · a3c5259d

Shile Zhang authored 3 years ago


mainline inclusion
from mainline-v5.6-rc1
commit 10916706
category: feature
bugzilla: NA
CVE: NA

-------------------------------------------------

Use a more generic name for additional table sorting usecases,
such as the upcoming ORC table sorting feature. This tool is
not tied to exception table sorting anymore.

No functional changes intended.

[ mingo: Rewrote the changelog. ]

Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: linux-kbuild@vger.kernel.org
Link: https://lkml.kernel.org/r/20191204004633.88660-6-shile.zhang@linux.alibaba.com


Signed-off-by: Ingo Molnar <mingo@kernel.org>
Conflicts:
  scripts/link-vmlinux.sh
  scripts/Makefile
  scripts/.gitignore
  arch/x86/Kconfig
  arch/microblaze/Kconfig
  arch/xtensa/Kconfig
  arch/parisc/Kconfig
  arch/powerpc/Kconfig
  arch/arc/Kconfig
  arch/mips/Kconfig
  arch/arm/Kconfig
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Jian Cheng <cj.chengjian@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

a3c5259d

scripts/sortextable: Refactor the do_func() function · a208357f

Shile Zhang authored 3 years ago


mainline inclusion
from mainline-v5.6-rc1
commit 57cafdf2
category: feature
bugzilla: NA
CVE: NA

-------------------------------------------------

Refine the loop, naming and code structure, make the code more readable
and extendable. No functional changes intended.

Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: linux-kbuild@vger.kernel.org
Link: https://lkml.kernel.org/r/20191204004633.88660-5-shile.zhang@linux.alibaba.com


Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Jian Cheng <cj.chengjian@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

a208357f

scripts/sortextable: Remove dead code · 4828086f

Shile Zhang authored 3 years ago


mainline inclusion
from mainline-v5.6-rc1
commit abe4f92c
category: feature
bugzilla: NA
CVE: NA

-------------------------------------------------

Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: linux-kbuild@vger.kernel.org
Link: https://lkml.kernel.org/r/20191204004633.88660-4-shile.zhang@linux.alibaba.com


Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Jian Cheng <cj.chengjian@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

4828086f

scripts/sortextable: Clean up the code to meet the kernel coding style better · 783dbeb8

Shile Zhang authored 3 years ago


mainline inclusion
from mainline-v5.6-rc1
commit 6402e141
category: feature
bugzilla: NA
CVE: NA

-------------------------------------------------

Fix various style errors and inconsistencies, no functional changes
intended.

Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: linux-kbuild@vger.kernel.org
Link: https://lkml.kernel.org/r/20191204004633.88660-3-shile.zhang@linux.alibaba.com


Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Jian Cheng <cj.chengjian@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

783dbeb8

scripts/sortextable: Rewrite error/success handling · 7042214f

Shile Zhang authored 3 years ago


mainline inclusion
from mainline-v5.6-rc1
commit 3c47b787
category: feature
bugzilla: NA
CVE: NA

-------------------------------------------------

The scripts/sortextable.c code has originally copied some code from
scripts/recordmount.c, which used the same setjmp/longjmp method to
manage control flow.

Meanwhile recordmcount has improved its error handling via:

   3f1df120 ("recordmcount: Rewrite error/success handling").

So rewrite this part of sortextable as well to get rid of the setjmp/longjmp
kludges, with additional refactoring, to make it more readable and
easier to extend.

No functional changes intended.

[ mingo: Rewrote the changelog. ]

Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: linux-kbuild@vger.kernel.org
Link: https://lkml.kernel.org/r/20191204004633.88660-2-shile.zhang@linux.alibaba.com


Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Jian Cheng <cj.chengjian@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

7042214f

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 378 · 4ec3de01

Thomas Gleixner authored 3 years ago


mainline inclusion
from mainline-v5.2-rc4
commit 4317cf95
category: feature
bugzilla: NA
CVE: NA

-------------------------------------------------

Based on 1 normalized pattern(s):

  licensed under the gnu general public license version 2 gplv2

extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-only

has been chosen to replace the boilerplate/reference in 5 file(s).

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Armijn Hemel <armijn@tjaldur.nl>
Reviewed-by: Allison Randal <allison@lohutok.net>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190531081036.993848054@linutronix.de


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Jian Cheng <cj.chengjian@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

4ec3de01

ext4: Fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed · 8535c0f7

Ye Bin authored 3 years ago

hulk inclusion
category: bugfix
bugzilla: 51854
CVE: NA

-------------------------------------------------

We got follow bug_on when run fsstress with injecting IO fault:
[130747.323114] kernel BUG at fs/ext4/extents_status.c:762!
[130747.323117] Internal error: Oops - BUG: 0 [#1] SMP
......
[130747.334329] Call trace:
[130747.334553]  ext4_es_cache_extent+0x150/0x168 [ext4]
[130747.334975]  ext4_cache_extents+0x64/0xe8 [ext4]
[130747.335368]  ext4_find_extent+0x300/0x330 [ext4]
[130747.335759]  ext4_ext_map_blocks+0x74/0x1178 [ext4]
[130747.336179]  ext4_map_blocks+0x2f4/0x5f0 [ext4]
[130747.336567]  ext4_mpage_readpages+0x4a8/0x7a8 [ext4]
[130747.336995]  ext4_readpage+0x54/0x100 [ext4]
[130747.337359]  generic_file_buffered_read+0x410/0xae8
[130747.337767]  generic_file_read_iter+0x114/0x190
[130747.338152]  ext4_file_read_iter+0x5c/0x140 [ext4]
[130747.338556]  __vfs_read+0x11c/0x188
[130747.338851]  vfs_read+0x94/0x150
[130747.339110]  ksys_read+0x74/0xf0

If call ext4_ext_insert_extent failed but new extent already inserted, we just
update "ex->ee_len = orig_ex.ee_len", this will lead to extent overlap, then
cause bug on when cache extent.
If call ext4_ext_insert_extent failed don't update ex->ee_len with old value.
Maybe there will lead to block leak, but it can be fixed by fsck later.

After we fixed above issue with v2 patch, but we got the same issue.
ext4_split_extent_at:
{
        ......
        err = ext4_ext_insert_extent(handle, inode, ppath, &newex, flags);
        if (err == -ENOSPC && (EXT4_EXT_MAY_ZEROOUT & split_flag)) {
            ......
            ext4_ext_try_to_merge(handle, inode, path, ex); ->step(1)
            err = ext4_ext_dirty(handle, inode, path + path->p_depth); ->step(2)
            if (err)
                goto fix_extent_len;
        ......
        }
        ......
fix_extent_len:
        ex->ee_len = orig_ex.ee_len; ->step(3)
        ......
}
If step(1) have been merged, but step(2) dirty extent failed, then go to
fix_extent_len label to fix ex->ee_len with orig_ex.ee_len. But "ex" may not be
old one, will cause overwritten. Then will trigger the same issue as previous.
If step(2) failed, just return error, don't fix ex->ee_len with old value.

This patch's modification is according to Jan Kara's suggestion in V3 patch:
("https://patchwork.ozlabs.org/project/linux-ext4/patch/20210428085158.3728201-1-yebin10@huawei.com/"

)
"I see. Now I understand your patch. Honestly, seeing how fragile is trying
to fix extent tree after split has failed in the middle, I would probably
go even further and make sure we fix the tree properly in case of ENOSPC
and EDQUOT (those are easily user triggerable).  Anything else indicates a
HW problem or fs corruption so I'd rather leave the extent tree as is and
don't try to fix it (which also means we will not create overlapping
extents)."

Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

8535c0f7

Revert "ext4: Fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed" · 2e4a4991

Ye Bin authored 3 years ago


hulk inclusion
category: bugfix
bugzilla: 51854
CVE: NA

-------------------------------------------------

This reverts commit 5446b76c34ed8875ba05a61fccfe838a98193791.

Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

2e4a4991

nfs4.0: Refetch lease_time after clientid update · 34a92816

Donald Buczek authored 3 years ago


mainline inclusion
from mainline-v5.3-rc1
commit 5b596830
category: bugfix
bugzilla: NA
CVE: NA

--------------------------------

RFC 7530 requires us to refetch the lease time attribute once a new
clientID is established. This is already implemented for the
nfs4.1(+) clients by nfs41_init_clientid, which calls
nfs41_finish_session_reset, which calls nfs4_setup_state_renewal.

To make nfs4_setup_state_renewal available for nfs4.0, move it
further to the top of the source file to include it regardles of
CONFIG_NFS_V4_1 and to save a forward declaration.

Call nfs4_setup_state_renewal from nfs4_init_clientid.

Signed-off-by: Donald Buczek <buczek@molgen.mpg.de>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Reviewed-by: Zhang Yi <yi.zhang@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

34a92816

nfs4: Rename nfs41_setup_state_renewal · 728c584d

Donald Buczek authored 3 years ago


mainline inclusion
from mainline-v5.3-rc1
commit ea51efaa
category: bugfix
bugzilla: NA
CVE: NA

--------------------------------

The function nfs41_setup_state_renewal is useful to the nfs 4.0 client
as well, so rename the function to nfs4_setup_state_renewal.

Signed-off-by: Donald Buczek <buczek@molgen.mpg.de>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Reviewed-by: Zhang Yi <yi.zhang@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

728c584d

nfs4: Make nfs4_proc_get_lease_time available for nfs4.0 · eea369e2

Donald Buczek authored 3 years ago


mainline inclusion
from mainline-v5.3-rc1
commit 0efb01b2
category: bugfix
bugzilla: NA
CVE: NA

--------------------------------

Compile nfs4_proc_get_lease_time, enc_get_lease_time and
dec_get_lease_time for nfs4.0. Use nfs4_sequence_done instead of
nfs41_sequence_done in nfs4_proc_get_lease_time,

Signed-off-by: Donald Buczek <buczek@molgen.mpg.de>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

Conflicts:
	fs/nfs/nfs4_fs.h

Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Reviewed-by: Zhang Yi <yi.zhang@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

eea369e2

nfs: Fix copy-and-paste error in debug message · 1a9aeb14

Donald Buczek authored 3 years ago


mainline inclusion
from mainline-v5.3-rc1
commit 2eaf426d
category: bugfix
bugzilla: NA
CVE: NA

--------------------------------

The debug message of decode_attr_lease_time incorrectly
says "file size". Fix it to "lease time".

Signed-off-by: Donald Buczek <buczek@molgen.mpg.de>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Reviewed-by: Zhang Yi <yi.zhang@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

1a9aeb14

ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle · 7f5c9e3b

Zhang Yi authored 3 years ago


hulk inclusion
category: bugfix
bugzilla: 51864
CVE: NA
---------------------------

In ext4_orphan_cleanup(), if ext4_truncate() failed to get a transaction
handle, it didn't remove the inode from the in-core orphan list, which
may probably trigger below error dump in ext4_destroy_inode() during the
final iput() and could lead to memory corruption on the later orphan
list changes.

 EXT4-fs (sda): Inode 6291467 (00000000b8247c67): orphan list check failed!
 00000000b8247c67: 0001f30a 00000004 00000000 00000023  ............#...
 00000000e24cde71: 00000006 014082a3 00000000 00000000  ......@.........
 0000000072c6a5ee: 00000000 00000000 00000000 00000000  ................
 ...

This patch fix this by cleanup in-core orphan list manually if
ext4_truncate() return error.

Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Signed-off-by: yangerkun <yangerkun@huawei.com>
Reviewed-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

7f5c9e3b

bluetooth: eliminate the potential race condition when removing the HCI controller · ab9083ab

Lin Ma authored 3 years ago


mainline inclusion
from mainline-v5.13-rc1
commit e2cb6b891ad2b8caa9131e3be70f45243df82a80
category: bugfix
bugzilla: NA
CVE: CVE-2021-32399

--------------------------------

There is a possible race condition vulnerability between issuing a HCI
command and removing the cont.  Specifically, functions hci_req_sync()
and hci_dev_do_close() can race each other like below:

thread-A in hci_req_sync()      |   thread-B in hci_dev_do_close()
                                |   hci_req_sync_lock(hdev);
test_bit(HCI_UP, &hdev->flags); |
...                             |   test_and_clear_bit(HCI_UP, &hdev->flags)
hci_req_sync_lock(hdev);        |
                                |
In this commit we alter the sequence in function hci_req_sync(). Hence,
the thread-A cannot issue th.

Signed-off-by: Lin Ma <linma@zju.edu.cn>
Cc: Marcel Holtmann <marcel@holtmann.org>
Fixes: 7c6a329e ("[Bluetooth] Fix regression from using default link policy")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

ab9083ab

May 21, 2021

mm: enhance variables check and sync for pin mem · b482e5ca

Jingxian He authored 3 years ago


hulk inclusion
category: feature
bugzilla: 48159
CVE: N/A

------------------------------

Enhance variables check and sync for pin mem as followings:
1) Remove unused variable in set_fork_pid;
2) Remove unused calling of access_ok, which is
   called in copy_from_user;
3) Enhance page_map_entry_start check in pin_mem_area;
4) Keep get_page_map_info and create_page_map_info for
   internal use, and increase get_page_map_info_by_pid
   and create_page_map_info_by_pid for external use,
   which is protected by spinlock;
5) Use spin_lock_irqsave instead of spin_lock.

Signed-off-by: Jingxian He <hejingxian@huawei.com>
Reviewed-by: Jing Xiangfeng <jingxiangfeng@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Cheng Jian <cj.chengjian@huawei.com>

b482e5ca

perf jit: Fix inaccurate DWARF line table · 9b7f0206

Nick Gasson authored 3 years ago

mainline inclusion
from mainline-v5.7
commit 1e4bd2ae
category: bugfix
bugzilla: NA
CVE: NA

-------------------------------------------------

Fix an issue where addresses in the DWARF line table are offset by -0x40
(GEN_ELF_TEXT_OFFSET). This can be seen with `objdump -S` on the ELF
files after perf inject.

Committer notes:

Ian added this in his Acked-by reply:

 ---
Without too much knowledge this looks good to me. The original code came
from oprofile's jit support:

  https://sourceforge.net/p/oprofile/oprofile/ci/master/tree/opjitconv/debug_line.c#l325


 ---

Signed-off-by: Nick Gasson <nick.gasson@arm.com>
Acked-by: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lore.kernel.org/lkml/20200528051916.6722-1-nick.gasson@arm.com


Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Zhichang Yuan <erik.yuan@arm.com>
Reviewed-by: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Cheng Jian <cj.chengjian@huawei.com>

9b7f0206

perf jvmti: Remove redundant jitdump line table entries · 528e6143

Nick Gasson authored 3 years ago


mainline inclusion
from mainline-v5.7
commit 7d7e503c
category: bugfix
bugzilla: NA
CVE: NA

-------------------------------------------------

For each PC/BCI pair in the JVMTI compiler inlining record table, the
jitdump plugin emits debug line table entries for every source line in
the method preceding that BCI. Instead only emit one source line per
PC/BCI pair. Reported by Ian Rogers. This reduces the .dump size for
SPECjbb from ~230MB to ~40MB.

Signed-off-by: Nick Gasson <nick.gasson@arm.com>
Acked-by: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lore.kernel.org/lkml/20200528054049.13662-1-nick.gasson@arm.com


Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Zhichang Yuan <erik.yuan@arm.com>
Reviewed-by: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Cheng Jian <cj.chengjian@huawei.com>

528e6143

perf jvmti: Fix demangling Java symbols · ba0619f2

Nick Gasson authored 3 years ago


mainline inclusion
from mainline-v5.7
commit 0bdf3181
category: bugfix
bugzilla: NA
CVE: NA

-------------------------------------------------

For a Java method signature like:

    Ljava/lang/AbstractStringBuilder;appendChars(Ljava/lang/String;II)V

The demangler produces:

    void class java.lang.AbstractStringBuilder.appendChars(class java.lang., shorttring., int, int)

The arguments should be (java.lang.String, int, int) but the demangler
interprets the "S" in String as the type code for "short". Correct this
and two other minor things:

- There is no "bool" type in Java, should be "boolean".

- The demangler prepends "class" to every Java class name. This is not
  standard Java syntax and it wastes a lot of horizontal space if the
  signature is long. Remove this as there isn't any ambiguity between
  class names and primitives.

Committer notes:

This was split from a larger patch that also added a java demangler
'perf test' entry, that, before this patch shows the error being fixed
by it:

  $ perf test java
  65: Demangle Java                                         : FAILED!
  $ perf test -v java
  Couldn't bump rlimit(MEMLOCK), failures may take place when creating BPF maps, etc
  65: Demangle Java                                         :
  --- start ---
  test child forked, pid 307264
  FAILED: Ljava/lang/StringLatin1;equals([B[B)Z: bool class java.lang.StringLatin1.equals(byte[], byte[]) != boolean java.lang.StringLatin1.equals(byte[], byte[])
  FAILED: Ljava/util/zip/ZipUtils;CENSIZ([BI)J: long class java.util.zip.ZipUtils.CENSIZ(byte[], int) != long java.util.zip.ZipUtils.CENSIZ(byte[], int)
  FAILED: Ljava/util/regex/Pattern$BmpCharProperty;match(Ljava/util/regex/Matcher;ILjava/lang/CharSequence;)Z: bool class java.util.regex.Pattern$BmpCharProperty.match(class java.util.regex.Matcher., int, class java.lang., charhar, shortequence) != boolean java.util.regex.Pattern$BmpCharProperty.match(java.util.regex.Matcher, int, java.lang.CharSequence)
  FAILED: Ljava/lang/AbstractStringBuilder;appendChars(Ljava/lang/String;II)V: void class java.lang.AbstractStringBuilder.appendChars(class java.lang., shorttring., int, int) != void java.lang.AbstractStringBuilder.appendChars(java.lang.String, int, int)
  FAILED: Ljava/lang/Object;<init>()V: void class java.lang.Object<init>() != void java.lang.Object<init>()
  test child finished with -1
  ---- end ----
  Demangle Java: FAILED!
  $

After applying this patch:

  $ perf test  java
  65: Demangle Java                                         : Ok
  $

Signed-off-by: Nick Gasson <nick.gasson@arm.com>
Reviewed-by: Ian Rogers <irogers@google.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Tested-by: Ian Rogers <irogers@google.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20200427061520.24905-4-nick.gasson@arm.com


Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Zhichang Yuan <erik.yuan@arm.com>
Reviewed-by: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Cheng Jian <cj.chengjian@huawei.com>

ba0619f2

perf tests: Add test for the java demangler · fb271adb

Nick Gasson authored 3 years ago


mainline inclusion
from mainline-v5.7
commit 525c821d
category: bugfix
bugzilla: NA
CVE: NA

-------------------------------------------------

Split from a larger patch that was also fixing a problem with the java
demangler, so, before applying that patch we see:

  $ perf test java
  65: Demangle Java                                         : FAILED!
  $ perf test -v java
  65: Demangle Java                                         :
  --- start ---
  test child forked, pid 307264
  FAILED: Ljava/lang/StringLatin1;equals([B[B)Z: bool class java.lang.StringLatin1.equals(byte[], byte[]) != boolean java.lang.StringLatin1.equals(byte[], byte[])
  FAILED: Ljava/util/zip/ZipUtils;CENSIZ([BI)J: long class java.util.zip.ZipUtils.CENSIZ(byte[], int) != long java.util.zip.ZipUtils.CENSIZ(byte[], int)
  FAILED: Ljava/util/regex/Pattern$BmpCharProperty;match(Ljava/util/regex/Matcher;ILjava/lang/CharSequence;)Z: bool class java.util.regex.Pattern$BmpCharProperty.match(class java.util.regex.Matcher., int, class java.lang., charhar, shortequence) != boolean java.util.regex.Pattern$BmpCharProperty.match(java.util.regex.Matcher, int, java.lang.CharSequence)
  FAILED: Ljava/lang/AbstractStringBuilder;appendChars(Ljava/lang/String;II)V: void class java.lang.AbstractStringBuilder.appendChars(class java.lang., shorttring., int, int) != void java.lang.AbstractStringBuilder.appendChars(java.lang.String, int, int)
  FAILED: Ljava/lang/Object;<init>()V: void class java.lang.Object<init>() != void java.lang.Object<init>()
  test child finished with -1
  ---- end ----
  Demangle Java: FAILED!
  $

Next patch should fix this.

Signed-off-by: Nick Gasson <nick.gasson@arm.com>
Reviewed-by: Ian Rogers <irogers@google.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Tested-by: Ian Rogers <irogers@google.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20200427061520.24905-4-nick.gasson@arm.com


Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Zhichang Yuan <erik.yuan@arm.com>
Reviewed-by: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Cheng Jian <cj.chengjian@huawei.com>

fb271adb

perf jvmti: Do not report error when missing debug information · 9fb87045

Nick Gasson authored 3 years ago


mainline inclusion
from mainline-v5.7
commit 959f8ed4
category: bugfix
bugzilla: NA
CVE: NA

-------------------------------------------------

If the Java sources are compiled with -g:none to disable debug
information the perf JVMTI plugin reports a lot of errors like:

  java: GetLineNumberTable failed with JVMTI_ERROR_ABSENT_INFORMATION
  java: GetLineNumberTable failed with JVMTI_ERROR_ABSENT_INFORMATION
  java: GetLineNumberTable failed with JVMTI_ERROR_ABSENT_INFORMATION
  java: GetLineNumberTable failed with JVMTI_ERROR_ABSENT_INFORMATION
  java: GetLineNumberTable failed with JVMTI_ERROR_ABSENT_INFORMATION

Instead if GetLineNumberTable returns JVMTI_ERROR_ABSENT_INFORMATION
simply skip emitting line number information for that method. Unlike the
previous patch these errors don't affect the jitdump generation, they
just generate a lot of noise.

Similarly for native methods which also don't have line tables.

Signed-off-by: Nick Gasson <nick.gasson@arm.com>
Reviewed-by: Ian Rogers <irogers@google.com>
Tested-by: Ian Rogers <irogers@google.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20200427061520.24905-3-nick.gasson@arm.com


[ Moved || operator to the end of the line, not at the start of 2nd if condition ]
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Zhichang Yuan <erik.yuan@arm.com>
Reviewed-by: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Cheng Jian <cj.chengjian@huawei.com>

9fb87045

perf jvmti: Fix jitdump for methods without debug info · b92b14a9

Nick Gasson authored 3 years ago


mainline inclusion
from mainline-v5.7
commit 953e9240
category: bugfix
bugzilla: NA
CVE: NA

---------------------------

If a Java class is compiled with -g:none to omit debug information, the
JVMTI plugin won't write jitdump entries for any method in this class
and prints a lot of errors like:

    java: GetSourceFileName failed with JVMTI_ERROR_ABSENT_INFORMATION

The call to GetSourceFileName is used to derive the file name `fn`, but
this value is not actually used since commit ca58d7e6 ("perf jvmti:
Generate correct debug information for inlined code") which moved the
file name lookup into fill_source_filenames(). So the call to
GetSourceFileName and related code can be safely removed.

Signed-off-by: Nick Gasson <nick.gasson@arm.com>
Reviewed-by: Ian Rogers <irogers@google.com>
Tested-by: Ian Rogers <irogers@google.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20200427061520.24905-2-nick.gasson@arm.com


Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Zhichang Yuan <erik.yuan@arm.com>
Reviewed-by: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Cheng Jian <cj.chengjian@huawei.com>

b92b14a9

May 18, 2021

bpf: Fix leakage of uninitialized bpf stack under speculation · 1fdb52d9

Daniel Borkmann authored 3 years ago


mainline inclusion
from mainline-v5.13-rc1
commit 801c6058d14a82179a7ee17a4b532cac6fad067f
category: bugfix
bugzilla: NA
CVE: CVE-2021-31829

--------------------------------

The current implemented mechanisms to mitigate data disclosure under
speculation mainly address stack and map value oob access from the
speculative domain. However, Piotr discovered that uninitialized BPF
stack is not protected yet, and thus old data from the kernel stack,
potentially including addresses of kernel structures, could still be
extracted from that 512 bytes large window. The BPF stack is special
compared to map values since it's not zero initialized for every
program invocation, whereas map values /are/ zero initialized upon
their initial allocation and thus cannot leak any prior data in either
domain. In the non-speculative domain, the verifier ensures that every
stack slot read must have a prior stack slot write by the BPF program
to avoid such data leaking issue.

However, this is not enough: for example, when the pointer arithmetic
operation moves the stack pointer from the last valid stack offset to
the first valid offset, the sanitation logic allows for any intermediate
offsets during speculative execution, which could then be used to
extract any restricted stack content via side-channel.

Given for unprivileged stack pointer arithmetic the use of unknown
but bounded scalars is generally forbidden, we can simply turn the
register-based arithmetic operation into an immediate-based arithmetic
operation without the need for masking. This also gives the benefit
of reducing the needed instructions for the operation. Given after
the work in 7fedb63a8307 ("bpf: Tighten speculative pointer arithmetic
mask"), the aux->alu_limit already holds the final immediate value for
the offset register with the known scalar. Thus, a simple mov of the
immediate to AX register with using AX as the source for the original
instruction is sufficient and possible now in this case.

Reported-by: Piotr Krysiuk <piotras@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Piotr Krysiuk <piotras@gmail.com>
Reviewed-by: Piotr Krysiuk <piotras@gmail.com>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Conflicts:
  kernel/bpf/verifier.c
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Reviewed-by: Kuohai Xu <xukuohai@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

1fdb52d9

bpf: Fix masking negation logic upon negative dst register · f8eafed4

Daniel Borkmann authored 3 years ago


stable inclusion
from linux-4.19.190
commit 0e2dfdc74a7f4036127356d42ea59388f153f42c

--------------------------------

commit b9b34ddbe2076ade359cd5ce7537d5ed019e9807 upstream.

The negation logic for the case where the off_reg is sitting in the
dst register is not correct given then we cannot just invert the add
to a sub or vice versa. As a fix, perform the final bitwise and-op
unconditionally into AX from the off_reg, then move the pointer from
the src to dst and finally use AX as the source for the original
pointer arithmetic operation such that the inversion yields a correct
result. The single non-AX mov in between is possible given constant
blinding is retaining it as it's not an immediate based operation.

Fixes: 979d63d5 ("bpf: prevent out of bounds speculation on pointer arithmetic")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Piotr Krysiuk <piotras@gmail.com>
Reviewed-by: Piotr Krysiuk <piotras@gmail.com>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

f8eafed4

May 17, 2021

bcache: add readahead cache policy options via sysfs interface · 2d24d9ba

Coly Li authored 3 years ago

mainline inclusion
from mainline-v5.6-rc1
commit 038ba8cc1bffc51250add4a9b9249d4331576d8f
category: bugfix
bugzilla: https://bugzilla.openeuler.org/show_bug.cgi?id=26
CVE: NA

-----------------------------------------------

In year 2007 high performance SSD was still expensive, in order to
save more space for real workload or meta data, the readahead I/Os
for non-meta data was bypassed and not cached on SSD.

In now days, SSD price drops a lot and people can find larger size
SSD with more comfortable price. It is unncessary to alway bypass
normal readahead I/Os to save SSD space for now.

This patch adds options for readahead data cache policies via sysfs
file /sys/block/bcache<N>/readahead_cache_policy, the options are,
- "all": cache all readahead data I/Os.
- "meta-only": only cache meta data, and bypass other regular I/Os.

If users want to make bcache continue to only cache readahead request
for metadata and bypass regular data readahead...

2d24d9ba

mm/page_alloc: fix managed_pages of zone is incorrect and out of bounds · ce4cce2f

Guo Hui authored 3 years ago

uniontech inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I3RFV8


CVE: NA

----------------------------------------------------------------

Commit eb761d65 ("mm: parallelize deferred struct page initialization
within each node") the code "++zone" in follow code:
    /* Sanity check that the next zone really is unpopulated */
    WARN_ON(++zid < MAX_NR_ZONES && populated_zone(++zone));
    VM_BUG_ON(nr_init != nr_free);

    zone->managed_pages += nr_free;

makes the managed_pages statistics of the current zone incorrect
and the zone may have out-of-bounds memory when
CONFIG_DEFERRED_STRUCT_PAGE_INIT=y, causing the Virtual machine
system startup to fail when the Virtual machine system current
allocated memory is set to half of the Virtual machine
maximum memory using virt-manager tool

Fix it by putting the code “zone->managed_pages += nr_free;”
before “++zone” code

Fixes: eb761d65 ("mm: parallelize deferred struct page initialization
within each node")
Reported-by: Peng Yuanbo <pengyuanbo@uniontech.com>
Signed-off-by: Guo Hui <guohui@uniontech.com>
Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Cheng Jian <cj.chengjian@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

ce4cce2f

freezer: Add unsafe version of freezable_schedule_timeout_interruptible() for NFS · fba3955b

He Zhe authored 3 years ago


mainline inclusion
from mainline-v5.9-rc1
commit 59679d99
category: bugfix
bugzilla: NA
CVE: NA

--------------------------------

commit 0688e64b ("NFS: Allow signal interruption of
NFS4ERR_DELAYed operations") introduces nfs4_delay_interruptible
which also needs an _unsafe version to avoid the following call
trace for the same reason explained in commit 416ad3c9 ("freezer:
add unsafe versions of freezable helpers for NFS")

CPU: 4 PID: 3968 Comm: rm Tainted: G W 5.8.0-rc4 #1
Hardware name: Marvell OcteonTX CN96XX board (DT)
Call trace:
dump_backtrace+0x0/0x1dc
show_stack+0x20/0x30
dump_stack+0xdc/0x150
debug_check_no_locks_held+0x98/0xa0
nfs4_delay_interruptible+0xd8/0x120
nfs4_handle_exception+0x130/0x170
nfs4_proc_rmdir+0x8c/0x220
nfs_rmdir+0xa4/0x360
vfs_rmdir.part.0+0x6c/0x1b0
do_rmdir+0x18c/0x210
__arm64_sys_unlinkat+0x64/0x7c
el0_svc_common.constprop.0+0x7c/0x110
do_el0_svc+0x24/0xa0
el0_sync_handler+0x13c/0x1b8
el0_sync+0x158/0x180

Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Reviewed-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

fba3955b

NFS: Allow signal interruption of NFS4ERR_DELAYed operations · 8a2c40c9

Trond Myklebust authored 3 years ago


mainline inclusion
from mainline-v5.2-rc1
commit 0688e64b
category: bugfix
bugzilla: NA
CVE: NA

--------------------------------

If the server is unable to immediately execute an RPC call, and returns
an NFS4ERR_DELAY then we can assume it is safe to interrupt the operation
in order to handle ordinary signals. This allows the application to
service timer interrupts that would otherwise have to wait until the
server is again able to respond.

Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Reviewed-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

8a2c40c9

SUNRPC: Make "no retrans timeout" soft tasks behave like softconn for timeouts · 45b4310b

Trond Myklebust authored 3 years ago


mainline inclusion
from mainline-5.2-rc1
commit e4ec48d3
category: bugfix
bugzilla: 51818
CVE: NA

-------------------------------------------------

If a soft NFSv4 request is sent, then we don't need it to time out unless
the connection breaks. The reason is that as long as the connection is
unbroken, the protocol states that the server is not allowed to drop the
request.  IOW: as long as the connection remains unbroken, the client may
assume that all transmitted RPC requests are being processed by the server,
and that retransmissions and timeouts of those requests are unwarranted.

Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Reviewed-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

45b4310b

SUNRPC: Don't let RPC_SOFTCONN tasks time out if the transport is connected · 8d373da6

Trond Myklebust authored 3 years ago


mainline inclusion
from mainline-5.1-rc3
commit d84dd3fb
category: bugfix
bugzilla: 51818
CVE: NA

-------------------------------------------------

If the transport is still connected, then we do want to allow
RPC_SOFTCONN tasks to retry. They should time out if and only if
the connection is broken.

Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Conflicts:
	net/sunrpc/clnt.c
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Reviewed-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

8d373da6

May 14, 2021

ext4: fix check to prevent false positive report of incorrect used inodes · 558f5b03

Zhang Yi authored 3 years ago


mainline inclusion
from mainline-v5.13-rc1
commit a149d2a5cabbf6507a7832a1c4fd2593c55fd450
category: bugfix
bugzilla: 50787
CVE: NA
---------------------------

Commit <50122847> ("ext4: fix check to prevent initializing reserved
inodes") check the block group zero and prevent initializing reserved
inodes. But in some special cases, the reserved inode may not all belong
to the group zero, it may exist into the second group if we format
filesystem below.

  mkfs.ext4 -b 4096 -g 8192 -N 1024 -I 4096 /dev/sda

So, it will end up triggering a false positive report of a corrupted
file system. This patch fix it by avoid check reserved inodes if no free
inode blocks will be zeroed.

Cc: stable@kernel.org
Fixes: 50122847 ("ext4: fix check to prevent initializing reserved inodes")
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Suggested-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20210331121516.2243099-1-yi.zhang@huawei.com


Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

558f5b03

livepatch/x86_64: Fix the deadlock when insmoding livepatch kernel module · e6a47cb4

Zhao Xuehui authored 3 years ago


hulk inclusion
category: bugfix
bugzilla: 51843
CVE: NA

---------------------------

In function klp_init_patch, a text_mutex lock is used when
doing jump_label_apply_nops. However, the jump_label_register
in which a text_mutex lock is used is done before the original
text_mutex lock released. Thus, an AA deadlock is occured.

In this commit, we do jump_label_register after the original
text_mutex lock is released to avoid this AA deadlock.

Signed-off-by: Zhao Xuehui <zhaoxuehui1@huawei.com>
Reviewed-by: Kuohai Xu <xukuohai@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

e6a47cb4