January 2022 - Kernel - lists.openatom.io

[PATCH OpenHarmony-5.10 00/18] sync 5.10 cve bugfix 01-24
by yiyuchangchun＠126.com 24 Jan '22

24 Jan '22

From: Yu Changchun <yuchangchun1(a)huawei.com> These patches are related with the following CVEs: CVE-2021-39685 CVE-2021-4083 CVE-2021-4155 CVE-2021-4197 CVE-2021-4202 CVE-2021-44733 CVE-2021-45095 CVE-2021-45469 CVE-2021-45480 --------------------------------------------------- Bongsu Jeon (1): net: nfc: nci: Change the NCI close sequence Chao Yu (1): f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() Darrick J. Wong (1): xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate Greg Kroah-Hartman (2): USB: gadget: detect too-big endpoint 0 requests USB: gadget: bRequestType is a bitfield, not a enum Hangyu Hua (2): phonet: refcount leak in pep_sock_accep rds: memory leak in __rds_conn_create() Hui Su (1): cgroup/cgroup.c: replace 'of->kn->priv' with of_cft() Jens Wiklander (1): tee: handle lookup of shm with reference count 0 Lin Ma (4): NFC: reorganize the functions in nci_request NFC: reorder the logic in nfc_{un,}register_device NFC: add NCI_UNREG flag to eliminate the race NFC: add necessary privilege flags in netlink layer Linus Torvalds (1): fget: check that the fd still exists after getting a ref to it Michal Koutný (1): cgroup: cgroup.{procs,threads} factor out common parts Tejun Heo (3): cgroup: Use open-time credentials for process migraton perm checks cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv cgroup: Use open-time cgroup namespace for process migration perm checks drivers/tee/tee_shm.c | 171 ++++++++++++------------------ drivers/usb/gadget/composite.c | 12 +++ drivers/usb/gadget/legacy/dbgp.c | 13 +++ drivers/usb/gadget/legacy/inode.c | 16 ++- fs/f2fs/xattr.c | 11 +- fs/file.c | 4 + fs/xfs/xfs_ioctl.c | 3 +- include/linux/tee_drv.h | 4 +- include/net/nfc/nci_core.h | 1 + kernel/cgroup/cgroup-internal.h | 19 ++++ kernel/cgroup/cgroup-v1.c | 33 +++--- kernel/cgroup/cgroup.c | 147 ++++++++++++------------- net/nfc/core.c | 32 +++--- net/nfc/nci/core.c | 34 ++++-- net/nfc/netlink.c | 15 +++ net/phonet/pep.c | 1 + net/rds/connection.c | 1 + 17 files changed, 299 insertions(+), 218 deletions(-) -- 2.25.1

2 36

[PATCH OpenHarmony-5.10 00/18] sync 5.10 cve bugfix
by yiyuchangchun＠126.com 22 Jan '22

22 Jan '22

From: Yu Changchun <yuchangchun1(a)huawei.com> These patches are related with the following CVEs: CVE-2021-39685 CVE-2021-4083 CVE-2021-4155 CVE-2021-4197 CVE-2021-4202 CVE-2021-44733 CVE-2021-45095 CVE-2021-45469 CVE-2021-45480 --------------------------------------------------- Bongsu Jeon (1): net: nfc: nci: Change the NCI close sequence Chao Yu (1): f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() Darrick J. Wong (1): xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate Greg Kroah-Hartman (2): USB: gadget: detect too-big endpoint 0 requests USB: gadget: bRequestType is a bitfield, not a enum Hangyu Hua (2): phonet: refcount leak in pep_sock_accep rds: memory leak in __rds_conn_create() Hui Su (1): cgroup/cgroup.c: replace 'of->kn->priv' with of_cft() Jens Wiklander (1): tee: handle lookup of shm with reference count 0 Lin Ma (4): NFC: reorganize the functions in nci_request NFC: reorder the logic in nfc_{un,}register_device NFC: add NCI_UNREG flag to eliminate the race NFC: add necessary privilege flags in netlink layer Linus Torvalds (1): fget: check that the fd still exists after getting a ref to it Michal Koutný (1): cgroup: cgroup.{procs,threads} factor out common parts Tejun Heo (3): cgroup: Use open-time credentials for process migraton perm checks cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv cgroup: Use open-time cgroup namespace for process migration perm checks drivers/tee/tee_shm.c | 171 ++++++++++++------------------ drivers/usb/gadget/composite.c | 12 +++ drivers/usb/gadget/legacy/dbgp.c | 13 +++ drivers/usb/gadget/legacy/inode.c | 16 ++- fs/f2fs/xattr.c | 11 +- fs/file.c | 4 + fs/xfs/xfs_ioctl.c | 3 +- include/linux/tee_drv.h | 4 +- include/net/nfc/nci_core.h | 1 + kernel/cgroup/cgroup-internal.h | 19 ++++ kernel/cgroup/cgroup-v1.c | 33 +++--- kernel/cgroup/cgroup.c | 147 ++++++++++++------------- net/nfc/core.c | 32 +++--- net/nfc/nci/core.c | 34 ++++-- net/nfc/netlink.c | 15 +++ net/phonet/pep.c | 1 + net/rds/connection.c | 1 + 17 files changed, 299 insertions(+), 218 deletions(-) -- 2.25.1

1 18

[PATCH OpenHarmony-5.10] accesstokenid: add tokenid support
by gc1202 13 Jan '22

13 Jan '22

From: gaochao <gaochao49(a)huawei.com> ohos inclusion category: feature issue: #I4OWTZ CVE: NA ----------- tokendid is used for special app security control Signed-off-by: gaochao <gaochao49(a)huawei.com> --- drivers/Kconfig | 2 + drivers/Makefile | 1 + drivers/accesstokenid/Kconfig | 5 + drivers/accesstokenid/Makefile | 2 + drivers/accesstokenid/access_tokenid.c | 187 +++++++++++++++++++++++++ drivers/accesstokenid/access_tokenid.h | 43 ++++++ fs/proc/base.c | 15 ++ include/linux/sched.h | 4 + kernel/fork.c | 4 + 9 files changed, 263 insertions(+) create mode 100644 drivers/accesstokenid/Kconfig create mode 100644 drivers/accesstokenid/Makefile create mode 100644 drivers/accesstokenid/access_tokenid.c create mode 100644 drivers/accesstokenid/access_tokenid.h diff --git a/drivers/Kconfig b/drivers/Kconfig index dcecc9f6e33f..c9a22b041303 100644 --- a/drivers/Kconfig +++ b/drivers/Kconfig @@ -235,4 +235,6 @@ source "drivers/interconnect/Kconfig" source "drivers/counter/Kconfig" source "drivers/most/Kconfig" + +source "drivers/accesstokenid/Kconfig" endmenu diff --git a/drivers/Makefile b/drivers/Makefile index 576228037718..71da48160b09 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -189,3 +189,4 @@ obj-$(CONFIG_GNSS) += gnss/ obj-$(CONFIG_INTERCONNECT) += interconnect/ obj-$(CONFIG_COUNTER) += counter/ obj-$(CONFIG_MOST) += most/ +obj-$(CONFIG_ACCESS_TOKENID) += accesstokenid/ diff --git a/drivers/accesstokenid/Kconfig b/drivers/accesstokenid/Kconfig new file mode 100644 index 000000000000..814c095678e9 --- /dev/null +++ b/drivers/accesstokenid/Kconfig @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-2.0 +config ACCESS_TOKENID + bool "Access task's token" + default y + diff --git a/drivers/accesstokenid/Makefile b/drivers/accesstokenid/Makefile new file mode 100644 index 000000000000..738a550f86cf --- /dev/null +++ b/drivers/accesstokenid/Makefile @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0-only +obj-$(CONFIG_ACCESS_TOKENID) += access_tokenid.o diff --git a/drivers/accesstokenid/access_tokenid.c b/drivers/accesstokenid/access_tokenid.c new file mode 100644 index 000000000000..94e5310521ec --- /dev/null +++ b/drivers/accesstokenid/access_tokenid.c @@ -0,0 +1,187 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * access_tokenid.c + * + * Copyright (C) 2022 Huawei Technologies Co., Ltd. All rights reserved. + * + * This software is licensed under the terms of the GNU General Public + * License version 2, as published by the Free Software Foundation, and + * may be copied, distributed, and modified under those terms. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ + +#define pr_fmt(fmt) "access_token_id: " fmt + +#include <linux/cred.h> +#include <linux/errno.h> +#include <linux/fs.h> +#include <linux/miscdevice.h> +#include <linux/module.h> +#include <linux/sched.h> +#include "access_tokenid.h" + +int access_tokenid_get_tokenid(struct file *file, void __user *uarg) +{ + return copy_to_user(uarg, &current->token, + sizeof(current->token)) ? -EFAULT : 0; +} + +static bool check_permission_for_set_tokenid(struct file *file) +{ + const struct cred *cred = get_task_cred(current); + struct inode *inode = file->f_inode; + + if (inode == NULL) { + pr_err("%s: file inode is null\n", __func__); + return false; + } + + if (uid_eq(cred->uid, GLOBAL_ROOT_UID) || + uid_eq(cred->uid, inode->i_uid)) { + return true; + } + + return false; +} + +int access_tokenid_set_tokenid(struct file *file, void __user *uarg) +{ + unsigned long long tmp = 0; + + if (!check_permission_for_set_tokenid(file)) + return -EPERM; + + if (copy_from_user(&tmp, uarg, sizeof(tmp))) + return -EFAULT; + + current->token = tmp; + return 0; +} + +static bool check_permission_for_ftokenid(struct file *file) +{ + int i; + struct group_info *group_info; + const struct cred *cred = get_task_cred(current); + struct inode *inode = file->f_inode; + + if (inode == NULL) { + pr_err("%s: file inode is null\n", __func__); + return false; + } + + if (uid_eq(cred->uid, GLOBAL_ROOT_UID)) + return true; + + group_info = get_current_groups(); + for (i = 0; i < group_info->ngroups; i++) { + kgid_t gid = group_info->gid[i]; + + if (gid_eq(gid, inode->i_gid)) + return true; + } + + return false; +} + +int access_tokenid_get_ftokenid(struct file *file, void __user *uarg) +{ + if (!check_permission_for_ftokenid(file)) + return -EPERM; + + return copy_to_user(uarg, &current->ftoken, + sizeof(current->ftoken)) ? -EFAULT : 0; +} + +int access_tokenid_set_ftokenid(struct file *file, void __user *uarg) +{ + unsigned long long tmp = 0; + + if (!check_permission_for_ftokenid(file)) + return -EPERM; + + if (copy_from_user(&tmp, uarg, sizeof(tmp))) + return -EFAULT; + + current->ftoken = tmp; + return 0; +} + +typedef int (*access_token_id_func)(struct file *file, void __user *arg); + +static access_token_id_func g_func_array[ACCESS_TOKENID_MAX_NR] = { + NULL, /* reserved */ + access_tokenid_get_tokenid, + access_tokenid_set_tokenid, + access_tokenid_get_ftokenid, + access_tokenid_set_ftokenid, +}; + +static long access_tokenid_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) +{ + void __user *uarg = (void __user *)arg; + unsigned int func_cmd = _IOC_NR(cmd); + + if (uarg == NULL) { + pr_err("%s: invalid user uarg\n", __func__); + return -EINVAL; + } + + if (_IOC_TYPE(cmd) != ACCESS_TOKEN_ID_IOCTL_BASE) { + pr_err("%s: access tokenid magic fail, TYPE=%d\n", + __func__, _IOC_TYPE(cmd)); + return -EINVAL; + } + + if (func_cmd >= ACCESS_TOKENID_MAX_NR) { + pr_err("%s: access tokenid cmd error, cmd:%d\n", + __func__, func_cmd); + return -EINVAL; + } + + if (g_func_array[func_cmd] != NULL) + return (*g_func_array[func_cmd])(file, uarg); + + return -EINVAL; +} + +static const struct file_operations access_tokenid_fops = { + .owner = THIS_MODULE, + .unlocked_ioctl = access_tokenid_ioctl, + .compat_ioctl = access_tokenid_ioctl, +}; + +static struct miscdevice access_tokenid_device = { + .minor = MISC_DYNAMIC_MINOR, + .name = "access_token_id", + .fops = &access_tokenid_fops, +}; + +static int access_tokenid_init_module(void) +{ + int err; + + err = misc_register(&access_tokenid_device); + if (err < 0) { + pr_err("access_tokenid register failed\n"); + return err; + } + + pr_info("access_tokenid init success\n"); + return 0; +} + +static void access_tokenid_exit_module(void) +{ + misc_deregister(&access_tokenid_device); +} + +/* module entry points */ +module_init(access_tokenid_init_module); +module_exit(access_tokenid_exit_module); diff --git a/drivers/accesstokenid/access_tokenid.h b/drivers/accesstokenid/access_tokenid.h new file mode 100644 index 000000000000..1b3906f993b7 --- /dev/null +++ b/drivers/accesstokenid/access_tokenid.h @@ -0,0 +1,43 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * access_tokenid.h + * + * Copyright (C) 2022 Huawei Technologies Co., Ltd. All rights reserved. + * + * This software is licensed under the terms of the GNU General Public + * License version 2, as published by the Free Software Foundation, and + * may be copied, distributed, and modified under those terms. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ + +#ifndef _ACCESS_TOKEN_ID_H +#define _ACCESS_TOKEN_ID_H + +#include <linux/ioctl.h> +#include <linux/types.h> + +#define ACCESS_TOKEN_ID_IOCTL_BASE 'A' + +enum { + GET_TOKEN_ID = 1, + SET_TOKEN_ID, + GET_FTOKEN_ID, + SET_FTOKEN_ID, + ACCESS_TOKENID_MAX_NR +}; + +#define ACCESS_TOKENID_GET_TOKENID \ + _IOR(ACCESS_TOKEN_ID_IOCTL_BASE, GET_TOKEN_ID, unsigned long long) +#define ACCESS_TOKENID_SET_TOKENID \ + _IOW(ACCESS_TOKEN_ID_IOCTL_BASE, SET_TOKEN_ID, unsigned long long) +#define ACCESS_TOKENID_GET_FTOKENID \ + _IOR(ACCESS_TOKEN_ID_IOCTL_BASE, GET_FTOKEN_ID, unsigned long long) +#define ACCESS_TOKENID_SET_FTOKENID \ + _IOW(ACCESS_TOKEN_ID_IOCTL_BASE, SET_FTOKEN_ID, unsigned long long) + +#endif /* _ACCESS_TOKEN_ID_H */ diff --git a/fs/proc/base.c b/fs/proc/base.c index 9b3038f1b9b5..9478b78f53ce 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -3179,6 +3179,15 @@ static int proc_stack_depth(struct seq_file *m, struct pid_namespace *ns, } #endif /* CONFIG_STACKLEAK_METRICS */ +#ifdef CONFIG_ACCESS_TOKENID +static int proc_token_operations(struct seq_file *m, struct pid_namespace *ns, + struct pid *pid, struct task_struct *task) +{ + seq_printf(m, "%#llx %#llx\n", task->token, task->ftoken); + return 0; +} +#endif /* CONFIG_ACCESS_TOKENID */ + /* * Thread groups */ @@ -3292,6 +3301,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_PROC_PID_ARCH_STATUS ONE("arch_status", S_IRUGO, proc_pid_arch_status), #endif +#ifdef CONFIG_ACCESS_TOKENID + ONE("tokenid", S_IRUSR, proc_token_operations), +#endif }; static int proc_tgid_base_readdir(struct file *file, struct dir_context *ctx) @@ -3621,6 +3633,9 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_PROC_PID_ARCH_STATUS ONE("arch_status", S_IRUGO, proc_pid_arch_status), #endif +#ifdef CONFIG_ACCESS_TOKENID + ONE("tokenid", S_IRUSR, proc_token_operations), +#endif }; static int proc_tid_base_readdir(struct file *file, struct dir_context *ctx) diff --git a/include/linux/sched.h b/include/linux/sched.h index 53198ac3d154..d42f4addcaec 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1362,6 +1362,10 @@ struct task_struct { int mce_count; #endif +#ifdef CONFIG_ACCESS_TOKENID + u64 token; + u64 ftoken; +#endif /* * New fields for task_struct should be added above here, so that * they are included in the randomized portion of task_struct. diff --git a/kernel/fork.c b/kernel/fork.c index 39b1783a7613..5d7a6821d59c 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -874,6 +874,10 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node) err = arch_dup_task_struct(tsk, orig); +#ifdef CONFIG_ACCESS_TOKENID + tsk->token = orig->token; + tsk->ftoken = 0; +#endif /* * arch_dup_task_struct() clobbers the stack-related fields. Make * sure they're properly initialized before using any stack-related -- 2.25.1

2 1

[PATCH OpenHarmony-5.10 000/134] sync 5.10 bugfix
by yiyuchangchun＠126.com 08 Jan '22

08 Jan '22

From: Yu Changchun <yuchangchun1(a)huawei.com> These patches refer to some bugfixes(ext4, ubifs, etc) from upstream or local test. -------------------------------------------------------------- Al Viro (2): switch file_open_root() to struct path take LOOKUP_{ROOT,ROOT_GRABBED,JUMPED} out of LOOKUP_... space Andrii Nakryiko (1): bpf: Add ambient BPF runtime context stored in current Ard Biesheuvel (1): ARM: 9057/1: cache-v7: add missing ISB after cache level selection Baokun Li (5): nbd: add the check to prevent overflow in __nbd_ioctl() ubi: fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl ubifs: fix slab-out-of-bounds in ubifs_change_lp ubifs: fix double return leb in ubifs_garbage_collect ubifs: read-only if LEB may always be taken in ubifs_garbage_collect Baolin Wang (1): mm: memcontrol: set the correct memcg swappiness restriction Barry Song (1): sched/topology: fix the issue groups don't span domain->span for NUMA diameter > 2 Bart Van Assche (2): blk-mq: Introduce the BLK_MQ_F_NO_SCHED_BY_DEFAULT flag loop: Select I/O scheduler 'none' from inside add_disk() Chengsong Ke (1): ubifs: Remove the redundant return in dbg_check_nondata_nodes_order Christian Brauner (1): fs: add vfs_parse_fs_param_source() helper Claudiu Beznea (1): regulator: core: do not continue if selector match Daniel Borkmann (2): bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt Dietmar Eggemann (1): sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa() Georgi Djakov (1): mm/page_owner: record the timestamp of all pages during free Guo Xuenan (1): ubi: fix slab-out-of-bounds in ubi_eba_get_ldesc+0xfb/0x130 Hans de Goede (1): iio: core: Allow drivers to specify a label without it coming from of Heiner Kallweit (1): net: phy: fix duplex out of sync problem while changing settings Huang Guobin (1): bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed Jakub Kicinski (1): net: make free_netdev() more lenient with unregistering devices Jan Kara (3): ext4: fix e2fsprogs checksum failure for mounted filesystem bfq: Remove merged request already in bfq_requests_merged() blk: Fix lock inversion between ioc lock and bfqd lock Johannes Weiner (1): mm: vmscan: fix missing psi annotation for node_reclaim() John Garry (1): blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling Keith Busch (1): block: return errors from blk_execute_rq() Kevin Locke (1): ovl: warn about orphan metacopy Laibin Qiu (5): block: fix UAF from race of ioc_release_fn() and __ioc_clear_queue() block: fix memory leak for mq shared sbitmap Fix NULL pointer dereference in handling for passthrough commands loop: fix loop_validate_block_size() can't make sense blkcg: Remove extra blkcg_bio_issue_init Lakshmi Ramasubramanian (1): ima: Fix warning: no previous prototype for function 'ima_add_kexec_buffer' Li Hua (1): sched/rt: Try to restart rt period timer when rt runtime exceeded Li Xinhai (1): mm: rmap: explicitly reset vma->anon_vma in unlink_anon_vmas() Liam Mark (1): mm/page_owner: record timestamp and pid Luo Meng (1): locks: Fix UBSAN undefined behaviour in flock64_to_posix_lock Mike Kravetz (1): hugetlb: before freeing hugetlb page set dtor to appropriate value Ming Lei (10): block: don't call rq_qos_ops->done_bio if the bio isn't tracked nvme: add APIs for stopping/starting admin queue nvme: apply nvme API to quiesce/unquiesce admin queue nvme: prepare for pairing quiescing and unquiescing nvme: paring quiesce/unquiesce nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated blk-mq: support concurrent queue quiesce/unquiesce dm: don't stop request queue after the dm device is suspended scsi: avoid to quiesce sdev->request_queue two times scsi: make sure that request queue queiesce and unquiesce balanced Nuno Sá (1): iio: buffer: Return error if no callback is given Pavel Begunkov (2): io_uring: deduplicate failing task_work_add io_uring: don't take uring_lock during iowq cancel Qian Cai (1): powerpc/powernv/pci: fix a RCU-list lock Sergei Trofimovich (1): mm: page_poison: print page info when corruption is caught Srikar Dronamraju (1): powerpc/numa: Update cpu_cpu_map on CPU online/offline Theodore Ts'o (1): ext4: if zeroout fails fall back to splitting the extent node Valentin Schneider (3): sched/topology: Warn when NUMA diameter > 2 sched/topology: Make sched_init_numa() use a set for the deduplicating sort ia64: ensure proper NUMA distance and possible map initialization Vasily Averin (6): memcg: enable accounting for mnt_cache entries memcg: enable accounting for fasync_cache memcg: enable accounting for new namesapces and struct nsproxy memcg: enable accounting for signals memcg: enable accounting for posix_timers_cache slab memcg: enable accounting for ldt_struct objects Vincent Whitchurch (1): regulator: core: Respect off_on_delay at startup Vlastimil Babka (2): mm: slub: fix slub_debug disabling for list of slabs mm, vmscan: guarantee drop_slab_node() termination Wang Wensheng (1): ALSA: timer: Fix use-after-free problem Yang Yang (1): kyber: introduce kyber_depth_updated() Ye Bin (7): ext4: fix potential uninitialized access to retval in kmmpd scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() PM: hibernate: Get block device exclusively in swsusp_check() nbd: Fix use-after-free in pid_show blk-mq: don't free tags if the tag_set is used by other device in queue initialztion block: avoid quiesce while elevator init Yu Kuai (11): blk-mq: fix divide by zero crash in tg_may_dispatch() nbd: don't handle response without a corresponding request message nbd: make sure request completion won't concurrent nbd: check sock index in nbd_read_stat() nbd: don't start request if nbd_queue_rq() failed nbd: clean up return value checking of sock_xmit() nbd: partition nbd_read_stat() into nbd_read_reply() and nbd_handle_reply() nbd: fix uaf in nbd_handle_reply() nbd: add sanity check for first_minor blk-cgroup: synchronize blkg creation against policy deactivation blk-cgroup: fix missing put device in error path from blkg_conf_pref() Yutian Yang (1): memcg: charge fs_context and legacy_fs_context Zhang Yi (12): ext4: move inode eio simulation behind io completeion ext4: make the updating inode data procedure atomic ext4: factor out ext4_fill_raw_inode() ext4: move ext4_fill_raw_inode() related functions ext4: prevent getting empty inode buffer ext4: factor out write end code of inline file ext4: drop unnecessary journal handle in delalloc write quota: check block number when reading the block in quota file quota: correct error number in free_dqentry() ext4: check for out-of-order index extents in ext4_valid_extent_entries() ext4: check for inconsistent extents between index and leaf block ext4: prevent partial update of the extent blocks Zheng Liang (2): block, bfq: fix UAF problem in bfqg_stats_init() squashfs: provides backing_dev_info in order to disable read-ahead Zhenhua Huang (1): mm: fix page_owner initializing issue for arm32 Zhihao Cheng (17): ubifs: Limit dumping length by size of memory which is allocated for the node Revert "ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len" ubifs: Pass node length in all node dumping callers ubifs: ubifs_dump_sleb: Remove unused function ubifs: ubifs_dump_node: Dump all branches of the index node ubifs: rename_whiteout: Fix double free for whiteout_ui->data ubifs: Fix deadlock in concurrent rename whiteout and inode writeback ubifs: Fix wrong number of inodes locked by ui_mutex in ubifs_inode comment ubifs: Add missing iput if do_tmpfile() failed in rename whiteout ubifs: Rename whiteout atomically ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work ubifs: Rectify space amount budget for mkdir/tmpfile operations ubifs: setflags: Make dirtied_ino_d 8 bytes aligned ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() ubifs: Fix to add refcount once page is set private ubi: fastmap: Return error code if memory allocation fails in add_aeb() ubi: fastmap: Add all fastmap pebs into 'ai->fastmap' when fm->used_blocks>=2 yangerkun (9): ext4: flush s_error_work before journal destroy in ext4_fill_super ramfs: fix mount source show for ramfs ext4: avoid recheck extent for EXT4_EX_FORCE_CACHE ext4: check magic even the extent block bh is verified ext4: ensure enough credits in ext4_ext_shift_path_extents ext4: refresh the ext4_ext_path struct after dropping i_data_sem. ovl: fix use after free in struct ovl_aio_req ext4: stop IO for page without buffer_head hugetlbfs: avoid overflow in hugetlbfs_fallocate Documentation/filesystems/path-lookup.rst | 6 +- Documentation/filesystems/porting.rst | 9 + Documentation/vm/page_owner.rst | 12 +- arch/arm/mm/cache-v7.S | 7 +- arch/ia64/kernel/acpi.c | 7 +- arch/powerpc/include/asm/topology.h | 13 + arch/powerpc/kernel/smp.c | 3 + arch/powerpc/mm/numa.c | 7 +- arch/powerpc/platforms/powernv/pci-ioda-tce.c | 4 + arch/um/drivers/mconsole_kern.c | 2 +- arch/x86/kernel/ldt.c | 6 +- block/bfq-cgroup.c | 12 +- block/bfq-iosched.c | 47 +- block/bio.c | 2 +- block/blk-cgroup.c | 15 +- block/blk-core.c | 4 +- block/blk-exec.c | 7 +- block/blk-ioc.c | 2 +- block/blk-merge.c | 19 +- block/blk-mq-sched.c | 24 +- block/blk-mq-sched.h | 3 +- block/blk-mq.c | 42 +- block/blk-mq.h | 12 + block/blk-sysfs.c | 7 + block/blk-throttle.c | 37 +- block/blk.h | 2 +- block/elevator.c | 24 +- block/kyber-iosched.c | 29 +- block/mq-deadline.c | 5 +- drivers/block/loop.c | 5 +- drivers/block/nbd.c | 169 ++++-- drivers/iio/buffer/industrialio-buffer-cb.c | 5 + drivers/iio/industrialio-core.c | 6 +- drivers/md/dm.c | 10 - drivers/mtd/ubi/build.c | 9 +- drivers/mtd/ubi/fastmap.c | 69 ++- drivers/mtd/ubi/vmt.c | 35 +- drivers/net/bonding/bond_sysfs_slave.c | 36 +- drivers/net/phy/phy.c | 7 +- drivers/nvme/host/core.c | 72 ++- drivers/nvme/host/fc.c | 8 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 8 +- drivers/nvme/host/rdma.c | 14 +- drivers/nvme/host/tcp.c | 16 +- drivers/nvme/target/loop.c | 6 +- drivers/regulator/core.c | 6 + drivers/scsi/scsi_debug.c | 11 +- drivers/scsi/scsi_lib.c | 72 ++- fs/coredump.c | 4 +- fs/ext4/ext4.h | 3 - fs/ext4/extents.c | 182 ++++--- fs/ext4/inline.c | 128 ++--- fs/ext4/inode.c | 485 +++++++++--------- fs/ext4/mmp.c | 2 +- fs/ext4/super.c | 13 +- fs/fcntl.c | 3 +- fs/fhandle.c | 2 +- fs/fs_context.c | 58 ++- fs/hugetlbfs/inode.c | 2 +- fs/internal.h | 2 +- fs/io_uring.c | 52 +- fs/kernel_read_file.c | 2 +- fs/locks.c | 2 +- fs/namei.c | 60 ++- fs/namespace.c | 7 +- fs/nfs/nfstrace.h | 4 - fs/open.c | 4 +- fs/overlayfs/file.c | 16 +- fs/overlayfs/namei.c | 2 + fs/proc/proc_sysctl.c | 2 +- fs/quota/quota_tree.c | 15 + fs/ramfs/inode.c | 11 +- fs/squashfs/super.c | 32 ++ fs/ubifs/commit.c | 4 +- fs/ubifs/debug.c | 112 ++-- fs/ubifs/debug.h | 5 +- fs/ubifs/dir.c | 235 +++++---- fs/ubifs/file.c | 16 +- fs/ubifs/gc.c | 16 +- fs/ubifs/io.c | 71 +-- fs/ubifs/ioctl.c | 2 +- fs/ubifs/journal.c | 55 +- fs/ubifs/master.c | 4 +- fs/ubifs/orphan.c | 6 +- fs/ubifs/recovery.c | 6 +- fs/ubifs/replay.c | 4 +- fs/ubifs/sb.c | 2 +- fs/ubifs/scan.c | 4 +- fs/ubifs/super.c | 2 +- fs/ubifs/tnc.c | 8 +- fs/ubifs/tnc_misc.c | 4 +- fs/ubifs/ubifs.h | 6 +- include/linux/blk-mq.h | 6 + include/linux/blkdev.h | 7 +- include/linux/bpf-cgroup.h | 54 -- include/linux/bpf.h | 45 +- include/linux/cgroup-defs.h | 107 +--- include/linux/cgroup.h | 22 +- include/linux/elevator.h | 3 +- include/linux/fs.h | 9 +- include/linux/fs_context.h | 2 + include/linux/namei.h | 3 - include/linux/page_ext.h | 8 + include/linux/sched.h | 5 + include/linux/topology.h | 1 + include/scsi/scsi_device.h | 1 + init/main.c | 2 + ipc/namespace.c | 2 +- kernel/bpf/helpers.c | 16 +- kernel/bpf/local_storage.c | 3 - kernel/cgroup/cgroup-v1.c | 14 +- kernel/cgroup/cgroup.c | 63 +-- kernel/cgroup/namespace.c | 2 +- kernel/fork.c | 3 + kernel/nsproxy.c | 2 +- kernel/pid_namespace.c | 2 +- kernel/power/swap.c | 5 +- kernel/sched/rt.c | 20 +- kernel/sched/topology.c | 164 ++++-- kernel/signal.c | 2 +- kernel/time/namespace.c | 4 +- kernel/time/posix-timers.c | 4 +- kernel/user_namespace.c | 2 +- kernel/usermode_driver.c | 2 +- mm/hugetlb.c | 20 +- mm/memcontrol.c | 2 +- mm/page_ext.c | 10 +- mm/page_owner.c | 21 +- mm/page_poison.c | 6 +- mm/rmap.c | 9 +- mm/slub.c | 13 +- mm/vmscan.c | 6 +- net/8021q/vlan.c | 4 +- net/bpf/test_run.c | 22 +- net/core/dev.c | 11 + net/core/netclassid_cgroup.c | 7 +- net/core/netprio_cgroup.c | 11 +- net/core/rtnetlink.c | 23 +- security/integrity/ima/ima_kexec.c | 1 + sound/core/timer.c | 4 +- 141 files changed, 1921 insertions(+), 1427 deletions(-) -- 2.25.1

1 75

[PATCH OpenHarmony-5.10] ext4: move inode eio simulation behind io completeion
by yiyuchangchun＠126.com 08 Jan '22

08 Jan '22

From: Zhang Yi <yi.zhang(a)huawei.com> mainline inclusion from mainline-5.15-rc1 commit 0904c9ae3465c7acc066a564a76b75c0af83e6c7 category: bugfix issue: #I4NRS5 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… Signed-off-by: Yu Changchun <yuchangchun1(a)huawei.com> --------------------------- No EIO simulation is required if the buffer is uptodate, so move the simulation behind read bio completeion just like inode/block bitmap simulation does. Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20210826130412.3921207-2-yi.zhang@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reviewed-by: Yang Erkun <yangerkun(a)huawei.com> Signed-off-by: Chen Jun <chenjun102(a)huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai(a)huawei.com> Signed-off-by: Yu Changchun <yuchangchun1(a)huawei.com> --- fs/ext4/inode.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 05ab7b65ea52..9fa1ed48b6b2 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4341,8 +4341,6 @@ static int __ext4_get_inode_loc(struct super_block *sb, unsigned long ino, bh = sb_getblk(sb, block); if (unlikely(!bh)) return -ENOMEM; - if (ext4_simulate_fail(sb, EXT4_SIM_INODE_EIO)) - goto simulate_eio; if (!buffer_uptodate(bh)) { lock_buffer(bh); @@ -4429,8 +4427,8 @@ static int __ext4_get_inode_loc(struct super_block *sb, unsigned long ino, ext4_read_bh_nowait(bh, REQ_META | REQ_PRIO, NULL); blk_finish_plug(&plug); wait_on_buffer(bh); + ext4_simulate_fail_bh(sb, bh, EXT4_SIM_INODE_EIO); if (!buffer_uptodate(bh)) { - simulate_eio: if (ret_block) *ret_block = block; brelse(bh); -- 2.25.1

1 0

[PATCH OpenHarmony-5.10] ext4: move inode eio simulation behind io completeion
by yiyuchangchun＠126.com 08 Jan '22

08 Jan '22

From: Zhang Yi <yi.zhang(a)huawei.com> mainline inclusion from mainline-5.15-rc1 commit 0904c9ae3465c7acc066a564a76b75c0af83e6c7 category: bugfix issue: #I4NRS5 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… Signed-off-by: Yu Changchun <yuchangchun1(a)huawei.com> --------------------------- No EIO simulation is required if the buffer is uptodate, so move the simulation behind read bio completeion just like inode/block bitmap simulation does. Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20210826130412.3921207-2-yi.zhang@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reviewed-by: Yang Erkun <yangerkun(a)huawei.com> Signed-off-by: Chen Jun <chenjun102(a)huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai(a)huawei.com> Signed-off-by: Yu Changchun <yuchangchun1(a)huawei.com> --- fs/ext4/inode.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 05ab7b65ea52..9fa1ed48b6b2 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4341,8 +4341,6 @@ static int __ext4_get_inode_loc(struct super_block *sb, unsigned long ino, bh = sb_getblk(sb, block); if (unlikely(!bh)) return -ENOMEM; - if (ext4_simulate_fail(sb, EXT4_SIM_INODE_EIO)) - goto simulate_eio; if (!buffer_uptodate(bh)) { lock_buffer(bh); @@ -4429,8 +4427,8 @@ static int __ext4_get_inode_loc(struct super_block *sb, unsigned long ino, ext4_read_bh_nowait(bh, REQ_META | REQ_PRIO, NULL); blk_finish_plug(&plug); wait_on_buffer(bh); + ext4_simulate_fail_bh(sb, bh, EXT4_SIM_INODE_EIO); if (!buffer_uptodate(bh)) { - simulate_eio: if (ret_block) *ret_block = block; brelse(bh); -- 2.25.1

1 0