From b9631bb31edc23929454380062d9b0daf8c7c550 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 18 Jun 2020 18:46:39 +0200 Subject: [PATCH] 5.7-stable patches added patches: evm-fix-possible-memory-leak-in-evm_calc_hmac_or_hash.patch ext4-fix-buffer_head-refcnt-leak-when-ext4_iget-fails.patch ext4-fix-error-pointer-dereference.patch ext4-fix-ext_max_extent-index-to-check-for-zeroed-eh_max.patch ext4-fix-race-between-ext4_sync_parent-and-rename.patch ima-call-ima_calc_boot_aggregate-in-ima_eventdigest_init.patch ima-directly-assign-the-ima_default_policy-pointer-to-ima_rules.patch ima-evaluate-error-in-init_ima.patch ima-fix-ima-digest-hash-table-key-calculation.patch ima-remove-__init-annotation-from-ima_pcrread.patch ima-switch-to-ima_hash_algo-for-boot-aggregate.patch mips-cpu_loongson2ef-need-software-to-maintain-cache-consistency.patch mm-call-cond_resched-from-deferred_init_memmap.patch mm-pagealloc.c-call-touch_nmi_watchdog-on-max-order-boundaries-in-deferred-init.patch --- ...memory-leak-in-evm_calc_hmac_or_hash.patch | 34 ++++ ...ead-refcnt-leak-when-ext4_iget-fails.patch | 44 +++++ .../ext4-fix-error-pointer-dereference.patch | 65 +++++++ ...ent-index-to-check-for-zeroed-eh_max.patch | 45 +++++ ...-between-ext4_sync_parent-and-rename.patch | 109 ++++++++++++ ...ot_aggregate-in-ima_eventdigest_init.patch | 111 ++++++++++++ ..._default_policy-pointer-to-ima_rules.patch | 62 +++++++ .../ima-evaluate-error-in-init_ima.patch | 35 ++++ ...ma-digest-hash-table-key-calculation.patch | 54 ++++++ ...e-__init-annotation-from-ima_pcrread.patch | 41 +++++ ...-to-ima_hash_algo-for-boot-aggregate.patch | 163 ++++++++++++++++++ ...ftware-to-maintain-cache-consistency.patch | 33 ++++ ...nd_resched-from-deferred_init_memmap.patch | 83 +++++++++ ...ax-order-boundaries-in-deferred-init.patch | 92 ++++++++++ queue-5.7/series | 14 ++ 15 files changed, 985 insertions(+) create mode 100644 queue-5.7/evm-fix-possible-memory-leak-in-evm_calc_hmac_or_hash.patch create mode 100644 queue-5.7/ext4-fix-buffer_head-refcnt-leak-when-ext4_iget-fails.patch create mode 100644 queue-5.7/ext4-fix-error-pointer-dereference.patch create mode 100644 queue-5.7/ext4-fix-ext_max_extent-index-to-check-for-zeroed-eh_max.patch create mode 100644 queue-5.7/ext4-fix-race-between-ext4_sync_parent-and-rename.patch create mode 100644 queue-5.7/ima-call-ima_calc_boot_aggregate-in-ima_eventdigest_init.patch create mode 100644 queue-5.7/ima-directly-assign-the-ima_default_policy-pointer-to-ima_rules.patch create mode 100644 queue-5.7/ima-evaluate-error-in-init_ima.patch create mode 100644 queue-5.7/ima-fix-ima-digest-hash-table-key-calculation.patch create mode 100644 queue-5.7/ima-remove-__init-annotation-from-ima_pcrread.patch create mode 100644 queue-5.7/ima-switch-to-ima_hash_algo-for-boot-aggregate.patch create mode 100644 queue-5.7/mips-cpu_loongson2ef-need-software-to-maintain-cache-consistency.patch create mode 100644 queue-5.7/mm-call-cond_resched-from-deferred_init_memmap.patch create mode 100644 queue-5.7/mm-pagealloc.c-call-touch_nmi_watchdog-on-max-order-boundaries-in-deferred-init.patch diff --git a/queue-5.7/evm-fix-possible-memory-leak-in-evm_calc_hmac_or_hash.patch b/queue-5.7/evm-fix-possible-memory-leak-in-evm_calc_hmac_or_hash.patch new file mode 100644 index 00000000000..0693dea59a5 --- /dev/null +++ b/queue-5.7/evm-fix-possible-memory-leak-in-evm_calc_hmac_or_hash.patch @@ -0,0 +1,34 @@ +From 0c4395fb2aa77341269ea619c5419ea48171883f Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Tue, 14 Apr 2020 10:01:31 +0200 +Subject: evm: Fix possible memory leak in evm_calc_hmac_or_hash() + +From: Roberto Sassu + +commit 0c4395fb2aa77341269ea619c5419ea48171883f upstream. + +Don't immediately return if the signature is portable and security.ima is +not present. Just set error so that memory allocated is freed before +returning from evm_calc_hmac_or_hash(). + +Fixes: 50b977481fce9 ("EVM: Add support for portable signature format") +Signed-off-by: Roberto Sassu +Cc: stable@vger.kernel.org +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/evm/evm_crypto.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/security/integrity/evm/evm_crypto.c ++++ b/security/integrity/evm/evm_crypto.c +@@ -241,7 +241,7 @@ static int evm_calc_hmac_or_hash(struct + + /* Portable EVM signatures must include an IMA hash */ + if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present) +- return -EPERM; ++ error = -EPERM; + out: + kfree(xattr_value); + kfree(desc); diff --git a/queue-5.7/ext4-fix-buffer_head-refcnt-leak-when-ext4_iget-fails.patch b/queue-5.7/ext4-fix-buffer_head-refcnt-leak-when-ext4_iget-fails.patch new file mode 100644 index 00000000000..b2db90e6b84 --- /dev/null +++ b/queue-5.7/ext4-fix-buffer_head-refcnt-leak-when-ext4_iget-fails.patch @@ -0,0 +1,44 @@ +From 3bbd0ef26098d241dc59ee77ba14b7dab0df0786 Mon Sep 17 00:00:00 2001 +From: Xiyu Yang +Date: Thu, 23 Apr 2020 13:09:27 +0800 +Subject: ext4: fix buffer_head refcnt leak when ext4_iget() fails + +From: Xiyu Yang + +commit 3bbd0ef26098d241dc59ee77ba14b7dab0df0786 upstream. + +ext4_orphan_get() invokes ext4_read_inode_bitmap(), which returns a +reference of the specified buffer_head object to "bitmap_bh" with +increased refcnt. + +When ext4_orphan_get() returns, local variable "bitmap_bh" becomes +invalid, so the refcount should be decreased to keep refcount balanced. + +The reference counting issue happens in one exception handling path of +ext4_orphan_get(). When ext4_iget() fails, the function forgets to +decrease the refcnt increased by ext4_read_inode_bitmap(), causing a +refcnt leak. + +Fix this issue by calling brelse() when ext4_iget() fails. + +Signed-off-by: Xiyu Yang +Signed-off-by: Xin Tan +Cc: stable@kernel.org +Link: https://lore.kernel.org/r/1587618568-13418-1-git-send-email-xiyuyang19@fudan.edu.cn +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/ialloc.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/ext4/ialloc.c ++++ b/fs/ext4/ialloc.c +@@ -1246,6 +1246,7 @@ struct inode *ext4_orphan_get(struct sup + ext4_error_err(sb, -err, + "couldn't read orphan inode %lu (err %d)", + ino, err); ++ brelse(bitmap_bh); + return inode; + } + diff --git a/queue-5.7/ext4-fix-error-pointer-dereference.patch b/queue-5.7/ext4-fix-error-pointer-dereference.patch new file mode 100644 index 00000000000..65a4980cb31 --- /dev/null +++ b/queue-5.7/ext4-fix-error-pointer-dereference.patch @@ -0,0 +1,65 @@ +From 8418897f1bf87da0cb6936489d57a4320c32c0af Mon Sep 17 00:00:00 2001 +From: Jeffle Xu +Date: Thu, 23 Apr 2020 15:46:44 +0800 +Subject: ext4: fix error pointer dereference + +From: Jeffle Xu + +commit 8418897f1bf87da0cb6936489d57a4320c32c0af upstream. + +Don't pass error pointers to brelse(). + +commit 7159a986b420 ("ext4: fix some error pointer dereferences") has fixed +some cases, fix the remaining one case. + +Once ext4_xattr_block_find()->ext4_sb_bread() failed, error pointer is +stored in @bs->bh, which will be passed to brelse() in the cleanup +routine of ext4_xattr_set_handle(). This will then cause a NULL panic +crash in __brelse(). + +BUG: unable to handle kernel NULL pointer dereference at 000000000000005b +RIP: 0010:__brelse+0x1b/0x50 +Call Trace: + ext4_xattr_set_handle+0x163/0x5d0 + ext4_xattr_set+0x95/0x110 + __vfs_setxattr+0x6b/0x80 + __vfs_setxattr_noperm+0x68/0x1b0 + vfs_setxattr+0xa0/0xb0 + setxattr+0x12c/0x1a0 + path_setxattr+0x8d/0xc0 + __x64_sys_setxattr+0x27/0x30 + do_syscall_64+0x60/0x250 + entry_SYSCALL_64_after_hwframe+0x49/0xbe + +In this case, @bs->bh stores '-EIO' actually. + +Fixes: fb265c9cb49e ("ext4: add ext4_sb_bread() to disambiguate ENOMEM cases") +Signed-off-by: Jeffle Xu +Reviewed-by: Joseph Qi +Cc: stable@kernel.org # 2.6.19 +Reviewed-by: Ritesh Harjani +Reviewed-by: Jan Kara +Link: https://lore.kernel.org/r/1587628004-95123-1-git-send-email-jefflexu@linux.alibaba.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/xattr.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -1800,8 +1800,11 @@ ext4_xattr_block_find(struct inode *inod + if (EXT4_I(inode)->i_file_acl) { + /* The inode already has an extended attribute block. */ + bs->bh = ext4_sb_bread(sb, EXT4_I(inode)->i_file_acl, REQ_PRIO); +- if (IS_ERR(bs->bh)) +- return PTR_ERR(bs->bh); ++ if (IS_ERR(bs->bh)) { ++ error = PTR_ERR(bs->bh); ++ bs->bh = NULL; ++ return error; ++ } + ea_bdebug(bs->bh, "b_count=%d, refcount=%d", + atomic_read(&(bs->bh->b_count)), + le32_to_cpu(BHDR(bs->bh)->h_refcount)); diff --git a/queue-5.7/ext4-fix-ext_max_extent-index-to-check-for-zeroed-eh_max.patch b/queue-5.7/ext4-fix-ext_max_extent-index-to-check-for-zeroed-eh_max.patch new file mode 100644 index 00000000000..b760ec93a58 --- /dev/null +++ b/queue-5.7/ext4-fix-ext_max_extent-index-to-check-for-zeroed-eh_max.patch @@ -0,0 +1,45 @@ +From c36a71b4e35ab35340facdd6964a00956b9fef0a Mon Sep 17 00:00:00 2001 +From: Harshad Shirwadkar +Date: Mon, 20 Apr 2020 19:39:59 -0700 +Subject: ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max + +From: Harshad Shirwadkar + +commit c36a71b4e35ab35340facdd6964a00956b9fef0a upstream. + +If eh->eh_max is 0, EXT_MAX_EXTENT/INDEX would evaluate to unsigned +(-1) resulting in illegal memory accesses. Although there is no +consistent repro, we see that generic/019 sometimes crashes because of +this bug. + +Ran gce-xfstests smoke and verified that there were no regressions. + +Signed-off-by: Harshad Shirwadkar +Link: https://lore.kernel.org/r/20200421023959.20879-2-harshadshirwadkar@gmail.com +Signed-off-by: Theodore Ts'o +Cc: stable@kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/ext4_extents.h | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/fs/ext4/ext4_extents.h ++++ b/fs/ext4/ext4_extents.h +@@ -170,10 +170,13 @@ struct partial_cluster { + (EXT_FIRST_EXTENT((__hdr__)) + le16_to_cpu((__hdr__)->eh_entries) - 1) + #define EXT_LAST_INDEX(__hdr__) \ + (EXT_FIRST_INDEX((__hdr__)) + le16_to_cpu((__hdr__)->eh_entries) - 1) +-#define EXT_MAX_EXTENT(__hdr__) \ +- (EXT_FIRST_EXTENT((__hdr__)) + le16_to_cpu((__hdr__)->eh_max) - 1) ++#define EXT_MAX_EXTENT(__hdr__) \ ++ ((le16_to_cpu((__hdr__)->eh_max)) ? \ ++ ((EXT_FIRST_EXTENT((__hdr__)) + le16_to_cpu((__hdr__)->eh_max) - 1)) \ ++ : 0) + #define EXT_MAX_INDEX(__hdr__) \ +- (EXT_FIRST_INDEX((__hdr__)) + le16_to_cpu((__hdr__)->eh_max) - 1) ++ ((le16_to_cpu((__hdr__)->eh_max)) ? \ ++ ((EXT_FIRST_INDEX((__hdr__)) + le16_to_cpu((__hdr__)->eh_max) - 1)) : 0) + + static inline struct ext4_extent_header *ext_inode_hdr(struct inode *inode) + { diff --git a/queue-5.7/ext4-fix-race-between-ext4_sync_parent-and-rename.patch b/queue-5.7/ext4-fix-race-between-ext4_sync_parent-and-rename.patch new file mode 100644 index 00000000000..eb3a741634c --- /dev/null +++ b/queue-5.7/ext4-fix-race-between-ext4_sync_parent-and-rename.patch @@ -0,0 +1,109 @@ +From 08adf452e628b0e2ce9a01048cfbec52353703d7 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Wed, 6 May 2020 11:31:40 -0700 +Subject: ext4: fix race between ext4_sync_parent() and rename() + +From: Eric Biggers + +commit 08adf452e628b0e2ce9a01048cfbec52353703d7 upstream. + +'igrab(d_inode(dentry->d_parent))' without holding dentry->d_lock is +broken because without d_lock, d_parent can be concurrently changed due +to a rename(). Then if the old directory is immediately deleted, old +d_parent->inode can be NULL. That causes a NULL dereference in igrab(). + +To fix this, use dget_parent() to safely grab a reference to the parent +dentry, which pins the inode. This also eliminates the need to use +d_find_any_alias() other than for the initial inode, as we no longer +throw away the dentry at each step. + +This is an extremely hard race to hit, but it is possible. Adding a +udelay() in between the reads of ->d_parent and its ->d_inode makes it +reproducible on a no-journal filesystem using the following program: + + #include + #include + + int main() + { + if (fork()) { + for (;;) { + mkdir("dir1", 0700); + int fd = open("dir1/file", O_RDWR|O_CREAT|O_SYNC); + write(fd, "X", 1); + close(fd); + } + } else { + mkdir("dir2", 0700); + for (;;) { + rename("dir1/file", "dir2/file"); + rmdir("dir1"); + } + } + } + +Fixes: d59729f4e794 ("ext4: fix races in ext4_sync_parent()") +Cc: stable@vger.kernel.org +Signed-off-by: Eric Biggers +Link: https://lore.kernel.org/r/20200506183140.541194-1-ebiggers@kernel.org +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/fsync.c | 28 +++++++++++++--------------- + 1 file changed, 13 insertions(+), 15 deletions(-) + +--- a/fs/ext4/fsync.c ++++ b/fs/ext4/fsync.c +@@ -44,30 +44,28 @@ + */ + static int ext4_sync_parent(struct inode *inode) + { +- struct dentry *dentry = NULL; +- struct inode *next; ++ struct dentry *dentry, *next; + int ret = 0; + + if (!ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) + return 0; +- inode = igrab(inode); ++ dentry = d_find_any_alias(inode); ++ if (!dentry) ++ return 0; + while (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) { + ext4_clear_inode_state(inode, EXT4_STATE_NEWENTRY); +- dentry = d_find_any_alias(inode); +- if (!dentry) +- break; +- next = igrab(d_inode(dentry->d_parent)); ++ ++ next = dget_parent(dentry); + dput(dentry); +- if (!next) +- break; +- iput(inode); +- inode = next; ++ dentry = next; ++ inode = dentry->d_inode; ++ + /* + * The directory inode may have gone through rmdir by now. But + * the inode itself and its blocks are still allocated (we hold +- * a reference to the inode so it didn't go through +- * ext4_evict_inode()) and so we are safe to flush metadata +- * blocks and the inode. ++ * a reference to the inode via its dentry), so it didn't go ++ * through ext4_evict_inode()) and so we are safe to flush ++ * metadata blocks and the inode. + */ + ret = sync_mapping_buffers(inode->i_mapping); + if (ret) +@@ -76,7 +74,7 @@ static int ext4_sync_parent(struct inode + if (ret) + break; + } +- iput(inode); ++ dput(dentry); + return ret; + } + diff --git a/queue-5.7/ima-call-ima_calc_boot_aggregate-in-ima_eventdigest_init.patch b/queue-5.7/ima-call-ima_calc_boot_aggregate-in-ima_eventdigest_init.patch new file mode 100644 index 00000000000..7f3768bb303 --- /dev/null +++ b/queue-5.7/ima-call-ima_calc_boot_aggregate-in-ima_eventdigest_init.patch @@ -0,0 +1,111 @@ +From 6cc7c266e5b47d3cd2b5bb7fd3aac4e6bb2dd1d2 Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Wed, 3 Jun 2020 17:08:21 +0200 +Subject: ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() + +From: Roberto Sassu + +commit 6cc7c266e5b47d3cd2b5bb7fd3aac4e6bb2dd1d2 upstream. + +If the template field 'd' is chosen and the digest to be added to the +measurement entry was not calculated with SHA1 or MD5, it is +recalculated with SHA1, by using the passed file descriptor. However, this +cannot be done for boot_aggregate, because there is no file descriptor. + +This patch adds a call to ima_calc_boot_aggregate() in +ima_eventdigest_init(), so that the digest can be recalculated also for the +boot_aggregate entry. + +Cc: stable@vger.kernel.org # 3.13.x +Fixes: 3ce1217d6cd5d ("ima: define template fields library and new helpers") +Reported-by: Takashi Iwai +Signed-off-by: Roberto Sassu +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/ima/ima.h | 3 ++- + security/integrity/ima/ima_crypto.c | 6 +++--- + security/integrity/ima/ima_init.c | 2 +- + security/integrity/ima/ima_template_lib.c | 18 ++++++++++++++++++ + 4 files changed, 24 insertions(+), 5 deletions(-) + +--- a/security/integrity/ima/ima.h ++++ b/security/integrity/ima/ima.h +@@ -52,6 +52,7 @@ extern int ima_policy_flag; + extern int ima_hash_algo; + extern int ima_appraise; + extern struct tpm_chip *ima_tpm_chip; ++extern const char boot_aggregate_name[]; + + /* IMA event related data */ + struct ima_event_data { +@@ -140,7 +141,7 @@ int ima_calc_buffer_hash(const void *buf + int ima_calc_field_array_hash(struct ima_field_data *field_data, + struct ima_template_desc *desc, int num_fields, + struct ima_digest_data *hash); +-int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); ++int ima_calc_boot_aggregate(struct ima_digest_data *hash); + void ima_add_violation(struct file *file, const unsigned char *filename, + struct integrity_iint_cache *iint, + const char *op, const char *cause); +--- a/security/integrity/ima/ima_crypto.c ++++ b/security/integrity/ima/ima_crypto.c +@@ -665,8 +665,8 @@ static void __init ima_pcrread(u32 idx, + * hash algorithm for reading the TPM PCRs as for calculating the boot + * aggregate digest as stored in the measurement list. + */ +-static int __init ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, +- struct crypto_shash *tfm) ++static int ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, ++ struct crypto_shash *tfm) + { + struct tpm_digest d = { .alg_id = alg_id, .digest = {0} }; + int rc; +@@ -694,7 +694,7 @@ static int __init ima_calc_boot_aggregat + return rc; + } + +-int __init ima_calc_boot_aggregate(struct ima_digest_data *hash) ++int ima_calc_boot_aggregate(struct ima_digest_data *hash) + { + struct crypto_shash *tfm; + u16 crypto_id, alg_id; +--- a/security/integrity/ima/ima_init.c ++++ b/security/integrity/ima/ima_init.c +@@ -19,7 +19,7 @@ + #include "ima.h" + + /* name for boot aggregate entry */ +-static const char boot_aggregate_name[] = "boot_aggregate"; ++const char boot_aggregate_name[] = "boot_aggregate"; + struct tpm_chip *ima_tpm_chip; + + /* Add the boot aggregate to the IMA measurement list and extend +--- a/security/integrity/ima/ima_template_lib.c ++++ b/security/integrity/ima/ima_template_lib.c +@@ -286,6 +286,24 @@ int ima_eventdigest_init(struct ima_even + goto out; + } + ++ if ((const char *)event_data->filename == boot_aggregate_name) { ++ if (ima_tpm_chip) { ++ hash.hdr.algo = HASH_ALGO_SHA1; ++ result = ima_calc_boot_aggregate(&hash.hdr); ++ ++ /* algo can change depending on available PCR banks */ ++ if (!result && hash.hdr.algo != HASH_ALGO_SHA1) ++ result = -EINVAL; ++ ++ if (result < 0) ++ memset(&hash, 0, sizeof(hash)); ++ } ++ ++ cur_digest = hash.hdr.digest; ++ cur_digestsize = hash_digest_size[HASH_ALGO_SHA1]; ++ goto out; ++ } ++ + if (!event_data->file) /* missing info to re-calculate the digest */ + return -EINVAL; + diff --git a/queue-5.7/ima-directly-assign-the-ima_default_policy-pointer-to-ima_rules.patch b/queue-5.7/ima-directly-assign-the-ima_default_policy-pointer-to-ima_rules.patch new file mode 100644 index 00000000000..df824375e32 --- /dev/null +++ b/queue-5.7/ima-directly-assign-the-ima_default_policy-pointer-to-ima_rules.patch @@ -0,0 +1,62 @@ +From 067a436b1b0aafa593344fddd711a755a58afb3b Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Wed, 3 Jun 2020 17:08:20 +0200 +Subject: ima: Directly assign the ima_default_policy pointer to ima_rules + +From: Roberto Sassu + +commit 067a436b1b0aafa593344fddd711a755a58afb3b upstream. + +This patch prevents the following oops: + +[ 10.771813] BUG: kernel NULL pointer dereference, address: 0000000000000 +[...] +[ 10.779790] RIP: 0010:ima_match_policy+0xf7/0xb80 +[...] +[ 10.798576] Call Trace: +[ 10.798993] ? ima_lsm_policy_change+0x2b0/0x2b0 +[ 10.799753] ? inode_init_owner+0x1a0/0x1a0 +[ 10.800484] ? _raw_spin_lock+0x7a/0xd0 +[ 10.801592] ima_must_appraise.part.0+0xb6/0xf0 +[ 10.802313] ? ima_fix_xattr.isra.0+0xd0/0xd0 +[ 10.803167] ima_must_appraise+0x4f/0x70 +[ 10.804004] ima_post_path_mknod+0x2e/0x80 +[ 10.804800] do_mknodat+0x396/0x3c0 + +It occurs when there is a failure during IMA initialization, and +ima_init_policy() is not called. IMA hooks still call ima_match_policy() +but ima_rules is NULL. This patch prevents the crash by directly assigning +the ima_default_policy pointer to ima_rules when ima_rules is defined. This +wouldn't alter the existing behavior, as ima_rules is always set at the end +of ima_init_policy(). + +Cc: stable@vger.kernel.org # 3.7.x +Fixes: 07f6a79415d7d ("ima: add appraise action keywords and default rules") +Reported-by: Takashi Iwai +Signed-off-by: Roberto Sassu +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/ima/ima_policy.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/security/integrity/ima/ima_policy.c ++++ b/security/integrity/ima/ima_policy.c +@@ -204,7 +204,7 @@ static struct ima_rule_entry *arch_polic + static LIST_HEAD(ima_default_rules); + static LIST_HEAD(ima_policy_rules); + static LIST_HEAD(ima_temp_rules); +-static struct list_head *ima_rules; ++static struct list_head *ima_rules = &ima_default_rules; + + /* Pre-allocated buffer used for matching keyrings. */ + static char *ima_keyrings; +@@ -765,7 +765,6 @@ void __init ima_init_policy(void) + ARRAY_SIZE(default_appraise_rules), + IMA_DEFAULT_POLICY); + +- ima_rules = &ima_default_rules; + ima_update_policy_flag(); + } + diff --git a/queue-5.7/ima-evaluate-error-in-init_ima.patch b/queue-5.7/ima-evaluate-error-in-init_ima.patch new file mode 100644 index 00000000000..829eb26043e --- /dev/null +++ b/queue-5.7/ima-evaluate-error-in-init_ima.patch @@ -0,0 +1,35 @@ +From e144d6b265415ddbdc54b3f17f4f95133effa5a8 Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Wed, 25 Mar 2020 11:47:07 +0100 +Subject: ima: Evaluate error in init_ima() + +From: Roberto Sassu + +commit e144d6b265415ddbdc54b3f17f4f95133effa5a8 upstream. + +Evaluate error in init_ima() before register_blocking_lsm_notifier() and +return if not zero. + +Cc: stable@vger.kernel.org # 5.3.x +Fixes: b16942455193 ("ima: use the lsm policy update notifier") +Signed-off-by: Roberto Sassu +Reviewed-by: James Morris +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/ima/ima_main.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/security/integrity/ima/ima_main.c ++++ b/security/integrity/ima/ima_main.c +@@ -792,6 +792,9 @@ static int __init init_ima(void) + error = ima_init(); + } + ++ if (error) ++ return error; ++ + error = register_blocking_lsm_notifier(&ima_lsm_policy_notifier); + if (error) + pr_warn("Couldn't register LSM notifier, error %d\n", error); diff --git a/queue-5.7/ima-fix-ima-digest-hash-table-key-calculation.patch b/queue-5.7/ima-fix-ima-digest-hash-table-key-calculation.patch new file mode 100644 index 00000000000..d67fbed76b9 --- /dev/null +++ b/queue-5.7/ima-fix-ima-digest-hash-table-key-calculation.patch @@ -0,0 +1,54 @@ +From 1129d31b55d509f15e72dc68e4b5c3a4d7b4da8d Mon Sep 17 00:00:00 2001 +From: Krzysztof Struczynski +Date: Tue, 28 Apr 2020 09:30:10 +0200 +Subject: ima: Fix ima digest hash table key calculation + +From: Krzysztof Struczynski + +commit 1129d31b55d509f15e72dc68e4b5c3a4d7b4da8d upstream. + +Function hash_long() accepts unsigned long, while currently only one byte +is passed from ima_hash_key(), which calculates a key for ima_htable. + +Given that hashing the digest does not give clear benefits compared to +using the digest itself, remove hash_long() and return the modulus +calculated on the first two bytes of the digest with the number of slots. +Also reduce the depth of the hash table by doubling the number of slots. + +Cc: stable@vger.kernel.org +Fixes: 3323eec921ef ("integrity: IMA as an integrity service provider") +Co-developed-by: Roberto Sassu +Signed-off-by: Roberto Sassu +Signed-off-by: Krzysztof Struczynski +Acked-by: David.Laight@aculab.com (big endian system concerns) +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/ima/ima.h | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/security/integrity/ima/ima.h ++++ b/security/integrity/ima/ima.h +@@ -36,7 +36,7 @@ enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = + #define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE + #define IMA_EVENT_NAME_LEN_MAX 255 + +-#define IMA_HASH_BITS 9 ++#define IMA_HASH_BITS 10 + #define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS) + + #define IMA_TEMPLATE_FIELD_ID_MAX_LEN 16 +@@ -175,9 +175,10 @@ struct ima_h_table { + }; + extern struct ima_h_table ima_htable; + +-static inline unsigned long ima_hash_key(u8 *digest) ++static inline unsigned int ima_hash_key(u8 *digest) + { +- return hash_long(*digest, IMA_HASH_BITS); ++ /* there is no point in taking a hash of part of a digest */ ++ return (digest[0] | digest[1] << 8) % IMA_MEASURE_HTABLE_SIZE; + } + + #define __ima_hooks(hook) \ diff --git a/queue-5.7/ima-remove-__init-annotation-from-ima_pcrread.patch b/queue-5.7/ima-remove-__init-annotation-from-ima_pcrread.patch new file mode 100644 index 00000000000..012a7183530 --- /dev/null +++ b/queue-5.7/ima-remove-__init-annotation-from-ima_pcrread.patch @@ -0,0 +1,41 @@ +From 8b8c704d913b0fe490af370631a4200e26334ec0 Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Sun, 7 Jun 2020 23:00:29 +0200 +Subject: ima: Remove __init annotation from ima_pcrread() + +From: Roberto Sassu + +commit 8b8c704d913b0fe490af370631a4200e26334ec0 upstream. + +Commit 6cc7c266e5b4 ("ima: Call ima_calc_boot_aggregate() in +ima_eventdigest_init()") added a call to ima_calc_boot_aggregate() so that +the digest can be recalculated for the boot_aggregate measurement entry if +the 'd' template field has been requested. For the 'd' field, only SHA1 and +MD5 digests are accepted. + +Given that ima_eventdigest_init() does not have the __init annotation, all +functions called should not have it. This patch removes __init from +ima_pcrread(). + +Cc: stable@vger.kernel.org +Fixes: 6cc7c266e5b4 ("ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()") +Reported-by: Linus Torvalds +Signed-off-by: Roberto Sassu +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/ima/ima_crypto.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/security/integrity/ima/ima_crypto.c ++++ b/security/integrity/ima/ima_crypto.c +@@ -645,7 +645,7 @@ int ima_calc_buffer_hash(const void *buf + return calc_buffer_shash(buf, len, hash); + } + +-static void __init ima_pcrread(u32 idx, struct tpm_digest *d) ++static void ima_pcrread(u32 idx, struct tpm_digest *d) + { + if (!ima_tpm_chip) + return; diff --git a/queue-5.7/ima-switch-to-ima_hash_algo-for-boot-aggregate.patch b/queue-5.7/ima-switch-to-ima_hash_algo-for-boot-aggregate.patch new file mode 100644 index 00000000000..2d1bd2930f8 --- /dev/null +++ b/queue-5.7/ima-switch-to-ima_hash_algo-for-boot-aggregate.patch @@ -0,0 +1,163 @@ +From 6f1a1d103b48b1533a9c804e7a069e2c8e937ce7 Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Wed, 25 Mar 2020 11:47:06 +0100 +Subject: ima: Switch to ima_hash_algo for boot aggregate + +From: Roberto Sassu + +commit 6f1a1d103b48b1533a9c804e7a069e2c8e937ce7 upstream. + +boot_aggregate is the first entry of IMA measurement list. Its purpose is +to link pre-boot measurements to IMA measurements. As IMA was designed to +work with a TPM 1.2, the SHA1 PCR bank was always selected even if a +TPM 2.0 with support for stronger hash algorithms is available. + +This patch first tries to find a PCR bank with the IMA default hash +algorithm. If it does not find it, it selects the SHA256 PCR bank for +TPM 2.0 and SHA1 for TPM 1.2. Ultimately, it selects SHA1 also for TPM 2.0 +if the SHA256 PCR bank is not found. + +If none of the PCR banks above can be found, boot_aggregate file digest is +filled with zeros, as for TPM bypass, making it impossible to perform a +remote attestation of the system. + +Cc: stable@vger.kernel.org # 5.1.x +Fixes: 879b589210a9 ("tpm: retrieve digest size of unknown algorithms with PCR read") +Reported-by: Jerry Snitselaar +Suggested-by: James Bottomley +Signed-off-by: Roberto Sassu +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/ima/ima_crypto.c | 47 +++++++++++++++++++++++++++++++----- + security/integrity/ima/ima_init.c | 20 ++++++++++++--- + 2 files changed, 57 insertions(+), 10 deletions(-) + +--- a/security/integrity/ima/ima_crypto.c ++++ b/security/integrity/ima/ima_crypto.c +@@ -655,18 +655,29 @@ static void __init ima_pcrread(u32 idx, + } + + /* +- * Calculate the boot aggregate hash ++ * The boot_aggregate is a cumulative hash over TPM registers 0 - 7. With ++ * TPM 1.2 the boot_aggregate was based on reading the SHA1 PCRs, but with ++ * TPM 2.0 hash agility, TPM chips could support multiple TPM PCR banks, ++ * allowing firmware to configure and enable different banks. ++ * ++ * Knowing which TPM bank is read to calculate the boot_aggregate digest ++ * needs to be conveyed to a verifier. For this reason, use the same ++ * hash algorithm for reading the TPM PCRs as for calculating the boot ++ * aggregate digest as stored in the measurement list. + */ +-static int __init ima_calc_boot_aggregate_tfm(char *digest, ++static int __init ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, + struct crypto_shash *tfm) + { +- struct tpm_digest d = { .alg_id = TPM_ALG_SHA1, .digest = {0} }; ++ struct tpm_digest d = { .alg_id = alg_id, .digest = {0} }; + int rc; + u32 i; + SHASH_DESC_ON_STACK(shash, tfm); + + shash->tfm = tfm; + ++ pr_devel("calculating the boot-aggregate based on TPM bank: %04x\n", ++ d.alg_id); ++ + rc = crypto_shash_init(shash); + if (rc != 0) + return rc; +@@ -675,7 +686,8 @@ static int __init ima_calc_boot_aggregat + for (i = TPM_PCR0; i < TPM_PCR8; i++) { + ima_pcrread(i, &d); + /* now accumulate with current aggregate */ +- rc = crypto_shash_update(shash, d.digest, TPM_DIGEST_SIZE); ++ rc = crypto_shash_update(shash, d.digest, ++ crypto_shash_digestsize(tfm)); + } + if (!rc) + crypto_shash_final(shash, digest); +@@ -685,14 +697,37 @@ static int __init ima_calc_boot_aggregat + int __init ima_calc_boot_aggregate(struct ima_digest_data *hash) + { + struct crypto_shash *tfm; +- int rc; ++ u16 crypto_id, alg_id; ++ int rc, i, bank_idx = -1; ++ ++ for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) { ++ crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id; ++ if (crypto_id == hash->algo) { ++ bank_idx = i; ++ break; ++ } ++ ++ if (crypto_id == HASH_ALGO_SHA256) ++ bank_idx = i; ++ ++ if (bank_idx == -1 && crypto_id == HASH_ALGO_SHA1) ++ bank_idx = i; ++ } ++ ++ if (bank_idx == -1) { ++ pr_err("No suitable TPM algorithm for boot aggregate\n"); ++ return 0; ++ } ++ ++ hash->algo = ima_tpm_chip->allocated_banks[bank_idx].crypto_id; + + tfm = ima_alloc_tfm(hash->algo); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + hash->length = crypto_shash_digestsize(tfm); +- rc = ima_calc_boot_aggregate_tfm(hash->digest, tfm); ++ alg_id = ima_tpm_chip->allocated_banks[bank_idx].alg_id; ++ rc = ima_calc_boot_aggregate_tfm(hash->digest, alg_id, tfm); + + ima_free_tfm(tfm); + +--- a/security/integrity/ima/ima_init.c ++++ b/security/integrity/ima/ima_init.c +@@ -25,7 +25,7 @@ struct tpm_chip *ima_tpm_chip; + /* Add the boot aggregate to the IMA measurement list and extend + * the PCR register. + * +- * Calculate the boot aggregate, a SHA1 over tpm registers 0-7, ++ * Calculate the boot aggregate, a hash over tpm registers 0-7, + * assuming a TPM chip exists, and zeroes if the TPM chip does not + * exist. Add the boot aggregate measurement to the measurement + * list and extend the PCR register. +@@ -49,15 +49,27 @@ static int __init ima_add_boot_aggregate + int violation = 0; + struct { + struct ima_digest_data hdr; +- char digest[TPM_DIGEST_SIZE]; ++ char digest[TPM_MAX_DIGEST_SIZE]; + } hash; + + memset(iint, 0, sizeof(*iint)); + memset(&hash, 0, sizeof(hash)); + iint->ima_hash = &hash.hdr; +- iint->ima_hash->algo = HASH_ALGO_SHA1; +- iint->ima_hash->length = SHA1_DIGEST_SIZE; ++ iint->ima_hash->algo = ima_hash_algo; ++ iint->ima_hash->length = hash_digest_size[ima_hash_algo]; + ++ /* ++ * With TPM 2.0 hash agility, TPM chips could support multiple TPM ++ * PCR banks, allowing firmware to configure and enable different ++ * banks. The SHA1 bank is not necessarily enabled. ++ * ++ * Use the same hash algorithm for reading the TPM PCRs as for ++ * calculating the boot aggregate digest. Preference is given to ++ * the configured IMA default hash algorithm. Otherwise, use the ++ * TCG required banks - SHA256 for TPM 2.0, SHA1 for TPM 1.2. ++ * Ultimately select SHA1 also for TPM 2.0 if the SHA256 PCR bank ++ * is not found. ++ */ + if (ima_tpm_chip) { + result = ima_calc_boot_aggregate(&hash.hdr); + if (result < 0) { diff --git a/queue-5.7/mips-cpu_loongson2ef-need-software-to-maintain-cache-consistency.patch b/queue-5.7/mips-cpu_loongson2ef-need-software-to-maintain-cache-consistency.patch new file mode 100644 index 00000000000..96455327726 --- /dev/null +++ b/queue-5.7/mips-cpu_loongson2ef-need-software-to-maintain-cache-consistency.patch @@ -0,0 +1,33 @@ +From a202bf71f08b3ef15356db30535e30b03cf23aec Mon Sep 17 00:00:00 2001 +From: Lichao Liu +Date: Thu, 28 May 2020 09:10:31 +0800 +Subject: MIPS: CPU_LOONGSON2EF need software to maintain cache consistency + +From: Lichao Liu + +commit a202bf71f08b3ef15356db30535e30b03cf23aec upstream. + +CPU_LOONGSON2EF need software to maintain cache consistency, +so modify the 'cpu_needs_post_dma_flush' function to return true +when the cpu type is CPU_LOONGSON2EF. + +Cc: stable@vger.kernel.org +Signed-off-by: Lichao Liu +Reviewed-by: Jiaxun Yang +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/mm/dma-noncoherent.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/mips/mm/dma-noncoherent.c ++++ b/arch/mips/mm/dma-noncoherent.c +@@ -33,6 +33,7 @@ static inline bool cpu_needs_post_dma_fl + case CPU_R10000: + case CPU_R12000: + case CPU_BMIPS5000: ++ case CPU_LOONGSON2EF: + return true; + default: + /* diff --git a/queue-5.7/mm-call-cond_resched-from-deferred_init_memmap.patch b/queue-5.7/mm-call-cond_resched-from-deferred_init_memmap.patch new file mode 100644 index 00000000000..7ee58101993 --- /dev/null +++ b/queue-5.7/mm-call-cond_resched-from-deferred_init_memmap.patch @@ -0,0 +1,83 @@ +From da97f2d56bbd880b4138916a7ef96f9881a551b2 Mon Sep 17 00:00:00 2001 +From: Pavel Tatashin +Date: Wed, 3 Jun 2020 15:59:27 -0700 +Subject: mm: call cond_resched() from deferred_init_memmap() + +From: Pavel Tatashin + +commit da97f2d56bbd880b4138916a7ef96f9881a551b2 upstream. + +Now that deferred pages are initialized with interrupts enabled we can +replace touch_nmi_watchdog() with cond_resched(), as it was before +3a2d7fa8a3d5. + +For now, we cannot do the same in deferred_grow_zone() as it is still +initializes pages with interrupts disabled. + +This change fixes RCU problem described in +https://lkml.kernel.org/r/20200401104156.11564-2-david@redhat.com + +[ 60.474005] rcu: INFO: rcu_sched detected stalls on CPUs/tasks: +[ 60.475000] rcu: 1-...0: (0 ticks this GP) idle=02a/1/0x4000000000000000 softirq=1/1 fqs=15000 +[ 60.475000] rcu: (detected by 0, t=60002 jiffies, g=-1199, q=1) +[ 60.475000] Sending NMI from CPU 0 to CPUs 1: +[ 1.760091] NMI backtrace for cpu 1 +[ 1.760091] CPU: 1 PID: 20 Comm: pgdatinit0 Not tainted 4.18.0-147.9.1.el8_1.x86_64 #1 +[ 1.760091] Hardware name: Red Hat KVM, BIOS 1.13.0-1.module+el8.2.0+5520+4e5817f3 04/01/2014 +[ 1.760091] RIP: 0010:__init_single_page.isra.65+0x10/0x4f +[ 1.760091] Code: 48 83 cf 63 48 89 f8 0f 1f 40 00 48 89 c6 48 89 d7 e8 6b 18 80 ff 66 90 5b c3 31 c0 b9 10 00 00 00 49 89 f8 48 c1 e6 33 f3 ab 07 00 00 00 48 c1 e2 36 41 c7 40 34 01 00 00 00 48 c1 e0 33 41 +[ 1.760091] RSP: 0000:ffffba783123be40 EFLAGS: 00000006 +[ 1.760091] RAX: 0000000000000000 RBX: fffffad34405e300 RCX: 0000000000000000 +[ 1.760091] RDX: 0000000000000000 RSI: 0010000000000000 RDI: fffffad34405e340 +[ 1.760091] RBP: 0000000033f3177e R08: fffffad34405e300 R09: 0000000000000002 +[ 1.760091] R10: 000000000000002b R11: ffff98afb691a500 R12: 0000000000000002 +[ 1.760091] R13: 0000000000000000 R14: 000000003f03ea00 R15: 000000003e10178c +[ 1.760091] FS: 0000000000000000(0000) GS:ffff9c9ebeb00000(0000) knlGS:0000000000000000 +[ 1.760091] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 1.760091] CR2: 00000000ffffffff CR3: 000000a1cf20a001 CR4: 00000000003606e0 +[ 1.760091] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 1.760091] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 1.760091] Call Trace: +[ 1.760091] deferred_init_pages+0x8f/0xbf +[ 1.760091] deferred_init_memmap+0x184/0x29d +[ 1.760091] ? deferred_free_pages.isra.97+0xba/0xba +[ 1.760091] kthread+0x112/0x130 +[ 1.760091] ? kthread_flush_work_fn+0x10/0x10 +[ 1.760091] ret_from_fork+0x35/0x40 +[ 89.123011] node 0 initialised, 1055935372 pages in 88650ms + +Fixes: 3a2d7fa8a3d5 ("mm: disable interrupts while initializing deferred pages") +Reported-by: Yiqian Wei +Signed-off-by: Pavel Tatashin +Signed-off-by: Andrew Morton +Tested-by: David Hildenbrand +Reviewed-by: Daniel Jordan +Reviewed-by: David Hildenbrand +Reviewed-by: Pankaj Gupta +Acked-by: Michal Hocko +Cc: Dan Williams +Cc: James Morris +Cc: Kirill Tkhai +Cc: Sasha Levin +Cc: Shile Zhang +Cc: Vlastimil Babka +Cc: [4.17+] +Link: http://lkml.kernel.org/r/20200403140952.17177-4-pasha.tatashin@soleen.com +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/page_alloc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -1869,7 +1869,7 @@ static int __init deferred_init_memmap(v + */ + while (spfn < epfn) { + nr_pages += deferred_init_maxorder(&i, zone, &spfn, &epfn); +- touch_nmi_watchdog(); ++ cond_resched(); + } + zone_empty: + /* Sanity check that the next zone really is unpopulated */ diff --git a/queue-5.7/mm-pagealloc.c-call-touch_nmi_watchdog-on-max-order-boundaries-in-deferred-init.patch b/queue-5.7/mm-pagealloc.c-call-touch_nmi_watchdog-on-max-order-boundaries-in-deferred-init.patch new file mode 100644 index 00000000000..f43f4c9eeb3 --- /dev/null +++ b/queue-5.7/mm-pagealloc.c-call-touch_nmi_watchdog-on-max-order-boundaries-in-deferred-init.patch @@ -0,0 +1,92 @@ +From 117003c32771df617acf66e140fbdbdeb0ac71f5 Mon Sep 17 00:00:00 2001 +From: Daniel Jordan +Date: Wed, 3 Jun 2020 15:59:20 -0700 +Subject: mm/pagealloc.c: call touch_nmi_watchdog() on max order boundaries in deferred init + +From: Daniel Jordan + +commit 117003c32771df617acf66e140fbdbdeb0ac71f5 upstream. + +Patch series "initialize deferred pages with interrupts enabled", v4. + +Keep interrupts enabled during deferred page initialization in order to +make code more modular and allow jiffies to update. + +Original approach, and discussion can be found here: + http://lkml.kernel.org/r/20200311123848.118638-1-shile.zhang@linux.alibaba.com + +This patch (of 3): + +deferred_init_memmap() disables interrupts the entire time, so it calls +touch_nmi_watchdog() periodically to avoid soft lockup splats. Soon it +will run with interrupts enabled, at which point cond_resched() should be +used instead. + +deferred_grow_zone() makes the same watchdog calls through code shared +with deferred init but will continue to run with interrupts disabled, so +it can't call cond_resched(). + +Pull the watchdog calls up to these two places to allow the first to be +changed later, independently of the second. The frequency reduces from +twice per pageblock (init and free) to once per max order block. + +Fixes: 3a2d7fa8a3d5 ("mm: disable interrupts while initializing deferred pages") +Signed-off-by: Daniel Jordan +Signed-off-by: Pavel Tatashin +Signed-off-by: Andrew Morton +Reviewed-by: David Hildenbrand +Acked-by: Michal Hocko +Acked-by: Vlastimil Babka +Cc: Dan Williams +Cc: Shile Zhang +Cc: Kirill Tkhai +Cc: James Morris +Cc: Sasha Levin +Cc: Yiqian Wei +Cc: [4.17+] +Link: http://lkml.kernel.org/r/20200403140952.17177-2-pasha.tatashin@soleen.com +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/page_alloc.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -1692,7 +1692,6 @@ static void __init deferred_free_pages(u + } else if (!(pfn & nr_pgmask)) { + deferred_free_range(pfn - nr_free, nr_free); + nr_free = 1; +- touch_nmi_watchdog(); + } else { + nr_free++; + } +@@ -1722,7 +1721,6 @@ static unsigned long __init deferred_in + continue; + } else if (!page || !(pfn & nr_pgmask)) { + page = pfn_to_page(pfn); +- touch_nmi_watchdog(); + } else { + page++; + } +@@ -1869,8 +1867,10 @@ static int __init deferred_init_memmap(v + * that we can avoid introducing any issues with the buddy + * allocator. + */ +- while (spfn < epfn) ++ while (spfn < epfn) { + nr_pages += deferred_init_maxorder(&i, zone, &spfn, &epfn); ++ touch_nmi_watchdog(); ++ } + zone_empty: + /* Sanity check that the next zone really is unpopulated */ + WARN_ON(++zid < MAX_NR_ZONES && populated_zone(++zone)); +@@ -1941,6 +1941,7 @@ deferred_grow_zone(struct zone *zone, un + first_deferred_pfn = spfn; + + nr_pages += deferred_init_maxorder(&i, zone, &spfn, &epfn); ++ touch_nmi_watchdog(); + + /* We should only stop along section boundaries */ + if ((first_deferred_pfn ^ spfn) < PAGES_PER_SECTION) diff --git a/queue-5.7/series b/queue-5.7/series index 9dd89b4c435..0a89f5674fe 100644 --- a/queue-5.7/series +++ b/queue-5.7/series @@ -267,3 +267,17 @@ btrfs-fix-space_info-bytes_may_use-underflow-during-space-cache-writeout.patch powerpc-mm-fix-conditions-to-perform-mmu-specific-management-by-blocks-on-ppc32.patch mm-thp-make-the-thp-mapcount-atomic-against-__split_huge_pmd_locked.patch mm-initialize-deferred-pages-with-interrupts-enabled.patch +mips-cpu_loongson2ef-need-software-to-maintain-cache-consistency.patch +mm-pagealloc.c-call-touch_nmi_watchdog-on-max-order-boundaries-in-deferred-init.patch +mm-call-cond_resched-from-deferred_init_memmap.patch +ima-fix-ima-digest-hash-table-key-calculation.patch +ima-switch-to-ima_hash_algo-for-boot-aggregate.patch +ima-evaluate-error-in-init_ima.patch +ima-directly-assign-the-ima_default_policy-pointer-to-ima_rules.patch +ima-call-ima_calc_boot_aggregate-in-ima_eventdigest_init.patch +ima-remove-__init-annotation-from-ima_pcrread.patch +evm-fix-possible-memory-leak-in-evm_calc_hmac_or_hash.patch +ext4-fix-ext_max_extent-index-to-check-for-zeroed-eh_max.patch +ext4-fix-buffer_head-refcnt-leak-when-ext4_iget-fails.patch +ext4-fix-error-pointer-dereference.patch +ext4-fix-race-between-ext4_sync_parent-and-rename.patch -- 2.47.3