RISC-V Linux 内核及周边技术动态第 80 期

时间：20240225
编辑：晓怡
仓库：RISC-V Linux 内核技术调研活动
赞助：PLCT Lab, ISCAS

内核动态

RISC-V 架构支持

v2: RISC-V: enable rust

Now with a patch to disable RUST if CFI_CLANG is enabled. I’ve also intentionally not turned on the gcc support, as discussed on v1.

As this was lifted from the state of the Rust-for-Linux tree, the commit messages from there cannot be preserved, so these patches have commit messages that I wrote.

v3: RISC-V: Ignore V from the riscv,isa DT property on older T-Head CPUs

Before attempting to support the pre-ratification version of vector found on older T-Head CPUs, disallow “v” in riscv,isa on these platforms. The deprecated property has no clear way to communicate the specific version of vector that is supported and much of the vendor provided software puts “v” in the isa string. riscv,isa-extensions should be used instead. This should not be too much of a burden for these systems, as the vendor shipped devicetrees and firmware do not work with a mainline kernel and will require updating.

v3: riscv: pwm: sophgo: add pwm support for CV1800

The Sophgo CV1800 chip provides a set of four independent PWM channel outputs. This series adds PWM controller support for Sophgo cv1800.

v9: KVM: selftests: Add SEV and SEV-ES smoke tests

Add basic SEV and SEV-ES smoke tests. Unlike the intra-host migration tests, this one actually runs a small chunk of code in the guest.

Unless anyone strongly objects to the quick and dirty approach I’ve taken for SEV-ES, I’ll get all of this queued for 6.9 soon-ish.

v1: Introduce support for hardware break/watchpoints

This patchset adds support of hardware breakpoints and watchpoints in RISC-V architecture. The framework is built on top of perf subsystem and SBI debug trigger extension.

v14: Linux RISC-V AIA Support

The RISC-V AIA specification is ratified as-per the RISC-V international process. The latest ratified AIA specifcation can be found at: https://github.com/riscv/riscv-aia/releases/download/1.0/riscv-interrupts-1.0.pdf

v9: Support Andes PMU extension

This patch series introduces the Andes PMU extension, which serves the same purpose as Sscofpmf and Smcntrpmf. Its non-standard local interrupt is assigned to bit 18 in the custom S-mode local interrupt enable and pending registers (slie/slip), while the interrupt cause is (256 + 18).

v9: Change PWM-controlled LED pin active mode and algorithm

According to the circuit diagram of User LEDs - RGB described in the manual hifive-unleashed-a00.pdf[0] and hifive-unmatched-schematics-v3.pdf[1].

The behavior of PWM is acitve-high.

进程调度

v2: sched: blk: Handle HMP systems when completing IO

Due to recent changes in how topology is represented on asymmetric multi processing systems like big.LITTLE where all cpus share the last LLC, there is a performance regression as cpus with different compute capacities appear under the same LLC and we no longer send an IPI when the requester is running on a different cluster with different compute capacity.

v7: sched/fair: Check a task has a fitting cpu when updating misfit

If a misfit task is affined to a subset of the possible cpus, we need to verify that one of these cpus can fit it. Otherwise the load balancer code will continuously trigger needlessly leading the balance_interval to increase in return and eventually end up with a situation where real imbalances take a long time to address because of this impossible imbalance situation.

v1: sched: Add trace_sched_waking() tracepoint to sched_ttwu_pending()

Zimuzo reported seeing occasional cases in perfetto traces where tasks went from sleeping directly to trace_sched_wakeup() without always seeing a trace_sched_waking().

内存管理

v1: mm: Add reclaim type to memory.reclaim

In our container environment, we’ve observed that certain containers may accumulate more than 40GB of slabs, predominantly negative dentries. These negative dentries remain unreclaimed unless there is memory pressure. Even after the containers exit, these negative dentries persist. To manage disk storage efficiently, we employ an agent that identifies container images eligible for destruction once all instances of that image exit.

v12: mm/gup: Introduce memfd_pin_folios() for pinning memfd folios

Currently, some drivers (e.g, Udmabuf) that want to longterm-pin the pages/folios associated with a memfd, do so by simply taking a reference on them. This is not desirable because the pages/folios may reside in Movable zone or CMA block.

v2: x86: disable non-instrumented version of copy_page when KMSAN is enabled

I found that commit afb2d666d025 (“zsmalloc: use copy_page for full page copy”) caused a false-positive KMSAN warning.

Patch “memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()” has been added to the 5.4-stable tree

This is a note to let you know that I’ve just added the patch titled

memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()

to the 5.4-stable tree which can be found at:http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

Patch “memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()” has been added to the 4.19-stable tree

This is a note to let you know that I’ve just added the patch titled

memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()

to the 4.19-stable tree which can be found at:http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

v7: memory: scrub: introduce subsystem + CXL/ACPI-RAS2 drivers

‘Previously known as: cxl: Add support for CXL feature commands,CXL device patrol scrub control and DDR5 ECS control features’ https://lore.kernel.org/lkml/20240215111455.1462-1-shiju.jose@huawei.com/

v5: mm/vmalloc: lock contention optimization under multi-threading

When allocating a new memory area where the mapping address range is known, it is observed that the vmap_area lock is acquired twice. The first acquisition occurs in the alloc_vmap_area() function when inserting the vm area into the vm mapping red-black tree. The second acquisition occurs in the setup_vmalloc_vm() function when updating the properties of the vm, such as flags and address, etc.

v1: mm: madvise: pageout: ignore references rather than clearing young

While doing MADV_PAGEOUT, the current code will clear PTE young so that vmscan won’t read young flags to allow the reclamation of madvised folios to go ahead. It seems we can do it by directly ignoring references, thus we can remove tlb flush in madvise and rmap overhead in vmscan.

v1: mm: unify default compressor algorithm for zram/zswap

Both zram and zswap are used to reduce memory usage by compressing cold page, a default compressor algorithm is selected from kinds of compressor algorithm as the default one from very similar Kconfig, also both of them could change the algorithm by sysfs interfaces, so unify the default compressor algorithm to cleanup the default algorithm chosen.

v17: Drivers for Gunyah hypervisor

Gunyah is a Type-1 hypervisor independent of any high-level OS kernel, and runs in a higher CPU privilege level. It does not depend on any lower-privileged OS kernel/code for its core functionality. This increases its security and can support a much smaller trusted computing base than a Type-2 hypervisor. Gunyah is designed for isolated virtual machine use cases and to support launching trusted+isolated virtual machines from a relatively less trusted host virtual machine.

v2: Add log related mailbox commands

Add support to expose following mailbox commands to userspace for clearing and populating the Vendor debug log and Component State dump log in certain scenarios, allowing for the aggregation of results over time.

v6: hugetlb: parallelize hugetlb page init on boot

This version is tested on mm/mm-stable.

Since the release of v5, there have been some scattered discussions, they have primarily centered around two issues. Both of these issues have now been resolved, leading to the release of v6.

v1: mm, thp: display [never] for defrag when THP is set to never

When transparent_hugepage is set to never by cmdline or echo, defrag still show what it used to be and can be modified which makes user confusing whether defrag would take effect.

v2: Fast kernel headers: split linux/mm.h

This patch set aims to clean up the linux/mm.h header and reduce dependencies on it by moving parts out.

v1: mm/page_alloc: Make check_new_page return bool

Make check_new_page return bool like check_new_pages

v2: mm, vmscan: don’t turn on cache_trim_mode at high scan priorities

v2: stable: memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()

commit 1a3e1f40962c445b997151a542314f3c6097f8c3 upstream.

NOTE: This is a partial backport since we only need the refcnt between memcg and stock to fix the problem stated below, and in this way multiple versions use the same code and align with each other.

文件系统

v1: bcachefs disk accounting rewrite

here it is; the disk accounting rewrite I’ve been talking about since forever.

git link: https://evilpiepirate.org/git/bcachefs.git/log/?h=bcachefs-disk-accounting-rewrite

v1: Introduce the famfs shared-memory file system

This patch set introduces famfs[1] - a special-purpose fs-dax file system for sharable disaggregated or fabric-attached memory (FAM). Famfs is not CXL-specific in anyway way.

v2: sysctl: treewide: constify ctl_table_root::permissions

The permissions callback is not supposed to modify the ctl_table. Enforce this expectation via the typesystem.

v1: Rosebush, a new hash table

Rosebush is a resizing, scalable, cache-aware, RCU optimised hash table. I’ve written a load of documentation about how it works, mostly in Documentation/core-api/rosebush.rst but some is dotted through the rosebush.c file too.

v1: fat: ignore .. subdir and always add a link to dirs

The tools used for creating images for the Lego Mindstrom EV3 are not adding ‘.’ and ‘..’ entry in the ‘Projects’ directory.

Without this fix, the kernel can not fill the inode structure for ‘Projects’ directory.

See https://github.com/microsoft/pxt-ev3/issues/980 And https://github.com/microsoft/uf2-linux/issues/6

v1: vfs: always log mount API fs context messages to dmesg

As filesystems are converted to the new mount API, informational messages, errors, and warnings are being routed through infof, errorf, and warnf type functions provided by the mount API, which places these messages in the log buffer associated with the filesystem context rather than in the kernel log / dmesg.

v1: pidfd: make pidfs_dentry_operations static

The pidfs_dentry_operations are not used outside the file pidfs.c, so the modification is defined as static.

fs/pidfs.c:175:32: warning: symbol ‘pidfs_dentry_operations’ was not declared. Should it be static?

v1: sysctl: move sysctl type to ctl_table_header

Praparation series to enable constification of struct ctl_table further down the line. No functional changes are intended.

These changes have been split out and reworked from my original const sysctl patchset [0]. I’m resubmitting the patchset in smaller chunks for easier review. Each split-out series is meant to be useful on its own.

v2: fs: use type-safe uid representation for filesystem capabilities

This series converts filesystem capabilities from passing around raw xattr data to using a kernel-internal representation with type safe uids, similar to the conversion done previously for posix ACLs. Currently fscaps representations in the kernel have two different instances of unclear or confused types:

v4: Memory allocation profiling

Overview: Low overhead [1] per-callsite memory allocation profiling. Not just for debug kernels, overhead low enough to be deployed in production.

v7: Set casefold/fscrypt dentry operations through sb->s_d_op

v7 of this patchset applying the comments from Eric. Thank you for your feedback. Details in changelog of individual patches.

v2: Convert coda to use the new mount API

Convert the coda filesystem to the new internal mount API as the old one will be obsoleted and removed. This allows greater flexibility in communication of mount parameters between userspace, the VFS and the filesystem.

v1: blk: optimization for classic polling

This removes the dependency on interrupts to wake up task. Set task state as TASK_RUNNING, if need_resched() returns true, while polling for IO completion. Earlier, polling task used to sleep, relying on interrupt to wake it up. This made some IO take very long when interrupt-coalescing is enabled in NVMe.

网络设备

v1: introduce sysctl SYSCTL_U8_MAX and SYSCTL_LONG_S32_MAX

The boundary check of multiple modules uses these static variables (such as two_five_five, n_65535, ue_int_max, etc), and they are also not changed. Therefore, add them to the shared sysctl_vals and sysctl_long_vals to avoid duplication. This also reduce the size a bit

v1: net-next: net: dsa: mv88e6xxx: add Amethyst specific SMI GPIO function

The existing mv88e6xxx_g2_scratch_gpio_set_smi() cannot be used on the as it impacts the bit setting value.

This is all irrelevant for Amethyst (MV88E6191X/6193X/6393X) as only the default value of the SMI_PHY Config bit is set to CPU_MGD bootstrap pin value but it can be changed without restrictions so that GPIO pins 9 and 10 are used as SMI pins.

v1: net: wwan: t7xx: Prefer struct_size over open coded arithmetic

This is an effort to get rid of all multiplications from allocation functions in order to prevent integer overflows [1][2].

v4: ice: Add get/set hw address for VFs using devlink commands

Changing the MAC address of the VFs are not available via devlink. Add the function handlers to set and get the HW address for the VFs.

v1: net-next: netlink: use kvmalloc() in netlink_alloc_large_skb()

This is a followup of commit 234ec0b6034b (“netlink: fix potential sleeping issue in mqueue_flush_file”), because vfree_atomic() overhead is unfortunate for medium sized allocations.

v1: net-next: net/tcp: TCP-AO and TCP-MD5 tracepoints

I tried to split it a bit, maybe I could even go further and split by TRACE_EVENT_CLASS() changes, but not sure if it adds any value. But at least all preparation patches are separate.

v1: net-next: selftests: netdevsim: be less selective for FW for the devlink test

Commit 6151ff9c7521 (“selftests: netdevsim: use suitable existing dummy file for flash test”) introduced a nice trick to the devlink flashing test. Instead of user having to create a file under /lib/firmware we just pick the first one that already exists.

v1: net: bcmgenet: Reset RBUF on first open

If the RBUF logic is not reset when the kernel starts then there may be some data left over from any network boot loader. If the 64-byte packet headers are enabled then this can be fatal.

v1: net: veth: try harder when allocating queue memory

struct veth_rq is pretty large, 832B total without debug options enabled. Since commit under Fixes we try to pre-allocate enough queues for every possible CPU. Miao Wang reports that this may lead to order-5 allocations which will fail in production.

[PATCH net-next resend 0/6] Support for ASP 2.2 and optimizations

ASP 2.2 adds some power savings during low power modes.

Also make various improvements when entering low power modes and reduce MDIO traffic by hooking up interrupts.

v1: scsi: replace deprecated strncpy

This series contains multiple replacements of strncpy throughout the scsi subsystem.

strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. The details of each replacement will be in their respective patch.

v3: net-next: af_unix: Rework GC.

When we pass a file descriptor to an AF_UNIX socket via SCM_RIGTHS, the underlying struct file of the inflight fd gets its refcount bumped. If the fd is of an AF_UNIX socket, we need to track it in case it forms cyclic references.

v5: net-next: net: dsa: vsc73xx: Make vsc73xx usable

This patch series focuses on making vsc73xx usable.

The first patch was added in v2; it switches from a poll loop to read_poll_timeout.

v1: net-next: mptcp: various small improvements

This series brings various small improvements to MPTCP and its selftests:

Patch 1 prints an error if there are duplicated subtests names. It is important to have unique (sub)tests names in TAP, because some CI environments drop (sub)tests with duplicated names.

v1: net-next: ipv6: anycast: complete RCU handling of struct ifacaddr6

struct ifacaddr6 are already freed after RCU grace period.

Add __rcu qualifier to aca_next pointer, and idev->ac_list

Add relevant rcu_assign_pointer() and dereference accessors.

v1: dt-bindings: net: renesas,ethertsn: Document default for delays

The internal delay properties are not mandatory and should have a documented default value. The device only supports either no delay or a fixed delay and the device reset default is no delay, document the default as no delay.

v1: net-next: ethtool HW timestamping statistics

The goal of this patch series is to introduce a common set of ethtool statistics for hardware timestamping that a driver implementer can hook into. The statistics counters added are based on what I believe are common patterns/behaviors found across various hardware timestamping implementations seen in the kernel tree today. The mlx5 family of devices is used as the PoC for this patch series. Other vendors are more than welcome to chim in on this series.

v4: Add support for sam9x7 SoC family

This patch series adds support for the new SoC family - sam9x7.

• The device tree, configs and drivers are added
• Clock driver for sam9x7 is added
• Support for basic peripherals is added
• Target board SAM9X75 Curiosity is added

v2: iwl-next: intel: misc improvements

here are not related improvements to ice and ixgbe. Spotted while working on other issues. First one takes care redundant Tx disabling on ifdown. Second one is about rather obvious getting rid of devm_ usage and last one is plain refactor of stats update.

v1: net: phy: phy_device: free the phy_device on the phy_device_create error path

When error’ing out from phy_device_create(), the previously kzalloc’d “dev” pointer gets overwritten with an error pointer, without freeing it beforehand, thus leaking the allocated phy_device. Add the missing kfree back.

v1: net: phy: dp83826: disable WOL at init

Commit d1d77120bc28 (“net: phy: dp83826: support TX data voltage tuning”) introduced a regression in that WOL is not disabled by default for DP83826. WOL should normally be enabled through ethtool.

v1: net-next: net: ipa: don’t abort system suspend

Currently the IPA code aborts an in-progress system suspend if an IPA interrupt arrives before the suspend completes. There is no need to do that though, because the IPA driver handles a forced suspend correctly, quiescing any hardware activity before finally turning off clocks and interconnects.

v11: net-next: Introducing P4TC (series 1)

This is the first patchset of two. In this patch we are only submitting 5 patches which touch the general TC code given these are trivial. We will be posting a second patchset which handles the P4 objects and associated infra (which includes 10 patches that we have already been posting to hit the 15 limit).

v2: net: dpll: rely on rcu for netdev_dpll_pin()

This fixes a possible UAF in if_nlmsg_size(), which can run without RTNL.

Add rcu protection to “struct dpll_pin”

Move netdev_dpll_pin() from netdevice.h to dpll.h to decrease name pollution.

v1: net: Documentations: correct net_cachelines title for struct inet_sock

It’s ‘inet_sock’ fast path usage breakdown, not ‘inet_connection_sock’, correct it.

v3: net-next: net: switchdev: Tracepoints

Add a basic set of tracepoints to the switchdev layer that allows us to monitor all messages being passed between a bridge and the devices attached to it.

v1: net: ethernet: ti: am65-cpsw: Add minimal XDP support

This patch adds XDP (eXpress Data Path) support to TI AM65 CPSW Ethernet driver. The following features are implemented:

• NETDEV_XDP_ACT_BASIC (XDP_PASS, XDP_TX, XDP_DROP, XDP_ABORTED)
• NETDEV_XDP_ACT_REDIRECT (XDP_REDIRECT)
• NETDEV_XDP_ACT_NDO_XMIT (ndo_xdp_xmit callback)

安全增强

v1: bcachefs: Prefer struct_size over open coded arithmetic

This is an effort to get rid of all multiplications from allocation functions in order to prevent integer overflows [1][2].

v2: iio: pressure: dlhl60d: Initialize empty DLH bytes

3 bytes were being read but 4 were being written. Explicitly initialize the unused bytes to 0 and refactor the loop to use direct array indexing, which appears to silence a Clang false positive warning[1].

v1: init/Kconfig: Lower GCC version check for -Warray-bounds

We continue to see false positives from -Warray-bounds even in GCC 10, which is getting reported in a few places[1] still:

security/security.c:811:2: warning: ‘memcpy’ offset 32 is out of the bounds [0, 0] [-Warray-bounds]

Lower the GCC version check from 11 to 10.

v2: leaking_addresses: Provide mechanism to scan binary files

Since I was in this script for the binary file scanning, I did other clean-ups and tweaked the MAINTAINERS file per Tycho’s suggestion.

v1: pstore: inode: Only d_invalidate() is needed

Unloading a modular pstore backend with records in pstorefs would trigger the dput() double-drop warning:

WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410

v1: drm/radeon/radeon_display: Decrease the size of allocated memory

This is an effort to get rid of all multiplications from allocation functions in order to prevent integer overflows [1] [2].

In this case, the memory allocated to store RADEONFB_CONN_LIMIT pointers to “drm_connector” structures can be avoided. This is because this memory area is never accessed.

v1: x86, relocs: Ignore relocations in .notes section

When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the “startup_xen” entry point. This information is used prior to booting the kernel, so relocations are not useful. In fact, performing relocations against the .notes section means that the KASLR base is exposed since /sys/kernel/notes is world-readable.

v6: bpf: Replace bpf_lpm_trie_key 0-length array with flexible array

Adjust the kernel code to use struct bpf_lpm_trie_key_u8 through-out, and for the selftest to use struct bpf_lpm_trie_key_hdr. Add a comment to the UAPI header directing folks to the two new options.

v1: scsi: lpfc: replace deprecated strncpy with strscpy

strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces.

We expect ae->value_string to be NUL-terminated because there’s a comment that says as much; these attr strings are also used with other string APIs, further cementing the fact.

v2: checkpatch: add check for snprintf to scnprintf

I am going to quote Lee Jones who has been doing some snprintf -> scnprintf refactorings:

“There is a general misunderstanding amongst engineers that {v}snprintf() returns the length of the data actually encoded into the destination array. However, as per the C99 standard {v}snprintf() really returns the length of the data that would have been written if there were enough space for it.

异步 IO

v1: io_uring: only account cqring wait time as iowait if enabled for a ring

Currently we unconditionally account time spent waiting for events in CQ ring as iowait time.

Some userspace tools consider iowait time to be CPU util/load which can be misleading as the process is sleeping. High iowait time might be indicative of issues for storage IO, but for network IO e.g. socket recv() we do not control when the completions happen.

Rust For Linux

v3: kselftest: Add basic test for probing the rust sample modules

Add new basic kselftest that checks if the available rust sample modules can be added and removed correctly.

v3: rust: locks: Add get_mut method to Lock

Having a mutable reference guarantees that no other threads have access to the lock, so we can take advantage of that to grant callers access to the protected data without the the cost of acquiring and releasing the locks. Since the lifetime of the data is tied to the mutable reference, the borrow checker guarantees that the usage is safe.

BPF

v2: bpf-next: bpf: Add a generic bits iterator

Three new kfuncs, namely bpf_iter_bits_{new,next,destroy}, have been added for the new bpf_iter_bits functionality. These kfuncs enable the iteration of the bits from a given address and a given number of bits.

v4: bpf-next: Allow struct_ops maps with a large number of programs

The BPF struct_ops previously only allowed for one page to be used for the trampolines of all links in a map. However, we have recently run out of space due to the large number of BPF program links. By allocating additional pages when we exhaust an existing page, we can accommodate more links in a single map.

v4: bpf-next: Create shadow types for struct_ops maps in skeletons

This patchset allows skeleton users to change the values of the fields in struct_ops maps at runtime. It will create a shadow type pointer in a skeleton for each struct_ops map, allowing users to access the values of fields through these pointers. For instance, if there is an integer field named “FOO” in a struct_ops map called “testmap”, you can access the value of “FOO” in this way.

v3: bpf: check bpf_func_state->callback_depth when pruning states

discussion [0]. The details of the fix are in patch #1.

The main idea for the fix belongs to Yonghong Song, mine contribution is merely in review and test cases.

v1: bpf-next: selftests/bpf: reduce tcp_custom_syncookie verification complexity

Thread [0] discusses a fix for bpf_loop() handling bug. That change makes tcp_custom_syncookie test too complex to verify. The fix discussed in [0] would be sent via ‘bpf’ tree, tcp_custom_syncookie test is not in ‘bpf’ tree yet.

v1: net: stmmac: Complete meta data only when enabled

The program counter indicates xsk_tx_metadata_complete(). However, this function shouldn’t be called unless metadata is actually enabled.

Tested on imx93 without XDP, with XDP and with XDP/ZC.

v1: bpf-next: bpf: track find_equal_scalars history on per-instruction level

This is a fix for precision tracking bug reported in [0]. It supersedes my previous attempt to fix similar issue in commit [1].

v2: bpf-next: bpf: clarify batch lookup semantics

The batch lookup and lookup_and_delete APIs have two parameters, in_batch and out_batch, to facilitate iterative lookup/lookup_and_deletion operations for supported maps. Except NULL for in_batch at the start of these two batch operations, both parameters need to point to memory equal or larger than the respective map key size, except for various hashmaps (hash, percpu_hash, lru_hash, lru_percpu_hash) where the in_batch/out_batch memory size should be at least 4 bytes.

v3: bpf-next: sleepable bpf_timer (was: allow HID-BPF to do device IOs)

[Partly a RFC/formal submission: there are still FIXMEs in the code] [Also using bpf-next as the base tree for HID changes as there will be conflicting changes otherwise, so I’m personaly fine for the HID commits to go through bpf-next]

IMO, patches 1-3 and 9-14 are ready to go, rest is still pending review.

For reference, the use cases I have in mind:

v2: bpf-next: bpf: Check return from set_memory_rox() and friends

arch_protect_bpf_trampoline() and alloc_new_pack() call set_memory_rox() which can fail, leading to unprotected memory.

周边技术动态

Qemu

v2: RISC-V: Modularize common match conditions for trigger

According to RISC-V Debug specification, the enabled privilege levels of the trigger is common match conditions for all the types of the trigger. This series modularize the code for checking the privilege levels of type 2/3/6 triggers by implementing functions trigger_common_match() and trigger_priv_match().

v6: riscv: set vstart_eq_zero on mark_vs_dirty

In this version 2 new patches were added:

• patch 5 eliminates the ‘cpu_vl’ global, and do_vsetvl() now loads ‘vl’ directly from env. This was suggested by Richard in the v5 review;

• patch 9 does a change in how we’re doing the loops in ldst helpers. This was also proposed by Richard but back in v2.

U-Boot

riscv: supports_extension() broken for long isa strings

I mentioned this last night to Heinrich on IRC, supports_extension() is broken for ISA strings longer than 32 characters. M-Mode U-Boot doesn’t parse a devicetree, so this doesn’t apply there, but for S-mode supports_extension() looks like