September 2024 - Kernel - mailweb.openeuler.org

[PATCH OLK-5.10] sched: fix a deadlock in task_net_group()
by Hui Tang 27 Sep '24

27 Sep '24

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IATU6E CVE: NA -------------------------------- If req->tx_pid == req->tx_pid when sched_net_relationship_submit() called, which cause rship->net_lock AA deadlock in task_net_group(). Fixes: 2ac826b258e9 ("sched: Introduce task relationship by net and memory") Signed-off-by: Hui Tang <tanghui20(a)huawei.com> --- kernel/sched/relationship.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/sched/relationship.c b/kernel/sched/relationship.c index 515c913aeb33..d17041585c39 100644 --- a/kernel/sched/relationship.c +++ b/kernel/sched/relationship.c @@ -141,6 +141,9 @@ int sched_net_relationship_submit(struct net_relationship_req *req) req->net_rship_type == NET_RS_TYPE_TX) return remote_rxtx_process(req); + if (req->rx_pid == req->tx_pid) + return -EINVAL; + rcu_read_lock(); rx_tsk = find_task_by_pid_ns(req->rx_pid, &init_pid_ns); -- 2.34.1

2 1

[PATCH OLK-6.6] smb: client: fix double put of @cfile in smb2_set_path_size()
by Zheng Qixing 27 Sep '24

27 Sep '24

From: Paulo Alcantara <pc(a)manguebit.com> stable inclusion from stable-v6.6.51 commit 5a72d1edb0843e4c927a4096f81e631031c25c28 category: kasan bugzilla: https://gitee.com/src-openeuler/kernel/issues/IARWCG CVE: CVE-2024-46796 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit f9c169b51b6ce20394594ef674d6b10efba31220 upstream. If smb2_compound_op() is called with a valid @cfile and returned -EINVAL, we need to call cifs_get_writable_path() before retrying it as the reference of @cfile was already dropped by previous call. This fixes the following KASAN splat when running fstests generic/013 against Windows Server 2022: CIFS: Attempting to mount //w22-fs0/scratch run fstests generic/013 at 2024-09-02 19:48:59 ================================================================== BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200 Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176 CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 Workqueue: cifsoplockd cifs_oplock_break [cifs] Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 ? detach_if_pending+0xab/0x200 print_report+0x156/0x4d9 ? detach_if_pending+0xab/0x200 ? __virt_addr_valid+0x145/0x300 ? __phys_addr+0x46/0x90 ? detach_if_pending+0xab/0x200 kasan_report+0xda/0x110 ? detach_if_pending+0xab/0x200 detach_if_pending+0xab/0x200 timer_delete+0x96/0xe0 ? __pfx_timer_delete+0x10/0x10 ? rcu_is_watching+0x20/0x50 try_to_grab_pending+0x46/0x3b0 __cancel_work+0x89/0x1b0 ? __pfx___cancel_work+0x10/0x10 ? kasan_save_track+0x14/0x30 cifs_close_deferred_file+0x110/0x2c0 [cifs] ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs] ? __pfx_down_read+0x10/0x10 cifs_oplock_break+0x4c1/0xa50 [cifs] ? __pfx_cifs_oplock_break+0x10/0x10 [cifs] ? lock_is_held_type+0x85/0xf0 ? mark_held_locks+0x1a/0x90 process_one_work+0x4c6/0x9f0 ? find_held_lock+0x8a/0xa0 ? __pfx_process_one_work+0x10/0x10 ? lock_acquired+0x220/0x550 ? __list_add_valid_or_report+0x37/0x100 worker_thread+0x2e4/0x570 ? __kthread_parkme+0xd1/0xf0 ? __pfx_worker_thread+0x10/0x10 kthread+0x17f/0x1c0 ? kthread+0xda/0x1c0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 1118: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 cifs_new_fileinfo+0xc8/0x9d0 [cifs] cifs_atomic_open+0x467/0x770 [cifs] lookup_open.isra.0+0x665/0x8b0 path_openat+0x4c3/0x1380 do_filp_open+0x167/0x270 do_sys_openat2+0x129/0x160 __x64_sys_creat+0xad/0xe0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 83: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x70 poison_slab_object+0xe9/0x160 __kasan_slab_free+0x32/0x50 kfree+0xf2/0x300 process_one_work+0x4c6/0x9f0 worker_thread+0x2e4/0x570 kthread+0x17f/0x1c0 ret_from_fork+0x31/0x60 ret_from_fork_asm+0x1a/0x30 Last potentially related work creation: kasan_save_stack+0x30/0x50 __kasan_record_aux_stack+0xad/0xc0 insert_work+0x29/0xe0 __queue_work+0x5ea/0x760 queue_work_on+0x6d/0x90 _cifsFileInfo_put+0x3f6/0x770 [cifs] smb2_compound_op+0x911/0x3940 [cifs] smb2_set_path_size+0x228/0x270 [cifs] cifs_set_file_size+0x197/0x460 [cifs] cifs_setattr+0xd9c/0x14b0 [cifs] notify_change+0x4e3/0x740 do_truncate+0xfa/0x180 vfs_truncate+0x195/0x200 __x64_sys_truncate+0x109/0x150 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Fixes: 71f15c90e785 ("smb: client: retry compound request without reusing lease") Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Cc: David Howells <dhowells(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zheng Qixing <zhengqixing(a)huawei.com> --- fs/smb/client/smb2inode.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/smb/client/smb2inode.c b/fs/smb/client/smb2inode.c index 28031c7ba6b1..c51ec2e1adb0 100644 --- a/fs/smb/client/smb2inode.c +++ b/fs/smb/client/smb2inode.c @@ -1148,6 +1148,7 @@ smb2_set_path_size(const unsigned int xid, struct cifs_tcon *tcon, cfile, NULL, NULL, dentry); if (rc == -EINVAL) { cifs_dbg(FYI, "invalid lease key, resending request without lease"); + cifs_get_writable_path(tcon, full_path, FIND_WR_ANY, &cfile); rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, &oparms, &in_iov, &(int){SMB2_OP_SET_EOF}, 1, -- 2.39.2

2 1

[PATCH openEuler-22.03-LTS-SP1] ksmbd: unset the binding mark of a reused connection
by Long Li 27 Sep '24

27 Sep '24

From: Namjae Jeon <linkinjeon(a)kernel.org> stable inclusion from stable-v5.15.166 commit 9914f1bd61d5e838bb1ab15a71076d37a6db65d1 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IARWIK CVE: CVE-2024-46795 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… -------------------------------- [ Upstream commit 78c5a6f1f630172b19af4912e755e1da93ef0ab5 ] Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() will not set sess->Preauth_HashValue and it will be NULL. It is used as a material to create an encryption key in ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer dereference error from crypto_shash_update(). BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Hardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? do_user_addr_fault+0x2ee/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generate_key+0x234/0x380 [ksmbd] generate_smb3encryptionkey+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd] ntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd] smb2_sess_setup+0x952/0xaa0 [ksmbd] __process_request+0xa3/0x1d0 [ksmbd] __handle_ksmbd_work+0x1c4/0x2f0 [ksmbd] handle_ksmbd_work+0x2d/0xa0 [ksmbd] process_one_work+0x16c/0x350 worker_thread+0x306/0x440 ? __pfx_worker_thread+0x10/0x10 kthread+0xef/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Fixes: f5a544e3bab7 ("ksmbd: add support for SMB3 multichannel") Cc: stable(a)vger.kernel.org # v5.15+ Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Long Li <leo.lilong(a)huawei.com> --- fs/ksmbd/smb2pdu.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 50ef53115cab..f4aeca5e7e57 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1704,6 +1704,8 @@ int smb2_sess_setup(struct ksmbd_work *work) rc = ksmbd_session_register(conn, sess); if (rc) goto out_err; + + conn->binding = false; } else if (conn->dialect >= SMB30_PROT_ID && (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) && req->Flags & SMB2_SESSION_REQ_FLAG_BINDING) { @@ -1782,6 +1784,8 @@ int smb2_sess_setup(struct ksmbd_work *work) sess = NULL; goto out_err; } + + conn->binding = false; } work->sess = sess; -- 2.39.2

2 1

[PATCH OLK-5.10 0/2] ext4: dax: Fix inconsistent isize during writing
by Zhihao Cheng 27 Sep '24

27 Sep '24

From: Zhihao Cheng <chengzhihao1(a)huawei.com> Zhihao Cheng (1): ext4: dax: fix overflowing extents beyond inode size when partially writing yangerkun (1): ext4: dax: keep orphan list before truncate overflow allocated blocks fs/ext4/file.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) -- 2.39.2

2 3

[PATCH OLK-6.6] ksmbd: unset the binding mark of a reused connection
by Long Li 27 Sep '24

27 Sep '24

From: Namjae Jeon <linkinjeon(a)kernel.org> mainline inclusion from mainline-v6.10-rc2 commit 78c5a6f1f630172b19af4912e755e1da93ef0ab5 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IARWIK CVE: CVE-2024-46795 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() will not set sess->Preauth_HashValue and it will be NULL. It is used as a material to create an encryption key in ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer dereference error from crypto_shash_update(). BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Hardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? do_user_addr_fault+0x2ee/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generate_key+0x234/0x380 [ksmbd] generate_smb3encryptionkey+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd] ntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd] smb2_sess_setup+0x952/0xaa0 [ksmbd] __process_request+0xa3/0x1d0 [ksmbd] __handle_ksmbd_work+0x1c4/0x2f0 [ksmbd] handle_ksmbd_work+0x2d/0xa0 [ksmbd] process_one_work+0x16c/0x350 worker_thread+0x306/0x440 ? __pfx_worker_thread+0x10/0x10 kthread+0xef/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Fixes: f5a544e3bab7 ("ksmbd: add support for SMB3 multichannel") Cc: stable(a)vger.kernel.org # v5.15+ Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Long Li <leo.lilong(a)huawei.com> --- fs/smb/server/smb2pdu.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 4d91210e6acf..28684316bccb 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -1681,6 +1681,8 @@ int smb2_sess_setup(struct ksmbd_work *work) rc = ksmbd_session_register(conn, sess); if (rc) goto out_err; + + conn->binding = false; } else if (conn->dialect >= SMB30_PROT_ID && (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) && req->Flags & SMB2_SESSION_REQ_FLAG_BINDING) { @@ -1759,6 +1761,8 @@ int smb2_sess_setup(struct ksmbd_work *work) sess = NULL; goto out_err; } + + conn->binding = false; } work->sess = sess; -- 2.39.2

2 1

[PATCH OLK-6.6] HID: amd_sfh: free driver_data after destroying hid device
by He Yujie 27 Sep '24

27 Sep '24

From: Olivier Sobrie <olivier(a)sobrie.be> stable inclusion from stable-v6.6.51 commit 60dc4ee0428d70bcbb41436b6729d29f1cbdfb89 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IARV9S CVE: CVE-2024-46746 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 97155021ae17b86985121b33cf8098bcde00d497 ] HID driver callbacks aren't called anymore once hid_destroy_device() has been called. Hence, hid driver_data should be freed only after the hid_destroy_device() function returned as driver_data is used in several callbacks. I observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling KASAN to debug memory allocation, I got this output: [ 13.050438] ================================================================== [ 13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh] [ 13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3 [ 13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479 [ 13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0 [ 13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024 [ 13.067860] Call Trace: [ 13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8 [ 13.071486] <TASK> [ 13.071492] dump_stack_lvl+0x5d/0x80 [ 13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002) [ 13.078296] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.082199] print_report+0x174/0x505 [ 13.085776] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 13.089367] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.093255] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.097464] kasan_report+0xc8/0x150 [ 13.101461] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.105802] amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.110303] amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.114879] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.119450] sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082] [ 13.124097] hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5] [ 13.127404] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.131925] ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5] [ 13.136455] ? _raw_spin_lock_irqsave+0x96/0xf0 [ 13.140197] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 13.143602] ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b] [ 13.147234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.150446] ? __devm_add_action+0x167/0x1d0 [ 13.155061] hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172] [ 13.158581] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.161814] platform_probe+0xa2/0x150 [ 13.165029] really_probe+0x1e3/0x8a0 [ 13.168243] __driver_probe_device+0x18c/0x370 [ 13.171500] driver_probe_device+0x4a/0x120 [ 13.175000] __driver_attach+0x190/0x4a0 [ 13.178521] ? __pfx___driver_attach+0x10/0x10 [ 13.181771] bus_for_each_dev+0x106/0x180 [ 13.185033] ? __pfx__raw_spin_lock+0x10/0x10 [ 13.188229] ? __pfx_bus_for_each_dev+0x10/0x10 [ 13.191446] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.194382] bus_add_driver+0x29e/0x4d0 [ 13.197328] driver_register+0x1a5/0x360 [ 13.200283] ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172] [ 13.203362] do_one_initcall+0xa7/0x380 [ 13.206432] ? __pfx_do_one_initcall+0x10/0x10 [ 13.210175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.213211] ? kasan_unpoison+0x44/0x70 [ 13.216688] do_init_module+0x238/0x750 [ 13.219696] load_module+0x5011/0x6af0 [ 13.223096] ? kasan_save_stack+0x30/0x50 [ 13.226743] ? kasan_save_track+0x14/0x30 [ 13.230080] ? kasan_save_free_info+0x3b/0x60 [ 13.233323] ? poison_slab_object+0x109/0x180 [ 13.236778] ? __pfx_load_module+0x10/0x10 [ 13.239703] ? poison_slab_object+0x109/0x180 [ 13.243070] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.245924] ? init_module_from_file+0x13d/0x150 [ 13.248745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.251503] ? init_module_from_file+0xdf/0x150 [ 13.254198] init_module_from_file+0xdf/0x150 [ 13.256826] ? __pfx_init_module_from_file+0x10/0x10 [ 13.259428] ? kasan_save_track+0x14/0x30 [ 13.261959] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.264471] ? kasan_save_free_info+0x3b/0x60 [ 13.267026] ? poison_slab_object+0x109/0x180 [ 13.269494] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.271949] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.274324] ? _raw_spin_lock+0x85/0xe0 [ 13.276671] ? __pfx__raw_spin_lock+0x10/0x10 [ 13.278963] ? __rseq_handle_notify_resume+0x1a6/0xad0 [ 13.281193] idempotent_init_module+0x23b/0x650 [ 13.283420] ? __pfx_idempotent_init_module+0x10/0x10 [ 13.285619] ? __pfx___seccomp_filter+0x10/0x10 [ 13.287714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.289828] ? __fget_light+0x57/0x420 [ 13.291870] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.293880] ? security_capable+0x74/0xb0 [ 13.295820] __x64_sys_finit_module+0xbe/0x130 [ 13.297874] do_syscall_64+0x82/0x190 [ 13.299898] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.301905] ? irqtime_account_irq+0x3d/0x1f0 [ 13.303877] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.305753] ? __irq_exit_rcu+0x4e/0x130 [ 13.307577] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.309489] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 13.311371] RIP: 0033:0x7a21f96ade9d [ 13.313234] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 63 de 0c 00 f7 d8 64 89 01 48 [ 13.317051] RSP: 002b:00007ffeae934e78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 13.319024] RAX: ffffffffffffffda RBX: 00005987276bfcf0 RCX: 00007a21f96ade9d [ 13.321100] RDX: 0000000000000004 RSI: 00007a21f8eda376 RDI: 000000000000001c [ 13.323314] RBP: 00007a21f8eda376 R08: 0000000000000001 R09: 00007ffeae934ec0 [ 13.325505] R10: 0000000000000050 R11: 0000000000000246 R12: 0000000000020000 [ 13.327637] R13: 00005987276c1250 R14: 0000000000000000 R15: 00005987276c4530 [ 13.329737] </TASK> [ 13.333945] Allocated by task 139: [ 13.336111] kasan_save_stack+0x30/0x50 [ 13.336121] kasan_save_track+0x14/0x30 [ 13.336125] __kasan_kmalloc+0xaa/0xb0 [ 13.336129] amdtp_hid_probe+0xb1/0x440 [amd_sfh] [ 13.336138] amd_sfh_hid_client_init+0xb8a/0x10f0 [amd_sfh] [ 13.336144] sfh_init_work+0x47/0x120 [amd_sfh] [ 13.336150] process_one_work+0x673/0xeb0 [ 13.336155] worker_thread+0x795/0x1250 [ 13.336160] kthread+0x290/0x350 [ 13.336164] ret_from_fork+0x34/0x70 [ 13.336169] ret_from_fork_asm+0x1a/0x30 [ 13.338175] Freed by task 139: [ 13.340064] kasan_save_stack+0x30/0x50 [ 13.340072] kasan_save_track+0x14/0x30 [ 13.340076] kasan_save_free_info+0x3b/0x60 [ 13.340081] poison_slab_object+0x109/0x180 [ 13.340085] __kasan_slab_free+0x32/0x50 [ 13.340089] kfree+0xe5/0x310 [ 13.340094] amdtp_hid_remove+0xb2/0x160 [amd_sfh] [ 13.340102] amd_sfh_hid_client_deinit+0x324/0x640 [amd_sfh] [ 13.340107] amd_sfh_hid_client_init+0x94a/0x10f0 [amd_sfh] [ 13.340113] sfh_init_work+0x47/0x120 [amd_sfh] [ 13.340118] process_one_work+0x673/0xeb0 [ 13.340123] worker_thread+0x795/0x1250 [ 13.340127] kthread+0x290/0x350 [ 13.340132] ret_from_fork+0x34/0x70 [ 13.340136] ret_from_fork_asm+0x1a/0x30 [ 13.342482] The buggy address belongs to the object at ffff88813152f400 which belongs to the cache kmalloc-64 of size 64 [ 13.347357] The buggy address is located 8 bytes inside of freed 64-byte region [ffff88813152f400, ffff88813152f440) [ 13.347367] The buggy address belongs to the physical page: [ 13.355409] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13152f [ 13.355416] anon flags: 0x2ffff8000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 13.355423] page_type: 0xffffefff(slab) [ 13.355429] raw: 02ffff8000000000 ffff8881000428c0 ffffea0004c43a00 0000000000000005 [ 13.355435] raw: 0000000000000000 0000000000200020 00000001ffffefff 0000000000000000 [ 13.355439] page dumped because: kasan: bad access detected [ 13.357295] Memory state around the buggy address: [ 13.357299] ffff88813152f300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.357303] ffff88813152f380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.357306] >ffff88813152f400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.357309] ^ [ 13.357311] ffff88813152f480: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 13.357315] ffff88813152f500: 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc [ 13.357318] ================================================================== [ 13.357405] Disabling lock debugging due to kernel taint [ 13.383534] Oops: general protection fault, probably for non-canonical address 0xe0a1bc4140000013: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 13.383544] KASAN: maybe wild-memory-access in range [0x050e020a00000098-0x050e020a0000009f] [ 13.383551] CPU: 3 PID: 479 Comm: (udev-worker) Tainted: G B 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0 [ 13.383561] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024 [ 13.383565] RIP: 0010:amd_sfh_get_report+0x81/0x530 [amd_sfh] [ 13.383580] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 78 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 49 8d 7c 24 10 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 1a 03 00 00 45 8b 74 24 10 45 [ 13.383585] RSP: 0018:ffff8881261f7388 EFLAGS: 00010212 [ 13.383592] RAX: dffffc0000000000 RBX: ffff88813152f400 RCX: 0000000000000002 [ 13.383597] RDX: 00a1c04140000013 RSI: 0000000000000008 RDI: 050e020a0000009b [ 13.383600] RBP: ffff88814d010000 R08: 0000000000000002 R09: fffffbfff3ddb8c0 [ 13.383604] R10: ffffffff9eedc607 R11: ffff88810ce98000 R12: 050e020a0000008b [ 13.383607] R13: ffff88814d010000 R14: dffffc0000000000 R15: 0000000000000004 [ 13.383611] FS: 00007a21f94d0880(0000) GS:ffff8887e7d80000(0000) knlGS:0000000000000000 [ 13.383615] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 13.383618] CR2: 00007e0014c438f0 CR3: 000000012614c000 CR4: 0000000000f50ef0 [ 13.383622] PKRU: 55555554 [ 13.383625] Call Trace: [ 13.383629] <TASK> [ 13.383632] ? __die_body.cold+0x19/0x27 [ 13.383644] ? die_addr+0x46/0x70 [ 13.383652] ? exc_general_protection+0x150/0x240 [ 13.383664] ? asm_exc_general_protection+0x26/0x30 [ 13.383674] ? amd_sfh_get_report+0x81/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.383686] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.383697] amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.383706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.383713] sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082] [ 13.383727] hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5] [ 13.383739] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.383745] ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5] [ 13.383753] ? _raw_spin_lock_irqsave+0x96/0xf0 [ 13.383762] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 13.383768] ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b] [ 13.383790] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.383795] ? __devm_add_action+0x167/0x1d0 [ 13.383806] hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172] [ 13.383818] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.383826] platform_probe+0xa2/0x150 [ 13.383832] really_probe+0x1e3/0x8a0 [ 13.383838] __driver_probe_device+0x18c/0x370 [ 13.383844] driver_probe_device+0x4a/0x120 [ 13.383851] __driver_attach+0x190/0x4a0 [ 13.383857] ? __pfx___driver_attach+0x10/0x10 [ 13.383863] bus_for_each_dev+0x106/0x180 [ 13.383868] ? __pfx__raw_spin_lock+0x10/0x10 [ 13.383874] ? __pfx_bus_for_each_dev+0x10/0x10 [ 13.383880] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.383887] bus_add_driver+0x29e/0x4d0 [ 13.383895] driver_register+0x1a5/0x360 [ 13.383902] ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172] [ 13.383910] do_one_initcall+0xa7/0x380 [ 13.383919] ? __pfx_do_one_initcall+0x10/0x10 [ 13.383927] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.383933] ? kasan_unpoison+0x44/0x70 [ 13.383943] do_init_module+0x238/0x750 [ 13.383955] load_module+0x5011/0x6af0 [ 13.383962] ? kasan_save_stack+0x30/0x50 [ 13.383968] ? kasan_save_track+0x14/0x30 [ 13.383973] ? kasan_save_free_info+0x3b/0x60 [ 13.383980] ? poison_slab_object+0x109/0x180 [ 13.383993] ? __pfx_load_module+0x10/0x10 [ 13.384007] ? poison_slab_object+0x109/0x180 [ 13.384012] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384018] ? init_module_from_file+0x13d/0x150 [ 13.384025] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384032] ? init_module_from_file+0xdf/0x150 [ 13.384037] init_module_from_file+0xdf/0x150 [ 13.384044] ? __pfx_init_module_from_file+0x10/0x10 [ 13.384050] ? kasan_save_track+0x14/0x30 [ 13.384055] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384060] ? kasan_save_free_info+0x3b/0x60 [ 13.384066] ? poison_slab_object+0x109/0x180 [ 13.384071] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384080] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384085] ? _raw_spin_lock+0x85/0xe0 [ 13.384091] ? __pfx__raw_spin_lock+0x10/0x10 [ 13.384096] ? __rseq_handle_notify_resume+0x1a6/0xad0 [ 13.384106] idempotent_init_module+0x23b/0x650 [ 13.384114] ? __pfx_idempotent_init_module+0x10/0x10 [ 13.384120] ? __pfx___seccomp_filter+0x10/0x10 [ 13.384129] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384135] ? __fget_light+0x57/0x420 [ 13.384142] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384147] ? security_capable+0x74/0xb0 [ 13.384157] __x64_sys_finit_module+0xbe/0x130 [ 13.384164] do_syscall_64+0x82/0x190 [ 13.384174] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384179] ? irqtime_account_irq+0x3d/0x1f0 [ 13.384188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384193] ? __irq_exit_rcu+0x4e/0x130 [ 13.384201] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384206] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 13.384212] RIP: 0033:0x7a21f96ade9d [ 13.384263] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 63 de 0c 00 f7 d8 64 89 01 48 [ 13.384267] RSP: 002b:00007ffeae934e78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 13.384273] RAX: ffffffffffffffda RBX: 00005987276bfcf0 RCX: 00007a21f96ade9d [ 13.384277] RDX: 0000000000000004 RSI: 00007a21f8eda376 RDI: 000000000000001c [ 13.384280] RBP: 00007a21f8eda376 R08: 0000000000000001 R09: 00007ffeae934ec0 [ 13.384284] R10: 0000000000000050 R11: 0000000000000246 R12: 0000000000020000 [ 13.384288] R13: 00005987276c1250 R14: 0000000000000000 R15: 00005987276c4530 [ 13.384297] </TASK> [ 13.384299] Modules linked in: soundwire_amd(+) hid_sensor_gyro_3d(+) hid_sensor_magn_3d hid_sensor_accel_3d soundwire_generic_allocation amdxcp hid_sensor_trigger drm_exec industrialio_triggered_buffer soundwire_bus gpu_sched kvm_amd kfifo_buf qmi_helpers joydev drm_buddy hid_sensor_iio_common mousedev snd_soc_core industrialio i2c_algo_bit mac80211 snd_compress drm_suballoc_helper kvm snd_hda_intel drm_ttm_helper ac97_bus snd_pcm_dmaengine snd_intel_dspcfg ttm thinkpad_acpi(+) snd_intel_sdw_acpi hid_sensor_hub snd_rpl_pci_acp6x drm_display_helper snd_hda_codec hid_multitouch libarc4 snd_acp_pci platform_profile think_lmi(+) hid_generic firmware_attributes_class wmi_bmof cec snd_acp_legacy_common sparse_keymap rapl snd_hda_core psmouse cfg80211 pcspkr snd_pci_acp6x snd_hwdep video snd_pcm snd_pci_acp5x snd_timer snd_rn_pci_acp3x ucsi_acpi snd_acp_config snd sp5100_tco rfkill snd_soc_acpi typec_ucsi thunderbolt amd_sfh k10temp mhi soundcore i2c_piix4 snd_pci_acp3x typec i2c_hid_acpi roles i2c_hid wmi acpi_tad amd_pmc [ 13.384454] mac_hid i2c_dev crypto_user loop nfnetlink zram ip_tables x_tables dm_crypt cbc encrypted_keys trusted asn1_encoder tee dm_mod crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic gf128mul ghash_clmulni_intel serio_raw sha512_ssse3 atkbd sha256_ssse3 libps2 sha1_ssse3 vivaldi_fmap nvme aesni_intel crypto_simd nvme_core cryptd ccp xhci_pci i8042 nvme_auth xhci_pci_renesas serio vfat fat btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq [ 13.384552] ---[ end trace 0000000000000000 ]--- KASAN reports a use-after-free of hid->driver_data in function amd_sfh_get_report(). The backtrace indicates that the function is called by amdtp_hid_request() which is one of the callbacks of hid device. The current make sure that driver_data is freed only once hid_destroy_device() returned. Note that I observed the crash both on v6.9.9 and v6.10.0. The code seems to be as it was from the early days of the driver. Signed-off-by: Olivier Sobrie <olivier(a)sobrie.be> Acked-by: Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: He Yujie <coka.heyujie(a)huawei.com> --- drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_hid.c b/drivers/hid/amd-sfh-hid/amd_sfh_hid.c index 705b52337068..81f3024b7b1b 100644 --- a/drivers/hid/amd-sfh-hid/amd_sfh_hid.c +++ b/drivers/hid/amd-sfh-hid/amd_sfh_hid.c @@ -171,11 +171,13 @@ int amdtp_hid_probe(u32 cur_hid_dev, struct amdtp_cl_data *cli_data) void amdtp_hid_remove(struct amdtp_cl_data *cli_data) { int i; + struct amdtp_hid_data *hid_data; for (i = 0; i < cli_data->num_hid_devices; ++i) { if (cli_data->hid_sensor_hubs[i]) { - kfree(cli_data->hid_sensor_hubs[i]->driver_data); + hid_data = cli_data->hid_sensor_hubs[i]->driver_data; hid_destroy_device(cli_data->hid_sensor_hubs[i]); + kfree(hid_data); cli_data->hid_sensor_hubs[i] = NULL; } } -- 2.34.1

2 1

[PATCH OLK-5.10] ksmbd: unset the binding mark of a reused connection
by Long Li 27 Sep '24

27 Sep '24

From: Namjae Jeon <linkinjeon(a)kernel.org> stable inclusion from stable-v5.15.166 commit 9914f1bd61d5e838bb1ab15a71076d37a6db65d1 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IARWIK CVE: CVE-2024-46795 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… -------------------------------- [ Upstream commit 78c5a6f1f630172b19af4912e755e1da93ef0ab5 ] Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() will not set sess->Preauth_HashValue and it will be NULL. It is used as a material to create an encryption key in ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer dereference error from crypto_shash_update(). BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Hardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? do_user_addr_fault+0x2ee/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generate_key+0x234/0x380 [ksmbd] generate_smb3encryptionkey+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd] ntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd] smb2_sess_setup+0x952/0xaa0 [ksmbd] __process_request+0xa3/0x1d0 [ksmbd] __handle_ksmbd_work+0x1c4/0x2f0 [ksmbd] handle_ksmbd_work+0x2d/0xa0 [ksmbd] process_one_work+0x16c/0x350 worker_thread+0x306/0x440 ? __pfx_worker_thread+0x10/0x10 kthread+0xef/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Fixes: f5a544e3bab7 ("ksmbd: add support for SMB3 multichannel") Cc: stable(a)vger.kernel.org # v5.15+ Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Long Li <leo.lilong(a)huawei.com> --- fs/ksmbd/smb2pdu.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 50ef53115cab..f4aeca5e7e57 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1704,6 +1704,8 @@ int smb2_sess_setup(struct ksmbd_work *work) rc = ksmbd_session_register(conn, sess); if (rc) goto out_err; + + conn->binding = false; } else if (conn->dialect >= SMB30_PROT_ID && (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) && req->Flags & SMB2_SESSION_REQ_FLAG_BINDING) { @@ -1782,6 +1784,8 @@ int smb2_sess_setup(struct ksmbd_work *work) sess = NULL; goto out_err; } + + conn->binding = false; } work->sess = sess; -- 2.39.2

2 1

[PATCH OLK-6.6] HID: amd_sfh: free driver_data after destroying hid device
by He Yujie 27 Sep '24

27 Sep '24

From: Olivier Sobrie <olivier(a)sobrie.be> stable inclusion from stable-v6.6.51 commit 60dc4ee0428d70bcbb41436b6729d29f1cbdfb89 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IARV9S?from=project-issue CVE: CVE-2024-46746 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 97155021ae17b86985121b33cf8098bcde00d497 ] HID driver callbacks aren't called anymore once hid_destroy_device() has been called. Hence, hid driver_data should be freed only after the hid_destroy_device() function returned as driver_data is used in several callbacks. I observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling KASAN to debug memory allocation, I got this output: [ 13.050438] ================================================================== [ 13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh] [ 13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3 [ 13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479 [ 13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0 [ 13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024 [ 13.067860] Call Trace: [ 13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8 [ 13.071486] <TASK> [ 13.071492] dump_stack_lvl+0x5d/0x80 [ 13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002) [ 13.078296] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.082199] print_report+0x174/0x505 [ 13.085776] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 13.089367] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.093255] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.097464] kasan_report+0xc8/0x150 [ 13.101461] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.105802] amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.110303] amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.114879] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.119450] sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082] [ 13.124097] hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5] [ 13.127404] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.131925] ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5] [ 13.136455] ? _raw_spin_lock_irqsave+0x96/0xf0 [ 13.140197] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 13.143602] ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b] [ 13.147234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.150446] ? __devm_add_action+0x167/0x1d0 [ 13.155061] hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172] [ 13.158581] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.161814] platform_probe+0xa2/0x150 [ 13.165029] really_probe+0x1e3/0x8a0 [ 13.168243] __driver_probe_device+0x18c/0x370 [ 13.171500] driver_probe_device+0x4a/0x120 [ 13.175000] __driver_attach+0x190/0x4a0 [ 13.178521] ? __pfx___driver_attach+0x10/0x10 [ 13.181771] bus_for_each_dev+0x106/0x180 [ 13.185033] ? __pfx__raw_spin_lock+0x10/0x10 [ 13.188229] ? __pfx_bus_for_each_dev+0x10/0x10 [ 13.191446] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.194382] bus_add_driver+0x29e/0x4d0 [ 13.197328] driver_register+0x1a5/0x360 [ 13.200283] ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172] [ 13.203362] do_one_initcall+0xa7/0x380 [ 13.206432] ? __pfx_do_one_initcall+0x10/0x10 [ 13.210175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.213211] ? kasan_unpoison+0x44/0x70 [ 13.216688] do_init_module+0x238/0x750 [ 13.219696] load_module+0x5011/0x6af0 [ 13.223096] ? kasan_save_stack+0x30/0x50 [ 13.226743] ? kasan_save_track+0x14/0x30 [ 13.230080] ? kasan_save_free_info+0x3b/0x60 [ 13.233323] ? poison_slab_object+0x109/0x180 [ 13.236778] ? __pfx_load_module+0x10/0x10 [ 13.239703] ? poison_slab_object+0x109/0x180 [ 13.243070] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.245924] ? init_module_from_file+0x13d/0x150 [ 13.248745] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.251503] ? init_module_from_file+0xdf/0x150 [ 13.254198] init_module_from_file+0xdf/0x150 [ 13.256826] ? __pfx_init_module_from_file+0x10/0x10 [ 13.259428] ? kasan_save_track+0x14/0x30 [ 13.261959] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.264471] ? kasan_save_free_info+0x3b/0x60 [ 13.267026] ? poison_slab_object+0x109/0x180 [ 13.269494] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.271949] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.274324] ? _raw_spin_lock+0x85/0xe0 [ 13.276671] ? __pfx__raw_spin_lock+0x10/0x10 [ 13.278963] ? __rseq_handle_notify_resume+0x1a6/0xad0 [ 13.281193] idempotent_init_module+0x23b/0x650 [ 13.283420] ? __pfx_idempotent_init_module+0x10/0x10 [ 13.285619] ? __pfx___seccomp_filter+0x10/0x10 [ 13.287714] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.289828] ? __fget_light+0x57/0x420 [ 13.291870] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.293880] ? security_capable+0x74/0xb0 [ 13.295820] __x64_sys_finit_module+0xbe/0x130 [ 13.297874] do_syscall_64+0x82/0x190 [ 13.299898] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.301905] ? irqtime_account_irq+0x3d/0x1f0 [ 13.303877] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.305753] ? __irq_exit_rcu+0x4e/0x130 [ 13.307577] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.309489] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 13.311371] RIP: 0033:0x7a21f96ade9d [ 13.313234] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 63 de 0c 00 f7 d8 64 89 01 48 [ 13.317051] RSP: 002b:00007ffeae934e78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 13.319024] RAX: ffffffffffffffda RBX: 00005987276bfcf0 RCX: 00007a21f96ade9d [ 13.321100] RDX: 0000000000000004 RSI: 00007a21f8eda376 RDI: 000000000000001c [ 13.323314] RBP: 00007a21f8eda376 R08: 0000000000000001 R09: 00007ffeae934ec0 [ 13.325505] R10: 0000000000000050 R11: 0000000000000246 R12: 0000000000020000 [ 13.327637] R13: 00005987276c1250 R14: 0000000000000000 R15: 00005987276c4530 [ 13.329737] </TASK> [ 13.333945] Allocated by task 139: [ 13.336111] kasan_save_stack+0x30/0x50 [ 13.336121] kasan_save_track+0x14/0x30 [ 13.336125] __kasan_kmalloc+0xaa/0xb0 [ 13.336129] amdtp_hid_probe+0xb1/0x440 [amd_sfh] [ 13.336138] amd_sfh_hid_client_init+0xb8a/0x10f0 [amd_sfh] [ 13.336144] sfh_init_work+0x47/0x120 [amd_sfh] [ 13.336150] process_one_work+0x673/0xeb0 [ 13.336155] worker_thread+0x795/0x1250 [ 13.336160] kthread+0x290/0x350 [ 13.336164] ret_from_fork+0x34/0x70 [ 13.336169] ret_from_fork_asm+0x1a/0x30 [ 13.338175] Freed by task 139: [ 13.340064] kasan_save_stack+0x30/0x50 [ 13.340072] kasan_save_track+0x14/0x30 [ 13.340076] kasan_save_free_info+0x3b/0x60 [ 13.340081] poison_slab_object+0x109/0x180 [ 13.340085] __kasan_slab_free+0x32/0x50 [ 13.340089] kfree+0xe5/0x310 [ 13.340094] amdtp_hid_remove+0xb2/0x160 [amd_sfh] [ 13.340102] amd_sfh_hid_client_deinit+0x324/0x640 [amd_sfh] [ 13.340107] amd_sfh_hid_client_init+0x94a/0x10f0 [amd_sfh] [ 13.340113] sfh_init_work+0x47/0x120 [amd_sfh] [ 13.340118] process_one_work+0x673/0xeb0 [ 13.340123] worker_thread+0x795/0x1250 [ 13.340127] kthread+0x290/0x350 [ 13.340132] ret_from_fork+0x34/0x70 [ 13.340136] ret_from_fork_asm+0x1a/0x30 [ 13.342482] The buggy address belongs to the object at ffff88813152f400 which belongs to the cache kmalloc-64 of size 64 [ 13.347357] The buggy address is located 8 bytes inside of freed 64-byte region [ffff88813152f400, ffff88813152f440) [ 13.347367] The buggy address belongs to the physical page: [ 13.355409] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13152f [ 13.355416] anon flags: 0x2ffff8000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 13.355423] page_type: 0xffffefff(slab) [ 13.355429] raw: 02ffff8000000000 ffff8881000428c0 ffffea0004c43a00 0000000000000005 [ 13.355435] raw: 0000000000000000 0000000000200020 00000001ffffefff 0000000000000000 [ 13.355439] page dumped because: kasan: bad access detected [ 13.357295] Memory state around the buggy address: [ 13.357299] ffff88813152f300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.357303] ffff88813152f380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.357306] >ffff88813152f400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.357309] ^ [ 13.357311] ffff88813152f480: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 13.357315] ffff88813152f500: 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc [ 13.357318] ================================================================== [ 13.357405] Disabling lock debugging due to kernel taint [ 13.383534] Oops: general protection fault, probably for non-canonical address 0xe0a1bc4140000013: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 13.383544] KASAN: maybe wild-memory-access in range [0x050e020a00000098-0x050e020a0000009f] [ 13.383551] CPU: 3 PID: 479 Comm: (udev-worker) Tainted: G B 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0 [ 13.383561] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024 [ 13.383565] RIP: 0010:amd_sfh_get_report+0x81/0x530 [amd_sfh] [ 13.383580] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 78 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 49 8d 7c 24 10 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 1a 03 00 00 45 8b 74 24 10 45 [ 13.383585] RSP: 0018:ffff8881261f7388 EFLAGS: 00010212 [ 13.383592] RAX: dffffc0000000000 RBX: ffff88813152f400 RCX: 0000000000000002 [ 13.383597] RDX: 00a1c04140000013 RSI: 0000000000000008 RDI: 050e020a0000009b [ 13.383600] RBP: ffff88814d010000 R08: 0000000000000002 R09: fffffbfff3ddb8c0 [ 13.383604] R10: ffffffff9eedc607 R11: ffff88810ce98000 R12: 050e020a0000008b [ 13.383607] R13: ffff88814d010000 R14: dffffc0000000000 R15: 0000000000000004 [ 13.383611] FS: 00007a21f94d0880(0000) GS:ffff8887e7d80000(0000) knlGS:0000000000000000 [ 13.383615] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 13.383618] CR2: 00007e0014c438f0 CR3: 000000012614c000 CR4: 0000000000f50ef0 [ 13.383622] PKRU: 55555554 [ 13.383625] Call Trace: [ 13.383629] <TASK> [ 13.383632] ? __die_body.cold+0x19/0x27 [ 13.383644] ? die_addr+0x46/0x70 [ 13.383652] ? exc_general_protection+0x150/0x240 [ 13.383664] ? asm_exc_general_protection+0x26/0x30 [ 13.383674] ? amd_sfh_get_report+0x81/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.383686] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.383697] amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.383706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.383713] sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082] [ 13.383727] hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5] [ 13.383739] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.383745] ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5] [ 13.383753] ? _raw_spin_lock_irqsave+0x96/0xf0 [ 13.383762] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 13.383768] ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b] [ 13.383790] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.383795] ? __devm_add_action+0x167/0x1d0 [ 13.383806] hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172] [ 13.383818] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.383826] platform_probe+0xa2/0x150 [ 13.383832] really_probe+0x1e3/0x8a0 [ 13.383838] __driver_probe_device+0x18c/0x370 [ 13.383844] driver_probe_device+0x4a/0x120 [ 13.383851] __driver_attach+0x190/0x4a0 [ 13.383857] ? __pfx___driver_attach+0x10/0x10 [ 13.383863] bus_for_each_dev+0x106/0x180 [ 13.383868] ? __pfx__raw_spin_lock+0x10/0x10 [ 13.383874] ? __pfx_bus_for_each_dev+0x10/0x10 [ 13.383880] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.383887] bus_add_driver+0x29e/0x4d0 [ 13.383895] driver_register+0x1a5/0x360 [ 13.383902] ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172] [ 13.383910] do_one_initcall+0xa7/0x380 [ 13.383919] ? __pfx_do_one_initcall+0x10/0x10 [ 13.383927] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.383933] ? kasan_unpoison+0x44/0x70 [ 13.383943] do_init_module+0x238/0x750 [ 13.383955] load_module+0x5011/0x6af0 [ 13.383962] ? kasan_save_stack+0x30/0x50 [ 13.383968] ? kasan_save_track+0x14/0x30 [ 13.383973] ? kasan_save_free_info+0x3b/0x60 [ 13.383980] ? poison_slab_object+0x109/0x180 [ 13.383993] ? __pfx_load_module+0x10/0x10 [ 13.384007] ? poison_slab_object+0x109/0x180 [ 13.384012] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384018] ? init_module_from_file+0x13d/0x150 [ 13.384025] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384032] ? init_module_from_file+0xdf/0x150 [ 13.384037] init_module_from_file+0xdf/0x150 [ 13.384044] ? __pfx_init_module_from_file+0x10/0x10 [ 13.384050] ? kasan_save_track+0x14/0x30 [ 13.384055] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384060] ? kasan_save_free_info+0x3b/0x60 [ 13.384066] ? poison_slab_object+0x109/0x180 [ 13.384071] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384080] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384085] ? _raw_spin_lock+0x85/0xe0 [ 13.384091] ? __pfx__raw_spin_lock+0x10/0x10 [ 13.384096] ? __rseq_handle_notify_resume+0x1a6/0xad0 [ 13.384106] idempotent_init_module+0x23b/0x650 [ 13.384114] ? __pfx_idempotent_init_module+0x10/0x10 [ 13.384120] ? __pfx___seccomp_filter+0x10/0x10 [ 13.384129] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384135] ? __fget_light+0x57/0x420 [ 13.384142] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384147] ? security_capable+0x74/0xb0 [ 13.384157] __x64_sys_finit_module+0xbe/0x130 [ 13.384164] do_syscall_64+0x82/0x190 [ 13.384174] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384179] ? irqtime_account_irq+0x3d/0x1f0 [ 13.384188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384193] ? __irq_exit_rcu+0x4e/0x130 [ 13.384201] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.384206] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 13.384212] RIP: 0033:0x7a21f96ade9d [ 13.384263] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 63 de 0c 00 f7 d8 64 89 01 48 [ 13.384267] RSP: 002b:00007ffeae934e78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 13.384273] RAX: ffffffffffffffda RBX: 00005987276bfcf0 RCX: 00007a21f96ade9d [ 13.384277] RDX: 0000000000000004 RSI: 00007a21f8eda376 RDI: 000000000000001c [ 13.384280] RBP: 00007a21f8eda376 R08: 0000000000000001 R09: 00007ffeae934ec0 [ 13.384284] R10: 0000000000000050 R11: 0000000000000246 R12: 0000000000020000 [ 13.384288] R13: 00005987276c1250 R14: 0000000000000000 R15: 00005987276c4530 [ 13.384297] </TASK> [ 13.384299] Modules linked in: soundwire_amd(+) hid_sensor_gyro_3d(+) hid_sensor_magn_3d hid_sensor_accel_3d soundwire_generic_allocation amdxcp hid_sensor_trigger drm_exec industrialio_triggered_buffer soundwire_bus gpu_sched kvm_amd kfifo_buf qmi_helpers joydev drm_buddy hid_sensor_iio_common mousedev snd_soc_core industrialio i2c_algo_bit mac80211 snd_compress drm_suballoc_helper kvm snd_hda_intel drm_ttm_helper ac97_bus snd_pcm_dmaengine snd_intel_dspcfg ttm thinkpad_acpi(+) snd_intel_sdw_acpi hid_sensor_hub snd_rpl_pci_acp6x drm_display_helper snd_hda_codec hid_multitouch libarc4 snd_acp_pci platform_profile think_lmi(+) hid_generic firmware_attributes_class wmi_bmof cec snd_acp_legacy_common sparse_keymap rapl snd_hda_core psmouse cfg80211 pcspkr snd_pci_acp6x snd_hwdep video snd_pcm snd_pci_acp5x snd_timer snd_rn_pci_acp3x ucsi_acpi snd_acp_config snd sp5100_tco rfkill snd_soc_acpi typec_ucsi thunderbolt amd_sfh k10temp mhi soundcore i2c_piix4 snd_pci_acp3x typec i2c_hid_acpi roles i2c_hid wmi acpi_tad amd_pmc [ 13.384454] mac_hid i2c_dev crypto_user loop nfnetlink zram ip_tables x_tables dm_crypt cbc encrypted_keys trusted asn1_encoder tee dm_mod crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic gf128mul ghash_clmulni_intel serio_raw sha512_ssse3 atkbd sha256_ssse3 libps2 sha1_ssse3 vivaldi_fmap nvme aesni_intel crypto_simd nvme_core cryptd ccp xhci_pci i8042 nvme_auth xhci_pci_renesas serio vfat fat btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq [ 13.384552] ---[ end trace 0000000000000000 ]--- KASAN reports a use-after-free of hid->driver_data in function amd_sfh_get_report(). The backtrace indicates that the function is called by amdtp_hid_request() which is one of the callbacks of hid device. The current make sure that driver_data is freed only once hid_destroy_device() returned. Note that I observed the crash both on v6.9.9 and v6.10.0. The code seems to be as it was from the early days of the driver. Signed-off-by: Olivier Sobrie <olivier(a)sobrie.be> Acked-by: Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: He Yujie <coka.heyujie(a)huawei.com> --- drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_hid.c b/drivers/hid/amd-sfh-hid/amd_sfh_hid.c index 705b52337068..81f3024b7b1b 100644 --- a/drivers/hid/amd-sfh-hid/amd_sfh_hid.c +++ b/drivers/hid/amd-sfh-hid/amd_sfh_hid.c @@ -171,11 +171,13 @@ int amdtp_hid_probe(u32 cur_hid_dev, struct amdtp_cl_data *cli_data) void amdtp_hid_remove(struct amdtp_cl_data *cli_data) { int i; + struct amdtp_hid_data *hid_data; for (i = 0; i < cli_data->num_hid_devices; ++i) { if (cli_data->hid_sensor_hubs[i]) { - kfree(cli_data->hid_sensor_hubs[i]->driver_data); + hid_data = cli_data->hid_sensor_hubs[i]->driver_data; hid_destroy_device(cli_data->hid_sensor_hubs[i]); + kfree(hid_data); cli_data->hid_sensor_hubs[i] = NULL; } } -- 2.34.1

2 1

[openeuler:OLK-6.6 11427/14193] loongarch64-linux-ld: rpm-traces.c:undefined reference to `__trace_trigger_soft_disabled'
by kernel test robot 27 Sep '24

27 Sep '24

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 515984f18a6f359887b37e95ef5a785b04ae2da7 commit: d14435b8c5cdcdadede980b086f439a7d6747d0c [11427/14193] LoongArch: Fix callchain parse error with kernel tracepoint events again config: loongarch-randconfig-002-20240925 (https://download.01.org/0day-ci/archive/20240927/202409271347.SHAKNDVo-lkp@…) compiler: loongarch64-linux-gcc (GCC) 14.1.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240927/202409271347.SHAKNDVo-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202409271347.SHAKNDVo-lkp@intel.com/ All errors (new ones prefixed by >>): loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L572': power-traces.c:(.text+0x359c): undefined reference to `trace_event_printf' loongarch64-linux-ld: power-traces.c:(.text+0x35c0): undefined reference to `trace_handle_return' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L580': power-traces.c:(.text+0x3678): undefined reference to `trace_print_symbols_seq' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L581': power-traces.c:(.text+0x36ac): undefined reference to `trace_output_call' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L587': power-traces.c:(.text+0x3788): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `trace_raw_output_pm_qos_update': power-traces.c:(.text+0x37dc): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L100011': power-traces.c:(.text+0x39d8): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L606': power-traces.c:(.text+0x3a3c): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `perf_trace_wakeup_source': power-traces.c:(.text+0x3ae8): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L615': power-traces.c:(.text+0x3b84): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L613': power-traces.c:(.text+0x3c0c): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L638': power-traces.c:(.text+0x3f10): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L654': power-traces.c:(.text+0x3fcc): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L659': power-traces.c:(.text+0x40a8): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L667': power-traces.c:(.text+0x414c): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L678': power-traces.c:(.text+0x4230): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L697': power-traces.c:(.text+0x43f4): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L690': power-traces.c:(.text+0x4420): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: power-traces.c:(.text+0x4474): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: kernel/trace/power-traces.o: in function `.L708': power-traces.c:(.text+0x44c8): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x18): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x40): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x60): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x88): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0xa8): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0xd0): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0xf0): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x118): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x138): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x160): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x180): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x1a8): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x1c8): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x1f0): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x210): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x238): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x258): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x280): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x2a0): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x2c8): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x2e8): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x310): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x330): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x358): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x378): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x3a0): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x3c0): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x3e8): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x408): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/power-traces.o:(.ref.data+0x430): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `trace_raw_output_rpm_internal': rpm-traces.c:(.text+0x2a4): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `.L49': rpm-traces.c:(.text+0x338): undefined reference to `trace_event_printf' loongarch64-linux-ld: rpm-traces.c:(.text+0x358): undefined reference to `trace_handle_return' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `trace_raw_output_rpm_return_int': rpm-traces.c:(.text+0x384): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: rpm-traces.c:(.text+0x3dc): undefined reference to `trace_event_printf' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `.L55': rpm-traces.c:(.text+0x3fc): undefined reference to `trace_handle_return' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `.L59': rpm-traces.c:(.text+0x4bc): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `.L62': rpm-traces.c:(.text+0x514): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `perf_trace_rpm_internal': rpm-traces.c:(.text+0x694): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `.L83': rpm-traces.c:(.text+0x734): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `.L96': rpm-traces.c:(.text+0x8a4): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `trace_event_raw_event_rpm_return_int': rpm-traces.c:(.text+0x8d4): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `.L118': rpm-traces.c:(.text+0x95c): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `.L101': rpm-traces.c:(.text+0x9c8): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `.L117': rpm-traces.c:(.text+0xa5c): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `trace_event_raw_event_rpm_internal': rpm-traces.c:(.text+0xad4): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: kernel/trace/rpm-traces.o: in function `.L130': rpm-traces.c:(.text+0xb5c): undefined reference to `trace_event_buffer_reserve' >> loongarch64-linux-ld: rpm-traces.c:(.text+0xba8): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: kernel/trace/rpm-traces.o:(.ref.data+0x18): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/rpm-traces.o:(.ref.data+0x40): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/trace/rpm-traces.o:(.ref.data+0x60): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/trace/rpm-traces.o:(.ref.data+0x88): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/rseq.o: in function `perf_trace_rseq_update': rseq.c:(.text+0x3d4): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: kernel/rseq.o: in function `.L34': rseq.c:(.text+0x430): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: kernel/rseq.o: in function `perf_trace_rseq_ip_fixup': rseq.c:(.text+0x52c): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: kernel/rseq.o: in function `.L46': rseq.c:(.text+0x568): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: kernel/rseq.o: in function `trace_event_raw_event_rseq_update': rseq.c:(.text+0x650): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: kernel/rseq.o: in function `.L61': rseq.c:(.text+0x690): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: kernel/rseq.o: in function `.L57': rseq.c:(.text+0x6e8): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: kernel/rseq.o: in function `trace_event_raw_event_rseq_ip_fixup': rseq.c:(.text+0x770): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: rseq.c:(.text+0x78c): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: kernel/rseq.o: in function `.L68': rseq.c:(.text+0x7e8): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: rseq.c:(.text+0x81c): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: kernel/rseq.o: in function `trace_raw_output_rseq_update': rseq.c:(.text+0x878): undefined reference to `trace_event_printf' loongarch64-linux-ld: rseq.c:(.text+0x898): undefined reference to `trace_handle_return' loongarch64-linux-ld: kernel/rseq.o: in function `.L84': rseq.c:(.text+0x8c4): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: kernel/rseq.o: in function `trace_raw_output_rseq_ip_fixup': rseq.c:(.text+0x91c): undefined reference to `trace_event_printf' loongarch64-linux-ld: rseq.c:(.text+0x93c): undefined reference to `trace_handle_return' loongarch64-linux-ld: kernel/rseq.o:(.ref.data+0x18): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/rseq.o:(.ref.data+0x40): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: kernel/rseq.o:(.ref.data+0x60): undefined reference to `trace_event_reg' loongarch64-linux-ld: kernel/rseq.o:(.ref.data+0x88): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: mm/filemap.o: in function `perf_trace_mm_filemap_op_page_cache': filemap.c:(.text+0x2ac): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: mm/filemap.o: in function `.L54': filemap.c:(.text+0x390): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/filemap.o: in function `perf_trace_filemap_set_wb_err': filemap.c:(.text+0x494): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: mm/filemap.o: in function `.L68': filemap.c:(.text+0x4e4): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/filemap.o: in function `perf_trace_file_check_and_advance_wb_err': filemap.c:(.text+0x5d4): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: mm/filemap.o: in function `.L82': filemap.c:(.text+0x638): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/filemap.o: in function `.L94': filemap.c:(.text+0x720): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: mm/filemap.o: in function `.L99': filemap.c:(.text+0x7e4): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: mm/filemap.o: in function `.L95': filemap.c:(.text+0x86c): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: mm/filemap.o: in function `.L96': filemap.c:(.text+0x8e8): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: mm/filemap.o: in function `trace_event_raw_event_filemap_set_wb_err': filemap.c:(.text+0x918): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: mm/filemap.o: in function `.L115': filemap.c:(.text+0x988): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: mm/filemap.o: in function `.L116': filemap.c:(.text+0x9f8): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: mm/filemap.o: in function `trace_event_raw_event_file_check_and_advance_wb_err': filemap.c:(.text+0xa40): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: mm/filemap.o: in function `.L128': filemap.c:(.text+0xaac): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: mm/filemap.o: in function `.L124': filemap.c:(.text+0xae4): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/filemap.o: in function `trace_raw_output_mm_filemap_op_page_cache': filemap.c:(.text+0xb6c): undefined reference to `trace_event_printf' loongarch64-linux-ld: filemap.c:(.text+0xb8c): undefined reference to `trace_handle_return' loongarch64-linux-ld: filemap.c:(.text+0xbb4): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/filemap.o: in function `.L142': filemap.c:(.text+0xc20): undefined reference to `trace_event_printf' loongarch64-linux-ld: mm/filemap.o: in function `trace_raw_output_filemap_set_wb_err': filemap.c:(.text+0xc40): undefined reference to `trace_handle_return' loongarch64-linux-ld: filemap.c:(.text+0xc6c): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/filemap.o: in function `.L148': filemap.c:(.text+0xce8): undefined reference to `trace_event_printf' loongarch64-linux-ld: mm/filemap.o: in function `trace_raw_output_file_check_and_advance_wb_err': filemap.c:(.text+0xd08): undefined reference to `trace_handle_return' loongarch64-linux-ld: mm/filemap.o:(.ref.data+0x18): undefined reference to `trace_event_reg' loongarch64-linux-ld: mm/filemap.o:(.ref.data+0x40): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: mm/filemap.o:(.ref.data+0x60): undefined reference to `trace_event_reg' loongarch64-linux-ld: mm/filemap.o:(.ref.data+0x88): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: mm/filemap.o:(.ref.data+0xa8): undefined reference to `trace_event_reg' loongarch64-linux-ld: mm/filemap.o:(.ref.data+0xd0): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: mm/oom_kill.o: in function `perf_trace_oom_score_adj_update': oom_kill.c:(.text+0x4a0): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: mm/oom_kill.o: in function `.L83': oom_kill.c:(.text+0x4fc): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/oom_kill.o: in function `.L82': oom_kill.c:(.text+0x578): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: mm/oom_kill.o: in function `perf_trace_reclaim_retry_zone': oom_kill.c:(.text+0x66c): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: mm/oom_kill.o: in function `.L85': oom_kill.c:(.text+0x6c4): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/oom_kill.o: in function `perf_trace_mark_victim': oom_kill.c:(.text+0x7b4): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: mm/oom_kill.o: in function `.L97': oom_kill.c:(.text+0x7e4): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/oom_kill.o: in function `perf_trace_wake_reaper': oom_kill.c:(.text+0x8b4): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: mm/oom_kill.o: in function `.L109': oom_kill.c:(.text+0x8e4): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/oom_kill.o: in function `perf_trace_start_task_reaping': oom_kill.c:(.text+0x9b4): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: mm/oom_kill.o: in function `.L121': oom_kill.c:(.text+0x9e4): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/oom_kill.o: in function `perf_trace_finish_task_reaping': oom_kill.c:(.text+0xab4): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: oom_kill.c:(.text+0xae4): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/oom_kill.o: in function `perf_trace_skip_task_reaping': oom_kill.c:(.text+0xbb4): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: oom_kill.c:(.text+0xbe4): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/oom_kill.o: in function `perf_trace_compact_retry': oom_kill.c:(.text+0xcdc): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: oom_kill.c:(.text+0xd38): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/oom_kill.o: in function `.L156': oom_kill.c:(.text+0xe0c): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_event_raw_event_oom_score_adj_update': oom_kill.c:(.text+0xe40): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: mm/oom_kill.o: in function `.L175': oom_kill.c:(.text+0xe8c): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_event_raw_event_reclaim_retry_zone': oom_kill.c:(.text+0xf30): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: oom_kill.c:(.text+0xf6c): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: mm/oom_kill.o: in function `.L187': oom_kill.c:(.text+0xfe8): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: mm/oom_kill.o: in function `.L183': oom_kill.c:(.text+0x1058): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: oom_kill.c:(.text+0x1068): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_event_raw_event_mark_victim': oom_kill.c:(.text+0x10a8): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: mm/oom_kill.o: in function `.L194': oom_kill.c:(.text+0x1118): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: oom_kill.c:(.text+0x1128): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_event_raw_event_wake_reaper': oom_kill.c:(.text+0x1168): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: mm/oom_kill.o: in function `.L205': oom_kill.c:(.text+0x11d8): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: oom_kill.c:(.text+0x11e8): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: mm/oom_kill.o: in function `.L206': oom_kill.c:(.text+0x1228): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: mm/oom_kill.o: in function `.L220': oom_kill.c:(.text+0x1298): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: mm/oom_kill.o: in function `.L216': oom_kill.c:(.text+0x12a8): undefined reference to `trace_event_buffer_commit' >> loongarch64-linux-ld: oom_kill.c:(.text+0x12e8): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_event_raw_event_finish_task_reaping': oom_kill.c:(.text+0x1358): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: mm/oom_kill.o: in function `.L231': oom_kill.c:(.text+0x1368): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: mm/oom_kill.o: in function `.L227': oom_kill.c:(.text+0x13a8): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: mm/oom_kill.o: in function `.L242': oom_kill.c:(.text+0x1438): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: mm/oom_kill.o: in function `.L238': oom_kill.c:(.text+0x1474): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_event_raw_event_compact_retry': oom_kill.c:(.text+0x14ec): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: oom_kill.c:(.text+0x1524): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/oom_kill.o: in function `.L249': oom_kill.c:(.text+0x1578): undefined reference to `trace_event_printf' loongarch64-linux-ld: oom_kill.c:(.text+0x1598): undefined reference to `trace_handle_return' loongarch64-linux-ld: oom_kill.c:(.text+0x15c4): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_raw_output_oom_score_adj_update': oom_kill.c:(.text+0x1610): undefined reference to `trace_event_printf' loongarch64-linux-ld: oom_kill.c:(.text+0x1630): undefined reference to `trace_handle_return' loongarch64-linux-ld: oom_kill.c:(.text+0x165c): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_raw_output_mark_victim': oom_kill.c:(.text+0x16b0): undefined reference to `trace_event_printf' loongarch64-linux-ld: oom_kill.c:(.text+0x16d0): undefined reference to `trace_handle_return' loongarch64-linux-ld: oom_kill.c:(.text+0x16fc): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_raw_output_wake_reaper': oom_kill.c:(.text+0x1750): undefined reference to `trace_event_printf' loongarch64-linux-ld: oom_kill.c:(.text+0x1770): undefined reference to `trace_handle_return' loongarch64-linux-ld: oom_kill.c:(.text+0x179c): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/oom_kill.o: in function `.L280': oom_kill.c:(.text+0x17f0): undefined reference to `trace_event_printf' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_raw_output_start_task_reaping': oom_kill.c:(.text+0x1810): undefined reference to `trace_handle_return' loongarch64-linux-ld: oom_kill.c:(.text+0x183c): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/oom_kill.o: in function `.L286': oom_kill.c:(.text+0x1890): undefined reference to `trace_event_printf' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_raw_output_finish_task_reaping': oom_kill.c:(.text+0x18b0): undefined reference to `trace_handle_return' loongarch64-linux-ld: oom_kill.c:(.text+0x18dc): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/oom_kill.o: in function `.L292': oom_kill.c:(.text+0x1938): undefined reference to `trace_print_symbols_seq' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_raw_output_skip_task_reaping': oom_kill.c:(.text+0x1970): undefined reference to `trace_event_printf' loongarch64-linux-ld: oom_kill.c:(.text+0x1994): undefined reference to `trace_handle_return' loongarch64-linux-ld: mm/oom_kill.o: in function `.L298': oom_kill.c:(.text+0x19bc): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/oom_kill.o: in function `trace_raw_output_reclaim_retry_zone': oom_kill.c:(.text+0x1a28): undefined reference to `trace_print_symbols_seq' loongarch64-linux-ld: oom_kill.c:(.text+0x1a40): undefined reference to `trace_print_symbols_seq' loongarch64-linux-ld: mm/oom_kill.o: in function `.L304': oom_kill.c:(.text+0x1a68): undefined reference to `trace_event_printf' loongarch64-linux-ld: oom_kill.c:(.text+0x1a94): undefined reference to `trace_handle_return' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x18): undefined reference to `trace_event_reg' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x40): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x60): undefined reference to `trace_event_reg' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x88): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0xa8): undefined reference to `trace_event_reg' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0xd0): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0xf0): undefined reference to `trace_event_reg' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x118): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x138): undefined reference to `trace_event_reg' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x160): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x180): undefined reference to `trace_event_reg' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x1a8): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x1c8): undefined reference to `trace_event_reg' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x1f0): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x210): undefined reference to `trace_event_reg' loongarch64-linux-ld: mm/oom_kill.o:(.ref.data+0x238): undefined reference to `trace_event_raw_init' loongarch64-linux-ld: mm/swap.o: in function `.L20': swap.c:(.text+0x13c): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: swap.c:(.text+0x1dc): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/swap.o: in function `.L32': swap.c:(.text+0x2d4): undefined reference to `perf_trace_buf_alloc' loongarch64-linux-ld: mm/swap.o: in function `.L38': swap.c:(.text+0x42c): undefined reference to `perf_trace_run_bpf_submit' loongarch64-linux-ld: mm/swap.o: in function `trace_event_raw_event_mm_lru_insertion': swap.c:(.text+0x560): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: mm/swap.o: in function `.L63': swap.c:(.text+0x69c): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: mm/swap.o: in function `.L75': swap.c:(.text+0x72c): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: mm/swap.o: in function `trace_event_raw_event_mm_lru_activate': swap.c:(.text+0x7c0): undefined reference to `trace_event_buffer_reserve' loongarch64-linux-ld: mm/swap.o: in function `.L80': swap.c:(.text+0x844): undefined reference to `trace_event_buffer_commit' loongarch64-linux-ld: mm/swap.o: in function `.L76': swap.c:(.text+0x8ac): undefined reference to `__trace_trigger_soft_disabled' loongarch64-linux-ld: swap.c:(.text+0x8e4): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/swap.o: in function `.L105': swap.c:(.text+0x978): undefined reference to `trace_event_printf' loongarch64-linux-ld: mm/swap.o: in function `.L107': swap.c:(.text+0x998): undefined reference to `trace_handle_return' loongarch64-linux-ld: mm/swap.o: in function `.L102': swap.c:(.text+0xa64): undefined reference to `trace_raw_output_prep' loongarch64-linux-ld: mm/swap.o: in function `.L100': swap.c:(.text+0xab4): undefined reference to `trace_event_printf' loongarch64-linux-ld: mm/swap.o: in function `trace_raw_output_mm_lru_activate': swap.c:(.text+0xad4): undefined reference to `trace_handle_return' loongarch64-linux-ld: mm/swap.o:(.ref.data+0x18): undefined reference to `trace_event_reg' loongarch64-linux-ld: mm/swap.o:(.ref.data+0x40): undefined reference to `trace_event_raw_init' Kconfig warnings: (for reference only) WARNING: unmet direct dependencies detected for PGP_PRELOAD Depends on [n]: CRYPTO [=y] && ASYMMETRIC_KEY_TYPE [=n] Selected by [y]: - PGP_PRELOAD_PUBLIC_KEYS [=y] && CRYPTO [=y] -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:openEuler-1.0-LTS 17806/23779] drivers/powercap/intel_rapl_msr.o: warning: objtool: missing symbol for section .init.text
by kernel test robot 27 Sep '24

27 Sep '24

tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: f9510969035e796a27375a80d9d6489440e17a1a commit: 0ea5d304521b68fb459c57e55f3f1bd853127bc7 [17806/23779] intel_rapl: abstract RAPL common code config: x86_64-buildonly-randconfig-001-20240926 (https://download.01.org/0day-ci/archive/20240927/202409271226.X7vYNpq3-lkp@…) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240927/202409271226.X7vYNpq3-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202409271226.X7vYNpq3-lkp@intel.com/ All warnings (new ones prefixed by >>): >> drivers/powercap/intel_rapl_msr.o: warning: objtool: missing symbol for section .init.text -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0