mailweb.openeuler.org
Manage this list

Keyboard Shortcuts

Thread View

  • j: Next unread message
  • k: Previous unread message
  • j a: Jump to all threads
  • j l: Jump to MailingList overview

Kernel

Threads by month
  • ----- 2025 -----
  • October
  • September
  • August
  • July
  • June
  • May
  • April
  • March
  • February
  • January
  • ----- 2024 -----
  • December
  • November
  • October
  • September
  • August
  • July
  • June
  • May
  • April
  • March
  • February
  • January
  • ----- 2023 -----
  • December
  • November
  • October
  • September
  • August
  • July
  • June
  • May
  • April
  • March
  • February
  • January
  • ----- 2022 -----
  • December
  • November
  • October
  • September
  • August
  • July
  • June
  • May
  • April
  • March
  • February
  • January
  • ----- 2021 -----
  • December
  • November
  • October
  • September
  • August
  • July
  • June
  • May
  • April
  • March
  • February
  • January
  • ----- 2020 -----
  • December
  • November
  • October
  • September
  • August
  • July
  • June
  • May
  • April
  • March
  • February
  • January
  • ----- 2019 -----
  • December
kernel@openeuler.org

  • 48 participants
  • 20826 discussions
[PATCH] perf/core: Fix pmus_lock vs. pmus_srcu ordering
by Luo Gengkun 01 Apr '25

01 Apr '25
From: Peter Zijlstra <peterz(a)infradead.org> stable inclusion from stable-v6.6.83 commit 7c823e4c30d6fdc16089e13924260086eaea76be category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBXQNU Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 2565e42539b120b81a68a58da961ce5d1e34eac8 ] Commit a63fbed776c7 ("perf/tracing/cpuhotplug: Fix locking order") placed pmus_lock inside pmus_srcu, this makes perf_pmu_unregister() trip lockdep. Move the locking about such that only pmu_idr and pmus (list) are modified while holding pmus_lock. This avoids doing synchronize_srcu() while holding pmus_lock and all is well again. Fixes: a63fbed776c7 ("perf/tracing/cpuhotplug: Fix locking order") Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/20241104135517.679556858@infradead.org Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Luo Gengkun <luogengkun2(a)huawei.com> --- kernel/events/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 0b9e703641d1..9b5d35c4a3ec 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -11670,6 +11670,8 @@ void perf_pmu_unregister(struct pmu *pmu) { mutex_lock(&pmus_lock); list_del_rcu(&pmu->entry); + idr_remove(&pmu_idr, pmu->type); + mutex_unlock(&pmus_lock); /* * We dereference the pmu list under both SRCU and regular RCU, so @@ -11679,7 +11681,6 @@ void perf_pmu_unregister(struct pmu *pmu) synchronize_rcu(); free_percpu(pmu->pmu_disable_count); - idr_remove(&pmu_idr, pmu->type); if (pmu_bus_running && pmu->dev && pmu->dev != PMU_NULL_DEV) { if (pmu->nr_addr_filters) device_remove_file(pmu->dev, &dev_attr_nr_addr_filters); @@ -11687,7 +11688,6 @@ void perf_pmu_unregister(struct pmu *pmu) put_device(pmu->dev); } free_pmu_context(pmu); - mutex_unlock(&pmus_lock); } EXPORT_SYMBOL_GPL(perf_pmu_unregister); -- 2.34.1
1 0
0 0
[PATCH OLK-6.6] ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
by Qi Xi 01 Apr '25

01 Apr '25
From: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> mainline inclusion from mainline-v6.14-rc1 commit 301c26a018acb94dd537a4418cefa0f654500c6f category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBRED3 CVE: CVE-2024-58077 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port" log severity") ignores -EINVAL error message on common soc_pcm_ret(). It is used from many functions, ignoring -EINVAL is over-kill. The reason why -EINVAL was ignored was it really should only be used upon invalid parameters coming from userspace and in that case we don't want to log an error since we do not want to give userspace a way to do a denial-of-service attack on the syslog / diskspace. So don't use soc_pcm_ret() on .prepare callback is better idea. Link: https://lore.kernel.org/r/87v7vptzap.wl-kuninori.morimoto.gx@renesas.com Cc: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> Link: https://patch.msgid.link/87bjxg8jju.wl-kuninori.morimoto.gx@renesas.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Qi Xi <xiqi2(a)huawei.com> --- sound/soc/soc-pcm.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c index 511446a30c05..60248a6820aa 100644 --- a/sound/soc/soc-pcm.c +++ b/sound/soc/soc-pcm.c @@ -38,7 +38,6 @@ static inline int _soc_pcm_ret(struct snd_soc_pcm_runtime *rtd, switch (ret) { case -EPROBE_DEFER: case -ENOTSUPP: - case -EINVAL: break; default: dev_err(rtd->dev, @@ -902,7 +901,13 @@ static int __soc_pcm_prepare(struct snd_soc_pcm_runtime *rtd, } out: - return soc_pcm_ret(rtd, ret); + /* + * Don't use soc_pcm_ret() on .prepare callback to lower error log severity + * + * We don't want to log an error since we do not want to give userspace a way to do a + * denial-of-service attack on the syslog / diskspace. + */ + return ret; } /* PCM prepare ops for non-DPCM streams */ @@ -914,6 +919,13 @@ static int soc_pcm_prepare(struct snd_pcm_substream *substream) snd_soc_dpcm_mutex_lock(rtd); ret = __soc_pcm_prepare(rtd, substream); snd_soc_dpcm_mutex_unlock(rtd); + + /* + * Don't use soc_pcm_ret() on .prepare callback to lower error log severity + * + * We don't want to log an error since we do not want to give userspace a way to do a + * denial-of-service attack on the syslog / diskspace. + */ return ret; } @@ -2461,7 +2473,13 @@ int dpcm_be_dai_prepare(struct snd_soc_pcm_runtime *fe, int stream) be->dpcm[stream].state = SND_SOC_DPCM_STATE_PREPARE; } - return soc_pcm_ret(fe, ret); + /* + * Don't use soc_pcm_ret() on .prepare callback to lower error log severity + * + * We don't want to log an error since we do not want to give userspace a way to do a + * denial-of-service attack on the syslog / diskspace. + */ + return ret; } static int dpcm_fe_dai_prepare(struct snd_pcm_substream *substream) @@ -2501,7 +2519,13 @@ static int dpcm_fe_dai_prepare(struct snd_pcm_substream *substream) dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_NO); snd_soc_dpcm_mutex_unlock(fe); - return soc_pcm_ret(fe, ret); + /* + * Don't use soc_pcm_ret() on .prepare callback to lower error log severity + * + * We don't want to log an error since we do not want to give userspace a way to do a + * denial-of-service attack on the syslog / diskspace. + */ + return ret; } static int dpcm_run_update_shutdown(struct snd_soc_pcm_runtime *fe, int stream) -- 2.33.0
2 1
0 0
[openeuler:openEuler-1.0-LTS 1544/1544] mm/share_pool.c:2263:24: error: implicit declaration of function 'hugetlb_alloc_hugepage'; did you mean 'vmalloc_hugepage'?
by kernel test robot 01 Apr '25

01 Apr '25
Hi Ding, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: 54ad6c4559d2bcbb5d7a03050b2f417a326a1ce2 commit: 4a280fac30d27ae2aff096f9f99aa12d50f83426 [1544/1544] ascend: share_pool: support share pool features for ascend platform config: arm64-randconfig-r131-20250401 (https://download.01.org/0day-ci/archive/20250401/202504011702.UDJZ2vxB-lkp@…) compiler: aarch64-linux-gcc (GCC) 11.5.0 reproduce: (https://download.01.org/0day-ci/archive/20250401/202504011702.UDJZ2vxB-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202504011702.UDJZ2vxB-lkp@intel.com/ All errors (new ones prefixed by >>): mm/share_pool.c:55:5: sparse: sparse: symbol 'enable_mdc_default_group' was not declared. Should it be static? mm/share_pool.c:172:6: sparse: sparse: symbol 'host_svm_sp_enable' was not declared. Should it be static? mm/share_pool.c:1542:21: sparse: sparse: undefined identifier 'huge_ptep_get' mm/share_pool.c:1542:34: sparse: sparse: invalid initializer mm/share_pool.c:2263:24: sparse: sparse: undefined identifier 'hugetlb_alloc_hugepage' mm/share_pool.c:236:28: sparse: sparse: context imbalance in 'spa_dec_usage' - unexpected unlock mm/share_pool.c: In function 'sp_hugetlb_entry': mm/share_pool.c:1542:21: error: implicit declaration of function 'huge_ptep_get' [-Werror=implicit-function-declaration] 1542 | pte_t pte = huge_ptep_get(ptep); | ^~~~~~~~~~~~~ mm/share_pool.c:1542:21: error: invalid initializer mm/share_pool.c: In function 'sp_alloc_pages': >> mm/share_pool.c:2263:24: error: implicit declaration of function 'hugetlb_alloc_hugepage'; did you mean 'vmalloc_hugepage'? [-Werror=implicit-function-declaration] 2263 | return hugetlb_alloc_hugepage(NUMA_NO_NODE, HUGETLB_ALLOC_NONE); | ^~~~~~~~~~~~~~~~~~~~~~ | vmalloc_hugepage >> mm/share_pool.c:2263:61: error: 'HUGETLB_ALLOC_NONE' undeclared (first use in this function); did you mean 'HUGETLB_ANON_FILE'? 2263 | return hugetlb_alloc_hugepage(NUMA_NO_NODE, HUGETLB_ALLOC_NONE); | ^~~~~~~~~~~~~~~~~~ | HUGETLB_ANON_FILE mm/share_pool.c:2263:61: note: each undeclared identifier is reported only once for each function it appears in mm/share_pool.c:2266:1: warning: control reaches end of non-void function [-Wreturn-type] 2266 | } | ^ cc1: some warnings being treated as errors sparse warnings: (new ones prefixed by >>) mm/share_pool.c:55:5: sparse: sparse: symbol 'enable_mdc_default_group' was not declared. Should it be static? mm/share_pool.c:172:6: sparse: sparse: symbol 'host_svm_sp_enable' was not declared. Should it be static? mm/share_pool.c:1542:21: sparse: sparse: undefined identifier 'huge_ptep_get' >> mm/share_pool.c:1542:34: sparse: sparse: invalid initializer mm/share_pool.c:2263:24: sparse: sparse: undefined identifier 'hugetlb_alloc_hugepage' mm/share_pool.c:236:28: sparse: sparse: context imbalance in 'spa_dec_usage' - unexpected unlock mm/share_pool.c: In function 'sp_hugetlb_entry': mm/share_pool.c:1542:21: error: implicit declaration of function 'huge_ptep_get' [-Werror=implicit-function-declaration] 1542 | pte_t pte = huge_ptep_get(ptep); | ^~~~~~~~~~~~~ mm/share_pool.c:1542:21: error: invalid initializer mm/share_pool.c: In function 'sp_alloc_pages': mm/share_pool.c:2263:24: error: implicit declaration of function 'hugetlb_alloc_hugepage'; did you mean 'vmalloc_hugepage'? [-Werror=implicit-function-declaration] 2263 | return hugetlb_alloc_hugepage(NUMA_NO_NODE, HUGETLB_ALLOC_NONE); | ^~~~~~~~~~~~~~~~~~~~~~ | vmalloc_hugepage mm/share_pool.c:2263:61: error: 'HUGETLB_ALLOC_NONE' undeclared (first use in this function); did you mean 'HUGETLB_ANON_FILE'? 2263 | return hugetlb_alloc_hugepage(NUMA_NO_NODE, HUGETLB_ALLOC_NONE); | ^~~~~~~~~~~~~~~~~~ | HUGETLB_ANON_FILE mm/share_pool.c:2263:61: note: each undeclared identifier is reported only once for each function it appears in mm/share_pool.c:2266:1: warning: control reaches end of non-void function [-Wreturn-type] 2266 | } | ^ cc1: some warnings being treated as errors vim +2263 mm/share_pool.c 2257 2258 2259 struct page *sp_alloc_pages(struct vm_struct *area, gfp_t mask, 2260 unsigned int page_order, int node) 2261 { 2262 if (area->flags & VM_HUGE_PAGES) > 2263 return hugetlb_alloc_hugepage(NUMA_NO_NODE, HUGETLB_ALLOC_NONE); 2264 else 2265 return alloc_pages_node(node, mask, page_order); 2266 } 2267 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
1 0
0 0
[PATCH OLK-6.6 0/5] Some mainline patches merged into drivers/hwmon
by Lifeng Zheng 01 Apr '25

01 Apr '25
From: Xinghai Cen <cenxinghai(a)h-partners.com> Some mainline patches merged into drivers/hwmon Huisong Li (4): hwmon: (acpi_power_meter) Fix fail to load module on platform without _PMD method hwmon: (acpi_power_meter) Fix uninitialized variables hwmon: (acpi_power_meter) Fix update the power trip points on failure hwmon: (acpi_power_meter) Fix the fake power alarm reporting Kazuhiro Abe (1): hwmon: (acpi_power_meter) Fix a check for the return value of read_domain_devices(). drivers/hwmon/acpi_power_meter.c | 46 +++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 10 deletions(-) -- 2.33.0
2 6
0 0
[openeuler:openEuler-1.0-LTS 1544/1544] block/blk-cgroup.c:478:19: sparse: sparse: incompatible types in comparison expression (different address spaces):
by kernel test robot 01 Apr '25

01 Apr '25
tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: 9866a4dd6fd198f871f6c1692e61ce7d10c96836 commit: 725ee753b5064f03287858bc346d883b8f39319a [1544/1544] bdi: fix use-after-free for the bdi device config: arm64-randconfig-r131-20250401 (https://download.01.org/0day-ci/archive/20250401/202504011531.jatxCuOT-lkp@…) compiler: aarch64-linux-gcc (GCC) 11.5.0 reproduce: (https://download.01.org/0day-ci/archive/20250401/202504011531.jatxCuOT-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202504011531.jatxCuOT-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) >> block/blk-cgroup.c:478:19: sparse: sparse: incompatible types in comparison expression (different address spaces): block/blk-cgroup.c:478:19: sparse: struct rcu_device [noderef] __rcu * block/blk-cgroup.c:478:19: sparse: struct rcu_device * block/blk-cgroup.c:816:5: sparse: sparse: context imbalance in 'blkg_conf_prep' - wrong count at exit block/blk-cgroup.c:1794: warning: Function parameter or member 'q' not described in 'blkcg_schedule_throttle' block/blk-cgroup.c:1794: warning: Function parameter or member 'use_memdelay' not described in 'blkcg_schedule_throttle' block/blk-cgroup.c:1819: warning: Function parameter or member 'blkg' not described in 'blkcg_add_delay' block/blk-cgroup.c:1819: warning: Function parameter or member 'now' not described in 'blkcg_add_delay' block/blk-cgroup.c:1819: warning: Function parameter or member 'delta' not described in 'blkcg_add_delay' vim +478 block/blk-cgroup.c 472 473 const char *blkg_dev_name(struct blkcg_gq *blkg) 474 { 475 /* some drivers (floppy) instantiate a queue w/o disk registered */ 476 struct rcu_device *rcu_dev; 477 > 478 rcu_dev = rcu_dereference(blkg->q->backing_dev_info->rcu_dev); 479 if (rcu_dev) 480 return dev_name(&rcu_dev->dev); 481 return NULL; 482 } 483 EXPORT_SYMBOL_GPL(blkg_dev_name); 484 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
1 0
0 0
[openeuler:openEuler-1.0-LTS 1544/1544] fs/proc/etmem_scan.c:1031: undefined reference to `proc_page_scan_operations'
by kernel test robot 01 Apr '25

01 Apr '25
tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: 9866a4dd6fd198f871f6c1692e61ce7d10c96836 commit: bad4d8833739acc8eef306e7ad5c7877f9f4f0fb [1544/1544] etmem: add etmem-scan feature config: x86_64-randconfig-r113-20250401 (https://download.01.org/0day-ci/archive/20250401/202504011440.KymThb7O-lkp@…) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250401/202504011440.KymThb7O-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202504011440.KymThb7O-lkp@intel.com/ All errors (new ones prefixed by >>): ld: warning: arch/x86/lib/csum-copy_64.o: missing .note.GNU-stack section implies executable stack ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker ld: warning: arch/x86/lib/csum-copy_64.o: missing .note.GNU-stack section implies executable stack ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker ld: warning: .tmp_vmlinux1 has a LOAD segment with RWX permissions ld: fs/proc/etmem_scan.o: in function `page_scan_entry': >> fs/proc/etmem_scan.c:1031: undefined reference to `proc_page_scan_operations' >> ld: fs/proc/etmem_scan.c:1032: undefined reference to `proc_page_scan_operations' >> ld: fs/proc/etmem_scan.c:1031: undefined reference to `proc_page_scan_operations' ld: fs/proc/etmem_scan.c:1033: undefined reference to `proc_page_scan_operations' >> ld: fs/proc/etmem_scan.c:1032: undefined reference to `proc_page_scan_operations' ld: fs/proc/etmem_scan.o:fs/proc/etmem_scan.c:1034: more undefined references to `proc_page_scan_operations' follow vim +1031 fs/proc/etmem_scan.c 1028 1029 static int page_scan_entry(void) 1030 { > 1031 proc_page_scan_operations.owner = THIS_MODULE; > 1032 proc_page_scan_operations.read = page_scan_read; 1033 proc_page_scan_operations.open = page_scan_open; 1034 proc_page_scan_operations.release = page_scan_release; 1035 return 0; 1036 } 1037 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
1 0
0 0
[PATCH OLK-6.6] tty: xilinx_uartps: split sysrq handling
by Yi Yang 01 Apr '25

01 Apr '25
From: Sean Anderson <sean.anderson(a)linux.dev> stable inclusion from stable-v6.6.78 commit 8ea0e7b3d7b8f2f0fc9db491ff22a0abe120801c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPLKD CVE: CVE-2025-21820 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit b06f388994500297bb91be60ffaf6825ecfd2afe upstream. lockdep detects the following circular locking dependency: CPU 0 CPU 1 ========================== ============================ cdns_uart_isr() printk() uart_port_lock(port) console_lock() cdns_uart_console_write() if (!port->sysrq) uart_port_lock(port) uart_handle_break() port->sysrq = ... uart_handle_sysrq_char() printk() console_lock() The fixed commit attempts to avoid this situation by only taking the port lock in cdns_uart_console_write if port->sysrq unset. However, if (as shown above) cdns_uart_console_write runs before port->sysrq is set, then it will try to take the port lock anyway. This may result in a deadlock. Fix this by splitting sysrq handling into two parts. We use the prepare helper under the port lock and defer handling until we release the lock. Fixes: 74ea66d4ca06 ("tty: xuartps: Improve sysrq handling") Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Cc: stable(a)vger.kernel.org # c980248179d: serial: xilinx_uartps: Use port lock wrappers Acked-by: John Ogness <john.ogness(a)linutronix.de> Link: https://lore.kernel.org/r/20250110213822.2107462-1-sean.anderson@linux.dev Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Yi Yang <yiyang13(a)huawei.com> --- drivers/tty/serial/xilinx_uartps.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c index 2e5e86a00a77..7f83d2780017 100644 --- a/drivers/tty/serial/xilinx_uartps.c +++ b/drivers/tty/serial/xilinx_uartps.c @@ -268,7 +268,7 @@ static void cdns_uart_handle_rx(void *dev_id, unsigned int isrstatus) continue; } - if (uart_handle_sysrq_char(port, data)) + if (uart_prepare_sysrq_char(port, data)) continue; if (is_rxbs_support) { @@ -369,7 +369,7 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id) !(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS)) cdns_uart_handle_rx(dev_id, isrstatus); - spin_unlock(&port->lock); + uart_unlock_and_check_sysrq(port); return IRQ_HANDLED; } @@ -1229,10 +1229,8 @@ static void cdns_uart_console_write(struct console *co, const char *s, unsigned int imr, ctrl; int locked = 1; - if (port->sysrq) - locked = 0; - else if (oops_in_progress) - locked = spin_trylock_irqsave(&port->lock, flags); + if (oops_in_progress) + locked = uart_port_trylock_irqsave(port, &flags); else spin_lock_irqsave(&port->lock, flags); -- 2.25.1
2 1
0 0
[PATCH OLK-6.6] can: etas_es58x: fix potential NULL pointer dereference on udev->serial
by Yi Yang 01 Apr '25

01 Apr '25
From: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> stable inclusion from stable-v6.6.79 commit 1590667a60753ee5a54871f2840ceefd4a7831fa category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPC8Y CVE: CVE-2025-21773 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit a1ad2109ce41c9e3912dadd07ad8a9c640064ffb upstream. The driver assumed that es58x_dev->udev->serial could never be NULL. While this is true on commercially available devices, an attacker could spoof the device identity providing a NULL USB serial number. That would trigger a NULL pointer dereference. Add a check on es58x_dev->udev->serial before accessing it. Reported-by: yan kang <kangyan91(a)outlook.com> Reported-by: yue sun <samsun1006219(a)gmail.com> Closes: https://lore.kernel.org/linux-can/SY8P300MB0421E0013C0EBD2AA46BA709A1F42@SY… Fixes: 9f06631c3f1f ("can: etas_es58x: export product information through devlink_ops::info_get()") Signed-off-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Link: https://patch.msgid.link/20250204154859.9797-2-mailhol.vincent@wanadoo.fr Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Yi Yang <yiyang13(a)huawei.com> --- drivers/net/can/usb/etas_es58x/es58x_devlink.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/can/usb/etas_es58x/es58x_devlink.c b/drivers/net/can/usb/etas_es58x/es58x_devlink.c index 635edeb8f68c..e763a9904bed 100644 --- a/drivers/net/can/usb/etas_es58x/es58x_devlink.c +++ b/drivers/net/can/usb/etas_es58x/es58x_devlink.c @@ -248,7 +248,11 @@ static int es58x_devlink_info_get(struct devlink *devlink, return ret; } - return devlink_info_serial_number_put(req, es58x_dev->udev->serial); + if (es58x_dev->udev->serial) + ret = devlink_info_serial_number_put(req, + es58x_dev->udev->serial); + + return ret; } const struct devlink_ops es58x_dl_ops = { -- 2.25.1
2 1
0 0
[PATCH] perf/core: Fix pmus_lock vs. pmus_srcu ordering
by Luo Gengkun 01 Apr '25

01 Apr '25
From: Peter Zijlstra <peterz(a)infradead.org> stable inclusion from stable-v6.6.83 commit 7c823e4c30d6fdc16089e13924260086eaea76be category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBXQNU Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 2565e42539b120b81a68a58da961ce5d1e34eac8 ] Commit a63fbed776c7 ("perf/tracing/cpuhotplug: Fix locking order") placed pmus_lock inside pmus_srcu, this makes perf_pmu_unregister() trip lockdep. Move the locking about such that only pmu_idr and pmus (list) are modified while holding pmus_lock. This avoids doing synchronize_srcu() while holding pmus_lock and all is well again. Fixes: a63fbed776c7 ("perf/tracing/cpuhotplug: Fix locking order") Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/20241104135517.679556858@infradead.org Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Luo Gengkun <luogengkun2(a)huawei.com> --- kernel/events/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 0b9e703641d1..9b5d35c4a3ec 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -11670,6 +11670,8 @@ void perf_pmu_unregister(struct pmu *pmu) { mutex_lock(&pmus_lock); list_del_rcu(&pmu->entry); + idr_remove(&pmu_idr, pmu->type); + mutex_unlock(&pmus_lock); /* * We dereference the pmu list under both SRCU and regular RCU, so @@ -11679,7 +11681,6 @@ void perf_pmu_unregister(struct pmu *pmu) synchronize_rcu(); free_percpu(pmu->pmu_disable_count); - idr_remove(&pmu_idr, pmu->type); if (pmu_bus_running && pmu->dev && pmu->dev != PMU_NULL_DEV) { if (pmu->nr_addr_filters) device_remove_file(pmu->dev, &dev_attr_nr_addr_filters); @@ -11687,7 +11688,6 @@ void perf_pmu_unregister(struct pmu *pmu) put_device(pmu->dev); } free_pmu_context(pmu); - mutex_unlock(&pmus_lock); } EXPORT_SYMBOL_GPL(perf_pmu_unregister); -- 2.34.1
1 0
0 0
[PATCH openEuler-1.0-LTS] ext4: avoid updating the superblock on a r/o mount if not needed
by Yongjian Sun 01 Apr '25

01 Apr '25
From: Theodore Ts'o <tytso(a)mit.edu> mainline inclusion from mainline-v6.5-rc1 commit 2ef6c32a914b85217b44a0a2418e830e520b085e category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IBXUAV CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… ------------------ This was noticed by a user who noticied that the mtime of a file backing a loopback device was getting bumped when the loopback device is mounted read/only. Note: This doesn't show up when doing a loopback mount of a file directly, via "mount -o ro /tmp/foo.img /mnt", since the loop device is set read-only when mount automatically creates loop device. However, this is noticeable for a LUKS loop device like this: % cryptsetup luksOpen /tmp/foo.img test % mount -o ro /dev/loop0 /mnt ; umount /mnt or, if LUKS is not in use, if the user manually creates the loop device like this: % losetup /dev/loop0 /tmp/foo.img % mount -o ro /dev/loop0 /mnt ; umount /mnt The modified mtime causes rsync to do a rolling checksum scan of the file on the local and remote side, incrementally increasing the time to rsync the not-modified-but-touched image file. Fixes: eee00237fa5e ("ext4: commit super block if fs record error when journal record without error") Cc: stable(a)kernel.org Link: https://lore.kernel.org/r/ZIauBR7YiV3rVAHL@glitch Reported-by: Sean Greenslade <sean(a)seangreenslade.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Yongjian Sun <sunyongjian1(a)huawei.com> --- fs/ext4/super.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 8761fe5037a6..db47f5acf629 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -5160,19 +5160,27 @@ static int ext4_load_journal(struct super_block *sb, err = jbd2_journal_wipe(journal, !really_read_only); if (!err) { char *save = kmalloc(EXT4_S_ERR_LEN, GFP_KERNEL); + __le16 orig_state; + bool changed = false; if (save) memcpy(save, ((char *) es) + EXT4_S_ERR_START, EXT4_S_ERR_LEN); err = jbd2_journal_load(journal); - if (save) + if (save && memcmp(((char *) es) + EXT4_S_ERR_START, + save, EXT4_S_ERR_LEN)) { memcpy(((char *) es) + EXT4_S_ERR_START, save, EXT4_S_ERR_LEN); + changed = true; + } kfree(save); + orig_state = es->s_state; es->s_state |= cpu_to_le16(EXT4_SB(sb)->s_mount_state & EXT4_ERROR_FS); + if (orig_state != es->s_state) + changed = true; /* Write out restored error information to the superblock */ - if (!bdev_read_only(sb->s_bdev)) { + if (changed && !really_read_only) { int err2; err2 = ext4_commit_super(sb); err = err ? : err2; -- 2.39.2
2 1
0 0
  • ← Newer
  • 1
  • ...
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • ...
  • 2083
  • Older →

HyperKitty Powered by HyperKitty