- Kernel - mailweb.openeuler.org

[openeuler:OLK-5.10 2544/2544] kernel/livepatch/core.c:1330:14: warning: no previous prototype for function 'arch_klp_mem_alloc'
by kernel test robot 06 Dec '24

06 Dec '24

tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: 220bfa0ea761db9406a3cfde3064aa029e829221 commit: bfeb55fc4d6244f8e7cac9c6d0911cfb67089a35 [2544/2544] livepatch: Reduce duplicated arch_klp_mem_{prepare,recycle} config: x86_64-randconfig-123-20241205 (https://download.01.org/0day-ci/archive/20241206/202412060112.hYQNEbRS-lkp@…) compiler: clang version 19.1.3 (https://github.com/llvm/llvm-project ab51eccf88f5321e7c60591c5546b254b6afab99) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241206/202412060112.hYQNEbRS-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412060112.hYQNEbRS-lkp@intel.com/ All warnings (new ones prefixed by >>): In file included from kernel/livepatch/core.c:16: In file included from include/linux/kallsyms.h:12: In file included from include/linux/mm.h:1554: include/linux/vmstat.h:431:36: warning: arithmetic between different enumeration types ('enum node_stat_item' and 'enum lru_list') [-Wenum-enum-conversion] 431 | return node_stat_name(NR_LRU_BASE + lru) + 3; // skip "nr_" | ~~~~~~~~~~~ ^ ~~~ kernel/livepatch/core.c:68:16: warning: no previous prototype for function 'klp_check_patch_kprobed' [-Wmissing-prototypes] 68 | struct kprobe *klp_check_patch_kprobed(struct klp_patch *patch) | ^ kernel/livepatch/core.c:68:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 68 | struct kprobe *klp_check_patch_kprobed(struct klp_patch *patch) | ^ | static kernel/livepatch/core.c:939:12: warning: no previous prototype for function 'arch_klp_func_can_patch' [-Wmissing-prototypes] 939 | int __weak arch_klp_func_can_patch(struct klp_func *func) | ^ kernel/livepatch/core.c:939:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 939 | int __weak arch_klp_func_can_patch(struct klp_func *func) | ^ | static kernel/livepatch/core.c:944:12: warning: no previous prototype for function 'arch_klp_init_func' [-Wmissing-prototypes] 944 | int __weak arch_klp_init_func(struct klp_object *obj, struct klp_func *func) | ^ kernel/livepatch/core.c:944:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 944 | int __weak arch_klp_init_func(struct klp_object *obj, struct klp_func *func) | ^ | static kernel/livepatch/core.c:1288:5: warning: no previous prototype for function 'klp_try_disable_patch' [-Wmissing-prototypes] 1288 | int klp_try_disable_patch(void *data) | ^ kernel/livepatch/core.c:1288:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 1288 | int klp_try_disable_patch(void *data) | ^ | static kernel/livepatch/core.c:1322:13: warning: no previous prototype for function 'arch_klp_code_modify_prepare' [-Wmissing-prototypes] 1322 | void __weak arch_klp_code_modify_prepare(void) | ^ kernel/livepatch/core.c:1322:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 1322 | void __weak arch_klp_code_modify_prepare(void) | ^ | static kernel/livepatch/core.c:1326:13: warning: no previous prototype for function 'arch_klp_code_modify_post_process' [-Wmissing-prototypes] 1326 | void __weak arch_klp_code_modify_post_process(void) | ^ kernel/livepatch/core.c:1326:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 1326 | void __weak arch_klp_code_modify_post_process(void) | ^ | static >> kernel/livepatch/core.c:1330:14: warning: no previous prototype for function 'arch_klp_mem_alloc' [-Wmissing-prototypes] 1330 | void __weak *arch_klp_mem_alloc(size_t size) | ^ kernel/livepatch/core.c:1330:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 1330 | void __weak *arch_klp_mem_alloc(size_t size) | ^ | static >> kernel/livepatch/core.c:1335:13: warning: no previous prototype for function 'arch_klp_mem_free' [-Wmissing-prototypes] 1335 | void __weak arch_klp_mem_free(void *mem) | ^ kernel/livepatch/core.c:1335:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 1335 | void __weak arch_klp_mem_free(void *mem) | ^ | static kernel/livepatch/core.c:1573:5: warning: no previous prototype for function 'klp_try_enable_patch' [-Wmissing-prototypes] 1573 | int klp_try_enable_patch(void *data) | ^ kernel/livepatch/core.c:1573:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 1573 | int klp_try_enable_patch(void *data) | ^ | static 10 warnings generated. vim +/arch_klp_mem_alloc +1330 kernel/livepatch/core.c 1329 > 1330 void __weak *arch_klp_mem_alloc(size_t size) 1331 { 1332 return kzalloc(size, GFP_ATOMIC); 1333 } 1334 > 1335 void __weak arch_klp_mem_free(void *mem) 1336 { 1337 kfree(mem); 1338 } 1339 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:openEuler-1.0-LTS 1320/1320] net/mac80211/rx.c:574:29: sparse: sparse: dubious: x & !y
by kernel test robot 06 Dec '24

06 Dec '24

tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: e416567e80778667f6a949f0f19c32a3ee4cb06e commit: 9baadf685a5618364776aed92067526bb40c137d [1320/1320] build_bug.h: remove most of dummy BUILD_BUG_ON stubs for Sparse config: x86_64-randconfig-121 (https://download.01.org/0day-ci/archive/20241205/202412052349.hadZoo7L-lkp@…) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241205/202412052349.hadZoo7L-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412052349.hadZoo7L-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) >> net/mac80211/rx.c:574:29: sparse: sparse: dubious: x & !y net/mac80211/rx.c: In function 'ieee80211_handle_mu_mimo_mon': net/mac80211/rx.c:224:9: warning: alignment 1 of 'struct <anonymous>' is less than 2 [-Wpacked-not-aligned] 224 | } __packed action; | ^ net/mac80211/rx.c: In function 'ieee80211_add_rx_radiotap_header': net/mac80211/rx.c:307:22: warning: taking address of packed member of 'struct ieee80211_radiotap_header' may result in an unaligned pointer value [-Waddress-of-packed-member] 307 | it_present = &rthdr->it_present; | ^~~~~~~~~~~~~~~~~~ vim +574 net/mac80211/rx.c 41cbb0f5a295928 Luca Coelho 2018-06-09 554 41cbb0f5a295928 Luca Coelho 2018-06-09 555 if (status->enc_flags & RX_ENC_FLAG_STBC_MASK) { 41cbb0f5a295928 Luca Coelho 2018-06-09 556 he.data6 |= HE_PREP(DATA6_NSTS, 41cbb0f5a295928 Luca Coelho 2018-06-09 557 FIELD_GET(RX_ENC_FLAG_STBC_MASK, 41cbb0f5a295928 Luca Coelho 2018-06-09 558 status->enc_flags)); 41cbb0f5a295928 Luca Coelho 2018-06-09 559 he.data3 |= HE_PREP(DATA3_STBC, 1); 41cbb0f5a295928 Luca Coelho 2018-06-09 560 } else { 41cbb0f5a295928 Luca Coelho 2018-06-09 561 he.data6 |= HE_PREP(DATA6_NSTS, status->nss); 41cbb0f5a295928 Luca Coelho 2018-06-09 562 } 41cbb0f5a295928 Luca Coelho 2018-06-09 563 41cbb0f5a295928 Luca Coelho 2018-06-09 564 #define CHECK_GI(s) \ 41cbb0f5a295928 Luca Coelho 2018-06-09 565 BUILD_BUG_ON(IEEE80211_RADIOTAP_HE_DATA5_GI_##s != \ 41cbb0f5a295928 Luca Coelho 2018-06-09 566 (int)NL80211_RATE_INFO_HE_GI_##s) 41cbb0f5a295928 Luca Coelho 2018-06-09 567 41cbb0f5a295928 Luca Coelho 2018-06-09 568 CHECK_GI(0_8); 41cbb0f5a295928 Luca Coelho 2018-06-09 569 CHECK_GI(1_6); 41cbb0f5a295928 Luca Coelho 2018-06-09 570 CHECK_GI(3_2); 41cbb0f5a295928 Luca Coelho 2018-06-09 571 41cbb0f5a295928 Luca Coelho 2018-06-09 572 he.data3 |= HE_PREP(DATA3_DATA_MCS, status->rate_idx); 41cbb0f5a295928 Luca Coelho 2018-06-09 573 he.data3 |= HE_PREP(DATA3_DATA_DCM, status->he_dcm); 41cbb0f5a295928 Luca Coelho 2018-06-09 @574 he.data3 |= HE_PREP(DATA3_CODING, 41cbb0f5a295928 Luca Coelho 2018-06-09 575 !!(status->enc_flags & RX_ENC_FLAG_LDPC)); 41cbb0f5a295928 Luca Coelho 2018-06-09 576 41cbb0f5a295928 Luca Coelho 2018-06-09 577 he.data5 |= HE_PREP(DATA5_GI, status->he_gi); 41cbb0f5a295928 Luca Coelho 2018-06-09 578 41cbb0f5a295928 Luca Coelho 2018-06-09 579 switch (status->bw) { 41cbb0f5a295928 Luca Coelho 2018-06-09 580 case RATE_INFO_BW_20: 41cbb0f5a295928 Luca Coelho 2018-06-09 581 he.data5 |= HE_PREP(DATA5_DATA_BW_RU_ALLOC, 41cbb0f5a295928 Luca Coelho 2018-06-09 582 IEEE80211_RADIOTAP_HE_DATA5_DATA_BW_RU_ALLOC_20MHZ); 41cbb0f5a295928 Luca Coelho 2018-06-09 583 break; 41cbb0f5a295928 Luca Coelho 2018-06-09 584 case RATE_INFO_BW_40: 41cbb0f5a295928 Luca Coelho 2018-06-09 585 he.data5 |= HE_PREP(DATA5_DATA_BW_RU_ALLOC, 41cbb0f5a295928 Luca Coelho 2018-06-09 586 IEEE80211_RADIOTAP_HE_DATA5_DATA_BW_RU_ALLOC_40MHZ); 41cbb0f5a295928 Luca Coelho 2018-06-09 587 break; 41cbb0f5a295928 Luca Coelho 2018-06-09 588 case RATE_INFO_BW_80: 41cbb0f5a295928 Luca Coelho 2018-06-09 589 he.data5 |= HE_PREP(DATA5_DATA_BW_RU_ALLOC, 41cbb0f5a295928 Luca Coelho 2018-06-09 590 IEEE80211_RADIOTAP_HE_DATA5_DATA_BW_RU_ALLOC_80MHZ); 41cbb0f5a295928 Luca Coelho 2018-06-09 591 break; 41cbb0f5a295928 Luca Coelho 2018-06-09 592 case RATE_INFO_BW_160: 41cbb0f5a295928 Luca Coelho 2018-06-09 593 he.data5 |= HE_PREP(DATA5_DATA_BW_RU_ALLOC, 41cbb0f5a295928 Luca Coelho 2018-06-09 594 IEEE80211_RADIOTAP_HE_DATA5_DATA_BW_RU_ALLOC_160MHZ); 41cbb0f5a295928 Luca Coelho 2018-06-09 595 break; 41cbb0f5a295928 Luca Coelho 2018-06-09 596 case RATE_INFO_BW_HE_RU: 41cbb0f5a295928 Luca Coelho 2018-06-09 597 #define CHECK_RU_ALLOC(s) \ 41cbb0f5a295928 Luca Coelho 2018-06-09 598 BUILD_BUG_ON(IEEE80211_RADIOTAP_HE_DATA5_DATA_BW_RU_ALLOC_##s##T != \ 41cbb0f5a295928 Luca Coelho 2018-06-09 599 NL80211_RATE_INFO_HE_RU_ALLOC_##s + 4) 41cbb0f5a295928 Luca Coelho 2018-06-09 600 41cbb0f5a295928 Luca Coelho 2018-06-09 601 CHECK_RU_ALLOC(26); 41cbb0f5a295928 Luca Coelho 2018-06-09 602 CHECK_RU_ALLOC(52); 41cbb0f5a295928 Luca Coelho 2018-06-09 603 CHECK_RU_ALLOC(106); 41cbb0f5a295928 Luca Coelho 2018-06-09 604 CHECK_RU_ALLOC(242); 41cbb0f5a295928 Luca Coelho 2018-06-09 605 CHECK_RU_ALLOC(484); 41cbb0f5a295928 Luca Coelho 2018-06-09 606 CHECK_RU_ALLOC(996); 41cbb0f5a295928 Luca Coelho 2018-06-09 607 CHECK_RU_ALLOC(2x996); 41cbb0f5a295928 Luca Coelho 2018-06-09 608 41cbb0f5a295928 Luca Coelho 2018-06-09 609 he.data5 |= HE_PREP(DATA5_DATA_BW_RU_ALLOC, 41cbb0f5a295928 Luca Coelho 2018-06-09 610 status->he_ru + 4); 41cbb0f5a295928 Luca Coelho 2018-06-09 611 break; 41cbb0f5a295928 Luca Coelho 2018-06-09 612 default: 41cbb0f5a295928 Luca Coelho 2018-06-09 613 WARN_ONCE(1, "Invalid SU BW %d\n", status->bw); 41cbb0f5a295928 Luca Coelho 2018-06-09 614 } 41cbb0f5a295928 Luca Coelho 2018-06-09 615 41cbb0f5a295928 Luca Coelho 2018-06-09 616 /* ensure 2 byte alignment */ 41cbb0f5a295928 Luca Coelho 2018-06-09 617 while ((pos - (u8 *)rthdr) & 1) 41cbb0f5a295928 Luca Coelho 2018-06-09 618 pos++; 41cbb0f5a295928 Luca Coelho 2018-06-09 619 rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_HE); 41cbb0f5a295928 Luca Coelho 2018-06-09 620 memcpy(pos, &he, sizeof(he)); 41cbb0f5a295928 Luca Coelho 2018-06-09 621 pos += sizeof(he); 41cbb0f5a295928 Luca Coelho 2018-06-09 622 } 41cbb0f5a295928 Luca Coelho 2018-06-09 623 41cbb0f5a295928 Luca Coelho 2018-06-09 624 if (status->encoding == RX_ENC_HE && 41cbb0f5a295928 Luca Coelho 2018-06-09 625 status->flag & RX_FLAG_RADIOTAP_HE_MU) { 41cbb0f5a295928 Luca Coelho 2018-06-09 626 /* ensure 2 byte alignment */ 41cbb0f5a295928 Luca Coelho 2018-06-09 627 while ((pos - (u8 *)rthdr) & 1) 41cbb0f5a295928 Luca Coelho 2018-06-09 628 pos++; 41cbb0f5a295928 Luca Coelho 2018-06-09 629 rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_HE_MU); 41cbb0f5a295928 Luca Coelho 2018-06-09 630 memcpy(pos, &he_mu, sizeof(he_mu)); 41cbb0f5a295928 Luca Coelho 2018-06-09 631 pos += sizeof(he_mu); 41cbb0f5a295928 Luca Coelho 2018-06-09 632 } 41cbb0f5a295928 Luca Coelho 2018-06-09 633 a144f378a489b59 Johannes Berg 2013-07-03 634 for_each_set_bit(chain, &chains, IEEE80211_MAX_CHAINS) { a144f378a489b59 Johannes Berg 2013-07-03 635 *pos++ = status->chain_signal[chain]; a144f378a489b59 Johannes Berg 2013-07-03 636 *pos++ = chain; a144f378a489b59 Johannes Berg 2013-07-03 637 } 1f7bba79af57cee Johannes Berg 2014-11-06 638 1f7bba79af57cee Johannes Berg 2014-11-06 639 if (status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA) { 1f7bba79af57cee Johannes Berg 2014-11-06 640 /* ensure 2 byte alignment for the vendor field as required */ 1f7bba79af57cee Johannes Berg 2014-11-06 641 if ((pos - (u8 *)rthdr) & 1) 1f7bba79af57cee Johannes Berg 2014-11-06 642 *pos++ = 0; 1f7bba79af57cee Johannes Berg 2014-11-06 643 *pos++ = rtap.oui[0]; 1f7bba79af57cee Johannes Berg 2014-11-06 644 *pos++ = rtap.oui[1]; 1f7bba79af57cee Johannes Berg 2014-11-06 645 *pos++ = rtap.oui[2]; 1f7bba79af57cee Johannes Berg 2014-11-06 646 *pos++ = rtap.subns; 1f7bba79af57cee Johannes Berg 2014-11-06 647 put_unaligned_le16(rtap.len, pos); 1f7bba79af57cee Johannes Berg 2014-11-06 648 pos += 2; 1f7bba79af57cee Johannes Berg 2014-11-06 649 /* align the actual payload as requested */ 1f7bba79af57cee Johannes Berg 2014-11-06 650 while ((pos - (u8 *)rthdr) & (rtap.align - 1)) 1f7bba79af57cee Johannes Berg 2014-11-06 651 *pos++ = 0; 1f7bba79af57cee Johannes Berg 2014-11-06 652 /* data (and possible padding) already follows */ 1f7bba79af57cee Johannes Berg 2014-11-06 653 } 601ae7f25aea58f Bruno Randolf 2008-05-08 654 } 601ae7f25aea58f Bruno Randolf 2008-05-08 655 :::::: The code at line 574 was first introduced by commit :::::: 41cbb0f5a29592874355e4159489eb08337cd50e mac80211: add support for HE :::::: TO: Luca Coelho <luciano.coelho(a)intel.com> :::::: CC: Johannes Berg <johannes.berg(a)intel.com> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-1.0-LTS] vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
by Zhang Changzhong 05 Dec '24

05 Dec '24

From: Hyunwoo Kim <v4bel(a)theori.io> stable inclusion from stable-v4.19.324 commit 5f092a4271f6dccf88fe0d132475a17b69ef71df category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5AUY CVE: CVE-2024-50264 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f upstream. During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL. Cc: stable <stable(a)kernel.org> Fixes: 06a8fc78367d ("VSOCK: Introduce virtio_vsock_common.ko") Signed-off-by: Hyunwoo Kim <v4bel(a)theori.io> Signed-off-by: Wongi Lee <qwerty(a)theori.io> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Message-Id: <2024102245-strive-crib-c8d3@gregkh> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zhang Changzhong <zhangchangzhong(a)huawei.com> --- net/vmw_vsock/virtio_transport_common.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c index 6db562d..05d12b6 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -646,6 +646,7 @@ void virtio_transport_destruct(struct vsock_sock *vsk) struct virtio_vsock_sock *vvs = vsk->trans; kfree(vvs); + vsk->trans = NULL; } EXPORT_SYMBOL_GPL(virtio_transport_destruct); -- 2.9.5

2 1

[PATCH OLK-5.10] vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
by Zhang Changzhong 05 Dec '24

05 Dec '24

From: Hyunwoo Kim <v4bel(a)theori.io> stable inclusion from stable-v5.10.230 commit eb1bdcb7dfc30b24495ee4c5533af0ed135cb5f1 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5AUY CVE: CVE-2024-50264 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f upstream. During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL. Cc: stable <stable(a)kernel.org> Fixes: 06a8fc78367d ("VSOCK: Introduce virtio_vsock_common.ko") Signed-off-by: Hyunwoo Kim <v4bel(a)theori.io> Signed-off-by: Wongi Lee <qwerty(a)theori.io> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Message-Id: <2024102245-strive-crib-c8d3@gregkh> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zhang Changzhong <zhangchangzhong(a)huawei.com> --- net/vmw_vsock/virtio_transport_common.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c index 4102689..b626c7e 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -687,6 +687,7 @@ void virtio_transport_destruct(struct vsock_sock *vsk) struct virtio_vsock_sock *vvs = vsk->trans; kfree(vvs); + vsk->trans = NULL; } EXPORT_SYMBOL_GPL(virtio_transport_destruct); -- 2.9.5

2 1

[PATCH openEuler-22.03-LTS-SP1] vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
by Zhang Changzhong 05 Dec '24

05 Dec '24

From: Hyunwoo Kim <v4bel(a)theori.io> stable inclusion from stable-v5.10.230 commit eb1bdcb7dfc30b24495ee4c5533af0ed135cb5f1 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5AUY CVE: CVE-2024-50264 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f upstream. During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL. Cc: stable <stable(a)kernel.org> Fixes: 06a8fc78367d ("VSOCK: Introduce virtio_vsock_common.ko") Signed-off-by: Hyunwoo Kim <v4bel(a)theori.io> Signed-off-by: Wongi Lee <qwerty(a)theori.io> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Message-Id: <2024102245-strive-crib-c8d3@gregkh> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zhang Changzhong <zhangchangzhong(a)huawei.com> --- net/vmw_vsock/virtio_transport_common.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c index c9ee925..067a7dd 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -680,6 +680,7 @@ void virtio_transport_destruct(struct vsock_sock *vsk) struct virtio_vsock_sock *vvs = vsk->trans; kfree(vvs); + vsk->trans = NULL; } EXPORT_SYMBOL_GPL(virtio_transport_destruct); -- 2.9.5

2 1

[openeuler:OLK-5.10 2516/2516] drivers/ub/urma/ubcore/ubcore_netlink.c:89:15: warning: 'strncpy' output may be truncated copying 63 bytes from a string of length 63
by kernel test robot 05 Dec '24

05 Dec '24

Hi WenChen, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: fdc4bca5e9e486a894194c2b6a956492b11d8cc5 commit: 5d130e2cfa3d2aaee4d10e18c075f6c3750600c5 [2516/2516] urma: upload kernel patch for 20240511_mig config: arm64-randconfig-003-20241203 (https://download.01.org/0day-ci/archive/20241205/202412051837.t5BmEbw0-lkp@…) compiler: aarch64-linux-gcc (GCC) 14.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241205/202412051837.t5BmEbw0-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412051837.t5BmEbw0-lkp@intel.com/ All warnings (new ones prefixed by >>): drivers/ub/urma/ubcore/ubcore_netlink.c:192:5: warning: no previous prototype for 'ubcore_genl_unicast' [-Wmissing-prototypes] 192 | int ubcore_genl_unicast(struct ubcore_nlmsg *req, uint32_t len) | ^~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netlink.c: In function 'ubcore_create_nl_session': >> drivers/ub/urma/ubcore/ubcore_netlink.c:89:15: warning: 'strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Wstringop-truncation] 89 | (void)strncpy(s->dev_name, dev->dev_name, UBCORE_MAX_DEV_NAME - 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- drivers/ub/urma/ubcore/ubcore_tp.c:70:17: warning: no previous prototype for 'ubcore_get_mtu' [-Wmissing-prototypes] 70 | enum ubcore_mtu ubcore_get_mtu(int mtu) | ^~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_tp.c:341:5: warning: no previous prototype for 'ubcore_modify_tp_state' [-Wmissing-prototypes] 341 | int ubcore_modify_tp_state(struct ubcore_device *dev, struct ubcore_tp *tp, | ^~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_tp.c: In function 'ubcore_send_del_tp_req': >> drivers/ub/urma/ubcore/ubcore_tp.c:687:15: warning: 'strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Wstringop-truncation] 687 | (void)strncpy(data->dev_name, dev->dev_name, UBCORE_MAX_DEV_NAME - 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_tp.c: In function 'ubcore_init_create_tp_req': drivers/ub/urma/ubcore/ubcore_tp.c:581:15: warning: 'strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Wstringop-truncation] 581 | (void)strncpy(data->dev_name, dev->dev_name, UBCORE_MAX_DEV_NAME - 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- drivers/ub/urma/ubcore/ubcore_device.c:413:6: warning: no previous prototype for 'ubcore_destroy_upi_list' [-Wmissing-prototypes] 413 | void ubcore_destroy_upi_list(struct ubcore_device *dev) | ^~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_device.c:1666:5: warning: no previous prototype for 'ubcore_dispatch_event' [-Wmissing-prototypes] 1666 | int ubcore_dispatch_event(struct ubcore_event *event) | ^~~~~~~~~~~~~~~~~~~~~ In file included from include/linux/printk.h:7, from include/linux/kernel.h:17, from include/asm-generic/bug.h:20, from arch/arm64/include/asm/bug.h:26, from include/linux/bug.h:5, from include/linux/refcount.h:96, from include/net/net_namespace.h:9, from drivers/ub/urma/ubcore/ubcore_device.c:21: drivers/ub/urma/ubcore/ubcore_device.c: In function 'ubcore_add_ueid': include/linux/kern_levels.h:5:25: warning: too many arguments for format [-Wformat-extra-args] 5 | #define KERN_SOH "\001" /* ASCII Start Of Header */ | ^~~~~~ include/linux/kern_levels.h:11:25: note: in expansion of macro 'KERN_SOH' 11 | #define KERN_ERR KERN_SOH "3" /* error conditions */ | ^~~~~~~~ include/linux/printk.h:392:16: note: in expansion of macro 'KERN_ERR' 392 | printk(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__) | ^~~~~~~~ drivers/ub/urma/ubcore/ubcore_log.h:46:16: note: in expansion of macro 'pr_err' 46 | ((void)pr_##l("%s|%s:[%d]|" format, UBCORE_LOG_TAG, __func__, __LINE__, ##args)) | ^~~ drivers/ub/urma/ubcore/ubcore_log.h:57:17: note: in expansion of macro 'ubcore_default_log' 57 | ubcore_default_log(err, __VA_ARGS__); \ | ^~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_device.c:1874:17: note: in expansion of macro 'ubcore_log_err' 1874 | ubcore_log_err("failed to add ueid, ret:%d\n", | ^~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_device.c: In function 'ubcore_delete_ueid': include/linux/kern_levels.h:5:25: warning: too many arguments for format [-Wformat-extra-args] 5 | #define KERN_SOH "\001" /* ASCII Start Of Header */ | ^~~~~~ include/linux/kern_levels.h:11:25: note: in expansion of macro 'KERN_SOH' 11 | #define KERN_ERR KERN_SOH "3" /* error conditions */ | ^~~~~~~~ include/linux/printk.h:392:16: note: in expansion of macro 'KERN_ERR' 392 | printk(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__) | ^~~~~~~~ drivers/ub/urma/ubcore/ubcore_log.h:46:16: note: in expansion of macro 'pr_err' 46 | ((void)pr_##l("%s|%s:[%d]|" format, UBCORE_LOG_TAG, __func__, __LINE__, ##args)) | ^~~ drivers/ub/urma/ubcore/ubcore_log.h:57:17: note: in expansion of macro 'ubcore_default_log' 57 | ubcore_default_log(err, __VA_ARGS__); \ | ^~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_device.c:1896:17: note: in expansion of macro 'ubcore_log_err' 1896 | ubcore_log_err("failed to add ueid, ret:%d\n", | ^~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_device.c: At top level: drivers/ub/urma/ubcore/ubcore_device.c:2372:6: warning: no previous prototype for 'ubcore_net_exit' [-Wmissing-prototypes] 2372 | void ubcore_net_exit(struct net *net) | ^~~~~~~~~~~~~~~ In function 'ubcore_send_remove_tpf_dev_info', inlined from 'uninit_ubcore_device' at drivers/ub/urma/ubcore/ubcore_device.c:1057:37: >> drivers/ub/urma/ubcore/ubcore_device.c:823:15: warning: 'strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Wstringop-truncation] 823 | (void)strncpy(data->dev_name, dev->dev_name, UBCORE_MAX_DEV_NAME - 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_device.c: In function 'ubcore_new_tpf_dev_msg': drivers/ub/urma/ubcore/ubcore_device.c:888:15: warning: 'strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Wstringop-truncation] 888 | (void)strncpy(data->dev_name, dev->dev_name, UBCORE_MAX_DEV_NAME - 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_device.c:892:17: warning: 'strnlen' specified bound 64 exceeds source size 16 [-Wstringop-overread] 892 | strnlen(dev->netdev->name, UBCORE_MAX_DEV_NAME) < UBCORE_MAX_DEV_NAME) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from drivers/ub/urma/ubcore/ubcore_device.c:32: include/linux/netdevice.h:1957:33: note: source object allocated here 1957 | char name[IFNAMSIZ]; | ^~~~ -- drivers/ub/urma/ubcore/ubcore_vtp.c:337:6: warning: no previous prototype for 'ubcore_hash_table_rmv_vtpn' [-Wmissing-prototypes] 337 | void ubcore_hash_table_rmv_vtpn(struct ubcore_device *dev, struct ubcore_vtpn *vtpn, | ^~~~~~~~~~~~~~~~~~~~~~~~~~ In function 'ubcore_send_create_vtp_req', inlined from 'ubcore_connect_vtp' at drivers/ub/urma/ubcore/ubcore_vtp.c:419:8: >> drivers/ub/urma/ubcore/ubcore_vtp.c:93:15: warning: 'strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Wstringop-truncation] 93 | (void)strncpy(create->dev_name, dev->dev_name, UBCORE_MAX_DEV_NAME - 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- >> drivers/ub/urma/ubcore/ubcore_tpg.c:85:6: warning: no previous prototype for 'ubcore_tpg_kref_get' [-Wmissing-prototypes] 85 | void ubcore_tpg_kref_get(struct ubcore_tpg *tpg) | ^~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_tpg.c: In function 'ubcore_find_remove_tpg': drivers/ub/urma/ubcore/ubcore_tpg.c:100:42: warning: the comparison will always evaluate as 'false' for the address of 'head' will never be NULL [-Waddress] 100 | if (&dev->ht[UBCORE_HT_TPG].head == NULL) { | ^~ In file included from drivers/ub/urma/ubcore/ubcore_hash_table.h:24, from drivers/ub/urma/ubcore/ubcore_tpg.c:23: include/urma/ubcore_types.h:178:28: note: 'head' declared here 178 | struct hlist_head *head; | ^~~~ drivers/ub/urma/ubcore/ubcore_tpg.c: In function 'ubcore_find_remove_tp_node': drivers/ub/urma/ubcore/ubcore_tpg.c:131:41: warning: the comparison will always evaluate as 'false' for the address of 'head' will never be NULL [-Waddress] 131 | if (&dev->ht[UBCORE_HT_TP].head == NULL) { | ^~ include/urma/ubcore_types.h:178:28: note: 'head' declared here 178 | struct hlist_head *head; | ^~~~ -- drivers/ub/urma/ubcore/ubcore_umem.c:242:21: warning: no previous prototype for 'ubcore_umem_get' [-Wmissing-prototypes] 242 | struct ubcore_umem *ubcore_umem_get(struct ubcore_device *dev, uint64_t va, | ^~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_umem.c:260:6: warning: no previous prototype for 'ubcore_umem_release' [-Wmissing-prototypes] 260 | void ubcore_umem_release(struct ubcore_umem *umem) | ^~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_umem.c:284:10: warning: no previous prototype for 'ubcore_umem_find_best_page_size' [-Wmissing-prototypes] 284 | uint64_t ubcore_umem_find_best_page_size(struct ubcore_umem *umem, uint64_t page_size_bitmap, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- drivers/ub/urma/ubcore/ubcore_netdev.c:41:25: warning: no previous prototype for 'ubcore_lookup_sip_info_without_lock' [-Wmissing-prototypes] 41 | struct ubcore_sip_info *ubcore_lookup_sip_info_without_lock( | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:75:5: warning: no previous prototype for 'ubcore_notify_uvs_del_sip' [-Wmissing-prototypes] 75 | int ubcore_notify_uvs_del_sip(struct ubcore_device *dev, | ^~~~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:113:22: warning: no previous prototype for 'ubcore_new_sip_req_msg' [-Wmissing-prototypes] 113 | struct ubcore_nlmsg *ubcore_new_sip_req_msg(struct ubcore_device *dev, | ^~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:145:5: warning: no previous prototype for 'ubcore_notify_uvs_add_sip' [-Wmissing-prototypes] 145 | int ubcore_notify_uvs_add_sip(struct ubcore_device *dev, | ^~~~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:177:5: warning: no previous prototype for 'ubcore_check_port_state' [-Wmissing-prototypes] 177 | int ubcore_check_port_state(struct ubcore_device *dev) | ^~~~~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:204:6: warning: no previous prototype for 'ubcore_fill_port_netdev' [-Wmissing-prototypes] 204 | void ubcore_fill_port_netdev(struct ubcore_device *dev, | ^~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:268:5: warning: no previous prototype for 'ubcore_set_port_netdev' [-Wmissing-prototypes] 268 | int ubcore_set_port_netdev(struct ubcore_device *dev, struct net_device *ndev, | ^~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:353:5: warning: no previous prototype for 'ubcore_unset_port_netdev' [-Wmissing-prototypes] 353 | int ubcore_unset_port_netdev(struct ubcore_device *dev, struct net_device *ndev, | ^~~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:385:6: warning: no previous prototype for 'ubcore_put_port_netdev' [-Wmissing-prototypes] 385 | void ubcore_put_port_netdev(struct ubcore_device *dev) | ^~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:412:5: warning: no previous prototype for 'ubcore_sip_table_init' [-Wmissing-prototypes] 412 | int ubcore_sip_table_init(struct ubcore_sip_table *sip_table, uint32_t size) | ^~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:431:6: warning: no previous prototype for 'ubcore_sip_table_uninit' [-Wmissing-prototypes] 431 | void ubcore_sip_table_uninit(struct ubcore_sip_table *sip_table) | ^~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:442:5: warning: no previous prototype for 'ubcore_sip_idx_alloc' [-Wmissing-prototypes] 442 | int ubcore_sip_idx_alloc(struct ubcore_sip_table *sip_table) | ^~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:458:5: warning: no previous prototype for 'ubcore_sip_idx_free' [-Wmissing-prototypes] 458 | int ubcore_sip_idx_free(struct ubcore_sip_table *sip_table, uint32_t idx) | ^~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:471:5: warning: no previous prototype for 'ubcore_add_sip_entry' [-Wmissing-prototypes] 471 | int ubcore_add_sip_entry(struct ubcore_sip_table *sip_table, const struct ubcore_sip_info *sip, | ^~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:489:5: warning: no previous prototype for 'ubcore_del_sip_entry' [-Wmissing-prototypes] 489 | int ubcore_del_sip_entry(struct ubcore_sip_table *sip_table, uint32_t idx) | ^~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:519:5: warning: no previous prototype for 'ubcore_update_sip_entry' [-Wmissing-prototypes] 519 | int ubcore_update_sip_entry(struct ubcore_sip_table *sip_table, struct ubcore_sip_info *new_sip, | ^~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:548:5: warning: no previous prototype for 'ubcore_lookup_sip_idx' [-Wmissing-prototypes] 548 | int ubcore_lookup_sip_idx(struct ubcore_sip_table *sip_table, struct ubcore_sip_info *sip, | ^~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c: In function 'ubcore_set_port_netdev': drivers/ub/urma/ubcore/ubcore_netdev.c:275:17: warning: 'strnlen' specified bound 64 exceeds source size 21 [-Wstringop-overread] 275 | strnlen(netdev_name(ndev), UBCORE_MAX_DEV_NAME) >= UBCORE_MAX_DEV_NAME) { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c: In function 'ubcore_unset_port_netdev': drivers/ub/urma/ubcore/ubcore_netdev.c:360:17: warning: 'strnlen' specified bound 64 exceeds source size 21 [-Wstringop-overread] 360 | strnlen(netdev_name(ndev), UBCORE_MAX_DEV_NAME) >= UBCORE_MAX_DEV_NAME) { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- drivers/ub/urma/ubcore/ubcore_msg.c:519:28: warning: no previous prototype for 'ubcore_asyn_send_fe2tpf_msg' [-Wmissing-prototypes] 519 | struct ubcore_msg_session *ubcore_asyn_send_fe2tpf_msg(struct ubcore_device *dev, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ In function 'ubcore_migrate_req', inlined from 'ubcore_recv_req' at drivers/ub/urma/ubcore/ubcore_msg.c:368:16: >> drivers/ub/urma/ubcore/ubcore_msg.c:264:15: warning: 'strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Wstringop-truncation] 264 | (void)strncpy(mig_resp->dev_name, dev->dev_name, UBCORE_MAX_DEV_NAME - 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- >> drivers/ub/urma/uburma/uburma_mmap.c:29:6: warning: no previous prototype for 'uburma_umap_priv_init' [-Wmissing-prototypes] 29 | void uburma_umap_priv_init(struct uburma_umap_priv *priv, | ^~~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/uburma/uburma_mmap.c:42:6: warning: no previous prototype for 'uburma_unmap_vma_pages' [-Wmissing-prototypes] 42 | void uburma_unmap_vma_pages(struct uburma_file *ufile) | ^~~~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/uburma/uburma_mmap.c:157:36: warning: no previous prototype for 'uburma_get_umap_ops' [-Wmissing-prototypes] 157 | const struct vm_operations_struct *uburma_get_umap_ops(void) | ^~~~~~~~~~~~~~~~~~~ vim +/strncpy +89 drivers/ub/urma/ubcore/ubcore_netlink.c 72 73 static struct ubcore_nl_session *ubcore_create_nl_session(struct ubcore_device *dev, 74 struct ubcore_nlmsg *req) 75 { 76 struct ubcore_nl_session *s; 77 unsigned long flags; 78 79 s = kzalloc(sizeof(struct ubcore_nl_session), GFP_KERNEL); 80 if (s == NULL) 81 return NULL; 82 83 s->req = req; 84 spin_lock_irqsave(&g_nl_session_lock, flags); 85 list_add_tail(&s->node, &g_nl_session_list); 86 spin_unlock_irqrestore(&g_nl_session_lock, flags); 87 kref_init(&s->kref); 88 init_completion(&s->comp); > 89 (void)strncpy(s->dev_name, dev->dev_name, UBCORE_MAX_DEV_NAME - 1); 90 91 return s; 92 } 93 94 static void ubcore_free_nl_session(struct kref *kref) 95 { 96 struct ubcore_nl_session *s = container_of(kref, struct ubcore_nl_session, kref); 97 unsigned long flags; 98 99 spin_lock_irqsave(&g_nl_session_lock, flags); 100 list_del(&s->node); 101 spin_unlock_irqrestore(&g_nl_session_lock, flags); 102 kfree(s); 103 } 104 105 static inline void ubcore_destroy_nl_session(struct ubcore_nl_session *s) 106 { 107 (void)kref_put(&s->kref, ubcore_free_nl_session); 108 } 109 110 static struct ubcore_nl_session *ubcore_find_nl_session(uint32_t nlmsg_seq) 111 { 112 struct ubcore_nl_session *tmp, *target = NULL; 113 unsigned long flags; 114 115 spin_lock_irqsave(&g_nl_session_lock, flags); 116 list_for_each_entry(tmp, &g_nl_session_list, node) { 117 if (tmp->req->nlmsg_seq == nlmsg_seq) { 118 target = tmp; 119 kref_get(&target->kref); 120 break; 121 } 122 } 123 spin_unlock_irqrestore(&g_nl_session_lock, flags); 124 return target; 125 } 126 127 static struct ubcore_nlmsg *ubcore_get_genlmsg_data(struct genl_info *info) 128 { 129 struct ubcore_nlmsg *msg; 130 uint32_t payload_len = 0; 131 132 if (!info->attrs[UBCORE_MSG_SEQ] || !info->attrs[UBCORE_PAYLOAD_LEN]) 133 return NULL; 134 135 payload_len = nla_get_u32(info->attrs[UBCORE_PAYLOAD_LEN]); 136 if (payload_len > UBCORE_MAX_NL_MSG_BUF_LEN) { 137 ubcore_log_err("Invalid payload len: %d", payload_len); 138 return NULL; 139 } 140 141 msg = kzalloc((size_t)(sizeof(struct ubcore_nlmsg) + payload_len), GFP_KERNEL); 142 if (msg == NULL) 143 return NULL; 144 145 msg->payload_len = payload_len; 146 msg->nlmsg_seq = nla_get_u32(info->attrs[UBCORE_MSG_SEQ]); 147 if (info->attrs[UBCORE_MSG_TYPE]) 148 msg->msg_type = nla_get_u32(info->attrs[UBCORE_MSG_TYPE]); 149 150 if (info->attrs[UBCORE_TRANSPORT_TYPE]) 151 msg->transport_type = (enum ubcore_transport_type) 152 nla_get_u32(info->attrs[UBCORE_TRANSPORT_TYPE]); 153 154 if (info->attrs[UBORE_SRC_ID]) 155 (void)memcpy(&msg->src_eid, 156 nla_data(info->attrs[UBORE_SRC_ID]), UBCORE_EID_SIZE); 157 158 if (info->attrs[UBORE_DST_ID]) 159 (void)memcpy(&msg->dst_eid, 160 nla_data(info->attrs[UBORE_DST_ID]), UBCORE_EID_SIZE); 161 162 if (info->attrs[UBCORE_PAYLOAD_DATA]) { 163 (void)memcpy(msg->payload, 164 nla_data(info->attrs[UBCORE_PAYLOAD_DATA]), payload_len); 165 } 166 167 return msg; 168 } 169 170 int ubcore_tp_resp_ops(struct sk_buff *skb, struct genl_info *info) 171 { 172 struct ubcore_nl_session *s; 173 struct ubcore_nlmsg *resp; 174 175 resp = ubcore_get_genlmsg_data(info); 176 if (resp == NULL) { 177 ubcore_log_err("Failed to calloc and copy response"); 178 return -1; 179 } 180 s = ubcore_find_nl_session(resp->nlmsg_seq); 181 if (s == NULL) { 182 ubcore_log_err("Failed to find nl session with seq %u", resp->nlmsg_seq); 183 kfree(resp); 184 return -1; 185 } 186 s->resp = resp; 187 (void)kref_put(&s->kref, ubcore_free_nl_session); 188 complete(&s->comp); 189 return 0; 190 } 191 > 192 int ubcore_genl_unicast(struct ubcore_nlmsg *req, uint32_t len) 193 { 194 struct sk_buff *nl_skb; 195 struct nlmsghdr *nlh; 196 197 if (req == NULL || g_genl_port == UBCORE_NL_INVALID_PORT) { 198 ubcore_log_err("There are illegal parameters.\n"); 199 return -1; 200 } 201 202 /* create sk_buff */ 203 nl_skb = genlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 204 if (nl_skb == NULL) { 205 ubcore_log_err("failed to alloc.\n"); 206 return -1; 207 } 208 /* set genl head */ 209 nlh = genlmsg_put(nl_skb, g_genl_port, req->nlmsg_seq, &ubcore_genl_family, 0, 210 (uint8_t)req->msg_type); 211 if (nlh == NULL) { 212 ubcore_log_err("Failed to nlmsg put.\n"); 213 nlmsg_free(nl_skb); 214 return -1; 215 } 216 if (nla_put_u32(nl_skb, UBCORE_MSG_SEQ, req->nlmsg_seq) || 217 nla_put_u32(nl_skb, UBCORE_MSG_TYPE, (uint32_t)req->msg_type) || 218 nla_put_u32(nl_skb, UBCORE_TRANSPORT_TYPE, (uint32_t)req->transport_type) || 219 nla_put_u32(nl_skb, UBCORE_PAYLOAD_LEN, req->payload_len) || 220 nla_put(nl_skb, UBCORE_PAYLOAD_DATA, (int)req->payload_len, req->payload)) { 221 nlmsg_free(nl_skb); 222 return -1; 223 } 224 225 genlmsg_end(nl_skb, nlh); 226 ubcore_log_info("send genl msg type %d seq:%u payload_len %u", 227 (int)req->msg_type, req->nlmsg_seq, req->payload_len); 228 return nlmsg_unicast(g_genl_sock, nl_skb, g_genl_port); 229 } 230 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-5.10 2546/2546] net/netfilter/nft_set_pipapo.o: warning: objtool: nft_pipapo_remove()+0x65f: unreachable instruction
by kernel test robot 05 Dec '24

05 Dec '24

Hi Florian, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: fdc4bca5e9e486a894194c2b6a956492b11d8cc5 commit: 6da9c2b3be7f43cb2dc8c55be00b80bcdc27dba1 [2546/2546] netfilter: nft_set_pipapo: do not free live element config: x86_64-buildonly-randconfig-004-20241205 (https://download.01.org/0day-ci/archive/20241205/202412051737.2B7Mf0Ys-lkp@…) compiler: clang version 19.1.3 (https://github.com/llvm/llvm-project ab51eccf88f5321e7c60591c5546b254b6afab99) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241205/202412051737.2B7Mf0Ys-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412051737.2B7Mf0Ys-lkp@intel.com/ All warnings (new ones prefixed by >>): >> net/netfilter/nft_set_pipapo.o: warning: objtool: nft_pipapo_remove()+0x65f: unreachable instruction -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:openEuler-1.0-LTS 1321/1321] sas_expander.c:undefined reference to `ata_dev_same_device'
by kernel test robot 05 Dec '24

05 Dec '24

Hi Jason, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: d05ffd830132e58bd394d5e8123765b9037141b2 commit: d856ec500c97835c591ffacc005f514509f1a931 [1321/1321] scsi: libsas: check if the same sata device when flutter config: x86_64-buildonly-randconfig-005-20241205 (https://download.01.org/0day-ci/archive/20241205/202412051729.ejnzHbRm-lkp@…) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241205/202412051729.ejnzHbRm-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412051729.ejnzHbRm-lkp@intel.com/ All errors (new ones prefixed by >>): ld: warning: arch/x86/lib/csum-copy_64.o: missing .note.GNU-stack section implies executable stack ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker ld: warning: arch/x86/lib/csum-copy_64.o: missing .note.GNU-stack section implies executable stack ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker ld: warning: .tmp_vmlinux1 has a LOAD segment with RWX permissions ld: drivers/scsi/libsas/sas_expander.o: in function `sas_rediscover_dev': >> sas_expander.c:(.text.unlikely+0x3f4): undefined reference to `ata_dev_same_device' -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-6.6] block, bfq: fix bfqq uaf in bfq_limit_depth()
by Zheng Qixing 05 Dec '24

05 Dec '24

From: Yu Kuai <yukuai3(a)huawei.com> mainline inclusion from mainline-v6.13-rc1 commit e8b8344de3980709080d86c157d24e7de07d70ad category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IB96M5 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… ----------------------- Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks. For example, test bfq with io_uring can trigger following UAF in v6.6: ================================================================== BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50 Call Trace: <TASK> dump_stack_lvl+0x47/0x80 print_address_description.constprop.0+0x66/0x300 print_report+0x3e/0x70 kasan_report+0xb4/0xf0 bfqq_group+0x15/0x50 bfqq_request_over_limit+0x130/0x9a0 bfq_limit_depth+0x1b5/0x480 __blk_mq_alloc_requests+0x2b5/0xa00 blk_mq_get_new_requests+0x11d/0x1d0 blk_mq_submit_bio+0x286/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __block_write_full_folio+0x3d0/0x640 writepage_cb+0x3b/0xc0 write_cache_pages+0x254/0x6c0 write_cache_pages+0x254/0x6c0 do_writepages+0x192/0x310 filemap_fdatawrite_wbc+0x95/0xc0 __filemap_fdatawrite_range+0x99/0xd0 filemap_write_and_wait_range.part.0+0x4d/0xa0 blkdev_read_iter+0xef/0x1e0 io_read+0x1b6/0x8a0 io_issue_sqe+0x87/0x300 io_wq_submit_work+0xeb/0x390 io_worker_handle_work+0x24d/0x550 io_wq_worker+0x27f/0x6c0 ret_from_fork_asm+0x1b/0x30 </TASK> Allocated by task 808602: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_slab_alloc+0x83/0x90 kmem_cache_alloc_node+0x1b1/0x6d0 bfq_get_queue+0x138/0xfa0 bfq_get_bfqq_handle_split+0xe3/0x2c0 bfq_init_rq+0x196/0xbb0 bfq_insert_request.isra.0+0xb5/0x480 bfq_insert_requests+0x156/0x180 blk_mq_insert_request+0x15d/0x440 blk_mq_submit_bio+0x8a4/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __blkdev_direct_IO_async+0x2dd/0x330 blkdev_write_iter+0x39a/0x450 io_write+0x22a/0x840 io_issue_sqe+0x87/0x300 io_wq_submit_work+0xeb/0x390 io_worker_handle_work+0x24d/0x550 io_wq_worker+0x27f/0x6c0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x1b/0x30 Freed by task 808589: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 __kasan_slab_free+0x126/0x1b0 kmem_cache_free+0x10c/0x750 bfq_put_queue+0x2dd/0x770 __bfq_insert_request.isra.0+0x155/0x7a0 bfq_insert_request.isra.0+0x122/0x480 bfq_insert_requests+0x156/0x180 blk_mq_dispatch_plug_list+0x528/0x7e0 blk_mq_flush_plug_list.part.0+0xe5/0x590 __blk_flush_plug+0x3b/0x90 blk_finish_plug+0x40/0x60 do_writepages+0x19d/0x310 filemap_fdatawrite_wbc+0x95/0xc0 __filemap_fdatawrite_range+0x99/0xd0 filemap_write_and_wait_range.part.0+0x4d/0xa0 blkdev_read_iter+0xef/0x1e0 io_read+0x1b6/0x8a0 io_issue_sqe+0x87/0x300 io_wq_submit_work+0xeb/0x390 io_worker_handle_work+0x24d/0x550 io_wq_worker+0x27f/0x6c0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x1b/0x30 Fix the problem by protecting bic_to_bfqq() with bfqd->lock. CC: Jan Kara <jack(a)suse.cz> Fixes: 76f1df88bbc2 ("bfq: Limit number of requests consumed by each cgroup") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20241129091509.2227136-1-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Zheng Qixing <zhengqixing(a)huawei.com> --- block/bfq-iosched.c | 37 ++++++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index b350d2c51bfc..8294f77892bf 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -583,23 +583,31 @@ static struct request *bfq_choose_req(struct bfq_data *bfqd, #define BFQ_LIMIT_INLINE_DEPTH 16 #ifdef CONFIG_BFQ_GROUP_IOSCHED -static bool bfqq_request_over_limit(struct bfq_queue *bfqq, int limit) +static bool bfqq_request_over_limit(struct bfq_data *bfqd, + struct bfq_io_cq *bic, blk_opf_t opf, + unsigned int act_idx, int limit) { - struct bfq_data *bfqd = bfqq->bfqd; - struct bfq_entity *entity = &bfqq->entity; struct bfq_entity *inline_entities[BFQ_LIMIT_INLINE_DEPTH]; struct bfq_entity **entities = inline_entities; - int depth, level, alloc_depth = BFQ_LIMIT_INLINE_DEPTH; - int class_idx = bfqq->ioprio_class - 1; + int alloc_depth = BFQ_LIMIT_INLINE_DEPTH; struct bfq_sched_data *sched_data; + struct bfq_entity *entity; + struct bfq_queue *bfqq; unsigned long wsum; bool ret = false; - - if (!entity->on_st_or_in_serv) - return false; + int depth; + int level; retry: spin_lock_irq(&bfqd->lock); + bfqq = bic_to_bfqq(bic, op_is_sync(opf), act_idx); + if (!bfqq) + goto out; + + entity = &bfqq->entity; + if (!entity->on_st_or_in_serv) + goto out; + /* +1 for bfqq entity, root cgroup not included */ depth = bfqg_to_blkg(bfqq_group(bfqq))->blkcg->css.cgroup->level + 1; if (depth > alloc_depth) { @@ -644,7 +652,7 @@ static bool bfqq_request_over_limit(struct bfq_queue *bfqq, int limit) * class. */ wsum = 0; - for (i = 0; i <= class_idx; i++) { + for (i = 0; i <= bfqq->ioprio_class - 1; i++) { wsum = wsum * IOPRIO_BE_NR + sched_data->service_tree[i].wsum; } @@ -667,7 +675,9 @@ static bool bfqq_request_over_limit(struct bfq_queue *bfqq, int limit) return ret; } #else -static bool bfqq_request_over_limit(struct bfq_queue *bfqq, int limit) +static bool bfqq_request_over_limit(struct bfq_data *bfqd, + struct bfq_io_cq *bic, blk_opf_t opf, + unsigned int act_idx, int limit) { return false; } @@ -705,8 +715,9 @@ static void bfq_limit_depth(blk_opf_t opf, struct blk_mq_alloc_data *data) } for (act_idx = 0; bic && act_idx < bfqd->num_actuators; act_idx++) { - struct bfq_queue *bfqq = - bic_to_bfqq(bic, op_is_sync(opf), act_idx); + /* Fast path to check if bfqq is already allocated. */ + if (!bic_to_bfqq(bic, op_is_sync(opf), act_idx)) + continue; /* * Does queue (or any parent entity) exceed number of @@ -714,7 +725,7 @@ static void bfq_limit_depth(blk_opf_t opf, struct blk_mq_alloc_data *data) * limit depth so that it cannot consume more * available requests and thus starve other entities. */ - if (bfqq && bfqq_request_over_limit(bfqq, limit)) { + if (bfqq_request_over_limit(bfqd, bic, opf, act_idx, limit)) { depth = 1; break; } -- 2.39.2

2 1

[openeuler:OLK-5.10 2546/2546] drivers/acpi/cppc_acpi.c:1530: warning: Function parameter or member 'auto_act_window' not described in 'cppc_set_auto_act_window'
by kernel test robot 05 Dec '24

05 Dec '24

tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: fdc4bca5e9e486a894194c2b6a956492b11d8cc5 commit: 6d474065f368e21b77526a5c30f5a1aed017142a [2546/2546] ACPI: CPPC: Add three register ABIs config: arm64-randconfig-004-20241205 (https://download.01.org/0day-ci/archive/20241205/202412051441.aDAuRsLp-lkp@…) compiler: aarch64-linux-gcc (GCC) 14.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241205/202412051441.aDAuRsLp-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412051441.aDAuRsLp-lkp@intel.com/ All warnings (new ones prefixed by >>): drivers/acpi/cppc_acpi.c:450: warning: Function parameter or member 'cpc_pptr' not described in '__acpi_get_psd_map' drivers/acpi/cppc_acpi.c:700: warning: Function parameter or member 'pcc_ss_id' not described in 'pcc_data_alloc' >> drivers/acpi/cppc_acpi.c:1530: warning: Function parameter or member 'auto_act_window' not described in 'cppc_set_auto_act_window' >> drivers/acpi/cppc_acpi.c:1530: warning: Excess function parameter 'enable' description in 'cppc_set_auto_act_window' >> drivers/acpi/cppc_acpi.c:1541: warning: Function parameter or member 'cpunum' not described in 'cppc_get_auto_act_window' >> drivers/acpi/cppc_acpi.c:1541: warning: Function parameter or member 'auto_act_window' not described in 'cppc_get_auto_act_window' >> drivers/acpi/cppc_acpi.c:1541: warning: Excess function parameter 'cpu' description in 'cppc_get_auto_act_window' >> drivers/acpi/cppc_acpi.c:1541: warning: Excess function parameter 'enable' description in 'cppc_get_auto_act_window' drivers/acpi/cppc_acpi.c:1552: warning: Function parameter or member 'auto_sel' not described in 'cppc_get_auto_sel' >> drivers/acpi/cppc_acpi.c:1552: warning: Excess function parameter 'enable' description in 'cppc_get_auto_sel' >> drivers/acpi/cppc_acpi.c:1575: warning: Function parameter or member 'epp_val' not described in 'cppc_set_epp' >> drivers/acpi/cppc_acpi.c:1575: warning: Excess function parameter 'enable' description in 'cppc_set_epp' drivers/acpi/cppc_acpi.c:1716: warning: Function parameter or member 'cpu_num' not described in 'cppc_get_transition_latency' vim +1530 drivers/acpi/cppc_acpi.c 1523 1524 /** 1525 * cppc_set_auto_act_window - Write autonomous act window register. 1526 * @cpu : CPU to which to write register. 1527 * @enable : the desired value of autonomous act window register to be updated. 1528 */ 1529 int cppc_set_auto_act_window(int cpu, u64 auto_act_window) > 1530 { 1531 return cppc_set_reg(cpu, AUTO_ACT_WINDOW, auto_act_window); 1532 } 1533 EXPORT_SYMBOL_GPL(cppc_set_auto_act_window); 1534 1535 /** 1536 * cppc_get_auto_act_window - Read autonomous act window register. 1537 * @cpu : CPU to which to write register. 1538 * @enable : the desired value of autonomous act window register to be updated. 1539 */ 1540 int cppc_get_auto_act_window(int cpunum, u64 *auto_act_window) > 1541 { 1542 return cppc_get_reg(cpunum, AUTO_ACT_WINDOW, auto_act_window); 1543 } 1544 EXPORT_SYMBOL_GPL(cppc_get_auto_act_window); 1545 1546 /** 1547 * cppc_get_auto_sel - Read autonomous selection register. 1548 * @cpunum : CPU to which to write register. 1549 * @enable : the desired value of autonomous selection resiter to be updated. 1550 */ 1551 int cppc_get_auto_sel(int cpunum, u64 *auto_sel) > 1552 { 1553 return cppc_get_reg(cpunum, AUTO_SEL_ENABLE, auto_sel); 1554 } 1555 EXPORT_SYMBOL_GPL(cppc_get_auto_sel); 1556 1557 1558 /** 1559 * cppc_set_auto_sel - Write autonomous selection register. 1560 * @cpu : CPU to which to write register. 1561 * @enable : the desired value of autonomous selection resiter to be updated. 1562 */ 1563 int cppc_set_auto_sel(int cpu, bool enable) 1564 { 1565 return cppc_set_reg(cpu, AUTO_SEL_ENABLE, enable); 1566 } 1567 EXPORT_SYMBOL_GPL(cppc_set_auto_sel); 1568 1569 /** 1570 * cppc_set_epp - Write energe perf register. 1571 * @cpu : CPU to which to write register. 1572 * @enable : the desired value of energe perf register to be updated. 1573 */ 1574 int cppc_set_epp(int cpu, u64 epp_val) > 1575 { 1576 return cppc_set_reg(cpu, ENERGY_PERF, epp_val); 1577 } 1578 EXPORT_SYMBOL_GPL(cppc_set_epp); 1579 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0