Kernel
Threads by month
- ----- 2025 -----
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- 5 participants
- 18456 discussions
According to https://www.cve.org/CVERecord/?id=CVE-2021-47112 and
https://lore.kernel.org/linux-cve-announce/2024031507-CVE-2021-47112-339c@g…
openEuler-1.0-LTS is also affected by CVE-2021-47112,
backport patch suggested by https://nvd.nist.gov/vuln/detail/CVE-2021-47112
to fix it.
Vitaly Kuznetsov (1):
x86/kvm: Teardown PV features on boot CPU as well
arch/x86/kernel/kvm.c | 57 +++++++++++++++++++++++++++++++------------
1 file changed, 41 insertions(+), 16 deletions(-)
--
2.20.1
2
2
[PATCH] KVM: arm64: Translate logic cluster id to physical cluster id when updating lsudvmbm
by chenxiang 22 Mar '24
by chenxiang 22 Mar '24
22 Mar '24
From: Xiang Chen <chenxiang66(a)hisilicon.com>
virt inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I99TYA
-----------------------------------------------------------------
For dvmbm feature, MN requires physical cluster id while it is
filled with logic cluster id right now. In some situations which
physical cluster id is not equal to logic cluster id such as in
PG boards, it will cause issues when enabling dvmbm.
To avoid the issue, translate logic cluster id to physical cluster
id when updating lsudvmbm.
Signed-off-by: Xiang Chen <chenxiang66(a)hisilicon.com>
Signed-off-by: Yanan Wang <wangyanan55(a)huawei.com>
Signed-off-by: caijian <caijian11(a)h-partners.com>
---
arch/arm64/kvm/arm.c | 3 +
arch/arm64/kvm/hisilicon/hisi_virt.c | 151 +++++++++++++++++++++++++--
arch/arm64/kvm/hisilicon/hisi_virt.h | 16 +++
3 files changed, 163 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index 859689e80ec4..bf2c482b4e65 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -2547,6 +2547,9 @@ static __init int kvm_arm_init(void)
kvm_info("KVM ncsnp %s\n", kvm_ncsnp_support ? "enabled" : "disabled");
kvm_info("KVM dvmbm %s\n", kvm_dvmbm_support ? "enabled" : "disabled");
+ if (kvm_dvmbm_support)
+ kvm_get_pg_cfg();
+
in_hyp_mode = is_kernel_in_hyp_mode();
if (cpus_have_final_cap(ARM64_WORKAROUND_DEVICE_LOAD_ACQUIRE) ||
diff --git a/arch/arm64/kvm/hisilicon/hisi_virt.c b/arch/arm64/kvm/hisilicon/hisi_virt.c
index 662ddf5b124b..68809f10e8d7 100644
--- a/arch/arm64/kvm/hisilicon/hisi_virt.c
+++ b/arch/arm64/kvm/hisilicon/hisi_virt.c
@@ -234,12 +234,97 @@ static int kvm_dvmbm_get_dies_info(struct kvm *kvm, u64 *vm_aff3s, int size)
return num;
}
+static u32 socket_num, die_num;
+
+static u32 kvm_get_socket_num(void)
+{
+ int socket_id[MAX_PG_CFG_SOCKETS], cpu;
+ u32 num = 0;
+
+ for_each_cpu(cpu, cpu_possible_mask) {
+ bool found = false;
+ u64 aff3, socket;
+ int i;
+
+ aff3 = MPIDR_AFFINITY_LEVEL(cpu_logical_map(cpu), 3);
+ /* aff3[7:3]: socket ID */
+ socket = (aff3 & SOCKET_ID_MASK) >> SOCKET_ID_SHIFT;
+ for (i = 0; i < num; i++) {
+ if (socket_id[i] == socket) {
+ found = true;
+ break;
+ }
+ }
+ if (!found)
+ socket_id[num++] = socket;
+ }
+ return num;
+}
+
+static u32 kvm_get_die_num(void)
+{
+ int die_id[MAX_DIES_PER_SOCKET], cpu;
+ u32 num = 0;
+
+ for_each_cpu(cpu, cpu_possible_mask) {
+ bool found = false;
+ u64 aff3, die;
+ int i;
+
+ aff3 = MPIDR_AFFINITY_LEVEL(cpu_logical_map(cpu), 3);
+ /* aff3[2:0]: die ID */
+ die = aff3 & DIE_ID_MASK;
+ for (i = 0; i < num; i++) {
+ if (die_id[i] == die) {
+ found = true;
+ break;
+ }
+ }
+ if (!found)
+ die_id[num++] = die;
+ }
+ return num;
+}
+
+static u32 g_die_pg[MAX_PG_CFG_SOCKETS * MAX_DIES_PER_SOCKET][MAX_CLUSTERS_PER_DIE];
+
+static void kvm_get_die_pg(unsigned long pg_cfg, int socket_id, int die_id)
+{
+ u32 pg_num = 0, i, j;
+ u32 pg_flag[MAX_CLUSTERS_PER_DIE];
+ u32 die_tmp = socket_id * die_num + die_id;
+
+ for (i = 0; i < MAX_CLUSTERS_PER_DIE; i++) {
+ if (test_bit(i, &pg_cfg))
+ pg_num++;
+ g_die_pg[die_tmp][i] = i;
+ pg_flag[i] = 0;
+ }
+
+ for (i = 0; i < MAX_CLUSTERS_PER_DIE - pg_num; i++) {
+ if (test_bit(i, &pg_cfg)) {
+ for (j = 0; j < pg_num; j++) {
+ u32 cluster_bak = MAX_CLUSTERS_PER_DIE - pg_num + j;
+
+ if (!test_bit(cluster_bak, &pg_cfg) &&
+ !pg_flag[cluster_bak]) {
+ pg_flag[cluster_bak] = 1;
+ g_die_pg[die_tmp][i] = cluster_bak;
+ g_die_pg[die_tmp][cluster_bak] = i;
+ break;
+ }
+ }
+ }
+ }
+}
+
static void kvm_update_vm_lsudvmbm(struct kvm *kvm)
{
- u64 mpidr, aff3, aff2, aff1;
+ u64 mpidr, aff3, aff2, aff1, phy_aff2;
u64 vm_aff3s[DVMBM_MAX_DIES];
u64 val;
int cpu, nr_dies;
+ u32 socket_id, die_id;
nr_dies = kvm_dvmbm_get_dies_info(kvm, vm_aff3s, DVMBM_MAX_DIES);
if (nr_dies > 2) {
@@ -254,10 +339,18 @@ static void kvm_update_vm_lsudvmbm(struct kvm *kvm)
/* fulfill bits [52:0] */
for_each_cpu(cpu, kvm->arch.sched_cpus) {
mpidr = cpu_logical_map(cpu);
+ aff3 = MPIDR_AFFINITY_LEVEL(mpidr, 3);
aff2 = MPIDR_AFFINITY_LEVEL(mpidr, 2);
aff1 = MPIDR_AFFINITY_LEVEL(mpidr, 1);
-
- val |= 1ULL << (aff2 * 4 + aff1);
+ socket_id = (aff3 & SOCKET_ID_MASK) >> SOCKET_ID_SHIFT;
+ die_id = (aff3 & DIE_ID_MASK) >> DIE_ID_SHIFT;
+ if (die_id == TOTEM_B_ID)
+ die_id = 0;
+ else
+ die_id = 1;
+
+ phy_aff2 = g_die_pg[socket_id * die_num + die_id][aff2];
+ val |= 1ULL << (phy_aff2 * 4 + aff1);
}
goto out_update;
@@ -274,11 +367,20 @@ static void kvm_update_vm_lsudvmbm(struct kvm *kvm)
mpidr = cpu_logical_map(cpu);
aff3 = MPIDR_AFFINITY_LEVEL(mpidr, 3);
aff2 = MPIDR_AFFINITY_LEVEL(mpidr, 2);
-
- if (aff3 == vm_aff3s[0])
- val |= 1ULL << (aff2 + DVMBM_DIE1_CLUSTER_SHIFT);
+ socket_id = (aff3 & SOCKET_ID_MASK) >> SOCKET_ID_SHIFT;
+ die_id = (aff3 & DIE_ID_MASK) >> DIE_ID_SHIFT;
+ if (die_id == TOTEM_B_ID)
+ die_id = 0;
else
- val |= 1ULL << (aff2 + DVMBM_DIE2_CLUSTER_SHIFT);
+ die_id = 1;
+
+ if (aff3 == vm_aff3s[0]) {
+ phy_aff2 = g_die_pg[socket_id * die_num + die_id][aff2];
+ val |= 1ULL << (phy_aff2 + DVMBM_DIE1_CLUSTER_SHIFT);
+ } else {
+ phy_aff2 = g_die_pg[socket_id * die_num + die_id][aff2];
+ val |= 1ULL << (phy_aff2 + DVMBM_DIE2_CLUSTER_SHIFT);
+ }
}
out_update:
@@ -345,6 +447,41 @@ void kvm_tlbi_dvmbm_vcpu_put(struct kvm_vcpu *vcpu)
cpumask_copy(vcpu->arch.pre_sched_cpus, vcpu->arch.sched_cpus);
}
+void kvm_get_pg_cfg(void)
+{
+ void __iomem *mn_base;
+ u32 i, j;
+ u32 pg_cfgs[MAX_PG_CFG_SOCKETS * MAX_DIES_PER_SOCKET];
+ u64 mn_phy_base;
+ u32 val;
+
+ socket_num = kvm_get_socket_num();
+ die_num = kvm_get_die_num();
+
+ for (i = 0; i < socket_num; i++) {
+ for (j = 0; j < die_num; j++) {
+
+ /*
+ * totem B means the first CPU DIE within a SOCKET,
+ * totem A means the second one.
+ */
+ mn_phy_base = (j == 0) ? TB_MN_BASE : TA_MN_BASE;
+ mn_phy_base += CHIP_ADDR_OFFSET(i);
+ mn_phy_base += MN_ECO0_OFFSET;
+
+ mn_base = ioremap(mn_phy_base, 4);
+ if (!mn_base) {
+ kvm_info("MN base addr ioremap failed\n");
+ return;
+ }
+ val = readl_relaxed(mn_base);
+ pg_cfgs[j + i * die_num] = val & 0xff;
+ kvm_get_die_pg(pg_cfgs[j + i * die_num], i, j);
+ iounmap(mn_base);
+ }
+ }
+}
+
int kvm_sched_affinity_vm_init(struct kvm *kvm)
{
if (!kvm_dvmbm_support)
diff --git a/arch/arm64/kvm/hisilicon/hisi_virt.h b/arch/arm64/kvm/hisilicon/hisi_virt.h
index 4e162b7f6688..e2f521d8fe10 100644
--- a/arch/arm64/kvm/hisilicon/hisi_virt.h
+++ b/arch/arm64/kvm/hisilicon/hisi_virt.h
@@ -20,6 +20,21 @@ enum hisi_cpu_type {
#define SYS_LSUDVM_CTRL_EL2 sys_reg(3, 4, 15, 7, 4)
#define LSUDVM_CTLR_EL2_MASK BIT_ULL(0)
+#define MAX_CLUSTERS_PER_DIE 8
+#define TB_MN_BASE 0x00C6067f0000
+#define TA_MN_BASE 0x0046067F0000
+#define CHIP_ADDR_OFFSET(_chip) (((((_chip) >> 3) & 0x1) * 0x80000000000) + \
+ ((((_chip) >> 2) & 0x1) * (0x100000000000)) + \
+ (((_chip) & 0x3) * 0x200000000000))
+#define MAX_PG_CFG_SOCKETS 4
+#define MAX_DIES_PER_SOCKET 2
+#define MN_ECO0_OFFSET 0xc00
+#define SOCKET_ID_MASK 0xf8
+#define SOCKET_ID_SHIFT 3
+#define DIE_ID_MASK 0x7
+#define DIE_ID_SHIFT 0
+#define TOTEM_B_ID 3
+
/*
* MPIDR_EL1 layout on HIP09
*
@@ -50,6 +65,7 @@ enum hisi_cpu_type {
void probe_hisi_cpu_type(void);
bool hisi_ncsnp_supported(void);
bool hisi_dvmbm_supported(void);
+void kvm_get_pg_cfg(void);
int kvm_sched_affinity_vcpu_init(struct kvm_vcpu *vcpu);
void kvm_sched_affinity_vcpu_destroy(struct kvm_vcpu *vcpu);
--
2.30.0
1
0
Patchset for CVE-2021-47131.
v4:
- Resend for PR create failed.
v3:
- Delete "Reference" head comment.
v2:
- Add bugfix patches for CVE patch.
Maxim Mikityanskiy (5):
net/tls: Replace TLS_RX_SYNC_RUNNING with RCU
net/tls: Fix use-after-free after the TLS device goes down and up
tls: Fix context leak on tls_device_down
net/tls: Remove the context from the list in tls_device_down
net/tls: Use RCU API to access tls_ctx->netdev
include/net/tls.h | 13 ++++-
net/tls/tls_device.c | 89 ++++++++++++++++++++++++++++-------
net/tls/tls_device_fallback.c | 9 +++-
net/tls/tls_main.c | 1 +
4 files changed, 93 insertions(+), 19 deletions(-)
--
2.25.1
2
6
[PATCH openEuler-22.03-LTS-SP1] jfs: fix array-index-out-of-bounds in dbAdjTree
by ZhaoLong Wang 22 Mar '24
by ZhaoLong Wang 22 Mar '24
22 Mar '24
From: Manas Ghandat <ghandatmanas(a)gmail.com>
stable inclusion
from stable-v5.10.210
commit 2037cb9d95f1741885f7daf50e8a028c4ade5317
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I96GQ3
CVE: CVE-2023-52601
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
--------------------------------
[ Upstream commit 74ecdda68242b174920fe7c6133a856fb7d8559b ]
Currently there is a bound check missing in the dbAdjTree while
accessing the dmt_stree. To add the required check added the bool is_ctl
which is required to determine the size as suggest in the following
commit.
https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e…
Reported-by: syzbot+39ba34a099ac2e9bd3cb(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb
Signed-off-by: Manas Ghandat <ghandatmanas(a)gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
Signed-off-by: ZhaoLong Wang <wangzhaolong1(a)huawei.com>
---
fs/jfs/jfs_dmap.c | 60 ++++++++++++++++++++++++-----------------------
1 file changed, 31 insertions(+), 29 deletions(-)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 23e51992c964..6f42aed070dc 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -63,10 +63,10 @@
*/
static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
int nblocks);
-static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval);
-static int dbBackSplit(dmtree_t * tp, int leafno);
-static int dbJoin(dmtree_t * tp, int leafno, int newval);
-static void dbAdjTree(dmtree_t * tp, int leafno, int newval);
+static void dbSplit(dmtree_t *tp, int leafno, int splitsz, int newval, bool is_ctl);
+static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl);
+static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl);
+static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl);
static int dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc,
int level);
static int dbAllocAny(struct bmap * bmp, s64 nblocks, int l2nb, s64 * results);
@@ -2138,7 +2138,7 @@ static int dbFreeDmap(struct bmap * bmp, struct dmap * dp, s64 blkno,
* system.
*/
if (dp->tree.stree[word] == NOFREE)
- dbBackSplit((dmtree_t *) & dp->tree, word);
+ dbBackSplit((dmtree_t *)&dp->tree, word, false);
dbAllocBits(bmp, dp, blkno, nblocks);
}
@@ -2224,7 +2224,7 @@ static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
* the binary system of the leaves if need be.
*/
dbSplit(tp, word, BUDMIN,
- dbMaxBud((u8 *) & dp->wmap[word]));
+ dbMaxBud((u8 *)&dp->wmap[word]), false);
word += 1;
} else {
@@ -2264,7 +2264,7 @@ static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
* system of the leaves to reflect the current
* allocation (size).
*/
- dbSplit(tp, word, size, NOFREE);
+ dbSplit(tp, word, size, NOFREE, false);
/* get the number of dmap words handled */
nw = BUDSIZE(size, BUDMIN);
@@ -2371,7 +2371,7 @@ static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
/* update the leaf for this dmap word.
*/
rc = dbJoin(tp, word,
- dbMaxBud((u8 *) & dp->wmap[word]));
+ dbMaxBud((u8 *)&dp->wmap[word]), false);
if (rc)
return rc;
@@ -2404,7 +2404,7 @@ static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
/* update the leaf.
*/
- rc = dbJoin(tp, word, size);
+ rc = dbJoin(tp, word, size, false);
if (rc)
return rc;
@@ -2556,14 +2556,14 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
* that it is at the front of a binary buddy system.
*/
if (oldval == NOFREE) {
- rc = dbBackSplit((dmtree_t *) dcp, leafno);
+ rc = dbBackSplit((dmtree_t *)dcp, leafno, true);
if (rc)
return rc;
oldval = dcp->stree[ti];
}
- dbSplit((dmtree_t *) dcp, leafno, dcp->budmin, newval);
+ dbSplit((dmtree_t *) dcp, leafno, dcp->budmin, newval, true);
} else {
- rc = dbJoin((dmtree_t *) dcp, leafno, newval);
+ rc = dbJoin((dmtree_t *) dcp, leafno, newval, true);
if (rc)
return rc;
}
@@ -2592,7 +2592,7 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*/
if (alloc) {
dbJoin((dmtree_t *) dcp, leafno,
- oldval);
+ oldval, true);
} else {
/* the dbJoin() above might have
* caused a larger binary buddy system
@@ -2602,9 +2602,9 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*/
if (dcp->stree[ti] == NOFREE)
dbBackSplit((dmtree_t *)
- dcp, leafno);
+ dcp, leafno, true);
dbSplit((dmtree_t *) dcp, leafno,
- dcp->budmin, oldval);
+ dcp->budmin, oldval, true);
}
/* release the buffer and return the error.
@@ -2652,7 +2652,7 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*
* serialization: IREAD_LOCK(ipbmap) or IWRITE_LOCK(ipbmap) held on entry/exit;
*/
-static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
+static void dbSplit(dmtree_t *tp, int leafno, int splitsz, int newval, bool is_ctl)
{
int budsz;
int cursz;
@@ -2674,7 +2674,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
while (cursz >= splitsz) {
/* update the buddy's leaf with its new value.
*/
- dbAdjTree(tp, leafno ^ budsz, cursz);
+ dbAdjTree(tp, leafno ^ budsz, cursz, is_ctl);
/* on to the next size and buddy.
*/
@@ -2686,7 +2686,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
/* adjust the dmap tree to reflect the specified leaf's new
* value.
*/
- dbAdjTree(tp, leafno, newval);
+ dbAdjTree(tp, leafno, newval, is_ctl);
}
@@ -2717,7 +2717,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
*
* serialization: IREAD_LOCK(ipbmap) or IWRITE_LOCK(ipbmap) held on entry/exit;
*/
-static int dbBackSplit(dmtree_t * tp, int leafno)
+static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl)
{
int budsz, bud, w, bsz, size;
int cursz;
@@ -2768,7 +2768,7 @@ static int dbBackSplit(dmtree_t * tp, int leafno)
* system in two.
*/
cursz = leaf[bud] - 1;
- dbSplit(tp, bud, cursz, cursz);
+ dbSplit(tp, bud, cursz, cursz, is_ctl);
break;
}
}
@@ -2796,7 +2796,7 @@ static int dbBackSplit(dmtree_t * tp, int leafno)
*
* RETURN VALUES: none
*/
-static int dbJoin(dmtree_t * tp, int leafno, int newval)
+static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl)
{
int budsz, buddy;
s8 *leaf;
@@ -2851,12 +2851,12 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
if (leafno < buddy) {
/* leafno is the left buddy.
*/
- dbAdjTree(tp, buddy, NOFREE);
+ dbAdjTree(tp, buddy, NOFREE, is_ctl);
} else {
/* buddy is the left buddy and becomes
* leafno.
*/
- dbAdjTree(tp, leafno, NOFREE);
+ dbAdjTree(tp, leafno, NOFREE, is_ctl);
leafno = buddy;
}
@@ -2869,7 +2869,7 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
/* update the leaf value.
*/
- dbAdjTree(tp, leafno, newval);
+ dbAdjTree(tp, leafno, newval, is_ctl);
return 0;
}
@@ -2890,21 +2890,23 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
*
* RETURN VALUES: none
*/
-static void dbAdjTree(dmtree_t * tp, int leafno, int newval)
+static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl)
{
int lp, pp, k;
- int max;
+ int max, size;
+
+ size = is_ctl ? CTLTREESIZE : TREESIZE;
/* pick up the index of the leaf for this leafno.
*/
lp = leafno + le32_to_cpu(tp->dmt_leafidx);
+ if (WARN_ON_ONCE(lp >= size || lp < 0))
+ return;
+
/* is the current value the same as the old value ? if so,
* there is nothing to do.
*/
- if (WARN_ON_ONCE(lp >= CTLTREESIZE))
- return;
-
if (tp->dmt_stree[lp] == newval)
return;
--
2.34.3
2
1
[PATCH openEuler-1.0-LTS] jfs: fix array-index-out-of-bounds in dbAdjTree
by ZhaoLong Wang 22 Mar '24
by ZhaoLong Wang 22 Mar '24
22 Mar '24
From: Manas Ghandat <ghandatmanas(a)gmail.com>
stable inclusion
from stable-v4.19.307
commit 3d3898b4d72c677d47fe3cb554449f2df5c12555
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I96GQ3
CVE: CVE-2023-52601
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
--------------------------------
[ Upstream commit 74ecdda68242b174920fe7c6133a856fb7d8559b ]
Currently there is a bound check missing in the dbAdjTree while
accessing the dmt_stree. To add the required check added the bool is_ctl
which is required to determine the size as suggest in the following
commit.
https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e…
Reported-by: syzbot+39ba34a099ac2e9bd3cb(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb
Signed-off-by: Manas Ghandat <ghandatmanas(a)gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
fs/jfs/jfs_dmap.c | 60 ++++++++++++++++++++++++-----------------------
1 file changed, 31 insertions(+), 29 deletions(-)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 8f856e0a85a6..0c10dd93cb74 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -76,10 +76,10 @@
*/
static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
int nblocks);
-static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval);
-static int dbBackSplit(dmtree_t * tp, int leafno);
-static int dbJoin(dmtree_t * tp, int leafno, int newval);
-static void dbAdjTree(dmtree_t * tp, int leafno, int newval);
+static void dbSplit(dmtree_t *tp, int leafno, int splitsz, int newval, bool is_ctl);
+static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl);
+static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl);
+static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl);
static int dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc,
int level);
static int dbAllocAny(struct bmap * bmp, s64 nblocks, int l2nb, s64 * results);
@@ -2144,7 +2144,7 @@ static int dbFreeDmap(struct bmap * bmp, struct dmap * dp, s64 blkno,
* system.
*/
if (dp->tree.stree[word] == NOFREE)
- dbBackSplit((dmtree_t *) & dp->tree, word);
+ dbBackSplit((dmtree_t *)&dp->tree, word, false);
dbAllocBits(bmp, dp, blkno, nblocks);
}
@@ -2230,7 +2230,7 @@ static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
* the binary system of the leaves if need be.
*/
dbSplit(tp, word, BUDMIN,
- dbMaxBud((u8 *) & dp->wmap[word]));
+ dbMaxBud((u8 *)&dp->wmap[word]), false);
word += 1;
} else {
@@ -2270,7 +2270,7 @@ static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
* system of the leaves to reflect the current
* allocation (size).
*/
- dbSplit(tp, word, size, NOFREE);
+ dbSplit(tp, word, size, NOFREE, false);
/* get the number of dmap words handled */
nw = BUDSIZE(size, BUDMIN);
@@ -2377,7 +2377,7 @@ static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
/* update the leaf for this dmap word.
*/
rc = dbJoin(tp, word,
- dbMaxBud((u8 *) & dp->wmap[word]));
+ dbMaxBud((u8 *)&dp->wmap[word]), false);
if (rc)
return rc;
@@ -2410,7 +2410,7 @@ static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
/* update the leaf.
*/
- rc = dbJoin(tp, word, size);
+ rc = dbJoin(tp, word, size, false);
if (rc)
return rc;
@@ -2562,14 +2562,14 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
* that it is at the front of a binary buddy system.
*/
if (oldval == NOFREE) {
- rc = dbBackSplit((dmtree_t *) dcp, leafno);
+ rc = dbBackSplit((dmtree_t *)dcp, leafno, true);
if (rc)
return rc;
oldval = dcp->stree[ti];
}
- dbSplit((dmtree_t *) dcp, leafno, dcp->budmin, newval);
+ dbSplit((dmtree_t *) dcp, leafno, dcp->budmin, newval, true);
} else {
- rc = dbJoin((dmtree_t *) dcp, leafno, newval);
+ rc = dbJoin((dmtree_t *) dcp, leafno, newval, true);
if (rc)
return rc;
}
@@ -2598,7 +2598,7 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*/
if (alloc) {
dbJoin((dmtree_t *) dcp, leafno,
- oldval);
+ oldval, true);
} else {
/* the dbJoin() above might have
* caused a larger binary buddy system
@@ -2608,9 +2608,9 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*/
if (dcp->stree[ti] == NOFREE)
dbBackSplit((dmtree_t *)
- dcp, leafno);
+ dcp, leafno, true);
dbSplit((dmtree_t *) dcp, leafno,
- dcp->budmin, oldval);
+ dcp->budmin, oldval, true);
}
/* release the buffer and return the error.
@@ -2658,7 +2658,7 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*
* serialization: IREAD_LOCK(ipbmap) or IWRITE_LOCK(ipbmap) held on entry/exit;
*/
-static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
+static void dbSplit(dmtree_t *tp, int leafno, int splitsz, int newval, bool is_ctl)
{
int budsz;
int cursz;
@@ -2680,7 +2680,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
while (cursz >= splitsz) {
/* update the buddy's leaf with its new value.
*/
- dbAdjTree(tp, leafno ^ budsz, cursz);
+ dbAdjTree(tp, leafno ^ budsz, cursz, is_ctl);
/* on to the next size and buddy.
*/
@@ -2692,7 +2692,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
/* adjust the dmap tree to reflect the specified leaf's new
* value.
*/
- dbAdjTree(tp, leafno, newval);
+ dbAdjTree(tp, leafno, newval, is_ctl);
}
@@ -2723,7 +2723,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
*
* serialization: IREAD_LOCK(ipbmap) or IWRITE_LOCK(ipbmap) held on entry/exit;
*/
-static int dbBackSplit(dmtree_t * tp, int leafno)
+static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl)
{
int budsz, bud, w, bsz, size;
int cursz;
@@ -2774,7 +2774,7 @@ static int dbBackSplit(dmtree_t * tp, int leafno)
* system in two.
*/
cursz = leaf[bud] - 1;
- dbSplit(tp, bud, cursz, cursz);
+ dbSplit(tp, bud, cursz, cursz, is_ctl);
break;
}
}
@@ -2802,7 +2802,7 @@ static int dbBackSplit(dmtree_t * tp, int leafno)
*
* RETURN VALUES: none
*/
-static int dbJoin(dmtree_t * tp, int leafno, int newval)
+static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl)
{
int budsz, buddy;
s8 *leaf;
@@ -2857,12 +2857,12 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
if (leafno < buddy) {
/* leafno is the left buddy.
*/
- dbAdjTree(tp, buddy, NOFREE);
+ dbAdjTree(tp, buddy, NOFREE, is_ctl);
} else {
/* buddy is the left buddy and becomes
* leafno.
*/
- dbAdjTree(tp, leafno, NOFREE);
+ dbAdjTree(tp, leafno, NOFREE, is_ctl);
leafno = buddy;
}
@@ -2875,7 +2875,7 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
/* update the leaf value.
*/
- dbAdjTree(tp, leafno, newval);
+ dbAdjTree(tp, leafno, newval, is_ctl);
return 0;
}
@@ -2896,21 +2896,23 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
*
* RETURN VALUES: none
*/
-static void dbAdjTree(dmtree_t * tp, int leafno, int newval)
+static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl)
{
int lp, pp, k;
- int max;
+ int max, size;
+
+ size = is_ctl ? CTLTREESIZE : TREESIZE;
/* pick up the index of the leaf for this leafno.
*/
lp = leafno + le32_to_cpu(tp->dmt_leafidx);
+ if (WARN_ON_ONCE(lp >= size || lp < 0))
+ return;
+
/* is the current value the same as the old value ? if so,
* there is nothing to do.
*/
- if (WARN_ON_ONCE(lp >= CTLTREESIZE))
- return;
-
if (tp->dmt_stree[lp] == newval)
return;
--
2.39.2
2
1
22 Mar '24
From: Manas Ghandat <ghandatmanas(a)gmail.com>
stable inclusion
from stable-v5.10.210
commit 2037cb9d95f1741885f7daf50e8a028c4ade5317
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I96GQ3
CVE: CVE-2023-52601
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
--------------------------------
[ Upstream commit 74ecdda68242b174920fe7c6133a856fb7d8559b ]
Currently there is a bound check missing in the dbAdjTree while
accessing the dmt_stree. To add the required check added the bool is_ctl
which is required to determine the size as suggest in the following
commit.
https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e…
Reported-by: syzbot+39ba34a099ac2e9bd3cb(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb
Signed-off-by: Manas Ghandat <ghandatmanas(a)gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
Signed-off-by: ZhaoLong Wang <wangzhaolong1(a)huawei.com>
---
fs/jfs/jfs_dmap.c | 60 ++++++++++++++++++++++++-----------------------
1 file changed, 31 insertions(+), 29 deletions(-)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index cb31ea51a54d..a8092fcd67e8 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -63,10 +63,10 @@
*/
static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
int nblocks);
-static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval);
-static int dbBackSplit(dmtree_t * tp, int leafno);
-static int dbJoin(dmtree_t * tp, int leafno, int newval);
-static void dbAdjTree(dmtree_t * tp, int leafno, int newval);
+static void dbSplit(dmtree_t *tp, int leafno, int splitsz, int newval, bool is_ctl);
+static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl);
+static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl);
+static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl);
static int dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc,
int level);
static int dbAllocAny(struct bmap * bmp, s64 nblocks, int l2nb, s64 * results);
@@ -2164,7 +2164,7 @@ static int dbFreeDmap(struct bmap * bmp, struct dmap * dp, s64 blkno,
* system.
*/
if (dp->tree.stree[word] == NOFREE)
- dbBackSplit((dmtree_t *) & dp->tree, word);
+ dbBackSplit((dmtree_t *)&dp->tree, word, false);
dbAllocBits(bmp, dp, blkno, nblocks);
}
@@ -2250,7 +2250,7 @@ static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
* the binary system of the leaves if need be.
*/
dbSplit(tp, word, BUDMIN,
- dbMaxBud((u8 *) & dp->wmap[word]));
+ dbMaxBud((u8 *)&dp->wmap[word]), false);
word += 1;
} else {
@@ -2290,7 +2290,7 @@ static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
* system of the leaves to reflect the current
* allocation (size).
*/
- dbSplit(tp, word, size, NOFREE);
+ dbSplit(tp, word, size, NOFREE, false);
/* get the number of dmap words handled */
nw = BUDSIZE(size, BUDMIN);
@@ -2397,7 +2397,7 @@ static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
/* update the leaf for this dmap word.
*/
rc = dbJoin(tp, word,
- dbMaxBud((u8 *) & dp->wmap[word]));
+ dbMaxBud((u8 *)&dp->wmap[word]), false);
if (rc)
return rc;
@@ -2430,7 +2430,7 @@ static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
/* update the leaf.
*/
- rc = dbJoin(tp, word, size);
+ rc = dbJoin(tp, word, size, false);
if (rc)
return rc;
@@ -2582,14 +2582,14 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
* that it is at the front of a binary buddy system.
*/
if (oldval == NOFREE) {
- rc = dbBackSplit((dmtree_t *) dcp, leafno);
+ rc = dbBackSplit((dmtree_t *)dcp, leafno, true);
if (rc)
return rc;
oldval = dcp->stree[ti];
}
- dbSplit((dmtree_t *) dcp, leafno, dcp->budmin, newval);
+ dbSplit((dmtree_t *) dcp, leafno, dcp->budmin, newval, true);
} else {
- rc = dbJoin((dmtree_t *) dcp, leafno, newval);
+ rc = dbJoin((dmtree_t *) dcp, leafno, newval, true);
if (rc)
return rc;
}
@@ -2618,7 +2618,7 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*/
if (alloc) {
dbJoin((dmtree_t *) dcp, leafno,
- oldval);
+ oldval, true);
} else {
/* the dbJoin() above might have
* caused a larger binary buddy system
@@ -2628,9 +2628,9 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*/
if (dcp->stree[ti] == NOFREE)
dbBackSplit((dmtree_t *)
- dcp, leafno);
+ dcp, leafno, true);
dbSplit((dmtree_t *) dcp, leafno,
- dcp->budmin, oldval);
+ dcp->budmin, oldval, true);
}
/* release the buffer and return the error.
@@ -2678,7 +2678,7 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*
* serialization: IREAD_LOCK(ipbmap) or IWRITE_LOCK(ipbmap) held on entry/exit;
*/
-static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
+static void dbSplit(dmtree_t *tp, int leafno, int splitsz, int newval, bool is_ctl)
{
int budsz;
int cursz;
@@ -2700,7 +2700,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
while (cursz >= splitsz) {
/* update the buddy's leaf with its new value.
*/
- dbAdjTree(tp, leafno ^ budsz, cursz);
+ dbAdjTree(tp, leafno ^ budsz, cursz, is_ctl);
/* on to the next size and buddy.
*/
@@ -2712,7 +2712,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
/* adjust the dmap tree to reflect the specified leaf's new
* value.
*/
- dbAdjTree(tp, leafno, newval);
+ dbAdjTree(tp, leafno, newval, is_ctl);
}
@@ -2743,7 +2743,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
*
* serialization: IREAD_LOCK(ipbmap) or IWRITE_LOCK(ipbmap) held on entry/exit;
*/
-static int dbBackSplit(dmtree_t * tp, int leafno)
+static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl)
{
int budsz, bud, w, bsz, size;
int cursz;
@@ -2794,7 +2794,7 @@ static int dbBackSplit(dmtree_t * tp, int leafno)
* system in two.
*/
cursz = leaf[bud] - 1;
- dbSplit(tp, bud, cursz, cursz);
+ dbSplit(tp, bud, cursz, cursz, is_ctl);
break;
}
}
@@ -2822,7 +2822,7 @@ static int dbBackSplit(dmtree_t * tp, int leafno)
*
* RETURN VALUES: none
*/
-static int dbJoin(dmtree_t * tp, int leafno, int newval)
+static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl)
{
int budsz, buddy;
s8 *leaf;
@@ -2877,12 +2877,12 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
if (leafno < buddy) {
/* leafno is the left buddy.
*/
- dbAdjTree(tp, buddy, NOFREE);
+ dbAdjTree(tp, buddy, NOFREE, is_ctl);
} else {
/* buddy is the left buddy and becomes
* leafno.
*/
- dbAdjTree(tp, leafno, NOFREE);
+ dbAdjTree(tp, leafno, NOFREE, is_ctl);
leafno = buddy;
}
@@ -2895,7 +2895,7 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
/* update the leaf value.
*/
- dbAdjTree(tp, leafno, newval);
+ dbAdjTree(tp, leafno, newval, is_ctl);
return 0;
}
@@ -2916,21 +2916,23 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
*
* RETURN VALUES: none
*/
-static void dbAdjTree(dmtree_t * tp, int leafno, int newval)
+static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl)
{
int lp, pp, k;
- int max;
+ int max, size;
+
+ size = is_ctl ? CTLTREESIZE : TREESIZE;
/* pick up the index of the leaf for this leafno.
*/
lp = leafno + le32_to_cpu(tp->dmt_leafidx);
+ if (WARN_ON_ONCE(lp >= size || lp < 0))
+ return;
+
/* is the current value the same as the old value ? if so,
* there is nothing to do.
*/
- if (WARN_ON_ONCE(lp >= CTLTREESIZE))
- return;
-
if (tp->dmt_stree[lp] == newval)
return;
--
2.39.2
2
3
[PATCH openEuler-22.03-LTS-SP2] jfs: fix array-index-out-of-bounds in dbAdjTree
by ZhaoLong Wang 22 Mar '24
by ZhaoLong Wang 22 Mar '24
22 Mar '24
From: Manas Ghandat <ghandatmanas(a)gmail.com>
stable inclusion
from stable-v5.10.210
commit 2037cb9d95f1741885f7daf50e8a028c4ade5317
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I96GQ3
CVE: CVE-2023-52601
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
--------------------------------
[ Upstream commit 74ecdda68242b174920fe7c6133a856fb7d8559b ]
Currently there is a bound check missing in the dbAdjTree while
accessing the dmt_stree. To add the required check added the bool is_ctl
which is required to determine the size as suggest in the following
commit.
https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e…
Reported-by: syzbot+39ba34a099ac2e9bd3cb(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb
Signed-off-by: Manas Ghandat <ghandatmanas(a)gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
Signed-off-by: ZhaoLong Wang <wangzhaolong1(a)huawei.com>
---
fs/jfs/jfs_dmap.c | 60 ++++++++++++++++++++++++-----------------------
1 file changed, 31 insertions(+), 29 deletions(-)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 72dae2623f05..c94c95e1c332 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -63,10 +63,10 @@
*/
static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
int nblocks);
-static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval);
-static int dbBackSplit(dmtree_t * tp, int leafno);
-static int dbJoin(dmtree_t * tp, int leafno, int newval);
-static void dbAdjTree(dmtree_t * tp, int leafno, int newval);
+static void dbSplit(dmtree_t *tp, int leafno, int splitsz, int newval, bool is_ctl);
+static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl);
+static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl);
+static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl);
static int dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc,
int level);
static int dbAllocAny(struct bmap * bmp, s64 nblocks, int l2nb, s64 * results);
@@ -2153,7 +2153,7 @@ static int dbFreeDmap(struct bmap * bmp, struct dmap * dp, s64 blkno,
* system.
*/
if (dp->tree.stree[word] == NOFREE)
- dbBackSplit((dmtree_t *) & dp->tree, word);
+ dbBackSplit((dmtree_t *)&dp->tree, word, false);
dbAllocBits(bmp, dp, blkno, nblocks);
}
@@ -2239,7 +2239,7 @@ static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
* the binary system of the leaves if need be.
*/
dbSplit(tp, word, BUDMIN,
- dbMaxBud((u8 *) & dp->wmap[word]));
+ dbMaxBud((u8 *)&dp->wmap[word]), false);
word += 1;
} else {
@@ -2279,7 +2279,7 @@ static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
* system of the leaves to reflect the current
* allocation (size).
*/
- dbSplit(tp, word, size, NOFREE);
+ dbSplit(tp, word, size, NOFREE, false);
/* get the number of dmap words handled */
nw = BUDSIZE(size, BUDMIN);
@@ -2386,7 +2386,7 @@ static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
/* update the leaf for this dmap word.
*/
rc = dbJoin(tp, word,
- dbMaxBud((u8 *) & dp->wmap[word]));
+ dbMaxBud((u8 *)&dp->wmap[word]), false);
if (rc)
return rc;
@@ -2419,7 +2419,7 @@ static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
/* update the leaf.
*/
- rc = dbJoin(tp, word, size);
+ rc = dbJoin(tp, word, size, false);
if (rc)
return rc;
@@ -2571,14 +2571,14 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
* that it is at the front of a binary buddy system.
*/
if (oldval == NOFREE) {
- rc = dbBackSplit((dmtree_t *) dcp, leafno);
+ rc = dbBackSplit((dmtree_t *)dcp, leafno, true);
if (rc)
return rc;
oldval = dcp->stree[ti];
}
- dbSplit((dmtree_t *) dcp, leafno, dcp->budmin, newval);
+ dbSplit((dmtree_t *) dcp, leafno, dcp->budmin, newval, true);
} else {
- rc = dbJoin((dmtree_t *) dcp, leafno, newval);
+ rc = dbJoin((dmtree_t *) dcp, leafno, newval, true);
if (rc)
return rc;
}
@@ -2607,7 +2607,7 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*/
if (alloc) {
dbJoin((dmtree_t *) dcp, leafno,
- oldval);
+ oldval, true);
} else {
/* the dbJoin() above might have
* caused a larger binary buddy system
@@ -2617,9 +2617,9 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*/
if (dcp->stree[ti] == NOFREE)
dbBackSplit((dmtree_t *)
- dcp, leafno);
+ dcp, leafno, true);
dbSplit((dmtree_t *) dcp, leafno,
- dcp->budmin, oldval);
+ dcp->budmin, oldval, true);
}
/* release the buffer and return the error.
@@ -2667,7 +2667,7 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*
* serialization: IREAD_LOCK(ipbmap) or IWRITE_LOCK(ipbmap) held on entry/exit;
*/
-static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
+static void dbSplit(dmtree_t *tp, int leafno, int splitsz, int newval, bool is_ctl)
{
int budsz;
int cursz;
@@ -2689,7 +2689,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
while (cursz >= splitsz) {
/* update the buddy's leaf with its new value.
*/
- dbAdjTree(tp, leafno ^ budsz, cursz);
+ dbAdjTree(tp, leafno ^ budsz, cursz, is_ctl);
/* on to the next size and buddy.
*/
@@ -2701,7 +2701,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
/* adjust the dmap tree to reflect the specified leaf's new
* value.
*/
- dbAdjTree(tp, leafno, newval);
+ dbAdjTree(tp, leafno, newval, is_ctl);
}
@@ -2732,7 +2732,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
*
* serialization: IREAD_LOCK(ipbmap) or IWRITE_LOCK(ipbmap) held on entry/exit;
*/
-static int dbBackSplit(dmtree_t * tp, int leafno)
+static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl)
{
int budsz, bud, w, bsz, size;
int cursz;
@@ -2783,7 +2783,7 @@ static int dbBackSplit(dmtree_t * tp, int leafno)
* system in two.
*/
cursz = leaf[bud] - 1;
- dbSplit(tp, bud, cursz, cursz);
+ dbSplit(tp, bud, cursz, cursz, is_ctl);
break;
}
}
@@ -2811,7 +2811,7 @@ static int dbBackSplit(dmtree_t * tp, int leafno)
*
* RETURN VALUES: none
*/
-static int dbJoin(dmtree_t * tp, int leafno, int newval)
+static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl)
{
int budsz, buddy;
s8 *leaf;
@@ -2866,12 +2866,12 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
if (leafno < buddy) {
/* leafno is the left buddy.
*/
- dbAdjTree(tp, buddy, NOFREE);
+ dbAdjTree(tp, buddy, NOFREE, is_ctl);
} else {
/* buddy is the left buddy and becomes
* leafno.
*/
- dbAdjTree(tp, leafno, NOFREE);
+ dbAdjTree(tp, leafno, NOFREE, is_ctl);
leafno = buddy;
}
@@ -2884,7 +2884,7 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
/* update the leaf value.
*/
- dbAdjTree(tp, leafno, newval);
+ dbAdjTree(tp, leafno, newval, is_ctl);
return 0;
}
@@ -2905,21 +2905,23 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
*
* RETURN VALUES: none
*/
-static void dbAdjTree(dmtree_t * tp, int leafno, int newval)
+static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl)
{
int lp, pp, k;
- int max;
+ int max, size;
+
+ size = is_ctl ? CTLTREESIZE : TREESIZE;
/* pick up the index of the leaf for this leafno.
*/
lp = leafno + le32_to_cpu(tp->dmt_leafidx);
+ if (WARN_ON_ONCE(lp >= size || lp < 0))
+ return;
+
/* is the current value the same as the old value ? if so,
* there is nothing to do.
*/
- if (WARN_ON_ONCE(lp >= CTLTREESIZE))
- return;
-
if (tp->dmt_stree[lp] == newval)
return;
--
2.34.3
2
6
[PATCH openEuler-22.03-LTS] jfs: fix array-index-out-of-bounds in dbAdjTree
by ZhaoLong Wang 22 Mar '24
by ZhaoLong Wang 22 Mar '24
22 Mar '24
From: Manas Ghandat <ghandatmanas(a)gmail.com>
stable inclusion
from stable-v5.10.210
commit 2037cb9d95f1741885f7daf50e8a028c4ade5317
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I96GQ3
CVE: CVE-2023-52601
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
--------------------------------
[ Upstream commit 74ecdda68242b174920fe7c6133a856fb7d8559b ]
Currently there is a bound check missing in the dbAdjTree while
accessing the dmt_stree. To add the required check added the bool is_ctl
which is required to determine the size as suggest in the following
commit.
https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e…
Reported-by: syzbot+39ba34a099ac2e9bd3cb(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb
Signed-off-by: Manas Ghandat <ghandatmanas(a)gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
Signed-off-by: ZhaoLong Wang <wangzhaolong1(a)huawei.com>
---
fs/jfs/jfs_dmap.c | 60 ++++++++++++++++++++++++-----------------------
1 file changed, 31 insertions(+), 29 deletions(-)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 23e51992c964..6f42aed070dc 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -63,10 +63,10 @@
*/
static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
int nblocks);
-static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval);
-static int dbBackSplit(dmtree_t * tp, int leafno);
-static int dbJoin(dmtree_t * tp, int leafno, int newval);
-static void dbAdjTree(dmtree_t * tp, int leafno, int newval);
+static void dbSplit(dmtree_t *tp, int leafno, int splitsz, int newval, bool is_ctl);
+static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl);
+static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl);
+static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl);
static int dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc,
int level);
static int dbAllocAny(struct bmap * bmp, s64 nblocks, int l2nb, s64 * results);
@@ -2138,7 +2138,7 @@ static int dbFreeDmap(struct bmap * bmp, struct dmap * dp, s64 blkno,
* system.
*/
if (dp->tree.stree[word] == NOFREE)
- dbBackSplit((dmtree_t *) & dp->tree, word);
+ dbBackSplit((dmtree_t *)&dp->tree, word, false);
dbAllocBits(bmp, dp, blkno, nblocks);
}
@@ -2224,7 +2224,7 @@ static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
* the binary system of the leaves if need be.
*/
dbSplit(tp, word, BUDMIN,
- dbMaxBud((u8 *) & dp->wmap[word]));
+ dbMaxBud((u8 *)&dp->wmap[word]), false);
word += 1;
} else {
@@ -2264,7 +2264,7 @@ static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
* system of the leaves to reflect the current
* allocation (size).
*/
- dbSplit(tp, word, size, NOFREE);
+ dbSplit(tp, word, size, NOFREE, false);
/* get the number of dmap words handled */
nw = BUDSIZE(size, BUDMIN);
@@ -2371,7 +2371,7 @@ static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
/* update the leaf for this dmap word.
*/
rc = dbJoin(tp, word,
- dbMaxBud((u8 *) & dp->wmap[word]));
+ dbMaxBud((u8 *)&dp->wmap[word]), false);
if (rc)
return rc;
@@ -2404,7 +2404,7 @@ static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
/* update the leaf.
*/
- rc = dbJoin(tp, word, size);
+ rc = dbJoin(tp, word, size, false);
if (rc)
return rc;
@@ -2556,14 +2556,14 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
* that it is at the front of a binary buddy system.
*/
if (oldval == NOFREE) {
- rc = dbBackSplit((dmtree_t *) dcp, leafno);
+ rc = dbBackSplit((dmtree_t *)dcp, leafno, true);
if (rc)
return rc;
oldval = dcp->stree[ti];
}
- dbSplit((dmtree_t *) dcp, leafno, dcp->budmin, newval);
+ dbSplit((dmtree_t *) dcp, leafno, dcp->budmin, newval, true);
} else {
- rc = dbJoin((dmtree_t *) dcp, leafno, newval);
+ rc = dbJoin((dmtree_t *) dcp, leafno, newval, true);
if (rc)
return rc;
}
@@ -2592,7 +2592,7 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*/
if (alloc) {
dbJoin((dmtree_t *) dcp, leafno,
- oldval);
+ oldval, true);
} else {
/* the dbJoin() above might have
* caused a larger binary buddy system
@@ -2602,9 +2602,9 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*/
if (dcp->stree[ti] == NOFREE)
dbBackSplit((dmtree_t *)
- dcp, leafno);
+ dcp, leafno, true);
dbSplit((dmtree_t *) dcp, leafno,
- dcp->budmin, oldval);
+ dcp->budmin, oldval, true);
}
/* release the buffer and return the error.
@@ -2652,7 +2652,7 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*
* serialization: IREAD_LOCK(ipbmap) or IWRITE_LOCK(ipbmap) held on entry/exit;
*/
-static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
+static void dbSplit(dmtree_t *tp, int leafno, int splitsz, int newval, bool is_ctl)
{
int budsz;
int cursz;
@@ -2674,7 +2674,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
while (cursz >= splitsz) {
/* update the buddy's leaf with its new value.
*/
- dbAdjTree(tp, leafno ^ budsz, cursz);
+ dbAdjTree(tp, leafno ^ budsz, cursz, is_ctl);
/* on to the next size and buddy.
*/
@@ -2686,7 +2686,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
/* adjust the dmap tree to reflect the specified leaf's new
* value.
*/
- dbAdjTree(tp, leafno, newval);
+ dbAdjTree(tp, leafno, newval, is_ctl);
}
@@ -2717,7 +2717,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
*
* serialization: IREAD_LOCK(ipbmap) or IWRITE_LOCK(ipbmap) held on entry/exit;
*/
-static int dbBackSplit(dmtree_t * tp, int leafno)
+static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl)
{
int budsz, bud, w, bsz, size;
int cursz;
@@ -2768,7 +2768,7 @@ static int dbBackSplit(dmtree_t * tp, int leafno)
* system in two.
*/
cursz = leaf[bud] - 1;
- dbSplit(tp, bud, cursz, cursz);
+ dbSplit(tp, bud, cursz, cursz, is_ctl);
break;
}
}
@@ -2796,7 +2796,7 @@ static int dbBackSplit(dmtree_t * tp, int leafno)
*
* RETURN VALUES: none
*/
-static int dbJoin(dmtree_t * tp, int leafno, int newval)
+static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl)
{
int budsz, buddy;
s8 *leaf;
@@ -2851,12 +2851,12 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
if (leafno < buddy) {
/* leafno is the left buddy.
*/
- dbAdjTree(tp, buddy, NOFREE);
+ dbAdjTree(tp, buddy, NOFREE, is_ctl);
} else {
/* buddy is the left buddy and becomes
* leafno.
*/
- dbAdjTree(tp, leafno, NOFREE);
+ dbAdjTree(tp, leafno, NOFREE, is_ctl);
leafno = buddy;
}
@@ -2869,7 +2869,7 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
/* update the leaf value.
*/
- dbAdjTree(tp, leafno, newval);
+ dbAdjTree(tp, leafno, newval, is_ctl);
return 0;
}
@@ -2890,21 +2890,23 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
*
* RETURN VALUES: none
*/
-static void dbAdjTree(dmtree_t * tp, int leafno, int newval)
+static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl)
{
int lp, pp, k;
- int max;
+ int max, size;
+
+ size = is_ctl ? CTLTREESIZE : TREESIZE;
/* pick up the index of the leaf for this leafno.
*/
lp = leafno + le32_to_cpu(tp->dmt_leafidx);
+ if (WARN_ON_ONCE(lp >= size || lp < 0))
+ return;
+
/* is the current value the same as the old value ? if so,
* there is nothing to do.
*/
- if (WARN_ON_ONCE(lp >= CTLTREESIZE))
- return;
-
if (tp->dmt_stree[lp] == newval)
return;
--
2.34.3
2
6
[openeuler:OLK-6.6] BUILD REGRESSION c62a9941197918c1d03b99495e3a9d5d6884c0c8
by kernel test robot 22 Mar '24
by kernel test robot 22 Mar '24
22 Mar '24
tree/branch: https://gitee.com/openeuler/kernel.git OLK-6.6
branch HEAD: c62a9941197918c1d03b99495e3a9d5d6884c0c8 !5451 arm64: Delete macro in the scsnp feature
Error/Warning ids grouped by kconfigs:
gcc_recent_errors
|-- arm64-defconfig
| `-- drivers-irqchip-irq-mbigen.c:warning:expecting-prototype-for-Due-to-the-existence-of-hyper().-Prototype-was-for-GICR_LENGTH()-instead
`-- loongarch-allmodconfig
|-- drivers-i2c-busses-i2c-hisi.c:warning:expecting-prototype-for-i2c_dw_acpi_pin_mux_change().-Prototype-was-for-i2c_hisi_pin_mux_change()-instead
|-- drivers-infiniband-hw-hns-hns_roce_hw_v2.c:warning:no-previous-prototype-for-hns_roce_hw_v2_get_dscp
|-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_set_rxfh().-Prototype-was-for-rnp_set_rxnfc()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_tet_rxfh().-Prototype-was-for-rnp_get_rxfh()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_main.c:warning:directive-output-may-be-truncated-writing-byte-into-a-region-of-size-between-and
|-- drivers-net-ethernet-mucse-rnp-rnp_main.c:warning:expecting-prototype-for-rnp_write_eitr().-Prototype-was-for-rnp_write_eitr_rx()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_link_event_eanble().-Prototype-was-for-rnp_mbx_link_event_enable()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_stat_mark().-Prototype-was-for-rnp_link_stat_mark()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:no-previous-prototype-for-rnp_mbx_lldp_all_ports_enable
|-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_fc_mode_n10().-Prototype-was-for-rnp_mac_fc_mode_n10()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_init_hw_n10().-Prototype-was-for-rnp_init_hw_ops_n10()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_write_uc_addr_list().-Prototype-was-for-rnp_write_uc_addr_list_n10()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnpm_device_supports_autoneg_fc().-Prototype-was-for-rnp_device_supports_autoneg_fc()-instead
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-poll_free_mdio
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnp500_get_link_ksettings
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnp500_get_pauseparam
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnp500_set_link_ksettings
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnp500_set_pauseparam
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_addr_list_itr
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_check_mac_link_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_clean_link_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_driver_status_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clear_rar_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clear_vmdq_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clr_all_layer2_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clr_all_tuple5_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clr_layer2_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clr_mc_addr_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clr_tuple5_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clr_vfta_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_layer2_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_rar_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_rss_hfunc_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_rx_skip_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_tcp_sync_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_tuple5_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_vfta_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_vmdq_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_update_mc_addr_list_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_update_rss_key_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_update_rss_table_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_get_lldp_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_get_lpi_status_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_get_ncsi_mac_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_get_ncsi_vlan_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_get_permtion_mac_addr_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_init_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_layer2_pritologic_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_check_link_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_fc_mode_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_mdio_read_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_mdio_write_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_pmt_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_set_eee_timer_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_set_mac_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mdio_read
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_phy_read_reg_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_phy_write_reg_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_reset_eee_mode_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_reset_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_set_eee_mode_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_set_eee_pls_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_set_eee_timer_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_set_ethtool_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_set_lldp_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_set_vf_vlan_mode_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_setup_eee_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_setup_mac_link_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_setup_wol_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_start_hw_ops_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_tuple5_pritologic_n500
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_common.h:warning:suggest-braces-around-empty-body-in-an-if-statement
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_lib.c:warning:no-previous-prototype-for-rnpgbe_acquire_msix_vectors
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_lib.c:warning:no-previous-prototype-for-update_ring_count
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:directive-output-may-be-truncated-writing-byte-into-a-region-of-size-between-and
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-print_status
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_assign_netdev_ops
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_disable_eee_mode
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_eee_init
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_phy_init_eee
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_reinit_locked
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_rx_ring_reinit
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_vlan_stags_flag
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_write_eitr_rx
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_xmit_nop_frame_ring
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:suggest-braces-around-empty-body-in-an-if-statement
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:build_writereg_req-accessing-bytes-in-a-region-of-size
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-mbx_cookie_zalloc
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_fw_reg_read
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_fw_send_cmd_wait
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_link_stat_mark_disable
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_link_stat_mark_reset
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_mbx_fw_post_req
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_mbx_get_link
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_mbx_write_posted_locked
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-to_mac_type
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_ptp.c:warning:no-previous-prototype-for-rnpgbe_ptp_setup_ptp
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_sriov.c:warning:no-previous-prototype-for-check_ari_mode
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_sriov.c:warning:no-previous-prototype-for-rnpgbe_msg_post_status_signle_link
|-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_sysfs.c:warning:no-previous-prototype-for-n500_exchange_share_ram
|-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_enable_rx_buff().-Prototype-was-for-rnpm_enable_rx_buff_generic()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_update_mc_addr_list_generic().-Prototype-was-for-rnpm_update_mutiport_mc_addr_list_generic()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_debugfs.c:warning:expecting-prototype-for-rnpm_dbg_reg_ops_write().-Prototype-was-for-rnpm_dbg_phy_ops_write()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:no-previous-prototype-for-rnpm_get_phy_statistics
|-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:no-previous-prototype-for-rnpm_setup_layer2_remapping
|-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:no-previous-prototype-for-rnpm_setup_tuple5_remapping
|-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:no-previous-prototype-for-rnpm_setup_tuple5_remapping_tcam
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:directive-output-may-be-truncated-writing-byte-into-a-region-of-size-between-and
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-ixgbe_write_eitr().-Prototype-was-for-rnpm_write_eitr()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_notify().-Prototype-was-for-rnpm_irq_affinity_notify()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_release().-Prototype-was-for-rnpm_irq_affinity_release()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_is_non_eop().-Prototype-was-for-rnpm_is_non_eop()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnpm_set_ivar().-Prototype-was-for-rnpm_set_ring_vector()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-clean_all_port_resetting
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-control_mac_rx
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_assign_netdev_ops
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_can_rpu_start
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_check_mc_addr
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_clear_udp_tunnel_port
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_fix_queue_number
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_pf_service_event_schedule
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_pf_service_task
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_pf_service_timer
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_rx_ring_reinit
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_service_timer
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_vlan_stags_flag
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_write_eitr
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_xmit_nop_frame_ring
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_xmit_nop_frame_ring_temp
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-update_pf_vlan
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-wait_all_port_resetting
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:Cannot-understand-speed:
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:build_writereg_req-accessing-bytes-in-a-region-of-size
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-mbx_cookie_zalloc
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_fw_get_capablity
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_fw_reg_read
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_fw_send_cmd_wait
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_get_port_stats2
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_link_stat_mark_disable
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_mbx_fw_post_req
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_mbx_lldp_all_ports_enable
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_mbx_pluginout_evt_en
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_mbx_write_posted_locked
|-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:expecting-prototype-for-rnpm_atr_add_signature_filter_n10().-Prototype-was-for-rnpm_fdir_add_signature_filter_n10()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:no-previous-prototype-for-rnpm_reset_pipeline_n10
|-- drivers-net-ethernet-mucse-rnpm-rnpm_ptp.c:warning:no-previous-prototype-for-rnpm_ptp_setup_ptp
|-- drivers-net-ethernet-mucse-rnpm-rnpm_ptp.c:warning:suggest-braces-around-empty-body-in-an-if-statement
|-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-rnpm_get_vf_ringnum
|-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-rnpm_setup_ring_maxrate
|-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:variable-y-set-but-not-used
|-- drivers-net-ethernet-mucse-rnpm-rnpm_sysfs.c:warning:no-previous-prototype-for-rnpm_mbx_get_pn_sn
|-- drivers-net-ethernet-mucse-rnpm-rnpm_tc_u32_parse.h:warning:rnpm_ipv4_parser-defined-but-not-used
|-- loongson3-acpi-cpufreq.c:(.text):undefined-reference-to-acpi_processor_register_performance
|-- loongson3-acpi-cpufreq.c:(.text):undefined-reference-to-acpi_processor_unregister_performance
`-- security-integrity-ima-ima_appraise.c:warning:no-previous-prototype-for-ima_get_hash_algo
clang_recent_errors
|-- arm64-allmodconfig
| |-- drivers-i2c-busses-i2c-hisi.c:warning:expecting-prototype-for-i2c_dw_acpi_pin_mux_change().-Prototype-was-for-i2c_hisi_pin_mux_change()-instead
| |-- drivers-irqchip-irq-mbigen.c:warning:expecting-prototype-for-Due-to-the-existence-of-hyper().-Prototype-was-for-GICR_LENGTH()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_set_rxfh().-Prototype-was-for-rnp_set_rxnfc()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_tet_rxfh().-Prototype-was-for-rnp_get_rxfh()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_main.c:warning:expecting-prototype-for-rnp_write_eitr().-Prototype-was-for-rnp_write_eitr_rx()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_link_event_eanble().-Prototype-was-for-rnp_mbx_link_event_enable()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_stat_mark().-Prototype-was-for-rnp_link_stat_mark()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:no-previous-prototype-for-function-rnp_mbx_lldp_all_ports_enable
| |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_fc_mode_n10().-Prototype-was-for-rnp_mac_fc_mode_n10()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_init_hw_n10().-Prototype-was-for-rnp_init_hw_ops_n10()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_write_uc_addr_list().-Prototype-was-for-rnp_write_uc_addr_list_n10()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnpm_device_supports_autoneg_fc().-Prototype-was-for-rnp_device_supports_autoneg_fc()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_enable_rx_buff().-Prototype-was-for-rnpm_enable_rx_buff_generic()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_update_mc_addr_list_generic().-Prototype-was-for-rnpm_update_mutiport_mc_addr_list_generic()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_debugfs.c:warning:expecting-prototype-for-rnpm_dbg_reg_ops_write().-Prototype-was-for-rnpm_dbg_phy_ops_write()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:no-previous-prototype-for-function-rnpm_get_phy_statistics
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-ixgbe_write_eitr().-Prototype-was-for-rnpm_write_eitr()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_notify().-Prototype-was-for-rnpm_irq_affinity_notify()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_release().-Prototype-was-for-rnpm_irq_affinity_release()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_is_non_eop().-Prototype-was-for-rnpm_is_non_eop()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnpm_set_ivar().-Prototype-was-for-rnpm_set_ring_vector()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:Cannot-understand-speed:
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:expecting-prototype-for-rnpm_atr_add_signature_filter_n10().-Prototype-was-for-rnpm_fdir_add_signature_filter_n10()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_get_vf_ringnum
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_setup_ring_maxrate
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:variable-y-set-but-not-used
| |-- mm-mem_reliable.c:warning:arithmetic-between-different-enumeration-types-(-enum-node_stat_item-and-enum-lru_list-)
| |-- security-integrity-ima-ima_appraise.c:warning:no-previous-prototype-for-function-ima_get_hash_algo
| `-- security-integrity-ima-ima_fs.c:warning:variable-ret-is-used-uninitialized-whenever-if-condition-is-true
|-- x86_64-allmodconfig
| |-- drivers-crypto-montage-tsse-tsse_dev_mgr.c:warning:no-previous-prototype-for-function-tsse_stop_dev
| |-- drivers-crypto-montage-tsse-tsse_dev_mgr.c:warning:variable-ptr-is-used-uninitialized-whenever-for-loop-exits-because-its-condition-is-false
| |-- drivers-crypto-montage-tsse-tsse_fw_service.c:warning:no-previous-prototype-for-function-fw_free
| |-- drivers-crypto-montage-tsse-tsse_fw_service.c:warning:no-previous-prototype-for-function-fw_send_msg
| |-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:no-previous-prototype-for-function-get_msginf
| |-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:no-previous-prototype-for-function-ipc_hw_init
| |-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:no-previous-prototype-for-function-ipc_init_msg
| |-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:no-previous-prototype-for-function-ipc_recieve_msg
| |-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:no-previous-prototype-for-function-ipc_send_msg
| |-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:no-previous-prototype-for-function-msg_rout
| |-- drivers-crypto-montage-tsse-tsse_service.c:warning:no-previous-prototype-for-function-service_rout
| |-- drivers-crypto-montage-tsse-tsse_service.c:warning:variable-ret-set-but-not-used
| |-- drivers-i2c-busses-i2c-hisi.c:warning:expecting-prototype-for-i2c_dw_acpi_pin_mux_change().-Prototype-was-for-i2c_hisi_pin_mux_change()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_set_rxfh().-Prototype-was-for-rnp_set_rxnfc()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_tet_rxfh().-Prototype-was-for-rnp_get_rxfh()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_main.c:warning:expecting-prototype-for-rnp_write_eitr().-Prototype-was-for-rnp_write_eitr_rx()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_link_event_eanble().-Prototype-was-for-rnp_mbx_link_event_enable()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_stat_mark().-Prototype-was-for-rnp_link_stat_mark()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:no-previous-prototype-for-function-rnp_mbx_lldp_all_ports_enable
| |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_fc_mode_n10().-Prototype-was-for-rnp_mac_fc_mode_n10()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_init_hw_n10().-Prototype-was-for-rnp_init_hw_ops_n10()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_write_uc_addr_list().-Prototype-was-for-rnp_write_uc_addr_list_n10()-instead
| |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnpm_device_supports_autoneg_fc().-Prototype-was-for-rnp_device_supports_autoneg_fc()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_enable_rx_buff().-Prototype-was-for-rnpm_enable_rx_buff_generic()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_update_mc_addr_list_generic().-Prototype-was-for-rnpm_update_mutiport_mc_addr_list_generic()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_debugfs.c:warning:expecting-prototype-for-rnpm_dbg_reg_ops_write().-Prototype-was-for-rnpm_dbg_phy_ops_write()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:no-previous-prototype-for-function-rnpm_get_phy_statistics
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-ixgbe_write_eitr().-Prototype-was-for-rnpm_write_eitr()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_notify().-Prototype-was-for-rnpm_irq_affinity_notify()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_release().-Prototype-was-for-rnpm_irq_affinity_release()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_is_non_eop().-Prototype-was-for-rnpm_is_non_eop()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnpm_set_ivar().-Prototype-was-for-rnpm_set_ring_vector()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:Cannot-understand-speed:
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:expecting-prototype-for-rnpm_atr_add_signature_filter_n10().-Prototype-was-for-rnpm_fdir_add_signature_filter_n10()-instead
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_get_vf_ringnum
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_setup_ring_maxrate
| |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:variable-y-set-but-not-used
| |-- security-integrity-ima-ima_appraise.c:warning:no-previous-prototype-for-function-ima_get_hash_algo
| `-- security-integrity-ima-ima_fs.c:warning:variable-ret-is-used-uninitialized-whenever-if-condition-is-true
`-- x86_64-allyesconfig
|-- drivers-crypto-montage-tsse-tsse_dev_mgr.c:warning:no-previous-prototype-for-function-tsse_stop_dev
|-- drivers-crypto-montage-tsse-tsse_dev_mgr.c:warning:variable-ptr-is-used-uninitialized-whenever-for-loop-exits-because-its-condition-is-false
|-- drivers-crypto-montage-tsse-tsse_fw_service.c:warning:no-previous-prototype-for-function-fw_free
|-- drivers-crypto-montage-tsse-tsse_fw_service.c:warning:no-previous-prototype-for-function-fw_send_msg
|-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:no-previous-prototype-for-function-get_msginf
|-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:no-previous-prototype-for-function-ipc_hw_init
|-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:no-previous-prototype-for-function-ipc_init_msg
|-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:no-previous-prototype-for-function-ipc_recieve_msg
|-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:no-previous-prototype-for-function-ipc_send_msg
|-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:no-previous-prototype-for-function-msg_rout
|-- drivers-crypto-montage-tsse-tsse_service.c:warning:no-previous-prototype-for-function-service_rout
|-- drivers-crypto-montage-tsse-tsse_service.c:warning:variable-ret-set-but-not-used
|-- drivers-i2c-busses-i2c-hisi.c:warning:expecting-prototype-for-i2c_dw_acpi_pin_mux_change().-Prototype-was-for-i2c_hisi_pin_mux_change()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_set_rxfh().-Prototype-was-for-rnp_set_rxnfc()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_tet_rxfh().-Prototype-was-for-rnp_get_rxfh()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_main.c:warning:expecting-prototype-for-rnp_write_eitr().-Prototype-was-for-rnp_write_eitr_rx()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_link_event_eanble().-Prototype-was-for-rnp_mbx_link_event_enable()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_stat_mark().-Prototype-was-for-rnp_link_stat_mark()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:no-previous-prototype-for-function-rnp_mbx_lldp_all_ports_enable
|-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_fc_mode_n10().-Prototype-was-for-rnp_mac_fc_mode_n10()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_init_hw_n10().-Prototype-was-for-rnp_init_hw_ops_n10()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_write_uc_addr_list().-Prototype-was-for-rnp_write_uc_addr_list_n10()-instead
|-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnpm_device_supports_autoneg_fc().-Prototype-was-for-rnp_device_supports_autoneg_fc()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_enable_rx_buff().-Prototype-was-for-rnpm_enable_rx_buff_generic()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_update_mc_addr_list_generic().-Prototype-was-for-rnpm_update_mutiport_mc_addr_list_generic()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_debugfs.c:warning:expecting-prototype-for-rnpm_dbg_reg_ops_write().-Prototype-was-for-rnpm_dbg_phy_ops_write()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:no-previous-prototype-for-function-rnpm_get_phy_statistics
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-ixgbe_write_eitr().-Prototype-was-for-rnpm_write_eitr()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_notify().-Prototype-was-for-rnpm_irq_affinity_notify()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_release().-Prototype-was-for-rnpm_irq_affinity_release()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_is_non_eop().-Prototype-was-for-rnpm_is_non_eop()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnpm_set_ivar().-Prototype-was-for-rnpm_set_ring_vector()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:Cannot-understand-speed:
|-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:expecting-prototype-for-rnpm_atr_add_signature_filter_n10().-Prototype-was-for-rnpm_fdir_add_signature_filter_n10()-instead
|-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_get_vf_ringnum
|-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_setup_ring_maxrate
|-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:variable-y-set-but-not-used
|-- ld.lld:error:duplicate-symbol:__cfi_check_ari_mode
|-- ld.lld:error:duplicate-symbol:__cfi_mbx_cookie_zalloc
|-- ld.lld:error:duplicate-symbol:check_ari_mode
|-- ld.lld:error:duplicate-symbol:mbx_cookie_zalloc
|-- ld.lld:error:duplicate-symbol:rnp10_netdev_ops
|-- security-integrity-ima-ima_appraise.c:warning:no-previous-prototype-for-function-ima_get_hash_algo
`-- security-integrity-ima-ima_fs.c:warning:variable-ret-is-used-uninitialized-whenever-if-condition-is-true
elapsed time: 1114m
configs tested: 10
configs skipped: 94
tested configs:
arm64 allmodconfig clang
arm64 allnoconfig gcc
arm64 defconfig gcc
loongarch allmodconfig gcc
loongarch allnoconfig gcc
loongarch defconfig gcc
x86_64 allnoconfig clang
x86_64 allyesconfig clang
x86_64 defconfig gcc
x86_64 rhel-8.3-rust clang
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
1
0
[PATCH openEuler-22.03-LTS-SP1] jfs: fix array-index-out-of-bounds in dbAdjTree
by ZhaoLong Wang 22 Mar '24
by ZhaoLong Wang 22 Mar '24
22 Mar '24
From: Manas Ghandat <ghandatmanas(a)gmail.com>
stable inclusion
from stable-v5.10.210
commit 2037cb9d95f1741885f7daf50e8a028c4ade5317
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I96GQ3
CVE: CVE-2023-52601
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
--------------------------------
[ Upstream commit 74ecdda68242b174920fe7c6133a856fb7d8559b ]
Currently there is a bound check missing in the dbAdjTree while
accessing the dmt_stree. To add the required check added the bool is_ctl
which is required to determine the size as suggest in the following
commit.
https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e…
Reported-by: syzbot+39ba34a099ac2e9bd3cb(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb
Signed-off-by: Manas Ghandat <ghandatmanas(a)gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
Signed-off-by: ZhaoLong Wang <wangzhaolong1(a)huawei.com>
---
fs/jfs/jfs_dmap.c | 60 ++++++++++++++++++++++++-----------------------
1 file changed, 31 insertions(+), 29 deletions(-)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 23e51992c964..6f42aed070dc 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -63,10 +63,10 @@
*/
static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
int nblocks);
-static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval);
-static int dbBackSplit(dmtree_t * tp, int leafno);
-static int dbJoin(dmtree_t * tp, int leafno, int newval);
-static void dbAdjTree(dmtree_t * tp, int leafno, int newval);
+static void dbSplit(dmtree_t *tp, int leafno, int splitsz, int newval, bool is_ctl);
+static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl);
+static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl);
+static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl);
static int dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc,
int level);
static int dbAllocAny(struct bmap * bmp, s64 nblocks, int l2nb, s64 * results);
@@ -2138,7 +2138,7 @@ static int dbFreeDmap(struct bmap * bmp, struct dmap * dp, s64 blkno,
* system.
*/
if (dp->tree.stree[word] == NOFREE)
- dbBackSplit((dmtree_t *) & dp->tree, word);
+ dbBackSplit((dmtree_t *)&dp->tree, word, false);
dbAllocBits(bmp, dp, blkno, nblocks);
}
@@ -2224,7 +2224,7 @@ static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
* the binary system of the leaves if need be.
*/
dbSplit(tp, word, BUDMIN,
- dbMaxBud((u8 *) & dp->wmap[word]));
+ dbMaxBud((u8 *)&dp->wmap[word]), false);
word += 1;
} else {
@@ -2264,7 +2264,7 @@ static void dbAllocBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
* system of the leaves to reflect the current
* allocation (size).
*/
- dbSplit(tp, word, size, NOFREE);
+ dbSplit(tp, word, size, NOFREE, false);
/* get the number of dmap words handled */
nw = BUDSIZE(size, BUDMIN);
@@ -2371,7 +2371,7 @@ static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
/* update the leaf for this dmap word.
*/
rc = dbJoin(tp, word,
- dbMaxBud((u8 *) & dp->wmap[word]));
+ dbMaxBud((u8 *)&dp->wmap[word]), false);
if (rc)
return rc;
@@ -2404,7 +2404,7 @@ static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,
/* update the leaf.
*/
- rc = dbJoin(tp, word, size);
+ rc = dbJoin(tp, word, size, false);
if (rc)
return rc;
@@ -2556,14 +2556,14 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
* that it is at the front of a binary buddy system.
*/
if (oldval == NOFREE) {
- rc = dbBackSplit((dmtree_t *) dcp, leafno);
+ rc = dbBackSplit((dmtree_t *)dcp, leafno, true);
if (rc)
return rc;
oldval = dcp->stree[ti];
}
- dbSplit((dmtree_t *) dcp, leafno, dcp->budmin, newval);
+ dbSplit((dmtree_t *) dcp, leafno, dcp->budmin, newval, true);
} else {
- rc = dbJoin((dmtree_t *) dcp, leafno, newval);
+ rc = dbJoin((dmtree_t *) dcp, leafno, newval, true);
if (rc)
return rc;
}
@@ -2592,7 +2592,7 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*/
if (alloc) {
dbJoin((dmtree_t *) dcp, leafno,
- oldval);
+ oldval, true);
} else {
/* the dbJoin() above might have
* caused a larger binary buddy system
@@ -2602,9 +2602,9 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*/
if (dcp->stree[ti] == NOFREE)
dbBackSplit((dmtree_t *)
- dcp, leafno);
+ dcp, leafno, true);
dbSplit((dmtree_t *) dcp, leafno,
- dcp->budmin, oldval);
+ dcp->budmin, oldval, true);
}
/* release the buffer and return the error.
@@ -2652,7 +2652,7 @@ dbAdjCtl(struct bmap * bmp, s64 blkno, int newval, int alloc, int level)
*
* serialization: IREAD_LOCK(ipbmap) or IWRITE_LOCK(ipbmap) held on entry/exit;
*/
-static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
+static void dbSplit(dmtree_t *tp, int leafno, int splitsz, int newval, bool is_ctl)
{
int budsz;
int cursz;
@@ -2674,7 +2674,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
while (cursz >= splitsz) {
/* update the buddy's leaf with its new value.
*/
- dbAdjTree(tp, leafno ^ budsz, cursz);
+ dbAdjTree(tp, leafno ^ budsz, cursz, is_ctl);
/* on to the next size and buddy.
*/
@@ -2686,7 +2686,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
/* adjust the dmap tree to reflect the specified leaf's new
* value.
*/
- dbAdjTree(tp, leafno, newval);
+ dbAdjTree(tp, leafno, newval, is_ctl);
}
@@ -2717,7 +2717,7 @@ static void dbSplit(dmtree_t * tp, int leafno, int splitsz, int newval)
*
* serialization: IREAD_LOCK(ipbmap) or IWRITE_LOCK(ipbmap) held on entry/exit;
*/
-static int dbBackSplit(dmtree_t * tp, int leafno)
+static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl)
{
int budsz, bud, w, bsz, size;
int cursz;
@@ -2768,7 +2768,7 @@ static int dbBackSplit(dmtree_t * tp, int leafno)
* system in two.
*/
cursz = leaf[bud] - 1;
- dbSplit(tp, bud, cursz, cursz);
+ dbSplit(tp, bud, cursz, cursz, is_ctl);
break;
}
}
@@ -2796,7 +2796,7 @@ static int dbBackSplit(dmtree_t * tp, int leafno)
*
* RETURN VALUES: none
*/
-static int dbJoin(dmtree_t * tp, int leafno, int newval)
+static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl)
{
int budsz, buddy;
s8 *leaf;
@@ -2851,12 +2851,12 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
if (leafno < buddy) {
/* leafno is the left buddy.
*/
- dbAdjTree(tp, buddy, NOFREE);
+ dbAdjTree(tp, buddy, NOFREE, is_ctl);
} else {
/* buddy is the left buddy and becomes
* leafno.
*/
- dbAdjTree(tp, leafno, NOFREE);
+ dbAdjTree(tp, leafno, NOFREE, is_ctl);
leafno = buddy;
}
@@ -2869,7 +2869,7 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
/* update the leaf value.
*/
- dbAdjTree(tp, leafno, newval);
+ dbAdjTree(tp, leafno, newval, is_ctl);
return 0;
}
@@ -2890,21 +2890,23 @@ static int dbJoin(dmtree_t * tp, int leafno, int newval)
*
* RETURN VALUES: none
*/
-static void dbAdjTree(dmtree_t * tp, int leafno, int newval)
+static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl)
{
int lp, pp, k;
- int max;
+ int max, size;
+
+ size = is_ctl ? CTLTREESIZE : TREESIZE;
/* pick up the index of the leaf for this leafno.
*/
lp = leafno + le32_to_cpu(tp->dmt_leafidx);
+ if (WARN_ON_ONCE(lp >= size || lp < 0))
+ return;
+
/* is the current value the same as the old value ? if so,
* there is nothing to do.
*/
- if (WARN_ON_ONCE(lp >= CTLTREESIZE))
- return;
-
if (tp->dmt_stree[lp] == newval)
return;
--
2.34.3
2
6