Kernel
Threads by month
- ----- 2025 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- 46 participants
- 20807 discussions

[openeuler:OLK-5.10 2994/2994] drivers/net/ethernet/linkdata/sxe/sxepf/sxe_debugfs.c:432:6: error: no previous prototype for function 'sxe_debugfs_entries_init'
by kernel test robot 01 Jul '25
by kernel test robot 01 Jul '25
01 Jul '25
tree: https://gitee.com/openeuler/kernel.git OLK-5.10
head: 2264b0731bcc958f540da580ad93b9f103a8e271
commit: 8cee206b5558245197158bd20895f95cc28d8468 [2994/2994] Ethernet: Linkdata: Supports Linkdata ethernet Controllers
config: x86_64-rhel-9.4-rust (https://download.01.org/0day-ci/archive/20250630/202506301940.eVT83gzC-lkp@…)
compiler: clang version 18.1.8 (https://github.com/llvm/llvm-project 3b5b5c1ec4a3095ab096dd780e84d7ab81f3d7ff)
rustc: rustc 1.58.0 (02072b482 2022-01-11)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250630/202506301940.eVT83gzC-lkp@…)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp(a)intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202506301940.eVT83gzC-lkp@intel.com/
All errors (new ones prefixed by >>):
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_xdp.c:403:6: error: no previous prototype for function 'sxe_txrx_ring_enable' [-Werror,-Wmissing-prototypes]
403 | void sxe_txrx_ring_enable(struct sxe_adapter *adapter, u32 ring_idx)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_xdp.c:403:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
403 | void sxe_txrx_ring_enable(struct sxe_adapter *adapter, u32 ring_idx)
| ^
| static
1 error generated.
--
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_debugfs.c:432:6: error: no previous prototype for function 'sxe_debugfs_entries_init' [-Werror,-Wmissing-prototypes]
432 | void sxe_debugfs_entries_init(struct sxe_adapter *adapter)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_debugfs.c:432:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
432 | void sxe_debugfs_entries_init(struct sxe_adapter *adapter)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_debugfs.c:459:6: error: no previous prototype for function 'sxe_debugfs_entries_exit' [-Werror,-Wmissing-prototypes]
459 | void sxe_debugfs_entries_exit(struct sxe_adapter *adapter)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_debugfs.c:459:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
459 | void sxe_debugfs_entries_exit(struct sxe_adapter *adapter)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_debugfs.c:465:6: error: no previous prototype for function 'sxe_debugfs_init' [-Werror,-Wmissing-prototypes]
465 | void sxe_debugfs_init(void)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_debugfs.c:465:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
465 | void sxe_debugfs_init(void)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_debugfs.c:470:6: error: no previous prototype for function 'sxe_debugfs_exit' [-Werror,-Wmissing-prototypes]
470 | void sxe_debugfs_exit(void)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_debugfs.c:470:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
470 | void sxe_debugfs_exit(void)
| ^
| static
4 errors generated.
--
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_ethtool.c:2022:5: error: no previous prototype for function 'sxe_reg_test' [-Werror,-Wmissing-prototypes]
2022 | int sxe_reg_test(struct sxe_adapter *adapter)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_ethtool.c:2022:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
2022 | int sxe_reg_test(struct sxe_adapter *adapter)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_ethtool.c:2644:5: error: no previous prototype for function 'sxe_phys_id_set' [-Werror,-Wmissing-prototypes]
2644 | int sxe_phys_id_set(struct net_device *netdev, enum ethtool_phys_id_state state)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_ethtool.c:2644:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
2644 | int sxe_phys_id_set(struct net_device *netdev, enum ethtool_phys_id_state state)
| ^
| static
2 errors generated.
--
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:230:6: error: no previous prototype for function 'sxe_hw_no_snoop_disable' [-Werror,-Wmissing-prototypes]
230 | void sxe_hw_no_snoop_disable(struct sxe_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:230:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
230 | void sxe_hw_no_snoop_disable(struct sxe_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:262:6: error: no previous prototype for function 'sxe_hw_uc_addr_pool_del' [-Werror,-Wmissing-prototypes]
262 | void sxe_hw_uc_addr_pool_del(struct sxe_hw *hw, u32 rar_idx, u32 pool_idx)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:262:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
262 | void sxe_hw_uc_addr_pool_del(struct sxe_hw *hw, u32 rar_idx, u32 pool_idx)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:283:5: error: no previous prototype for function 'sxe_hw_uc_addr_pool_enable' [-Werror,-Wmissing-prototypes]
283 | s32 sxe_hw_uc_addr_pool_enable(struct sxe_hw *hw, u8 rar_idx, u8 pool_idx)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:283:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
283 | s32 sxe_hw_uc_addr_pool_enable(struct sxe_hw *hw, u8 rar_idx, u8 pool_idx)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:337:5: error: no previous prototype for function 'sxe_hw_nic_reset' [-Werror,-Wmissing-prototypes]
337 | s32 sxe_hw_nic_reset(struct sxe_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:337:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
337 | s32 sxe_hw_nic_reset(struct sxe_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:367:6: error: no previous prototype for function 'sxe_hw_pf_rst_done_set' [-Werror,-Wmissing-prototypes]
367 | void sxe_hw_pf_rst_done_set(struct sxe_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:367:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
367 | void sxe_hw_pf_rst_done_set(struct sxe_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:735:5: error: no previous prototype for function 'sxe_hw_pending_irq_read_clear' [-Werror,-Wmissing-prototypes]
735 | u32 sxe_hw_pending_irq_read_clear(struct sxe_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:735:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
735 | u32 sxe_hw_pending_irq_read_clear(struct sxe_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:740:6: error: no previous prototype for function 'sxe_hw_pending_irq_write_clear' [-Werror,-Wmissing-prototypes]
740 | void sxe_hw_pending_irq_write_clear(struct sxe_hw *hw, u32 value)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:740:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
740 | void sxe_hw_pending_irq_write_clear(struct sxe_hw *hw, u32 value)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:745:5: error: no previous prototype for function 'sxe_hw_irq_cause_get' [-Werror,-Wmissing-prototypes]
745 | u32 sxe_hw_irq_cause_get(struct sxe_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:745:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
745 | u32 sxe_hw_irq_cause_get(struct sxe_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:765:6: error: no previous prototype for function 'sxe_hw_ring_irq_auto_disable' [-Werror,-Wmissing-prototypes]
765 | void sxe_hw_ring_irq_auto_disable(struct sxe_hw *hw, bool is_msix)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:765:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
765 | void sxe_hw_ring_irq_auto_disable(struct sxe_hw *hw, bool is_msix)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:775:6: error: no previous prototype for function 'sxe_hw_irq_general_reg_set' [-Werror,-Wmissing-prototypes]
775 | void sxe_hw_irq_general_reg_set(struct sxe_hw *hw, u32 value)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:775:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
775 | void sxe_hw_irq_general_reg_set(struct sxe_hw *hw, u32 value)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:780:5: error: no previous prototype for function 'sxe_hw_irq_general_reg_get' [-Werror,-Wmissing-prototypes]
780 | u32 sxe_hw_irq_general_reg_get(struct sxe_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:780:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
780 | u32 sxe_hw_irq_general_reg_get(struct sxe_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:790:6: error: no previous prototype for function 'sxe_hw_event_irq_map' [-Werror,-Wmissing-prototypes]
790 | void sxe_hw_event_irq_map(struct sxe_hw *hw, u8 offset, u16 irq_idx)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:790:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
790 | void sxe_hw_event_irq_map(struct sxe_hw *hw, u8 offset, u16 irq_idx)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:806:6: error: no previous prototype for function 'sxe_hw_ring_irq_map' [-Werror,-Wmissing-prototypes]
806 | void sxe_hw_ring_irq_map(struct sxe_hw *hw, bool is_tx, u16 reg_idx,
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:806:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
806 | void sxe_hw_ring_irq_map(struct sxe_hw *hw, bool is_tx, u16 reg_idx,
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:823:6: error: no previous prototype for function 'sxe_hw_ring_irq_interval_set' [-Werror,-Wmissing-prototypes]
823 | void sxe_hw_ring_irq_interval_set(struct sxe_hw *hw, u16 irq_idx, u32 interval)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:823:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
823 | void sxe_hw_ring_irq_interval_set(struct sxe_hw *hw, u16 irq_idx, u32 interval)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:838:6: error: no previous prototype for function 'sxe_hw_event_irq_auto_clear_set' [-Werror,-Wmissing-prototypes]
838 | void sxe_hw_event_irq_auto_clear_set(struct sxe_hw *hw, u32 value)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:838:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
838 | void sxe_hw_event_irq_auto_clear_set(struct sxe_hw *hw, u32 value)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:843:6: error: no previous prototype for function 'sxe_hw_specific_irq_disable' [-Werror,-Wmissing-prototypes]
843 | void sxe_hw_specific_irq_disable(struct sxe_hw *hw, u32 value)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:843:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
843 | void sxe_hw_specific_irq_disable(struct sxe_hw *hw, u32 value)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:848:6: error: no previous prototype for function 'sxe_hw_specific_irq_enable' [-Werror,-Wmissing-prototypes]
848 | void sxe_hw_specific_irq_enable(struct sxe_hw *hw, u32 value)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:848:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
848 | void sxe_hw_specific_irq_enable(struct sxe_hw *hw, u32 value)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:876:6: error: no previous prototype for function 'sxe_hw_all_irq_disable' [-Werror,-Wmissing-prototypes]
876 | void sxe_hw_all_irq_disable(struct sxe_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:876:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
876 | void sxe_hw_all_irq_disable(struct sxe_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:994:5: error: no previous prototype for function 'sxe_hw_link_speed_get' [-Werror,-Wmissing-prototypes]
994 | u32 sxe_hw_link_speed_get(struct sxe_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_hw.c:994:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
994 | u32 sxe_hw_link_speed_get(struct sxe_hw *hw)
| ^
| static
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
--
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_irq.c:136:5: error: no previous prototype for function 'sxe_msi_irq_init' [-Werror,-Wmissing-prototypes]
136 | int sxe_msi_irq_init(struct sxe_adapter *adapter)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_irq.c:136:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
136 | int sxe_msi_irq_init(struct sxe_adapter *adapter)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_irq.c:182:6: error: no previous prototype for function 'sxe_disable_dcb' [-Werror,-Wmissing-prototypes]
182 | void sxe_disable_dcb(struct sxe_adapter *adapter)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_irq.c:182:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
182 | void sxe_disable_dcb(struct sxe_adapter *adapter)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_irq.c:212:6: error: no previous prototype for function 'sxe_disable_rss' [-Werror,-Wmissing-prototypes]
212 | void sxe_disable_rss(struct sxe_adapter *adapter)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_irq.c:212:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
212 | void sxe_disable_rss(struct sxe_adapter *adapter)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_irq.c:729:6: error: no previous prototype for function 'sxe_lsc_irq_handler' [-Werror,-Wmissing-prototypes]
729 | void sxe_lsc_irq_handler(struct sxe_adapter *adapter)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_irq.c:729:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
729 | void sxe_lsc_irq_handler(struct sxe_adapter *adapter)
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_irq.c:745:6: error: no previous prototype for function 'sxe_mailbox_irq_handler' [-Werror,-Wmissing-prototypes]
745 | void sxe_mailbox_irq_handler(struct sxe_adapter *adapter)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_irq.c:745:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
745 | void sxe_mailbox_irq_handler(struct sxe_adapter *adapter)
| ^
| static
5 errors generated.
--
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_main.c:70:6: error: no previous prototype for function 'sxe_allow_inval_mac' [-Werror,-Wmissing-prototypes]
70 | bool sxe_allow_inval_mac(void)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_main.c:70:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
70 | bool sxe_allow_inval_mac(void)
| ^
| static
1 error generated.
--
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_phy.c:733:5: error: no previous prototype for function 'sxe_multispeed_sfp_link_configure' [-Werror,-Wmissing-prototypes]
733 | s32 sxe_multispeed_sfp_link_configure(struct sxe_adapter *adapter, u32 speed)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_phy.c:733:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
733 | s32 sxe_multispeed_sfp_link_configure(struct sxe_adapter *adapter, u32 speed)
| ^
| static
1 error generated.
--
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_rx_proc.c:1431:6: error: no previous prototype for function 'sxe_headers_cleanup' [-Werror,-Wmissing-prototypes]
1431 | bool sxe_headers_cleanup(struct sxe_ring *rx_ring,
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_rx_proc.c:1431:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
1431 | bool sxe_headers_cleanup(struct sxe_ring *rx_ring,
| ^
| static
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_rx_proc.c:1569:6: error: no previous prototype for function 'sxe_rx_buffer_page_offset_update' [-Werror,-Wmissing-prototypes]
1569 | void sxe_rx_buffer_page_offset_update(struct sxe_ring *rx_ring,
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_rx_proc.c:1569:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
1569 | void sxe_rx_buffer_page_offset_update(struct sxe_ring *rx_ring,
| ^
| static
2 errors generated.
--
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_sriov.c:766:6: error: variable 'ret' set but not used [-Werror,-Wunused-but-set-variable]
766 | s32 ret;
| ^
>> drivers/net/ethernet/linkdata/sxe/sxepf/sxe_sriov.c:1552:6: error: no previous prototype for function 'sxe_set_vf_link_enable' [-Werror,-Wmissing-prototypes]
1552 | void sxe_set_vf_link_enable(struct sxe_adapter *adapter, s32 vf_idx, s32 state)
| ^
drivers/net/ethernet/linkdata/sxe/sxepf/sxe_sriov.c:1552:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
1552 | void sxe_set_vf_link_enable(struct sxe_adapter *adapter, s32 vf_idx, s32 state)
| ^
| static
2 errors generated.
--
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:160:6: error: no previous prototype for function 'sxevf_hw_stop' [-Werror,-Wmissing-prototypes]
160 | void sxevf_hw_stop(struct sxevf_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:160:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
160 | void sxevf_hw_stop(struct sxevf_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:187:6: error: no previous prototype for function 'sxevf_msg_write' [-Werror,-Wmissing-prototypes]
187 | void sxevf_msg_write(struct sxevf_hw *hw, u8 index, u32 msg)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:187:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
187 | void sxevf_msg_write(struct sxevf_hw *hw, u8 index, u32 msg)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:196:5: error: no previous prototype for function 'sxevf_msg_read' [-Werror,-Wmissing-prototypes]
196 | u32 sxevf_msg_read(struct sxevf_hw *hw, u8 index)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:196:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
196 | u32 sxevf_msg_read(struct sxevf_hw *hw, u8 index)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:206:5: error: no previous prototype for function 'sxevf_mailbox_read' [-Werror,-Wmissing-prototypes]
206 | u32 sxevf_mailbox_read(struct sxevf_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:206:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
206 | u32 sxevf_mailbox_read(struct sxevf_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:211:6: error: no previous prototype for function 'sxevf_mailbox_write' [-Werror,-Wmissing-prototypes]
211 | void sxevf_mailbox_write(struct sxevf_hw *hw, u32 value)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:211:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
211 | void sxevf_mailbox_write(struct sxevf_hw *hw, u32 value)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:216:6: error: no previous prototype for function 'sxevf_pf_req_irq_trigger' [-Werror,-Wmissing-prototypes]
216 | void sxevf_pf_req_irq_trigger(struct sxevf_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:216:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
216 | void sxevf_pf_req_irq_trigger(struct sxevf_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:221:6: error: no previous prototype for function 'sxevf_pf_ack_irq_trigger' [-Werror,-Wmissing-prototypes]
221 | void sxevf_pf_ack_irq_trigger(struct sxevf_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:221:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
221 | void sxevf_pf_ack_irq_trigger(struct sxevf_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:226:6: error: no previous prototype for function 'sxevf_event_irq_map' [-Werror,-Wmissing-prototypes]
226 | void sxevf_event_irq_map(struct sxevf_hw *hw, u16 vector)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:226:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
226 | void sxevf_event_irq_map(struct sxevf_hw *hw, u16 vector)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:240:6: error: no previous prototype for function 'sxevf_specific_irq_enable' [-Werror,-Wmissing-prototypes]
240 | void sxevf_specific_irq_enable(struct sxevf_hw *hw, u32 value)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:240:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
240 | void sxevf_specific_irq_enable(struct sxevf_hw *hw, u32 value)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:245:6: error: no previous prototype for function 'sxevf_irq_enable' [-Werror,-Wmissing-prototypes]
245 | void sxevf_irq_enable(struct sxevf_hw *hw, u32 mask)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:245:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
245 | void sxevf_irq_enable(struct sxevf_hw *hw, u32 mask)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:251:6: error: no previous prototype for function 'sxevf_irq_disable' [-Werror,-Wmissing-prototypes]
251 | void sxevf_irq_disable(struct sxevf_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:251:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
251 | void sxevf_irq_disable(struct sxevf_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:259:6: error: no previous prototype for function 'sxevf_hw_ring_irq_map' [-Werror,-Wmissing-prototypes]
259 | void sxevf_hw_ring_irq_map(struct sxevf_hw *hw, bool is_tx, u16 hw_ring_idx,
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:259:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
259 | void sxevf_hw_ring_irq_map(struct sxevf_hw *hw, bool is_tx, u16 hw_ring_idx,
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:276:6: error: no previous prototype for function 'sxevf_ring_irq_interval_set' [-Werror,-Wmissing-prototypes]
276 | void sxevf_ring_irq_interval_set(struct sxevf_hw *hw, u16 irq_idx, u32 interval)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:276:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
276 | void sxevf_ring_irq_interval_set(struct sxevf_hw *hw, u16 irq_idx, u32 interval)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:313:6: error: no previous prototype for function 'sxevf_hw_reset' [-Werror,-Wmissing-prototypes]
313 | void sxevf_hw_reset(struct sxevf_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:313:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
313 | void sxevf_hw_reset(struct sxevf_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:324:5: error: no previous prototype for function 'sxevf_link_state_get' [-Werror,-Wmissing-prototypes]
324 | u32 sxevf_link_state_get(struct sxevf_hw *hw)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:324:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
324 | u32 sxevf_link_state_get(struct sxevf_hw *hw)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:539:6: error: no previous prototype for function 'sxevf_tx_ring_switch' [-Werror,-Wmissing-prototypes]
539 | void sxevf_tx_ring_switch(struct sxevf_hw *hw, u8 reg_idx, bool is_on)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:539:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
539 | void sxevf_tx_ring_switch(struct sxevf_hw *hw, u8 reg_idx, bool is_on)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:594:6: error: no previous prototype for function 'sxevf_rx_ring_switch' [-Werror,-Wmissing-prototypes]
594 | void sxevf_rx_ring_switch(struct sxevf_hw *hw, u8 reg_idx, bool is_on)
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:594:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
594 | void sxevf_rx_ring_switch(struct sxevf_hw *hw, u8 reg_idx, bool is_on)
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:626:6: error: no previous prototype for function 'sxevf_rx_ring_desc_configure' [-Werror,-Wmissing-prototypes]
626 | void sxevf_rx_ring_desc_configure(struct sxevf_hw *hw, u32 desc_mem_len,
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:626:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
626 | void sxevf_rx_ring_desc_configure(struct sxevf_hw *hw, u32 desc_mem_len,
| ^
| static
>> drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:640:6: error: no previous prototype for function 'sxevf_rx_rcv_ctl_configure' [-Werror,-Wmissing-prototypes]
640 | void sxevf_rx_rcv_ctl_configure(struct sxevf_hw *hw, u8 reg_idx,
| ^
drivers/net/ethernet/linkdata/sxevf/sxevf/sxevf_hw.c:640:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
640 | void sxevf_rx_rcv_ctl_configure(struct sxevf_hw *hw, u8 reg_idx,
| ^
| static
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
..
vim +/sxe_debugfs_entries_init +432 drivers/net/ethernet/linkdata/sxe/sxepf/sxe_debugfs.c
431
> 432 void sxe_debugfs_entries_init(struct sxe_adapter *adapter)
433 {
434 struct dentry *dir;
435 const char *name = pci_name(adapter->pdev);
436
437 adapter->debugfs_entries = debugfs_create_dir(name, sxe_debugfs_root);
438 dir = debugfs_create_file("reg_ops", 0600, adapter->debugfs_entries,
439 adapter, &sxe_debugfs_reg_ops_fops);
440 if (!dir || dir == ERR_PTR(-ENODEV))
441 LOG_INFO_BDF("debugfs:reg_ops file create failed\n");
442
443 dir = debugfs_create_file("netdev_ops", 0600, adapter->debugfs_entries,
444 adapter, &sxe_debugfs_netdev_ops_fops);
445 if (!dir || dir == ERR_PTR(-ENODEV))
446 LOG_INFO_BDF("debugfs:netdev_ops file create failed\n");
447
448 dir = debugfs_create_file("hw_stats", 0400, adapter->debugfs_entries,
449 adapter, &sxe_debugfs_hw_stats_fops);
450 if (!dir || dir == ERR_PTR(-ENODEV))
451 LOG_INFO_BDF("debugfs:hw_stats file create failed\n");
452
453 dir = debugfs_create_file("sfp_info", 0400, adapter->debugfs_entries,
454 adapter, &sxe_debugfs_sfp_info_fops);
455 if (!dir || dir == ERR_PTR(-ENODEV))
456 LOG_INFO_BDF("debugfs:sfp_info file create failed\n");
457 }
458
> 459 void sxe_debugfs_entries_exit(struct sxe_adapter *adapter)
460 {
461 debugfs_remove_recursive(adapter->debugfs_entries);
462 adapter->debugfs_entries = NULL;
463 }
464
> 465 void sxe_debugfs_init(void)
466 {
467 sxe_debugfs_root = debugfs_create_dir(SXE_DRV_NAME, NULL);
468 }
469
> 470 void sxe_debugfs_exit(void)
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
1
0

[PATCH openEuler-1.0-LTS v2] mm: fix uprobe pte be overwritten when expanding vma
by Pu Lehui 01 Jul '25
by Pu Lehui 01 Jul '25
01 Jul '25
mainline inclusion
from mainline-v6.16-rc1
commit 2b12d06c37fd3a394376f42f026a7478d826ed63
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/ICIYRH
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…
--------------------------------
Patch series "Fix uprobe pte be overwritten when expanding vma".
This patch (of 4):
We encountered a BUG alert triggered by Syzkaller as follows:
BUG: Bad rss-counter state mm:00000000b4a60fca type:MM_ANONPAGES val:1
And we can reproduce it with the following steps:
1. register uprobe on file at zero offset
2. mmap the file at zero offset:
addr1 = mmap(NULL, 2 * 4096, PROT_NONE, MAP_PRIVATE, fd, 0);
3. mremap part of vma1 to new vma2:
addr2 = mremap(addr1, 4096, 2 * 4096, MREMAP_MAYMOVE);
4. mremap back to orig addr1:
mremap(addr2, 4096, 4096, MREMAP_MAYMOVE | MREMAP_FIXED, addr1);
In step 3, the vma1 range [addr1, addr1 + 4096] will be remap to new vma2
with range [addr2, addr2 + 8192], and remap uprobe anon page from the vma1
to vma2, then unmap the vma1 range [addr1, addr1 + 4096].
In step 4, the vma2 range [addr2, addr2 + 4096] will be remap back to the
addr range [addr1, addr1 + 4096]. Since the addr range [addr1 + 4096,
addr1 + 8192] still maps the file, it will take vma_merge_new_range to
expand the range, and then do uprobe_mmap in vma_complete. Since the
merged vma pgoff is also zero offset, it will install uprobe anon page to
the merged vma. However, the upcomming move_page_tables step, which use
set_pte_at to remap the vma2 uprobe pte to the merged vma, will overwrite
the newly uprobe pte in the merged vma, and lead that pte to be orphan.
Since the uprobe pte will be remapped to the merged vma, we can remove the
unnecessary uprobe_mmap upon merged vma.
This problem was first found in linux-6.6.y and also exists in the
community syzkaller:
https://lore.kernel.org/all/000000000000ada39605a5e71711@google.com/T/
Link: https://lkml.kernel.org/r/20250529155650.4017699-1-pulehui@huaweicloud.com
Link: https://lkml.kernel.org/r/20250529155650.4017699-2-pulehui@huaweicloud.com
Fixes: 2b1444983508 ("uprobes, mm, x86: Add the ability to install and remove uprobes breakpoints")
Signed-off-by: Pu Lehui <pulehui(a)huawei.com>
Suggested-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Acked-by: David Hildenbrand <david(a)redhat.com>
Cc: Jann Horn <jannh(a)google.com>
Cc: Liam Howlett <liam.howlett(a)oracle.com>
Cc: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org>
Cc: Oleg Nesterov <oleg(a)redhat.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Vlastimil Babka <vbabka(a)suse.cz>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
Conflicts:
fs/userfaultfd.c
include/linux/mm.h
mm/madvise.c
mm/mempolicy.c
mm/mlock.c
mm/mmap.c
mm/mprotect.c
mm/vma.h
mm/vma.c
[The conflicts were due to refactor commit 440703e082b9c and 2f1c6611b0a8]
Signed-off-by: Pu Lehui <pulehui(a)huawei.com>
---
fs/userfaultfd.c | 6 +++---
include/linux/mm.h | 6 +++---
mm/madvise.c | 2 +-
mm/mempolicy.c | 2 +-
mm/mlock.c | 2 +-
mm/mmap.c | 46 ++++++++++++++++++++++++++++++++++------------
mm/mprotect.c | 2 +-
7 files changed, 44 insertions(+), 22 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 803c61f66d54..3e11e9763527 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -925,7 +925,7 @@ static int userfaultfd_release(struct inode *inode, struct file *file)
new_flags, vma->anon_vma,
vma->vm_file, vma->vm_pgoff,
vma_policy(vma),
- NULL_VM_UFFD_CTX);
+ NULL_VM_UFFD_CTX, false);
if (prev)
vma = prev;
else
@@ -1492,7 +1492,7 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx,
prev = vma_merge(mm, prev, start, vma_end, new_flags,
vma->anon_vma, vma->vm_file, vma->vm_pgoff,
vma_policy(vma),
- ((struct vm_userfaultfd_ctx){ ctx }));
+ ((struct vm_userfaultfd_ctx){ ctx }), false);
if (prev) {
vma = prev;
goto next;
@@ -1654,7 +1654,7 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx,
prev = vma_merge(mm, prev, start, vma_end, new_flags,
vma->anon_vma, vma->vm_file, vma->vm_pgoff,
vma_policy(vma),
- NULL_VM_UFFD_CTX);
+ NULL_VM_UFFD_CTX, false);
if (prev) {
vma = prev;
goto next;
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 67e299374ac8..8cae7fb6542a 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -2367,16 +2367,16 @@ void anon_vma_interval_tree_verify(struct anon_vma_chain *node);
extern int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin);
extern int __vma_adjust(struct vm_area_struct *vma, unsigned long start,
unsigned long end, pgoff_t pgoff, struct vm_area_struct *insert,
- struct vm_area_struct *expand);
+ struct vm_area_struct *expand, bool skip_vma_uprobe);
static inline int vma_adjust(struct vm_area_struct *vma, unsigned long start,
unsigned long end, pgoff_t pgoff, struct vm_area_struct *insert)
{
- return __vma_adjust(vma, start, end, pgoff, insert, NULL);
+ return __vma_adjust(vma, start, end, pgoff, insert, NULL, false);
}
extern struct vm_area_struct *vma_merge(struct mm_struct *,
struct vm_area_struct *prev, unsigned long addr, unsigned long end,
unsigned long vm_flags, struct anon_vma *, struct file *, pgoff_t,
- struct mempolicy *, struct vm_userfaultfd_ctx);
+ struct mempolicy *, struct vm_userfaultfd_ctx, bool skip_vma_uprobe);
extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *);
extern int __split_vma(struct mm_struct *, struct vm_area_struct *,
unsigned long addr, int new_below);
diff --git a/mm/madvise.c b/mm/madvise.c
index 263c2c68b0de..0670786a23a5 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -145,7 +145,7 @@ static long madvise_behavior(struct vm_area_struct *vma,
pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT);
*prev = vma_merge(mm, *prev, start, end, new_flags, vma->anon_vma,
vma->vm_file, pgoff, vma_policy(vma),
- vma->vm_userfaultfd_ctx);
+ vma->vm_userfaultfd_ctx, false);
if (*prev) {
vma = *prev;
goto success;
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index e8c82f3235e2..882310ef3d93 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -818,7 +818,7 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
((vmstart - vma->vm_start) >> PAGE_SHIFT);
prev = vma_merge(mm, prev, vmstart, vmend, vma->vm_flags,
vma->anon_vma, vma->vm_file, pgoff,
- new_pol, vma->vm_userfaultfd_ctx);
+ new_pol, vma->vm_userfaultfd_ctx, false);
if (prev) {
vma = prev;
goto replace;
diff --git a/mm/mlock.c b/mm/mlock.c
index d9040aea2be0..cb4e1207169a 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -540,7 +540,7 @@ static int mlock_fixup(struct vm_area_struct *vma, struct vm_area_struct **prev,
pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT);
*prev = vma_merge(mm, *prev, start, end, newflags, vma->anon_vma,
vma->vm_file, pgoff, vma_policy(vma),
- vma->vm_userfaultfd_ctx);
+ vma->vm_userfaultfd_ctx, false);
if (*prev) {
vma = *prev;
goto success;
diff --git a/mm/mmap.c b/mm/mmap.c
index ad643f9dd3a4..19ec00c197d7 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -684,10 +684,13 @@ static inline void __vma_unlink_prev(struct mm_struct *mm,
* The following helper function should be used when such adjustments
* are necessary. The "insert" vma (if any) is to be inserted
* before we drop the necessary locks.
+ *
+ * @skip_vma_uprobe: only valid for copy_vma process, others please
+ * mark it as false.
*/
int __vma_adjust(struct vm_area_struct *vma, unsigned long start,
unsigned long end, pgoff_t pgoff, struct vm_area_struct *insert,
- struct vm_area_struct *expand)
+ struct vm_area_struct *expand, bool skip_vma_uprobe)
{
struct mm_struct *mm = vma->vm_mm;
struct vm_area_struct *next = vma->vm_next, *orig_vma = vma;
@@ -894,10 +897,12 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start,
i_mmap_unlock_write(mapping);
if (root) {
- uprobe_mmap(vma);
+ if (!skip_vma_uprobe) {
+ uprobe_mmap(vma);
- if (adjust_next)
- uprobe_mmap(next);
+ if (adjust_next)
+ uprobe_mmap(next);
+ }
}
if (remove_next) {
@@ -1102,13 +1107,17 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
* or other rmap walkers (if working on addresses beyond the "end"
* parameter) may establish ptes with the wrong permissions of NNNN
* instead of the right permissions of XXXX.
+ *
+ * @skip_vma_uprobe: only valid for copy_vma process, others please
+ * mark it as false.
*/
struct vm_area_struct *vma_merge(struct mm_struct *mm,
struct vm_area_struct *prev, unsigned long addr,
unsigned long end, unsigned long vm_flags,
struct anon_vma *anon_vma, struct file *file,
pgoff_t pgoff, struct mempolicy *policy,
- struct vm_userfaultfd_ctx vm_userfaultfd_ctx)
+ struct vm_userfaultfd_ctx vm_userfaultfd_ctx,
+ bool skip_vma_uprobe)
{
pgoff_t pglen = (end - addr) >> PAGE_SHIFT;
struct vm_area_struct *area, *next;
@@ -1160,10 +1169,11 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
/* cases 1, 6 */
err = __vma_adjust(prev, prev->vm_start,
next->vm_end, prev->vm_pgoff, NULL,
- prev);
+ prev, skip_vma_uprobe);
} else /* cases 2, 5, 7 */
err = __vma_adjust(prev, prev->vm_start,
- end, prev->vm_pgoff, NULL, prev);
+ end, prev->vm_pgoff, NULL,
+ prev, skip_vma_uprobe);
if (err)
return NULL;
khugepaged_enter_vma_merge(prev, vm_flags);
@@ -1180,10 +1190,12 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
vm_userfaultfd_ctx)) {
if (prev && addr < prev->vm_end) /* case 4 */
err = __vma_adjust(prev, prev->vm_start,
- addr, prev->vm_pgoff, NULL, next);
+ addr, prev->vm_pgoff, NULL,
+ next, skip_vma_uprobe);
else { /* cases 3, 8 */
err = __vma_adjust(area, addr, next->vm_end,
- next->vm_pgoff - pglen, NULL, next);
+ next->vm_pgoff - pglen, NULL,
+ next, skip_vma_uprobe);
/*
* In case 3 area is already equal to next and
* this is a noop, but in case 8 "area" has
@@ -1974,7 +1986,7 @@ static unsigned long __mmap_region(struct mm_struct *mm, struct file *file,
* Can we just expand an old mapping?
*/
vma = vma_merge(mm, prev, addr, addr + len, vm_flags,
- NULL, file, pgoff, NULL, NULL_VM_UFFD_CTX);
+ NULL, file, pgoff, NULL, NULL_VM_UFFD_CTX, false);
if (vma)
goto out;
@@ -3381,7 +3393,7 @@ static int do_brk_flags(unsigned long addr, unsigned long len, unsigned long fla
/* Can we just expand an old private anonymous mapping? */
vma = vma_merge(mm, prev, addr, addr + len, flags,
- NULL, NULL, pgoff, NULL, NULL_VM_UFFD_CTX);
+ NULL, NULL, pgoff, NULL, NULL_VM_UFFD_CTX, false);
if (vma)
goto out;
@@ -3566,6 +3578,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
struct vm_area_struct *new_vma, *prev;
struct rb_node **rb_link, *rb_parent;
bool faulted_in_anon_vma = true;
+ bool skip_vma_uprobe = false;
/*
* If anonymous vma has not yet been faulted, update new pgoff
@@ -3578,9 +3591,18 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
if (find_vma_links(mm, addr, addr + len, &prev, &rb_link, &rb_parent))
return NULL; /* should never get here */
+
+ /*
+ * If the VMA we are copying might contain a uprobe PTE, ensure
+ * that we do not establish one upon merge. Otherwise, when mremap()
+ * moves page tables, it will orphan the newly created PTE.
+ */
+ if (vma->vm_file)
+ skip_vma_uprobe = true;
+
new_vma = vma_merge(mm, prev, addr, addr + len, vma->vm_flags,
vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma),
- vma->vm_userfaultfd_ctx);
+ vma->vm_userfaultfd_ctx, skip_vma_uprobe);
if (new_vma) {
/*
* Source vma may have been merged into new_vma
diff --git a/mm/mprotect.c b/mm/mprotect.c
index 86837f25055b..4c7370fd3e90 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -432,7 +432,7 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT);
*pprev = vma_merge(mm, *pprev, start, end, newflags,
vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma),
- vma->vm_userfaultfd_ctx);
+ vma->vm_userfaultfd_ctx, false);
if (*pprev) {
vma = *pprev;
VM_WARN_ON((vma->vm_flags ^ newflags) & ~VM_SOFTDIRTY);
--
2.34.1
2
1

[PATCH openEuler-1.0-LTS] mm: fix uprobe pte be overwritten when expanding vma
by Pu Lehui 30 Jun '25
by Pu Lehui 30 Jun '25
30 Jun '25
mainline inclusion
from mainline-v6.16-rc1
commit 2b12d06c37fd3a394376f42f026a7478d826ed63
category: bugfix
bugzilla: 190644
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…
--------------------------------
Patch series "Fix uprobe pte be overwritten when expanding vma".
This patch (of 4):
We encountered a BUG alert triggered by Syzkaller as follows:
BUG: Bad rss-counter state mm:00000000b4a60fca type:MM_ANONPAGES val:1
And we can reproduce it with the following steps:
1. register uprobe on file at zero offset
2. mmap the file at zero offset:
addr1 = mmap(NULL, 2 * 4096, PROT_NONE, MAP_PRIVATE, fd, 0);
3. mremap part of vma1 to new vma2:
addr2 = mremap(addr1, 4096, 2 * 4096, MREMAP_MAYMOVE);
4. mremap back to orig addr1:
mremap(addr2, 4096, 4096, MREMAP_MAYMOVE | MREMAP_FIXED, addr1);
In step 3, the vma1 range [addr1, addr1 + 4096] will be remap to new vma2
with range [addr2, addr2 + 8192], and remap uprobe anon page from the vma1
to vma2, then unmap the vma1 range [addr1, addr1 + 4096].
In step 4, the vma2 range [addr2, addr2 + 4096] will be remap back to the
addr range [addr1, addr1 + 4096]. Since the addr range [addr1 + 4096,
addr1 + 8192] still maps the file, it will take vma_merge_new_range to
expand the range, and then do uprobe_mmap in vma_complete. Since the
merged vma pgoff is also zero offset, it will install uprobe anon page to
the merged vma. However, the upcomming move_page_tables step, which use
set_pte_at to remap the vma2 uprobe pte to the merged vma, will overwrite
the newly uprobe pte in the merged vma, and lead that pte to be orphan.
Since the uprobe pte will be remapped to the merged vma, we can remove the
unnecessary uprobe_mmap upon merged vma.
This problem was first found in linux-6.6.y and also exists in the
community syzkaller:
https://lore.kernel.org/all/000000000000ada39605a5e71711@google.com/T/
Link: https://lkml.kernel.org/r/20250529155650.4017699-1-pulehui@huaweicloud.com
Link: https://lkml.kernel.org/r/20250529155650.4017699-2-pulehui@huaweicloud.com
Fixes: 2b1444983508 ("uprobes, mm, x86: Add the ability to install and remove uprobes breakpoints")
Signed-off-by: Pu Lehui <pulehui(a)huawei.com>
Suggested-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Acked-by: David Hildenbrand <david(a)redhat.com>
Cc: Jann Horn <jannh(a)google.com>
Cc: Liam Howlett <liam.howlett(a)oracle.com>
Cc: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org>
Cc: Oleg Nesterov <oleg(a)redhat.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Vlastimil Babka <vbabka(a)suse.cz>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
Conflicts:
fs/userfaultfd.c
include/linux/mm.h
mm/madvise.c
mm/mempolicy.c
mm/mlock.c
mm/mmap.c
mm/mprotect.c
mm/vma.h
mm/vma.c
[The conflicts were due to refactor commit 440703e082b9c and 2f1c6611b0a8]
Signed-off-by: Pu Lehui <pulehui(a)huawei.com>
---
fs/userfaultfd.c | 6 +++---
include/linux/mm.h | 6 +++---
mm/madvise.c | 2 +-
mm/mempolicy.c | 2 +-
mm/mlock.c | 2 +-
mm/mmap.c | 43 ++++++++++++++++++++++++++++++++-----------
mm/mprotect.c | 2 +-
7 files changed, 42 insertions(+), 21 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 803c61f66d54..3e11e9763527 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -925,7 +925,7 @@ static int userfaultfd_release(struct inode *inode, struct file *file)
new_flags, vma->anon_vma,
vma->vm_file, vma->vm_pgoff,
vma_policy(vma),
- NULL_VM_UFFD_CTX);
+ NULL_VM_UFFD_CTX, false);
if (prev)
vma = prev;
else
@@ -1492,7 +1492,7 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx,
prev = vma_merge(mm, prev, start, vma_end, new_flags,
vma->anon_vma, vma->vm_file, vma->vm_pgoff,
vma_policy(vma),
- ((struct vm_userfaultfd_ctx){ ctx }));
+ ((struct vm_userfaultfd_ctx){ ctx }), false);
if (prev) {
vma = prev;
goto next;
@@ -1654,7 +1654,7 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx,
prev = vma_merge(mm, prev, start, vma_end, new_flags,
vma->anon_vma, vma->vm_file, vma->vm_pgoff,
vma_policy(vma),
- NULL_VM_UFFD_CTX);
+ NULL_VM_UFFD_CTX, false);
if (prev) {
vma = prev;
goto next;
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 67e299374ac8..8cae7fb6542a 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -2367,16 +2367,16 @@ void anon_vma_interval_tree_verify(struct anon_vma_chain *node);
extern int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin);
extern int __vma_adjust(struct vm_area_struct *vma, unsigned long start,
unsigned long end, pgoff_t pgoff, struct vm_area_struct *insert,
- struct vm_area_struct *expand);
+ struct vm_area_struct *expand, bool skip_vma_uprobe);
static inline int vma_adjust(struct vm_area_struct *vma, unsigned long start,
unsigned long end, pgoff_t pgoff, struct vm_area_struct *insert)
{
- return __vma_adjust(vma, start, end, pgoff, insert, NULL);
+ return __vma_adjust(vma, start, end, pgoff, insert, NULL, false);
}
extern struct vm_area_struct *vma_merge(struct mm_struct *,
struct vm_area_struct *prev, unsigned long addr, unsigned long end,
unsigned long vm_flags, struct anon_vma *, struct file *, pgoff_t,
- struct mempolicy *, struct vm_userfaultfd_ctx);
+ struct mempolicy *, struct vm_userfaultfd_ctx, bool skip_vma_uprobe);
extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *);
extern int __split_vma(struct mm_struct *, struct vm_area_struct *,
unsigned long addr, int new_below);
diff --git a/mm/madvise.c b/mm/madvise.c
index 263c2c68b0de..0670786a23a5 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -145,7 +145,7 @@ static long madvise_behavior(struct vm_area_struct *vma,
pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT);
*prev = vma_merge(mm, *prev, start, end, new_flags, vma->anon_vma,
vma->vm_file, pgoff, vma_policy(vma),
- vma->vm_userfaultfd_ctx);
+ vma->vm_userfaultfd_ctx, false);
if (*prev) {
vma = *prev;
goto success;
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index e8c82f3235e2..882310ef3d93 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -818,7 +818,7 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
((vmstart - vma->vm_start) >> PAGE_SHIFT);
prev = vma_merge(mm, prev, vmstart, vmend, vma->vm_flags,
vma->anon_vma, vma->vm_file, pgoff,
- new_pol, vma->vm_userfaultfd_ctx);
+ new_pol, vma->vm_userfaultfd_ctx, false);
if (prev) {
vma = prev;
goto replace;
diff --git a/mm/mlock.c b/mm/mlock.c
index d9040aea2be0..cb4e1207169a 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -540,7 +540,7 @@ static int mlock_fixup(struct vm_area_struct *vma, struct vm_area_struct **prev,
pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT);
*prev = vma_merge(mm, *prev, start, end, newflags, vma->anon_vma,
vma->vm_file, pgoff, vma_policy(vma),
- vma->vm_userfaultfd_ctx);
+ vma->vm_userfaultfd_ctx, false);
if (*prev) {
vma = *prev;
goto success;
diff --git a/mm/mmap.c b/mm/mmap.c
index ad643f9dd3a4..c27bbe5ea5ca 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -684,10 +684,13 @@ static inline void __vma_unlink_prev(struct mm_struct *mm,
* The following helper function should be used when such adjustments
* are necessary. The "insert" vma (if any) is to be inserted
* before we drop the necessary locks.
+ *
+ * @skip_vma_uprobe: only valid for copy_vma process, others please
+ * mark it as false.
*/
int __vma_adjust(struct vm_area_struct *vma, unsigned long start,
unsigned long end, pgoff_t pgoff, struct vm_area_struct *insert,
- struct vm_area_struct *expand)
+ struct vm_area_struct *expand, bool skip_vma_uprobe)
{
struct mm_struct *mm = vma->vm_mm;
struct vm_area_struct *next = vma->vm_next, *orig_vma = vma;
@@ -894,10 +897,12 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start,
i_mmap_unlock_write(mapping);
if (root) {
- uprobe_mmap(vma);
+ if (!skip_vma_uprobe) {
+ uprobe_mmap(vma);
- if (adjust_next)
- uprobe_mmap(next);
+ if (adjust_next)
+ uprobe_mmap(next);
+ }
}
if (remove_next) {
@@ -1102,6 +1107,9 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
* or other rmap walkers (if working on addresses beyond the "end"
* parameter) may establish ptes with the wrong permissions of NNNN
* instead of the right permissions of XXXX.
+ *
+ * @skip_vma_uprobe: only valid for copy_vma process, others please
+ * mark it as false.
*/
struct vm_area_struct *vma_merge(struct mm_struct *mm,
struct vm_area_struct *prev, unsigned long addr,
@@ -1160,10 +1168,11 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
/* cases 1, 6 */
err = __vma_adjust(prev, prev->vm_start,
next->vm_end, prev->vm_pgoff, NULL,
- prev);
+ prev, skip_vma_uprobe);
} else /* cases 2, 5, 7 */
err = __vma_adjust(prev, prev->vm_start,
- end, prev->vm_pgoff, NULL, prev);
+ end, prev->vm_pgoff, NULL,
+ prev, skip_vma_uprobe);
if (err)
return NULL;
khugepaged_enter_vma_merge(prev, vm_flags);
@@ -1180,10 +1189,12 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
vm_userfaultfd_ctx)) {
if (prev && addr < prev->vm_end) /* case 4 */
err = __vma_adjust(prev, prev->vm_start,
- addr, prev->vm_pgoff, NULL, next);
+ addr, prev->vm_pgoff, NULL,
+ next, skip_vma_uprobe);
else { /* cases 3, 8 */
err = __vma_adjust(area, addr, next->vm_end,
- next->vm_pgoff - pglen, NULL, next);
+ next->vm_pgoff - pglen, NULL,
+ next, skip_vma_uprobe);
/*
* In case 3 area is already equal to next and
* this is a noop, but in case 8 "area" has
@@ -1974,7 +1985,7 @@ static unsigned long __mmap_region(struct mm_struct *mm, struct file *file,
* Can we just expand an old mapping?
*/
vma = vma_merge(mm, prev, addr, addr + len, vm_flags,
- NULL, file, pgoff, NULL, NULL_VM_UFFD_CTX);
+ NULL, file, pgoff, NULL, NULL_VM_UFFD_CTX, false);
if (vma)
goto out;
@@ -3381,7 +3392,7 @@ static int do_brk_flags(unsigned long addr, unsigned long len, unsigned long fla
/* Can we just expand an old private anonymous mapping? */
vma = vma_merge(mm, prev, addr, addr + len, flags,
- NULL, NULL, pgoff, NULL, NULL_VM_UFFD_CTX);
+ NULL, NULL, pgoff, NULL, NULL_VM_UFFD_CTX, false);
if (vma)
goto out;
@@ -3566,6 +3577,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
struct vm_area_struct *new_vma, *prev;
struct rb_node **rb_link, *rb_parent;
bool faulted_in_anon_vma = true;
+ bool skip_vma_uprobe = false;
/*
* If anonymous vma has not yet been faulted, update new pgoff
@@ -3578,9 +3590,18 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
if (find_vma_links(mm, addr, addr + len, &prev, &rb_link, &rb_parent))
return NULL; /* should never get here */
+
+ /*
+ * If the VMA we are copying might contain a uprobe PTE, ensure
+ * that we do not establish one upon merge. Otherwise, when mremap()
+ * moves page tables, it will orphan the newly created PTE.
+ */
+ if (vma->vm_file)
+ skip_vma_uprobe = true;
+
new_vma = vma_merge(mm, prev, addr, addr + len, vma->vm_flags,
vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma),
- vma->vm_userfaultfd_ctx);
+ vma->vm_userfaultfd_ctx, skip_vma_uprobe);
if (new_vma) {
/*
* Source vma may have been merged into new_vma
diff --git a/mm/mprotect.c b/mm/mprotect.c
index 86837f25055b..4c7370fd3e90 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -432,7 +432,7 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT);
*pprev = vma_merge(mm, *pprev, start, end, newflags,
vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma),
- vma->vm_userfaultfd_ctx);
+ vma->vm_userfaultfd_ctx, false);
if (*pprev) {
vma = *pprev;
VM_WARN_ON((vma->vm_flags ^ newflags) & ~VM_SOFTDIRTY);
--
2.34.1
2
1

[PATCH openEuler-1.0-LTS] ipvs: fix WARNING in ip_vs_app_net_cleanup()
by Zhang Changzhong 30 Jun '25
by Zhang Changzhong 30 Jun '25
30 Jun '25
From: Zhengchao Shao <shaozhengchao(a)huawei.com>
stable inclusion
from stable-v4.19.265
commit adc76740ccd52e4a1d910767cd1223e134a7078b
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IC5BRU
CVE: CVE-2022-49917
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
--------------------------------
[ Upstream commit 5663ed63adb9619c98ab7479aa4606fa9b7a548c ]
During the initialization of ip_vs_app_net_init(), if file ip_vs_app
fails to be created, the initialization is successful by default.
Therefore, the ip_vs_app file doesn't be found during the remove in
ip_vs_app_net_cleanup(). It will cause WRNING.
The following is the stack information:
name 'ip_vs_app'
WARNING: CPU: 1 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460
Modules linked in:
Workqueue: netns cleanup_net
RIP: 0010:remove_proc_entry+0x389/0x460
Call Trace:
<TASK>
ops_exit_list+0x125/0x170
cleanup_net+0x4ea/0xb00
process_one_work+0x9bf/0x1710
worker_thread+0x665/0x1080
kthread+0x2e4/0x3a0
ret_from_fork+0x1f/0x30
</TASK>
Fixes: 457c4cbc5a3d ("[NET]: Make /proc/net per network namespace")
Signed-off-by: Zhengchao Shao <shaozhengchao(a)huawei.com>
Acked-by: Julian Anastasov <ja(a)ssi.bg>
Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
Reviewed-by: Yue Haibing <yuehaibing(a)huawei.com>
Signed-off-by: Rui Xiang <rui.xiang(a)huawei.com>
---
net/netfilter/ipvs/ip_vs_app.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_app.c b/net/netfilter/ipvs/ip_vs_app.c
index 80759aa..21149f4 100644
--- a/net/netfilter/ipvs/ip_vs_app.c
+++ b/net/netfilter/ipvs/ip_vs_app.c
@@ -604,13 +604,19 @@ static const struct seq_operations ip_vs_app_seq_ops = {
int __net_init ip_vs_app_net_init(struct netns_ipvs *ipvs)
{
INIT_LIST_HEAD(&ipvs->app_list);
- proc_create_net("ip_vs_app", 0, ipvs->net->proc_net, &ip_vs_app_seq_ops,
- sizeof(struct seq_net_private));
+#ifdef CONFIG_PROC_FS
+ if (!proc_create_net("ip_vs_app", 0, ipvs->net->proc_net,
+ &ip_vs_app_seq_ops,
+ sizeof(struct seq_net_private)))
+ return -ENOMEM;
+#endif
return 0;
}
void __net_exit ip_vs_app_net_cleanup(struct netns_ipvs *ipvs)
{
unregister_ip_vs_app(ipvs, NULL /* all */);
+#ifdef CONFIG_PROC_FS
remove_proc_entry("ip_vs_app", ipvs->net->proc_net);
+#endif
}
--
2.9.5
2
1

[openeuler:OLK-5.10 2882/2882] arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__x64_sys_landlock_create_ruleset'
by kernel test robot 30 Jun '25
by kernel test robot 30 Jun '25
30 Jun '25
tree: https://gitee.com/openeuler/kernel.git OLK-5.10
head: 2264b0731bcc958f540da580ad93b9f103a8e271
commit: 21dd31f58b64b122a2d9fb62669d6191d1cf2c0f [2882/2882] landlock: Add syscall implementations
config: x86_64-randconfig-2005-20250501 (https://download.01.org/0day-ci/archive/20250630/202506301345.R55BMO2e-lkp@…)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250630/202506301345.R55BMO2e-lkp@…)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp(a)intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202506301345.R55BMO2e-lkp@intel.com/
All warnings (new ones prefixed by >>):
| ^~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:259:1: note: in expansion of macro 'COND_SYSCALL'
259 | COND_SYSCALL(mremap);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__ia32_sys_mremap' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:120:9: note: in expansion of macro '__COND_SYSCALL'
120 | __COND_SYSCALL(ia32, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:257:9: note: in expansion of macro '__IA32_COND_SYSCALL'
257 | __IA32_COND_SYSCALL(name)
| ^~~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:259:1: note: in expansion of macro 'COND_SYSCALL'
259 | COND_SYSCALL(mremap);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__x64_sys_add_key' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:100:9: note: in expansion of macro '__COND_SYSCALL'
100 | __COND_SYSCALL(x64, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:256:9: note: in expansion of macro '__X64_COND_SYSCALL'
256 | __X64_COND_SYSCALL(name) \
| ^~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:262:1: note: in expansion of macro 'COND_SYSCALL'
262 | COND_SYSCALL(add_key);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__ia32_sys_add_key' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:120:9: note: in expansion of macro '__COND_SYSCALL'
120 | __COND_SYSCALL(ia32, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:257:9: note: in expansion of macro '__IA32_COND_SYSCALL'
257 | __IA32_COND_SYSCALL(name)
| ^~~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:262:1: note: in expansion of macro 'COND_SYSCALL'
262 | COND_SYSCALL(add_key);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__x64_sys_request_key' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:100:9: note: in expansion of macro '__COND_SYSCALL'
100 | __COND_SYSCALL(x64, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:256:9: note: in expansion of macro '__X64_COND_SYSCALL'
256 | __X64_COND_SYSCALL(name) \
| ^~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:263:1: note: in expansion of macro 'COND_SYSCALL'
263 | COND_SYSCALL(request_key);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__ia32_sys_request_key' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:120:9: note: in expansion of macro '__COND_SYSCALL'
120 | __COND_SYSCALL(ia32, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:257:9: note: in expansion of macro '__IA32_COND_SYSCALL'
257 | __IA32_COND_SYSCALL(name)
| ^~~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:263:1: note: in expansion of macro 'COND_SYSCALL'
263 | COND_SYSCALL(request_key);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__x64_sys_keyctl' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:100:9: note: in expansion of macro '__COND_SYSCALL'
100 | __COND_SYSCALL(x64, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:256:9: note: in expansion of macro '__X64_COND_SYSCALL'
256 | __X64_COND_SYSCALL(name) \
| ^~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:264:1: note: in expansion of macro 'COND_SYSCALL'
264 | COND_SYSCALL(keyctl);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__ia32_sys_keyctl' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:120:9: note: in expansion of macro '__COND_SYSCALL'
120 | __COND_SYSCALL(ia32, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:257:9: note: in expansion of macro '__IA32_COND_SYSCALL'
257 | __IA32_COND_SYSCALL(name)
| ^~~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:264:1: note: in expansion of macro 'COND_SYSCALL'
264 | COND_SYSCALL(keyctl);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__ia32_compat_sys_keyctl' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:148:9: note: in expansion of macro '__COND_SYSCALL'
148 | __COND_SYSCALL(ia32, compat_sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:218:9: note: in expansion of macro '__IA32_COMPAT_COND_SYSCALL'
218 | __IA32_COMPAT_COND_SYSCALL(name) \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:265:1: note: in expansion of macro 'COND_SYSCALL_COMPAT'
265 | COND_SYSCALL_COMPAT(keyctl);
| ^~~~~~~~~~~~~~~~~~~
>> arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__x64_sys_landlock_create_ruleset' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:100:9: note: in expansion of macro '__COND_SYSCALL'
100 | __COND_SYSCALL(x64, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:256:9: note: in expansion of macro '__X64_COND_SYSCALL'
256 | __X64_COND_SYSCALL(name) \
| ^~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:268:1: note: in expansion of macro 'COND_SYSCALL'
268 | COND_SYSCALL(landlock_create_ruleset);
| ^~~~~~~~~~~~
>> arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__ia32_sys_landlock_create_ruleset' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:120:9: note: in expansion of macro '__COND_SYSCALL'
120 | __COND_SYSCALL(ia32, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:257:9: note: in expansion of macro '__IA32_COND_SYSCALL'
257 | __IA32_COND_SYSCALL(name)
| ^~~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:268:1: note: in expansion of macro 'COND_SYSCALL'
268 | COND_SYSCALL(landlock_create_ruleset);
| ^~~~~~~~~~~~
>> arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__x64_sys_landlock_add_rule' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:100:9: note: in expansion of macro '__COND_SYSCALL'
100 | __COND_SYSCALL(x64, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:256:9: note: in expansion of macro '__X64_COND_SYSCALL'
256 | __X64_COND_SYSCALL(name) \
| ^~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:269:1: note: in expansion of macro 'COND_SYSCALL'
269 | COND_SYSCALL(landlock_add_rule);
| ^~~~~~~~~~~~
>> arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__ia32_sys_landlock_add_rule' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:120:9: note: in expansion of macro '__COND_SYSCALL'
120 | __COND_SYSCALL(ia32, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:257:9: note: in expansion of macro '__IA32_COND_SYSCALL'
257 | __IA32_COND_SYSCALL(name)
| ^~~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:269:1: note: in expansion of macro 'COND_SYSCALL'
269 | COND_SYSCALL(landlock_add_rule);
| ^~~~~~~~~~~~
>> arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__x64_sys_landlock_restrict_self' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:100:9: note: in expansion of macro '__COND_SYSCALL'
100 | __COND_SYSCALL(x64, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:256:9: note: in expansion of macro '__X64_COND_SYSCALL'
256 | __X64_COND_SYSCALL(name) \
| ^~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:270:1: note: in expansion of macro 'COND_SYSCALL'
270 | COND_SYSCALL(landlock_restrict_self);
| ^~~~~~~~~~~~
>> arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__ia32_sys_landlock_restrict_self' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:120:9: note: in expansion of macro '__COND_SYSCALL'
120 | __COND_SYSCALL(ia32, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:257:9: note: in expansion of macro '__IA32_COND_SYSCALL'
257 | __IA32_COND_SYSCALL(name)
| ^~~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:270:1: note: in expansion of macro 'COND_SYSCALL'
270 | COND_SYSCALL(landlock_restrict_self);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__x64_sys_fadvise64_64' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:100:9: note: in expansion of macro '__COND_SYSCALL'
100 | __COND_SYSCALL(x64, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:256:9: note: in expansion of macro '__X64_COND_SYSCALL'
256 | __X64_COND_SYSCALL(name) \
| ^~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:275:1: note: in expansion of macro 'COND_SYSCALL'
275 | COND_SYSCALL(fadvise64_64);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__ia32_sys_fadvise64_64' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:120:9: note: in expansion of macro '__COND_SYSCALL'
120 | __COND_SYSCALL(ia32, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:257:9: note: in expansion of macro '__IA32_COND_SYSCALL'
257 | __IA32_COND_SYSCALL(name)
| ^~~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:275:1: note: in expansion of macro 'COND_SYSCALL'
275 | COND_SYSCALL(fadvise64_64);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__ia32_compat_sys_fadvise64_64' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:148:9: note: in expansion of macro '__COND_SYSCALL'
148 | __COND_SYSCALL(ia32, compat_sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:218:9: note: in expansion of macro '__IA32_COMPAT_COND_SYSCALL'
218 | __IA32_COMPAT_COND_SYSCALL(name) \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:276:1: note: in expansion of macro 'COND_SYSCALL_COMPAT'
276 | COND_SYSCALL_COMPAT(fadvise64_64);
| ^~~~~~~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__x64_sys_swapon' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:100:9: note: in expansion of macro '__COND_SYSCALL'
100 | __COND_SYSCALL(x64, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:256:9: note: in expansion of macro '__X64_COND_SYSCALL'
256 | __X64_COND_SYSCALL(name) \
| ^~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:279:1: note: in expansion of macro 'COND_SYSCALL'
279 | COND_SYSCALL(swapon);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__ia32_sys_swapon' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:120:9: note: in expansion of macro '__COND_SYSCALL'
120 | __COND_SYSCALL(ia32, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:257:9: note: in expansion of macro '__IA32_COND_SYSCALL'
257 | __IA32_COND_SYSCALL(name)
| ^~~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:279:1: note: in expansion of macro 'COND_SYSCALL'
279 | COND_SYSCALL(swapon);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__x64_sys_swapoff' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:100:9: note: in expansion of macro '__COND_SYSCALL'
100 | __COND_SYSCALL(x64, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:256:9: note: in expansion of macro '__X64_COND_SYSCALL'
256 | __X64_COND_SYSCALL(name) \
| ^~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:280:1: note: in expansion of macro 'COND_SYSCALL'
280 | COND_SYSCALL(swapoff);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__ia32_sys_swapoff' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:120:9: note: in expansion of macro '__COND_SYSCALL'
120 | __COND_SYSCALL(ia32, sys_##name)
| ^~~~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:257:9: note: in expansion of macro '__IA32_COND_SYSCALL'
257 | __IA32_COND_SYSCALL(name)
| ^~~~~~~~~~~~~~~~~~~
kernel/sys_ni.c:280:1: note: in expansion of macro 'COND_SYSCALL'
280 | COND_SYSCALL(swapoff);
| ^~~~~~~~~~~~
arch/x86/include/asm/syscall_wrapper.h:83:21: warning: no previous prototype for '__x64_sys_mprotect' [-Wmissing-prototypes]
83 | __weak long __##abi##_##name(const struct pt_regs *__unused) \
| ^~
arch/x86/include/asm/syscall_wrapper.h:100:9: note: in expansion of macro '__COND_SYSCALL'
100 | __COND_SYSCALL(x64, sys_##name)
vim +/__x64_sys_landlock_create_ruleset +83 arch/x86/include/asm/syscall_wrapper.h
cc42c045af1ff4 Brian Gerst 2020-03-13 13
25c619e59b395a Brian Gerst 2020-03-13 14 /*
25c619e59b395a Brian Gerst 2020-03-13 15 * Instead of the generic __SYSCALL_DEFINEx() definition, the x86 version takes
25c619e59b395a Brian Gerst 2020-03-13 16 * struct pt_regs *regs as the only argument of the syscall stub(s) named as:
25c619e59b395a Brian Gerst 2020-03-13 17 * __x64_sys_*() - 64-bit native syscall
25c619e59b395a Brian Gerst 2020-03-13 18 * __ia32_sys_*() - 32-bit native syscall or common compat syscall
25c619e59b395a Brian Gerst 2020-03-13 19 * __ia32_compat_sys_*() - 32-bit compat syscall
25c619e59b395a Brian Gerst 2020-03-13 20 * __x32_compat_sys_*() - 64-bit X32 compat syscall
25c619e59b395a Brian Gerst 2020-03-13 21 *
25c619e59b395a Brian Gerst 2020-03-13 22 * The registers are decoded according to the ABI:
25c619e59b395a Brian Gerst 2020-03-13 23 * 64-bit: RDI, RSI, RDX, R10, R8, R9
25c619e59b395a Brian Gerst 2020-03-13 24 * 32-bit: EBX, ECX, EDX, ESI, EDI, EBP
25c619e59b395a Brian Gerst 2020-03-13 25 *
25c619e59b395a Brian Gerst 2020-03-13 26 * The stub then passes the decoded arguments to the __se_sys_*() wrapper to
25c619e59b395a Brian Gerst 2020-03-13 27 * perform sign-extension (omitted for zero-argument syscalls). Finally the
25c619e59b395a Brian Gerst 2020-03-13 28 * arguments are passed to the __do_sys_*() function which is the actual
25c619e59b395a Brian Gerst 2020-03-13 29 * syscall. These wrappers are marked as inline so the compiler can optimize
25c619e59b395a Brian Gerst 2020-03-13 30 * the functions where appropriate.
25c619e59b395a Brian Gerst 2020-03-13 31 *
25c619e59b395a Brian Gerst 2020-03-13 32 * Example assembly (slightly re-ordered for better readability):
25c619e59b395a Brian Gerst 2020-03-13 33 *
25c619e59b395a Brian Gerst 2020-03-13 34 * <__x64_sys_recv>: <-- syscall with 4 parameters
25c619e59b395a Brian Gerst 2020-03-13 35 * callq <__fentry__>
25c619e59b395a Brian Gerst 2020-03-13 36 *
25c619e59b395a Brian Gerst 2020-03-13 37 * mov 0x70(%rdi),%rdi <-- decode regs->di
25c619e59b395a Brian Gerst 2020-03-13 38 * mov 0x68(%rdi),%rsi <-- decode regs->si
25c619e59b395a Brian Gerst 2020-03-13 39 * mov 0x60(%rdi),%rdx <-- decode regs->dx
25c619e59b395a Brian Gerst 2020-03-13 40 * mov 0x38(%rdi),%rcx <-- decode regs->r10
25c619e59b395a Brian Gerst 2020-03-13 41 *
25c619e59b395a Brian Gerst 2020-03-13 42 * xor %r9d,%r9d <-- clear %r9
25c619e59b395a Brian Gerst 2020-03-13 43 * xor %r8d,%r8d <-- clear %r8
25c619e59b395a Brian Gerst 2020-03-13 44 *
25c619e59b395a Brian Gerst 2020-03-13 45 * callq __sys_recvfrom <-- do the actual work in __sys_recvfrom()
25c619e59b395a Brian Gerst 2020-03-13 46 * which takes 6 arguments
25c619e59b395a Brian Gerst 2020-03-13 47 *
25c619e59b395a Brian Gerst 2020-03-13 48 * cltq <-- extend return value to 64-bit
25c619e59b395a Brian Gerst 2020-03-13 49 * retq <-- return
25c619e59b395a Brian Gerst 2020-03-13 50 *
25c619e59b395a Brian Gerst 2020-03-13 51 * This approach avoids leaking random user-provided register content down
25c619e59b395a Brian Gerst 2020-03-13 52 * the call chain.
25c619e59b395a Brian Gerst 2020-03-13 53 */
25c619e59b395a Brian Gerst 2020-03-13 54
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 55 /* Mapping of registers to parameters for syscalls on x86-64 and x32 */
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 56 #define SC_X86_64_REGS_TO_ARGS(x, ...) \
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 57 __MAP(x,__SC_ARGS \
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 58 ,,regs->di,,regs->si,,regs->dx \
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 59 ,,regs->r10,,regs->r8,,regs->r9) \
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 60
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 61 /* Mapping of registers to parameters for syscalls on i386 */
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 62 #define SC_IA32_REGS_TO_ARGS(x, ...) \
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 63 __MAP(x,__SC_ARGS \
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 64 ,,(unsigned int)regs->bx,,(unsigned int)regs->cx \
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 65 ,,(unsigned int)regs->dx,,(unsigned int)regs->si \
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 66 ,,(unsigned int)regs->di,,(unsigned int)regs->bp)
ebeb8c82ffaf94 Dominik Brodowski 2018-04-05 67
d2b5de495ee983 Brian Gerst 2020-03-13 68 #define __SYS_STUB0(abi, name) \
0f78ff17112d8b Brian Gerst 2020-03-13 69 long __##abi##_##name(const struct pt_regs *regs); \
d2b5de495ee983 Brian Gerst 2020-03-13 70 ALLOW_ERROR_INJECTION(__##abi##_##name, ERRNO); \
0f78ff17112d8b Brian Gerst 2020-03-13 71 long __##abi##_##name(const struct pt_regs *regs) \
d2b5de495ee983 Brian Gerst 2020-03-13 72 __alias(__do_##name);
d2b5de495ee983 Brian Gerst 2020-03-13 73
4399e0cf494f73 Brian Gerst 2020-03-13 74 #define __SYS_STUBx(abi, name, ...) \
0f78ff17112d8b Brian Gerst 2020-03-13 75 long __##abi##_##name(const struct pt_regs *regs); \
4399e0cf494f73 Brian Gerst 2020-03-13 76 ALLOW_ERROR_INJECTION(__##abi##_##name, ERRNO); \
0f78ff17112d8b Brian Gerst 2020-03-13 77 long __##abi##_##name(const struct pt_regs *regs) \
4399e0cf494f73 Brian Gerst 2020-03-13 78 { \
4399e0cf494f73 Brian Gerst 2020-03-13 79 return __se_##name(__VA_ARGS__); \
4399e0cf494f73 Brian Gerst 2020-03-13 80 }
4399e0cf494f73 Brian Gerst 2020-03-13 81
6cc8d2b286d9e7 Brian Gerst 2020-03-13 82 #define __COND_SYSCALL(abi, name) \
0f78ff17112d8b Brian Gerst 2020-03-13 @83 __weak long __##abi##_##name(const struct pt_regs *__unused) \
6cc8d2b286d9e7 Brian Gerst 2020-03-13 84 { \
6cc8d2b286d9e7 Brian Gerst 2020-03-13 85 return sys_ni_syscall(); \
6cc8d2b286d9e7 Brian Gerst 2020-03-13 86 }
6cc8d2b286d9e7 Brian Gerst 2020-03-13 87
:::::: The code at line 83 was first introduced by commit
:::::: 0f78ff17112d8b3469b805ff4ea9780cc1e5c93b x86/entry: Drop asmlinkage from syscalls
:::::: TO: Brian Gerst <brgerst(a)gmail.com>
:::::: CC: Thomas Gleixner <tglx(a)linutronix.de>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
1
0
Douglas Anderson (1):
arm64: enable perf events based hard lockup detector
Ionela Voinescu (1):
cpufreq: add function to get the hardware max frequency
Jingyi Wang (1):
arm64: watchdog: add switch to select sdei_watchdog/pmu_watchdog
Lecopzer Chen (1):
arm64: add hw_nmi_get_sample_period for preparation of lockup detector
Wei Li (1):
arm64: add new config CONFIG_PMU_WATCHDOG
Yicong Yang (1):
irqchip/gic-v3: Fix one race condition due to NMI withdraw
arch/arm64/Kconfig | 1 +
arch/arm64/kernel/Makefile | 1 +
arch/arm64/kernel/watchdog_hld.c | 24 ++++++++++++++++++++++++
arch/arm64/kernel/watchdog_sdei.c | 23 +++++++++++++++++------
drivers/cpufreq/cpufreq.c | 20 ++++++++++++++++++++
drivers/irqchip/irq-gic-v3.c | 22 ++++++++++++++++++++++
include/linux/cpufreq.h | 5 +++++
include/linux/nmi.h | 11 +++++++++++
kernel/watchdog.c | 28 +++++++++++++++++++++-------
lib/Kconfig.debug | 10 ++++++++++
10 files changed, 132 insertions(+), 13 deletions(-)
create mode 100644 arch/arm64/kernel/watchdog_hld.c
--
2.25.1
1
6

[PATCH openEuler-1.0-LTS] ftrace: Fix UAF when lookup kallsym after ftrace disabled
by Tengda Wu 30 Jun '25
by Tengda Wu 30 Jun '25
30 Jun '25
From: Ye Bin <yebin10(a)huawei.com>
mainline inclusion
from mainline-v6.16-rc1
commit f914b52c379c12288b7623bb814d0508dbe7481d
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/ICIHX1
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…
--------------------------------
The following issue happens with a buggy module:
BUG: unable to handle page fault for address: ffffffffc05d0218
PGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE 0
Oops: Oops: 0000 [#1] SMP KASAN PTI
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
RIP: 0010:sized_strscpy+0x81/0x2f0
RSP: 0018:ffff88812d76fa08 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffffc0601010 RCX: dffffc0000000000
RDX: 0000000000000038 RSI: dffffc0000000000 RDI: ffff88812608da2d
RBP: 8080808080808080 R08: ffff88812608da2d R09: ffff88812608da68
R10: ffff88812608d82d R11: ffff88812608d810 R12: 0000000000000038
R13: ffff88812608da2d R14: ffffffffc05d0218 R15: fefefefefefefeff
FS: 00007fef552de740(0000) GS:ffff8884251c7000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffc05d0218 CR3: 00000001146f0000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ftrace_mod_get_kallsym+0x1ac/0x590
update_iter_mod+0x239/0x5b0
s_next+0x5b/0xa0
seq_read_iter+0x8c9/0x1070
seq_read+0x249/0x3b0
proc_reg_read+0x1b0/0x280
vfs_read+0x17f/0x920
ksys_read+0xf3/0x1c0
do_syscall_64+0x5f/0x2e0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
The above issue may happen as follows:
(1) Add kprobe tracepoint;
(2) insmod test.ko;
(3) Module triggers ftrace disabled;
(4) rmmod test.ko;
(5) cat /proc/kallsyms; --> Will trigger UAF as test.ko already removed;
ftrace_mod_get_kallsym()
...
strscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN);
...
The problem is when a module triggers an issue with ftrace and
sets ftrace_disable. The ftrace_disable is set when an anomaly is
discovered and to prevent any more damage, ftrace stops all text
modification. The issue that happened was that the ftrace_disable stops
more than just the text modification.
When a module is loaded, its init functions can also be traced. Because
kallsyms deletes the init functions after a module has loaded, ftrace
saves them when the module is loaded and function tracing is enabled. This
allows the output of the function trace to show the init function names
instead of just their raw memory addresses.
When a module is removed, ftrace_release_mod() is called, and if
ftrace_disable is set, it just returns without doing anything more. The
problem here is that it leaves the mod_list still around and if kallsyms
is called, it will call into this code and access the module memory that
has already been freed as it will return:
strscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN);
Where the "mod" no longer exists and triggers a UAF bug.
Link: https://lore.kernel.org/all/20250523135452.626d8dcd@gandalf.local.home/
Cc: stable(a)vger.kernel.org
Fixes: aba4b5c22cba ("ftrace: Save module init functions kallsyms symbols for tracing")
Link: https://lore.kernel.org/20250529111955.2349189-2-yebin@huaweicloud.com
Signed-off-by: Ye Bin <yebin10(a)huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
Signed-off-by: Tengda Wu <wutengda2(a)huawei.com>
---
kernel/trace/ftrace.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 8199571d9ab3..77d31a2189ef 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -5788,9 +5788,10 @@ void ftrace_release_mod(struct module *mod)
mutex_lock(&ftrace_lock);
- if (ftrace_disabled)
- goto out_unlock;
-
+ /*
+ * To avoid the UAF problem after the module is unloaded, the
+ * 'mod_map' resource needs to be released unconditionally.
+ */
list_for_each_entry_safe(mod_map, n, &ftrace_mod_maps, list) {
if (mod_map->mod == mod) {
list_del_rcu(&mod_map->list);
@@ -5799,6 +5800,9 @@ void ftrace_release_mod(struct module *mod)
}
}
+ if (ftrace_disabled)
+ goto out_unlock;
+
/*
* Each module has its own ftrace_pages, remove
* them from the list.
--
2.34.1
2
1

30 Jun '25
From: Joshua Aberback <joshua.aberback(a)amd.com>
mainline inclusion
from mainline-v6.15-rc1
commit 3a7810c212bcf2f722671dadf4b23ff70a7d23ee
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/ICGADE
CVE: CVE-2025-38080
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?i…
--------------------------------
[Why]
It's possible to generate more than 50 steps in hwss_build_fast_sequence,
for example with a 6-pipe asic where all pipes are in one MPC chain. This
overflows the block_sequence buffer and corrupts block_sequence_steps,
causing a crash.
[How]
Expand block_sequence to 100 items. A naive upper bound on the possible
number of steps for a 6-pipe asic, ignoring the potential for steps to be
mutually exclusive, is 91 with current code, therefore 100 is sufficient.
Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com>
Signed-off-by: Joshua Aberback <joshua.aberback(a)amd.com>
Signed-off-by: Wayne Lin <wayne.lin(a)amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
Signed-off-by: Wei Li <liwei391(a)huawei.com>
---
drivers/gpu/drm/amd/display/dc/inc/core_types.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/inc/core_types.h b/drivers/gpu/drm/amd/display/dc/inc/core_types.h
index eaad1260bfd18..4b284ce669ae5 100644
--- a/drivers/gpu/drm/amd/display/dc/inc/core_types.h
+++ b/drivers/gpu/drm/amd/display/dc/inc/core_types.h
@@ -532,7 +532,7 @@ struct dc_state {
*/
struct bw_context bw_ctx;
- struct block_sequence block_sequence[50];
+ struct block_sequence block_sequence[100];
unsigned int block_sequence_steps;
struct dc_dmub_cmd dc_dmub_cmd[10];
unsigned int dmub_cmd_count;
--
2.25.1
2
1
Jinjie Ruan (1):
irqchip/gic-v3: Fix hard LOCKUP caused by NMI being masked
Lorenzo Pieralisi (1):
irqchip/gic-v3: Implement FEAT_GICv3_NMI support
Mark Brown (11):
arm64/booting: Document boot requirements for FEAT_NMI
arm64/sysreg: Add definitions for immediate versions of MSR ALLINT
arm64/asm: Introduce assembly macros for managing ALLINT
arm64/hyp-stub: Enable access to ALLINT
arm64/cpufeature: Detect PE support for FEAT_NMI
KVM: arm64: Hide FEAT_NMI from guests
arm64/nmi: Manage masking for superpriority interrupts along with DAIF
arm64/entry: Don't call preempt_schedule_irq() with NMIs masked
arm64/irq: Document handling of FEAT_NMI in irqflags.h
arm64/nmi: Add handling of superpriority interrupts as NMIs
arm64/nmi: Add Kconfig for NMI
Documentation/arm64/booting.rst | 6 ++
arch/arm64/Kconfig | 13 +++
arch/arm64/include/asm/assembler.h | 18 +++++
arch/arm64/include/asm/cpucaps.h | 2 +
arch/arm64/include/asm/cpufeature.h | 8 ++
arch/arm64/include/asm/daifflags.h | 20 +++++
arch/arm64/include/asm/irqflags.h | 10 +++
arch/arm64/include/asm/ptrace.h | 5 +-
arch/arm64/include/asm/sysreg.h | 26 ++++++
arch/arm64/include/uapi/asm/ptrace.h | 1 +
arch/arm64/kernel/cpufeature.c | 64 ++++++++++++++-
arch/arm64/kernel/head.S | 13 +++
arch/arm64/kernel/process.c | 9 +++
arch/arm64/kvm/hyp/switch.c | 7 ++
arch/arm64/kvm/sys_regs.c | 2 +
drivers/irqchip/irq-gic-v3.c | 116 ++++++++++++++++++++++++---
include/linux/irqchip/arm-gic-v3.h | 4 +
17 files changed, 310 insertions(+), 14 deletions(-)
--
2.25.1
1
13
v3:
- Rebase OLK-5.10
- Add a bugfix for atomic sleep
Zhang Qiao (8):
sched: topology: Build soft domain for LLC
sched: Attach task group to soft domain
sched: fair: Select idle cpu in soft domain
sched: fair: Disable numa migrate for soft domian task
sched: Add cmdline sched_soft_domain switch for soft domain feature
config: Configurate CONFIG_SCHED_SOFT_DOMAIN
sched: Balance newly task to soft domain
sched: Fix might sleep in atomic section issue
arch/arm64/configs/openeuler_defconfig | 1 +
arch/x86/configs/openeuler_defconfig | 1 +
include/linux/sched/topology.h | 21 +
init/Kconfig | 12 +
kernel/sched/Makefile | 1 +
kernel/sched/core.c | 85 +++++
kernel/sched/fair.c | 156 +++++++-
kernel/sched/features.h | 4 +
kernel/sched/sched.h | 43 +++
kernel/sched/soft_domain.c | 505 +++++++++++++++++++++++++
10 files changed, 827 insertions(+), 2 deletions(-)
create mode 100644 kernel/sched/soft_domain.c
--
2.18.0.huawei.25
2
9