mailweb.openeuler.org
Manage this list

Keyboard Shortcuts

Thread View

  • j: Next unread message
  • k: Previous unread message
  • j a: Jump to all threads
  • j l: Jump to MailingList overview

Kernel

Threads by month
  • ----- 2025 -----
  • July
  • June
  • May
  • April
  • March
  • February
  • January
  • ----- 2024 -----
  • December
  • November
  • October
  • September
  • August
  • July
  • June
  • May
  • April
  • March
  • February
  • January
  • ----- 2023 -----
  • December
  • November
  • October
  • September
  • August
  • July
  • June
  • May
  • April
  • March
  • February
  • January
  • ----- 2022 -----
  • December
  • November
  • October
  • September
  • August
  • July
  • June
  • May
  • April
  • March
  • February
  • January
  • ----- 2021 -----
  • December
  • November
  • October
  • September
  • August
  • July
  • June
  • May
  • April
  • March
  • February
  • January
  • ----- 2020 -----
  • December
  • November
  • October
  • September
  • August
  • July
  • June
  • May
  • April
  • March
  • February
  • January
  • ----- 2019 -----
  • December
kernel@openeuler.org

  • 59 participants
  • 19359 discussions
[PATCH OLK-5.10] powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
by Jinjie Ruan 01 Aug '24

01 Aug '24
From: Mahesh Salgaonkar <mahesh(a)linux.ibm.com> stable inclusion from stable-v6.6.39 commit 0f37946c62c48a907625348cbc720a7a0c547d1e category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGPSI CVE: CVE-2024-42126 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 0db880fc865ffb522141ced4bfa66c12ab1fbb70 ] nmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling (e.g. early HMI/MCE interrupt handler) if percpu allocation comes from vmalloc area. Early HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI() wrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when percpu allocation is from the embedded first chunk. However with CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu allocation can come from the vmalloc area. With kernel command line "percpu_alloc=page" we can force percpu allocation to come from vmalloc area and can see kernel crash in machine_check_early: [ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110 [ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0 [ 1.215719] --- interrupt: 200 [ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable) [ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0 [ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8 Fix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu first chunk is not embedded. Reviewed-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> Tested-by: Shirisha Ganta <shirisha(a)linux.ibm.com> Signed-off-by: Mahesh Salgaonkar <mahesh(a)linux.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240410043006.81577-1-mahesh@linux.ibm.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: arch/powerpc/kernel/setup_64.c arch/powerpc/include/asm/interrupt.h [Because machine_check_early() has been refactored] Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> --- arch/powerpc/include/asm/percpu.h | 10 ++++++++++ arch/powerpc/kernel/mce.c | 14 +++++++++++--- arch/powerpc/kernel/setup_64.c | 2 ++ 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/include/asm/percpu.h b/arch/powerpc/include/asm/percpu.h index 8e5b7d0b851c..634970ce13c6 100644 --- a/arch/powerpc/include/asm/percpu.h +++ b/arch/powerpc/include/asm/percpu.h @@ -15,6 +15,16 @@ #endif /* CONFIG_SMP */ #endif /* __powerpc64__ */ +#if defined(CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK) && defined(CONFIG_SMP) +#include <linux/jump_label.h> +DECLARE_STATIC_KEY_FALSE(__percpu_first_chunk_is_paged); + +#define percpu_first_chunk_is_paged \ + (static_key_enabled(&__percpu_first_chunk_is_paged.key)) +#else +#define percpu_first_chunk_is_paged false +#endif /* CONFIG_PPC64 && CONFIG_SMP */ + #include <asm-generic/percpu.h> #include <asm/paca.h> diff --git a/arch/powerpc/kernel/mce.c b/arch/powerpc/kernel/mce.c index 63702c0badb9..b652105fc4c8 100644 --- a/arch/powerpc/kernel/mce.c +++ b/arch/powerpc/kernel/mce.c @@ -594,8 +594,15 @@ long notrace machine_check_early(struct pt_regs *regs) u8 ftrace_enabled = this_cpu_get_ftrace_enabled(); this_cpu_set_ftrace_enabled(0); - /* Do not use nmi_enter/exit for pseries hpte guest */ - if (radix_enabled() || !firmware_has_feature(FW_FEATURE_LPAR)) + /* + * Do not use nmi_enter/exit for pseries hpte guest. + * + * Likewise, do not use it in real mode if percpu first chunk is not + * embedded. With CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there + * are chances where percpu allocation can come from vmalloc area. + */ + if ((radix_enabled() || !firmware_has_feature(FW_FEATURE_LPAR)) && + !percpu_first_chunk_is_paged) nmi_enter(); hv_nmi_check_nonrecoverable(regs); @@ -606,7 +613,8 @@ long notrace machine_check_early(struct pt_regs *regs) if (ppc_md.machine_check_early) handled = ppc_md.machine_check_early(regs); - if (radix_enabled() || !firmware_has_feature(FW_FEATURE_LPAR)) + if ((radix_enabled() || !firmware_has_feature(FW_FEATURE_LPAR)) && + !percpu_first_chunk_is_paged) nmi_exit(); this_cpu_set_ftrace_enabled(ftrace_enabled); diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index cc285e0b9722..4875e84eb975 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -827,6 +827,7 @@ static int pcpu_cpu_distance(unsigned int from, unsigned int to) unsigned long __per_cpu_offset[NR_CPUS] __read_mostly; EXPORT_SYMBOL(__per_cpu_offset); +DEFINE_STATIC_KEY_FALSE(__percpu_first_chunk_is_paged); static void __init pcpu_populate_pte(unsigned long addr) { @@ -906,6 +907,7 @@ void __init setup_per_cpu_areas(void) if (rc < 0) panic("cannot initialize percpu area (err=%d)", rc); + static_key_enable(&__percpu_first_chunk_is_paged.key); delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start; for_each_possible_cpu(cpu) { __per_cpu_offset[cpu] = delta + pcpu_unit_offsets[cpu]; -- 2.34.1
2 1
0 0
[PATCH OLK-6.6] usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
by heyujie 01 Aug '24

01 Aug '24
From: Meng Li <Meng.Li(a)windriver.com> mainline inclusion from mainline-v6.10-rc6 commit 7838de15bb700c2898a7d741db9b1f3cbc86c136 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGEOX CVE: CVE-2024-42085 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- When config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system to enter suspend status with below command: echo mem > /sys/power/state There will be a deadlock issue occurring. Detailed invoking path as below: dwc3_suspend_common() spin_lock_irqsave(&dwc->lock, flags); <-- 1st dwc3_gadget_suspend(dwc); dwc3_gadget_soft_disconnect(dwc); spin_lock_irqsave(&dwc->lock, flags); <-- 2nd This issue is exposed by commit c7ebd8149ee5 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend") that removes the code of checking whether dwc->gadget_driver is NULL or not. It causes the following code is executed and deadlock occurs when trying to get the spinlock. In fact, the root cause is the commit 5265397f9442("usb: dwc3: Remove DWC3 locking during gadget suspend/resume") that forgot to remove the lock of otg mode. So, remove the redundant lock of otg mode during gadget suspend/resume. Fixes: 5265397f9442 ("usb: dwc3: Remove DWC3 locking during gadget suspend/resume") Cc: Xu Yang <xu.yang_2(a)nxp.com> Cc: stable(a)vger.kernel.org Signed-off-by: Meng Li <Meng.Li(a)windriver.com> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Link: https://lore.kernel.org/r/20240618031918.2585799-1-Meng.Li@windriver.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: He Yujie <coka.heyujie(a)huawei.com> --- drivers/usb/dwc3/core.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 1f66578c671e..1a2303663179 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2044,7 +2044,6 @@ static int dwc3_core_init_for_resume(struct dwc3 *dwc) static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) { - unsigned long flags; u32 reg; switch (dwc->current_dr_role) { @@ -2082,9 +2081,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - spin_lock_irqsave(&dwc->lock, flags); dwc3_gadget_suspend(dwc); - spin_unlock_irqrestore(&dwc->lock, flags); synchronize_irq(dwc->irq_gadget); } @@ -2101,7 +2098,6 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) { - unsigned long flags; int ret; u32 reg; @@ -2150,9 +2146,7 @@ static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) if (dwc->current_otg_role == DWC3_OTG_ROLE_HOST) { dwc3_otg_host_init(dwc); } else if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - spin_lock_irqsave(&dwc->lock, flags); dwc3_gadget_resume(dwc); - spin_unlock_irqrestore(&dwc->lock, flags); } break; -- 2.34.1
2 1
0 0
[PATCH OLK-6.6] powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
by Jinjie Ruan 01 Aug '24

01 Aug '24
From: Mahesh Salgaonkar <mahesh(a)linux.ibm.com> stable inclusion from stable-v6.6.39 commit 0f37946c62c48a907625348cbc720a7a0c547d1e category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGPSI CVE: CVE-2024-42126 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 0db880fc865ffb522141ced4bfa66c12ab1fbb70 ] nmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling (e.g. early HMI/MCE interrupt handler) if percpu allocation comes from vmalloc area. Early HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI() wrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when percpu allocation is from the embedded first chunk. However with CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu allocation can come from the vmalloc area. With kernel command line "percpu_alloc=page" we can force percpu allocation to come from vmalloc area and can see kernel crash in machine_check_early: [ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110 [ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0 [ 1.215719] --- interrupt: 200 [ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable) [ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0 [ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8 Fix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu first chunk is not embedded. Reviewed-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> Tested-by: Shirisha Ganta <shirisha(a)linux.ibm.com> Signed-off-by: Mahesh Salgaonkar <mahesh(a)linux.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240410043006.81577-1-mahesh@linux.ibm.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> --- arch/powerpc/include/asm/interrupt.h | 10 ++++++++++ arch/powerpc/include/asm/percpu.h | 10 ++++++++++ arch/powerpc/kernel/setup_64.c | 2 ++ 3 files changed, 22 insertions(+) diff --git a/arch/powerpc/include/asm/interrupt.h b/arch/powerpc/include/asm/interrupt.h index a4196ab1d016..5f9d61b2159c 100644 --- a/arch/powerpc/include/asm/interrupt.h +++ b/arch/powerpc/include/asm/interrupt.h @@ -336,6 +336,14 @@ static inline void interrupt_nmi_enter_prepare(struct pt_regs *regs, struct inte if (IS_ENABLED(CONFIG_KASAN)) return; + /* + * Likewise, do not use it in real mode if percpu first chunk is not + * embedded. With CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there + * are chances where percpu allocation can come from vmalloc area. + */ + if (percpu_first_chunk_is_paged) + return; + /* Otherwise, it should be safe to call it */ nmi_enter(); } @@ -351,6 +359,8 @@ static inline void interrupt_nmi_exit_prepare(struct pt_regs *regs, struct inter // no nmi_exit for a pseries hash guest taking a real mode exception } else if (IS_ENABLED(CONFIG_KASAN)) { // no nmi_exit for KASAN in real mode + } else if (percpu_first_chunk_is_paged) { + // no nmi_exit if percpu first chunk is not embedded } else { nmi_exit(); } diff --git a/arch/powerpc/include/asm/percpu.h b/arch/powerpc/include/asm/percpu.h index 8e5b7d0b851c..634970ce13c6 100644 --- a/arch/powerpc/include/asm/percpu.h +++ b/arch/powerpc/include/asm/percpu.h @@ -15,6 +15,16 @@ #endif /* CONFIG_SMP */ #endif /* __powerpc64__ */ +#if defined(CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK) && defined(CONFIG_SMP) +#include <linux/jump_label.h> +DECLARE_STATIC_KEY_FALSE(__percpu_first_chunk_is_paged); + +#define percpu_first_chunk_is_paged \ + (static_key_enabled(&__percpu_first_chunk_is_paged.key)) +#else +#define percpu_first_chunk_is_paged false +#endif /* CONFIG_PPC64 && CONFIG_SMP */ + #include <asm-generic/percpu.h> #include <asm/paca.h> diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index 15ece83ab7ac..6231a42eb0a0 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -837,6 +837,7 @@ static __init int pcpu_cpu_to_node(int cpu) unsigned long __per_cpu_offset[NR_CPUS] __read_mostly; EXPORT_SYMBOL(__per_cpu_offset); +DEFINE_STATIC_KEY_FALSE(__percpu_first_chunk_is_paged); void __init setup_per_cpu_areas(void) { @@ -879,6 +880,7 @@ void __init setup_per_cpu_areas(void) if (rc < 0) panic("cannot initialize percpu area (err=%d)", rc); + static_key_enable(&__percpu_first_chunk_is_paged.key); delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start; for_each_possible_cpu(cpu) { __per_cpu_offset[cpu] = delta + pcpu_unit_offsets[cpu]; -- 2.34.1
2 1
0 0
[PATCH OLK-5.10 v2 0/5] xfs: fix tail alignment for forcealign
by Long Li 01 Aug '24

01 Aug '24
This patch set fix maxlen fallback to availble len, it cause tail is no alignment. Dave Chinner (3): xfs: only allow minlen allocations when near ENOSPC xfs: always tail align maxlen allocations xfs: align args->minlen for forced allocation alignment John Garry (1): xfs: Don't revert allocated offset for forcealign Long Li (1): xfs: set minlen to align for forcealign fs/xfs/libxfs/xfs_alloc.c | 31 ++++++++++++++++++----------- fs/xfs/libxfs/xfs_bmap.c | 42 +++++++++++++++++++++++++++++---------- 2 files changed, 50 insertions(+), 23 deletions(-) -- 2.39.2
2 6
0 0
[PATCH openEuler-1.0-LTS] ASoC: fsl-asoc-card: set priv->pdev before using it
by Ye Bin 01 Aug '24

01 Aug '24
From: Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> mainline inclusion from mainline-v6.10-rc6 commit 90f3feb24172185f1832636264943e8b5e289245 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAGEP3 CVE: CVE-2024-42089 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… ------------------------------------------- priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations. Fixes: 708b4351f08c ("ASoC: fsl: Add Freescale Generic ASoC Sound Card with ASRC support") Signed-off-by: Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> Link: https://patch.msgid.link/20240620132511.4291-2-elinor.montmasson@savoirfair… Signed-off-by: Mark Brown <broonie(a)kernel.org> Conflicts: sound/soc/fsl/fsl-asoc-card.c [resolved context change] Signed-off-by: Ye Bin <yebin10(a)huawei.com> --- sound/soc/fsl/fsl-asoc-card.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/fsl/fsl-asoc-card.c b/sound/soc/fsl/fsl-asoc-card.c index 600d9be9706e..b2929c31c001 100644 --- a/sound/soc/fsl/fsl-asoc-card.c +++ b/sound/soc/fsl/fsl-asoc-card.c @@ -479,6 +479,8 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) if (!priv) return -ENOMEM; + priv->pdev = pdev; + cpu_np = of_parse_phandle(np, "audio-cpu", 0); /* Give a chance to old DT binding */ if (!cpu_np) @@ -591,7 +593,6 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) codec_dev->name); /* Initialize sound card */ - priv->pdev = pdev; priv->card.dev = &pdev->dev; priv->card.name = priv->name; priv->card.dai_link = priv->dai_link; -- 2.31.1
2 1
0 0
[PATCH openEuler-22.03-LTS-SP1] ASoC: fsl-asoc-card: set priv->pdev before using it
by Ye Bin 01 Aug '24

01 Aug '24
From: Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> mainline inclusion from mainline-v6.10-rc6 commit 90f3feb24172185f1832636264943e8b5e289245 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAGEP3 CVE: CVE-2024-42089 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… ------------------------------------------- priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations. Fixes: 708b4351f08c ("ASoC: fsl: Add Freescale Generic ASoC Sound Card with ASRC support") Signed-off-by: Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> Link: https://patch.msgid.link/20240620132511.4291-2-elinor.montmasson@savoirfair… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Ye Bin <yebin10(a)huawei.com> --- sound/soc/fsl/fsl-asoc-card.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/fsl/fsl-asoc-card.c b/sound/soc/fsl/fsl-asoc-card.c index 7cd14d6b9436..8ae55c4c3589 100644 --- a/sound/soc/fsl/fsl-asoc-card.c +++ b/sound/soc/fsl/fsl-asoc-card.c @@ -538,6 +538,8 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) if (!priv) return -ENOMEM; + priv->pdev = pdev; + cpu_np = of_parse_phandle(np, "audio-cpu", 0); /* Give a chance to old DT binding */ if (!cpu_np) @@ -718,7 +720,6 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) } /* Initialize sound card */ - priv->pdev = pdev; priv->card.dev = &pdev->dev; priv->card.owner = THIS_MODULE; ret = snd_soc_of_parse_card_name(&priv->card, "model"); -- 2.31.1
2 1
0 0
[PATCH OLK-5.10] ASoC: fsl-asoc-card: set priv->pdev before using it
by Ye Bin 01 Aug '24

01 Aug '24
From: Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> mainline inclusion from mainline-v6.10-rc6 commit 90f3feb24172185f1832636264943e8b5e289245 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAGEP3 CVE: CVE-2024-42089 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… ------------------------------------------- priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations. Fixes: 708b4351f08c ("ASoC: fsl: Add Freescale Generic ASoC Sound Card with ASRC support") Signed-off-by: Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> Link: https://patch.msgid.link/20240620132511.4291-2-elinor.montmasson@savoirfair… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Ye Bin <yebin10(a)huawei.com> --- sound/soc/fsl/fsl-asoc-card.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/fsl/fsl-asoc-card.c b/sound/soc/fsl/fsl-asoc-card.c index 9a756d0a6032..c876f111d8b0 100644 --- a/sound/soc/fsl/fsl-asoc-card.c +++ b/sound/soc/fsl/fsl-asoc-card.c @@ -538,6 +538,8 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) if (!priv) return -ENOMEM; + priv->pdev = pdev; + cpu_np = of_parse_phandle(np, "audio-cpu", 0); /* Give a chance to old DT binding */ if (!cpu_np) @@ -718,7 +720,6 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) } /* Initialize sound card */ - priv->pdev = pdev; priv->card.dev = &pdev->dev; priv->card.owner = THIS_MODULE; ret = snd_soc_of_parse_card_name(&priv->card, "model"); -- 2.31.1
2 1
0 0
[openeuler:openEuler-1.0-LTS 7838/23397] mm/slab_common.o: warning: objtool: kmem_cache_create_usercopy()+0x227: unreachable instruction
by kernel test robot 01 Aug '24

01 Aug '24
tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: 5addb4b853f44eada72e0ed14b75d3d37e94bd8c commit: d4bdc26bcd632cee393b5171345d5fa6293fe42b [7838/23397] include/asm-generic/bug.h: fix "cut here" for WARN_ON for __WARN_TAINT architectures config: x86_64-randconfig-161-20240801 (https://download.01.org/0day-ci/archive/20240801/202408010934.bNS6iMjG-lkp@…) compiler: clang version 18.1.5 (https://github.com/llvm/llvm-project 617a15a9eac96088ae5e9134248d8236e34b91b1) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240801/202408010934.bNS6iMjG-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202408010934.bNS6iMjG-lkp@intel.com/ All warnings (new ones prefixed by >>): >> mm/slab_common.o: warning: objtool: kmem_cache_create_usercopy()+0x227: unreachable instruction objdump-func vmlinux.o kmem_cache_create_usercopy: 0000 00000000004525fd <kmem_cache_create_usercopy>: 0000 4525fd: 55 push %rbp 0001 4525fe: 48 89 e5 mov %rsp,%rbp 0004 452601: 41 57 push %r15 0006 452603: 41 56 push %r14 0008 452605: 41 55 push %r13 000a 452607: 41 54 push %r12 000c 452609: 53 push %rbx 000d 45260a: 48 83 ec 20 sub $0x20,%rsp 0011 45260e: 41 89 f7 mov %esi,%r15d 0014 452611: 48 89 7d c8 mov %rdi,-0x38(%rbp) 0018 452615: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 452618: R_X86_64_32S slab_mutex 001f 45261c: 31 f6 xor %esi,%esi 0021 45261e: 44 89 cb mov %r9d,%ebx 0024 452621: 45 89 c4 mov %r8d,%r12d 0027 452624: 41 89 cd mov %ecx,%r13d 002a 452627: 41 89 d6 mov %edx,%r14d 002d 45262a: e8 00 00 00 00 call 45262f <kmem_cache_create_usercopy+0x32> 45262b: R_X86_64_PLT32 mutex_lock_nested-0x4 0032 45262f: 41 f7 c5 ff 12 40 ff test $0xff4012ff,%r13d 0039 452636: 0f 85 7c 01 00 00 jne 4527b8 <kmem_cache_create_usercopy+0x1bb> 003f 45263c: 4c 8b 45 10 mov 0x10(%rbp),%r8 0043 452640: 44 89 e9 mov %r13d,%ecx 0046 452643: 81 e1 00 ed af 00 and $0xafed00,%ecx 004c 452649: 45 85 e4 test %r12d,%r12d 004f 45264c: 74 08 je 452656 <kmem_cache_create_usercopy+0x59> 0051 45264e: 85 db test %ebx,%ebx 0053 452650: 0f 84 a8 01 00 00 je 4527fe <kmem_cache_create_usercopy+0x201> 0059 452656: 44 89 f8 mov %r15d,%eax 005c 452659: 29 d8 sub %ebx,%eax 005e 45265b: 0f 82 b3 01 00 00 jb 452814 <kmem_cache_create_usercopy+0x217> 0064 452661: 44 39 e0 cmp %r12d,%eax 0067 452664: 0f 82 aa 01 00 00 jb 452814 <kmem_cache_create_usercopy+0x217> 006d 45266a: 4c 89 65 c0 mov %r12,-0x40(%rbp) 0071 45266e: 4c 8b 65 c8 mov -0x38(%rbp),%r12 0075 452672: 85 db test %ebx,%ebx 0077 452674: 0f 84 ba 01 00 00 je 452834 <kmem_cache_create_usercopy+0x237> 007d 45267a: 4c 89 e7 mov %r12,%rdi 0080 45267d: be c0 00 60 00 mov $0x6000c0,%esi 0085 452682: 89 4d d4 mov %ecx,-0x2c(%rbp) 0088 452685: e8 00 00 00 00 call 45268a <kmem_cache_create_usercopy+0x8d> 452686: R_X86_64_PLT32 kstrdup_const-0x4 008d 45268a: 48 85 c0 test %rax,%rax 0090 45268d: 48 89 45 b8 mov %rax,-0x48(%rbp) 0094 452691: 0f 84 2d 01 00 00 je 4527c4 <kmem_cache_create_usercopy+0x1c7> 009a 452697: 41 0f ba e5 0d bt $0xd,%r13d 009f 45269c: 72 06 jb 4526a4 <kmem_cache_create_usercopy+0xa7> 00a1 45269e: 48 8b 55 c0 mov -0x40(%rbp),%rdx 00a5 4526a2: eb 1a jmp 4526be <kmem_cache_create_usercopy+0xc1> 00a7 4526a4: 8b 0d 00 00 00 00 mov 0x0(%rip),%ecx # 4526aa <kmem_cache_create_usercopy+0xad> 4526a6: R_X86_64_PC32 boot_cpu_data+0xb4 00ad 4526aa: 48 8b 55 c0 mov -0x40(%rbp),%rdx 00b1 4526ae: 89 c8 mov %ecx,%eax 00b3 4526b0: d1 e9 shr %ecx 00b5 4526b2: 44 39 f9 cmp %r15d,%ecx 00b8 4526b5: 73 f7 jae 4526ae <kmem_cache_create_usercopy+0xb1> 00ba 4526b7: 44 39 f0 cmp %r14d,%eax 00bd 4526ba: 44 0f 47 f0 cmova %eax,%r14d 00c1 4526be: 41 83 fe 09 cmp $0x9,%r14d 00c5 4526c2: 41 bd 08 00 00 00 mov $0x8,%r13d 00cb 4526c8: 8d 04 1a lea (%rdx,%rbx,1),%eax 00ce 4526cb: 45 0f 43 ee cmovae %r14d,%r13d 00d2 4526cf: 44 39 f8 cmp %r15d,%eax 00d5 4526d2: 0f 87 a3 01 00 00 ja 45287b <kmem_cache_create_usercopy+0x27e> 00db 4526d8: 48 8b 3d 00 00 00 00 mov 0x0(%rip),%rdi # 4526df <kmem_cache_create_usercopy+0xe2> 4526db: R_X86_64_PC32 kmem_cache-0x4 00e2 4526df: be c0 80 60 00 mov $0x6080c0,%esi 00e7 4526e4: 49 89 d6 mov %rdx,%r14 00ea 4526e7: e8 00 00 00 00 call 4526ec <kmem_cache_create_usercopy+0xef> 4526e8: R_X86_64_PLT32 kmem_cache_alloc-0x4 00ef 4526ec: 48 85 c0 test %rax,%rax 00f2 4526ef: 74 61 je 452752 <kmem_cache_create_usercopy+0x155> 00f4 4526f1: 49 89 c4 mov %rax,%r12 00f7 4526f4: 48 8b 4d b8 mov -0x48(%rbp),%rcx 00fb 4526f8: 48 8b 45 10 mov 0x10(%rbp),%rax 00ff 4526fc: 8b 75 d4 mov -0x2c(%rbp),%esi 0102 4526ff: 41 83 c5 07 add $0x7,%r13d 0106 452703: 4c 89 e7 mov %r12,%rdi 0109 452706: 41 83 e5 f8 and $0xfffffff8,%r13d 010d 45270a: 49 89 4c 24 50 mov %rcx,0x50(%r12) 0112 45270f: 45 89 7c 24 1c mov %r15d,0x1c(%r12) 0117 452714: 45 89 7c 24 18 mov %r15d,0x18(%r12) 011c 452719: 45 89 6c 24 44 mov %r13d,0x44(%r12) 0121 45271e: 49 89 44 24 38 mov %rax,0x38(%r12) 0126 452723: 45 89 b4 24 50 01 00 00 mov %r14d,0x150(%r12) 012e 45272b: 41 89 9c 24 54 01 00 00 mov %ebx,0x154(%r12) 0136 452733: e8 00 00 00 00 call 452738 <kmem_cache_create_usercopy+0x13b> 452734: R_X86_64_PLT32 __kmem_cache_create-0x4 013b 452738: 85 c0 test %eax,%eax 013d 45273a: 74 1f je 45275b <kmem_cache_create_usercopy+0x15e> 013f 45273c: 48 8b 3d 00 00 00 00 mov 0x0(%rip),%rdi # 452743 <kmem_cache_create_usercopy+0x146> 45273f: R_X86_64_PC32 kmem_cache-0x4 0146 452743: 4c 89 e6 mov %r12,%rsi 0149 452746: 89 c3 mov %eax,%ebx 014b 452748: e8 00 00 00 00 call 45274d <kmem_cache_create_usercopy+0x150> 452749: R_X86_64_PLT32 kmem_cache_free-0x4 0150 45274d: 4c 63 e3 movslq %ebx,%r12 0153 452750: eb 39 jmp 45278b <kmem_cache_create_usercopy+0x18e> 0155 452752: 49 c7 c4 f4 ff ff ff mov $0xfffffffffffffff4,%r12 015c 452759: eb 30 jmp 45278b <kmem_cache_create_usercopy+0x18e> 015e 45275b: 48 8b 0d 00 00 00 00 mov 0x0(%rip),%rcx # 452762 <kmem_cache_create_usercopy+0x165> 45275e: R_X86_64_PC32 slab_caches-0x4 0165 452762: 4c 89 e0 mov %r12,%rax 0168 452765: 41 c7 44 24 34 01 00 00 00 movl $0x1,0x34(%r12) 0171 45276e: 48 83 c0 58 add $0x58,%rax 0175 452772: 48 89 41 08 mov %rax,0x8(%rcx) 0179 452776: 49 89 4c 24 58 mov %rcx,0x58(%r12) 017e 45277b: 49 c7 44 24 60 00 00 00 00 movq $0x0,0x60(%r12) 452780: R_X86_64_32S slab_caches 0187 452784: 48 89 05 00 00 00 00 mov %rax,0x0(%rip) # 45278b <kmem_cache_create_usercopy+0x18e> 452787: R_X86_64_PC32 slab_caches-0x4 018e 45278b: 49 81 fc 00 f0 ff ff cmp $0xfffffffffffff000,%r12 0195 452792: 0f 86 b7 00 00 00 jbe 45284f <kmem_cache_create_usercopy+0x252> 019b 452798: 48 8b 7d b8 mov -0x48(%rbp),%rdi 019f 45279c: e8 00 00 00 00 call 4527a1 <kmem_cache_create_usercopy+0x1a4> 45279d: R_X86_64_PLT32 kfree_const-0x4 01a4 4527a1: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 4527a4: R_X86_64_32S slab_mutex 01ab 4527a8: e8 00 00 00 00 call 4527ad <kmem_cache_create_usercopy+0x1b0> 4527a9: R_X86_64_PLT32 mutex_unlock-0x4 01b0 4527ad: 45 85 e4 test %r12d,%r12d 01b3 4527b0: 0f 84 a5 00 00 00 je 45285b <kmem_cache_create_usercopy+0x25e> 01b9 4527b6: eb 1e jmp 4527d6 <kmem_cache_create_usercopy+0x1d9> 01bb 4527b8: 41 bc ea ff ff ff mov $0xffffffea,%r12d 01c1 4527be: 44 89 6d d4 mov %r13d,-0x2c(%rbp) 01c5 4527c2: eb 06 jmp 4527ca <kmem_cache_create_usercopy+0x1cd> 01c7 4527c4: 41 bc f4 ff ff ff mov $0xfffffff4,%r12d 01cd 4527ca: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 4527cd: R_X86_64_32S slab_mutex 01d4 4527d1: e8 00 00 00 00 call 4527d6 <kmem_cache_create_usercopy+0x1d9> 4527d2: R_X86_64_PLT32 mutex_unlock-0x4 01d9 4527d6: 0f ba 65 d4 12 btl $0x12,-0x2c(%rbp) 01de 4527db: 0f 82 b1 00 00 00 jb 452892 <kmem_cache_create_usercopy+0x295> 01e4 4527e1: 48 8b 75 c8 mov -0x38(%rbp),%rsi 01e8 4527e5: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 4527e8: R_X86_64_32S .rodata.str1.1+0x769ae 01ef 4527ec: 44 89 e2 mov %r12d,%edx 01f2 4527ef: e8 00 00 00 00 call 4527f4 <kmem_cache_create_usercopy+0x1f7> 4527f0: R_X86_64_PLT32 printk-0x4 01f7 4527f4: e8 00 00 00 00 call 4527f9 <kmem_cache_create_usercopy+0x1fc> 4527f5: R_X86_64_PLT32 dump_stack-0x4 01fc 4527f9: 45 31 e4 xor %r12d,%r12d 01ff 4527fc: eb 5d jmp 45285b <kmem_cache_create_usercopy+0x25e> 0201 4527fe: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 452801: R_X86_64_32S .rodata.str1.1+0x5f98e 0208 452805: 89 cb mov %ecx,%ebx 020a 452807: e8 00 00 00 00 call 45280c <kmem_cache_create_usercopy+0x20f> 452808: R_X86_64_PLT32 printk-0x4 020f 45280c: 4c 8b 45 10 mov 0x10(%rbp),%r8 0213 452810: 0f 0b ud2 0215 452812: eb 14 jmp 452828 <kmem_cache_create_usercopy+0x22b> 0217 452814: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 452817: R_X86_64_32S .rodata.str1.1+0x5f98e 021e 45281b: 89 cb mov %ecx,%ebx 0220 45281d: e8 00 00 00 00 call 452822 <kmem_cache_create_usercopy+0x225> 45281e: R_X86_64_PLT32 printk-0x4 0225 452822: 0f 0b ud2 0227 452824: 4c 8b 45 10 mov 0x10(%rbp),%r8 022b 452828: 89 d9 mov %ebx,%ecx 022d 45282a: 4c 8b 65 c8 mov -0x38(%rbp),%r12 0231 45282e: 31 c0 xor %eax,%eax 0233 452830: 48 89 45 c0 mov %rax,-0x40(%rbp) 0237 452834: 4c 89 e7 mov %r12,%rdi 023a 452837: 44 89 fe mov %r15d,%esi 023d 45283a: 44 89 f2 mov %r14d,%edx 0240 45283d: 89 cb mov %ecx,%ebx 0242 45283f: e8 00 00 00 00 call 452844 <kmem_cache_create_usercopy+0x247> 452840: R_X86_64_PLT32 __kmem_cache_alias-0x4 0247 452844: 4c 89 e1 mov %r12,%rcx 024a 452847: 49 89 c4 mov %rax,%r12 024d 45284a: 48 85 c0 test %rax,%rax 0250 45284d: 74 1e je 45286d <kmem_cache_create_usercopy+0x270> 0252 45284f: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 452852: R_X86_64_32S slab_mutex 0259 452856: e8 00 00 00 00 call 45285b <kmem_cache_create_usercopy+0x25e> 452857: R_X86_64_PLT32 mutex_unlock-0x4 025e 45285b: 4c 89 e0 mov %r12,%rax 0261 45285e: 48 83 c4 20 add $0x20,%rsp 0265 452862: 5b pop %rbx 0266 452863: 41 5c pop %r12 0268 452865: 41 5d pop %r13 026a 452867: 41 5e pop %r14 026c 452869: 41 5f pop %r15 026e 45286b: 5d pop %rbp 026f 45286c: c3 ret 0270 45286d: 89 d8 mov %ebx,%eax 0272 45286f: 49 89 cc mov %rcx,%r12 0275 452872: 31 db xor %ebx,%ebx 0277 452874: 89 c1 mov %eax,%ecx 0279 452876: e9 ff fd ff ff jmp 45267a <kmem_cache_create_usercopy+0x7d> 027e 45287b: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 45287e: R_X86_64_32S .rodata.str1.1+0x5f98e 0285 452882: e8 00 00 00 00 call 452887 <kmem_cache_create_usercopy+0x28a> 452883: R_X86_64_PLT32 printk-0x4 028a 452887: 0f 0b ud2 028c 452889: 31 d2 xor %edx,%edx 028e 45288b: 31 db xor %ebx,%ebx 0290 45288d: e9 46 fe ff ff jmp 4526d8 <kmem_cache_create_usercopy+0xdb> 0295 452892: 48 8b 75 c8 mov -0x38(%rbp),%rsi 0299 452896: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 452899: R_X86_64_32S .rodata.str1.1+0x4a387 02a0 45289d: 44 89 e2 mov %r12d,%edx 02a3 4528a0: e8 00 00 00 00 call 4528a5 <kmem_cache_create_usercopy+0x2a8> 4528a1: R_X86_64_PLT32 panic-0x4 02a8 4528a5: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 4528a8: R_X86_64_32S .data+0x2f61b8 02af 4528ac: e8 00 00 00 00 call 4528b1 <kmem_cache_create> 4528ad: R_X86_64_PLT32 __ubsan_handle_builtin_unreachable-0x4 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
1 0
0 0
[openeuler:OLK-6.6 11017/11695] kernel/sched/isolation.c:134:53: error: 'setup_max_cpus' undeclared
by kernel test robot 01 Aug '24

01 Aug '24
tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: e0427893d95be3be1bb71e10dfb53b6f732e8e42 commit: 54bee36be952f18f6a9e8303822459e89daaa336 [11017/11695] sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU config: x86_64-buildonly-randconfig-004-20240801 (https://download.01.org/0day-ci/archive/20240801/202408010938.bIyKAerg-lkp@…) compiler: gcc-11 (Ubuntu 11.4.0-4ubuntu1) 11.4.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240801/202408010938.bIyKAerg-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202408010938.bIyKAerg-lkp@intel.com/ All errors (new ones prefixed by >>): In file included from kernel/sched/build_utility.c:105: kernel/sched/isolation.c: In function 'housekeeping_setup': >> kernel/sched/isolation.c:134:53: error: 'setup_max_cpus' undeclared (first use in this function) 134 | if (first_cpu >= nr_cpu_ids || first_cpu >= setup_max_cpus) { | ^~~~~~~~~~~~~~ kernel/sched/isolation.c:134:53: note: each undeclared identifier is reported only once for each function it appears in vim +/setup_max_cpus +134 kernel/sched/isolation.c 108 109 static int __init housekeeping_setup(char *str, unsigned long flags) 110 { 111 cpumask_var_t non_housekeeping_mask, housekeeping_staging; 112 unsigned int first_cpu; 113 int err = 0; 114 115 if ((flags & HK_FLAG_TICK) && !(housekeeping.flags & HK_FLAG_TICK)) { 116 if (!IS_ENABLED(CONFIG_NO_HZ_FULL)) { 117 pr_warn("Housekeeping: nohz unsupported." 118 " Build with CONFIG_NO_HZ_FULL\n"); 119 return 0; 120 } 121 } 122 123 alloc_bootmem_cpumask_var(&non_housekeeping_mask); 124 if (cpulist_parse(str, non_housekeeping_mask) < 0) { 125 pr_warn("Housekeeping: nohz_full= or isolcpus= incorrect CPU range\n"); 126 goto free_non_housekeeping_mask; 127 } 128 129 alloc_bootmem_cpumask_var(&housekeeping_staging); 130 cpumask_andnot(housekeeping_staging, 131 cpu_possible_mask, non_housekeeping_mask); 132 133 first_cpu = cpumask_first_and(cpu_present_mask, housekeeping_staging); > 134 if (first_cpu >= nr_cpu_ids || first_cpu >= setup_max_cpus) { 135 __cpumask_set_cpu(smp_processor_id(), housekeeping_staging); 136 __cpumask_clear_cpu(smp_processor_id(), non_housekeeping_mask); 137 if (!housekeeping.flags) { 138 pr_warn("Housekeeping: must include one present CPU, " 139 "using boot CPU:%d\n", smp_processor_id()); 140 } 141 } 142 143 if (cpumask_empty(non_housekeeping_mask)) 144 goto free_housekeeping_staging; 145 146 if (!housekeeping.flags) { 147 /* First setup call ("nohz_full=" or "isolcpus=") */ 148 enum hk_type type; 149 150 for_each_set_bit(type, &flags, HK_TYPE_MAX) 151 housekeeping_setup_type(type, housekeeping_staging); 152 } else { 153 /* Second setup call ("nohz_full=" after "isolcpus=" or the reverse) */ 154 enum hk_type type; 155 unsigned long iter_flags = flags & housekeeping.flags; 156 157 for_each_set_bit(type, &iter_flags, HK_TYPE_MAX) { 158 if (!cpumask_equal(housekeeping_staging, 159 housekeeping.cpumasks[type])) { 160 pr_warn("Housekeeping: nohz_full= must match isolcpus=\n"); 161 goto free_housekeeping_staging; 162 } 163 } 164 165 iter_flags = flags & ~housekeeping.flags; 166 167 for_each_set_bit(type, &iter_flags, HK_TYPE_MAX) 168 housekeeping_setup_type(type, housekeeping_staging); 169 } 170 171 if ((flags & HK_FLAG_TICK) && !(housekeeping.flags & HK_FLAG_TICK)) 172 tick_nohz_full_setup(non_housekeeping_mask); 173 174 housekeeping.flags |= flags; 175 err = 1; 176 177 free_housekeeping_staging: 178 free_bootmem_cpumask_var(housekeeping_staging); 179 free_non_housekeeping_mask: 180 free_bootmem_cpumask_var(non_housekeeping_mask); 181 182 return err; 183 } 184 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
1 0
0 0
[PATCH OLK-6.6] drm/amdgpu: avoid using null object of framebuffer
by Zhang Changzhong 01 Aug '24

01 Aug '24
From: Julia Zhang <julia.zhang(a)amd.com> stable inclusion from stable-v6.6.37 commit 330c8c1453848c04d335bad81371a66710210800 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGEOA CVE: CVE-2024-41093 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit bcfa48ff785bd121316592b131ff6531e3e696bb upstream. Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer. Reported-by: Fusheng Huang <fusheng.huang(a)ecarxgroup.com> Signed-off-by: Julia Zhang <Julia.Zhang(a)amd.com> Reviewed-by: Huang Rui <ray.huang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zhang Changzhong <zhangchangzhong(a)huawei.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c index db6fc0c..f417c33 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c @@ -2,6 +2,7 @@ #include <drm/drm_atomic_helper.h> #include <drm/drm_simple_kms_helper.h> +#include <drm/drm_gem_framebuffer_helper.h> #include <drm/drm_vblank.h> #include "amdgpu.h" @@ -313,7 +314,13 @@ static int amdgpu_vkms_prepare_fb(struct drm_plane *plane, return 0; } afb = to_amdgpu_framebuffer(new_state->fb); - obj = new_state->fb->obj[0]; + + obj = drm_gem_fb_get_obj(new_state->fb, 0); + if (!obj) { + DRM_ERROR("Failed to get obj from framebuffer\n"); + return -EINVAL; + } + rbo = gem_to_amdgpu_bo(obj); adev = amdgpu_ttm_adev(rbo->tbo.bdev); @@ -367,12 +374,19 @@ static void amdgpu_vkms_cleanup_fb(struct drm_plane *plane, struct drm_plane_state *old_state) { struct amdgpu_bo *rbo; + struct drm_gem_object *obj; int r; if (!old_state->fb) return; - rbo = gem_to_amdgpu_bo(old_state->fb->obj[0]); + obj = drm_gem_fb_get_obj(old_state->fb, 0); + if (!obj) { + DRM_ERROR("Failed to get obj from framebuffer\n"); + return; + } + + rbo = gem_to_amdgpu_bo(obj); r = amdgpu_bo_reserve(rbo, false); if (unlikely(r)) { DRM_ERROR("failed to reserve rbo before unpin\n"); -- 2.9.5
2 1
0 0
  • ← Newer
  • 1
  • ...
  • 800
  • 801
  • 802
  • 803
  • 804
  • 805
  • 806
  • ...
  • 1936
  • Older →

HyperKitty Powered by HyperKitty