November 2024 - Kernel - mailweb.openeuler.org

[PATCH openEuler-1.0-LTS] btrfs: reinitialize delayed ref list after deleting it from the list
by Zizhi Wo 22 Nov '24

22 Nov '24

From: Filipe Manana <fdmanana(a)suse.com> stable inclusion from stable-4.19.324 commit 2fd0948a483e9cb2d669c7199bc620a21c97673d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5AVH CVE: CVE-2024-50273 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- commit c9a75ec45f1111ef530ab186c2a7684d0a0c9245 upstream. At insert_delayed_ref() if we need to update the action of an existing ref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head's ref_add_list using list_del(), which leaves the ref's add_list member not reinitialized, as list_del() sets the next and prev members of the list to LIST_POISON1 and LIST_POISON2, respectively. If later we end up calling drop_delayed_ref() against the ref, which can happen during merging or when destroying delayed refs due to a transaction abort, we can trigger a crash since at drop_delayed_ref() we call list_empty() against the ref's add_list, which returns false since the list was not reinitialized after the list_del() and as a consequence we call list_del() again at drop_delayed_ref(). This results in an invalid list access since the next and prev members are set to poison pointers, resulting in a splat if CONFIG_LIST_HARDENED and CONFIG_DEBUG_LIST are set or invalid poison pointer dereferences otherwise. So fix this by deleting from the list with list_del_init() instead. Fixes: 1d57ee941692 ("btrfs: improve delayed refs iterations") CC: stable(a)vger.kernel.org # 4.19+ Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> --- fs/btrfs/delayed-ref.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c index 7e5c81e80e15..a5fab1bc0e88 100644 --- a/fs/btrfs/delayed-ref.c +++ b/fs/btrfs/delayed-ref.c @@ -426,7 +426,7 @@ static int insert_delayed_ref(struct btrfs_trans_handle *trans, &href->ref_add_list); else if (ref->action == BTRFS_DROP_DELAYED_REF) { ASSERT(!list_empty(&exist->add_list)); - list_del(&exist->add_list); + list_del_init(&exist->add_list); } else { ASSERT(0); } -- 2.46.1

2 1

[PATCH openEuler-1.0-LTS] nfs: Fix KMSAN warning in decode_getfattr_attrs()
by Zizhi Wo 22 Nov '24

22 Nov '24

From: Roberto Sassu <roberto.sassu(a)huawei.com> stable inclusion from stable-v4.19.324 commit 25ffd294fef81a7f3cd9528adf21560c04d98747 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5KQQ CVE: CVE-2024-53066 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- commit dc270d7159699ad6d11decadfce9633f0f71c1db upstream. Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) ===================================================== ===================================================== BUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_generic+0x806/0xb00 nfs4_xdr_dec_getattr+0x1de/0x240 rpcauth_unwrap_resp_decode+0xab/0x100 rpcauth_unwrap_resp+0x95/0xc0 call_decode+0x4ff/0xb50 __rpc_execute+0x57b/0x19d0 rpc_execute+0x368/0x5e0 rpc_run_task+0xcfe/0xee0 nfs4_proc_getattr+0x5b5/0x990 __nfs_revalidate_inode+0x477/0xd00 nfs_access_get_cached+0x1021/0x1cc0 nfs_do_access+0x9f/0xae0 nfs_permission+0x1e4/0x8c0 inode_permission+0x356/0x6c0 link_path_walk+0x958/0x1330 path_lookupat+0xce/0x6b0 filename_lookup+0x23e/0x770 vfs_statx+0xe7/0x970 vfs_fstatat+0x1f2/0x2c0 __se_sys_newfstatat+0x67/0x880 __x64_sys_newfstatat+0xbd/0x120 x64_sys_call+0x1826/0x3cf0 do_syscall_64+0xd0/0x1b0 entry_SYSCALL_64_after_hwframe+0x77/0x7f The KMSAN warning is triggered in decode_getfattr_attrs(), when calling decode_attr_mdsthreshold(). It appears that fattr->mdsthreshold is not initialized. Fix the issue by initializing fattr->mdsthreshold to NULL in nfs_fattr_init(). Cc: stable(a)vger.kernel.org # v3.5.x Fixes: 88034c3d88c2 ("NFSv4.1 mdsthreshold attribute xdr") Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Anna Schumaker <anna.schumaker(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> --- fs/nfs/inode.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index 053e78d777f1..9437c2dd4514 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -1484,6 +1484,7 @@ void nfs_fattr_init(struct nfs_fattr *fattr) fattr->gencount = nfs_inc_attr_generation_counter(); fattr->owner_name = NULL; fattr->group_name = NULL; + fattr->mdsthreshold = NULL; } EXPORT_SYMBOL_GPL(nfs_fattr_init); -- 2.46.1

2 1

[PATCH openEuler-22.03-LTS-SP1] nfs: Fix KMSAN warning in decode_getfattr_attrs()
by Zizhi Wo 22 Nov '24

22 Nov '24

From: Roberto Sassu <roberto.sassu(a)huawei.com> stable inclusion from stable-v5.10.230 commit 8fc5ea9231af9122d227c9c13f5e578fca48d2e3 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5KQQ CVE: CVE-2024-53066 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- commit dc270d7159699ad6d11decadfce9633f0f71c1db upstream. Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) ===================================================== ===================================================== BUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_generic+0x806/0xb00 nfs4_xdr_dec_getattr+0x1de/0x240 rpcauth_unwrap_resp_decode+0xab/0x100 rpcauth_unwrap_resp+0x95/0xc0 call_decode+0x4ff/0xb50 __rpc_execute+0x57b/0x19d0 rpc_execute+0x368/0x5e0 rpc_run_task+0xcfe/0xee0 nfs4_proc_getattr+0x5b5/0x990 __nfs_revalidate_inode+0x477/0xd00 nfs_access_get_cached+0x1021/0x1cc0 nfs_do_access+0x9f/0xae0 nfs_permission+0x1e4/0x8c0 inode_permission+0x356/0x6c0 link_path_walk+0x958/0x1330 path_lookupat+0xce/0x6b0 filename_lookup+0x23e/0x770 vfs_statx+0xe7/0x970 vfs_fstatat+0x1f2/0x2c0 __se_sys_newfstatat+0x67/0x880 __x64_sys_newfstatat+0xbd/0x120 x64_sys_call+0x1826/0x3cf0 do_syscall_64+0xd0/0x1b0 entry_SYSCALL_64_after_hwframe+0x77/0x7f The KMSAN warning is triggered in decode_getfattr_attrs(), when calling decode_attr_mdsthreshold(). It appears that fattr->mdsthreshold is not initialized. Fix the issue by initializing fattr->mdsthreshold to NULL in nfs_fattr_init(). Cc: stable(a)vger.kernel.org # v3.5.x Fixes: 88034c3d88c2 ("NFSv4.1 mdsthreshold attribute xdr") Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Anna Schumaker <anna.schumaker(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> --- fs/nfs/inode.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index 0d06ec25e21e..d82eb1b2164f 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -1532,6 +1532,7 @@ void nfs_fattr_init(struct nfs_fattr *fattr) fattr->gencount = nfs_inc_attr_generation_counter(); fattr->owner_name = NULL; fattr->group_name = NULL; + fattr->mdsthreshold = NULL; } EXPORT_SYMBOL_GPL(nfs_fattr_init); -- 2.46.1

2 1

[PATCH OLK-5.10] nfs: Fix KMSAN warning in decode_getfattr_attrs()
by Zizhi Wo 22 Nov '24

22 Nov '24

From: Roberto Sassu <roberto.sassu(a)huawei.com> stable inclusion from stable-v5.10.230 commit 8fc5ea9231af9122d227c9c13f5e578fca48d2e3 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5KQQ CVE: CVE-2024-53066 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- commit dc270d7159699ad6d11decadfce9633f0f71c1db upstream. Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) ===================================================== ===================================================== BUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_generic+0x806/0xb00 nfs4_xdr_dec_getattr+0x1de/0x240 rpcauth_unwrap_resp_decode+0xab/0x100 rpcauth_unwrap_resp+0x95/0xc0 call_decode+0x4ff/0xb50 __rpc_execute+0x57b/0x19d0 rpc_execute+0x368/0x5e0 rpc_run_task+0xcfe/0xee0 nfs4_proc_getattr+0x5b5/0x990 __nfs_revalidate_inode+0x477/0xd00 nfs_access_get_cached+0x1021/0x1cc0 nfs_do_access+0x9f/0xae0 nfs_permission+0x1e4/0x8c0 inode_permission+0x356/0x6c0 link_path_walk+0x958/0x1330 path_lookupat+0xce/0x6b0 filename_lookup+0x23e/0x770 vfs_statx+0xe7/0x970 vfs_fstatat+0x1f2/0x2c0 __se_sys_newfstatat+0x67/0x880 __x64_sys_newfstatat+0xbd/0x120 x64_sys_call+0x1826/0x3cf0 do_syscall_64+0xd0/0x1b0 entry_SYSCALL_64_after_hwframe+0x77/0x7f The KMSAN warning is triggered in decode_getfattr_attrs(), when calling decode_attr_mdsthreshold(). It appears that fattr->mdsthreshold is not initialized. Fix the issue by initializing fattr->mdsthreshold to NULL in nfs_fattr_init(). Cc: stable(a)vger.kernel.org # v3.5.x Fixes: 88034c3d88c2 ("NFSv4.1 mdsthreshold attribute xdr") Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Anna Schumaker <anna.schumaker(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> --- fs/nfs/inode.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index 0d06ec25e21e..d82eb1b2164f 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -1532,6 +1532,7 @@ void nfs_fattr_init(struct nfs_fattr *fattr) fattr->gencount = nfs_inc_attr_generation_counter(); fattr->owner_name = NULL; fattr->group_name = NULL; + fattr->mdsthreshold = NULL; } EXPORT_SYMBOL_GPL(nfs_fattr_init); -- 2.46.1

2 1

[PATCH openEuler-22.03-LTS-SP1] btrfs: reinitialize delayed ref list after deleting it from the list
by Zizhi Wo 22 Nov '24

22 Nov '24

From: Filipe Manana <fdmanana(a)suse.com> stable inclusion from stable-v5.10.230 commit bf0b0c6d159767c0d1c21f793950d78486690ee0 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5AVH CVE: CVE-2024-50273 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- commit c9a75ec45f1111ef530ab186c2a7684d0a0c9245 upstream. At insert_delayed_ref() if we need to update the action of an existing ref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head's ref_add_list using list_del(), which leaves the ref's add_list member not reinitialized, as list_del() sets the next and prev members of the list to LIST_POISON1 and LIST_POISON2, respectively. If later we end up calling drop_delayed_ref() against the ref, which can happen during merging or when destroying delayed refs due to a transaction abort, we can trigger a crash since at drop_delayed_ref() we call list_empty() against the ref's add_list, which returns false since the list was not reinitialized after the list_del() and as a consequence we call list_del() again at drop_delayed_ref(). This results in an invalid list access since the next and prev members are set to poison pointers, resulting in a splat if CONFIG_LIST_HARDENED and CONFIG_DEBUG_LIST are set or invalid poison pointer dereferences otherwise. So fix this by deleting from the list with list_del_init() instead. Fixes: 1d57ee941692 ("btrfs: improve delayed refs iterations") CC: stable(a)vger.kernel.org # 4.19+ Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> --- fs/btrfs/delayed-ref.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c index 30883b9a26d8..e2309bc9e45d 100644 --- a/fs/btrfs/delayed-ref.c +++ b/fs/btrfs/delayed-ref.c @@ -620,7 +620,7 @@ static int insert_delayed_ref(struct btrfs_trans_handle *trans, &href->ref_add_list); else if (ref->action == BTRFS_DROP_DELAYED_REF) { ASSERT(!list_empty(&exist->add_list)); - list_del(&exist->add_list); + list_del_init(&exist->add_list); } else { ASSERT(0); } -- 2.46.1

2 1

[PATCH OLK-5.10] media: s5p-jpeg: prevent buffer overflows
by Zhang Kunbo 22 Nov '24

22 Nov '24

From: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> stable inclusion from stable-v5.10.230 commit f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5KQX CVE: CVE-2024-53061 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 14a22762c3daeac59a5a534e124acbb4d7a79b3a upstream. The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment. Fixes: 6c96dbbc2aa9 ("[media] s5p-jpeg: add support for 5433") Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> Reviewed-by: Jacek Anaszewski <jacek.anaszewski(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zhang Kunbo <zhangkunbo(a)huawei.com> --- drivers/media/platform/s5p-jpeg/jpeg-core.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/media/platform/s5p-jpeg/jpeg-core.c b/drivers/media/platform/s5p-jpeg/jpeg-core.c index d515eb08c3ee..55d0ba45a970 100644 --- a/drivers/media/platform/s5p-jpeg/jpeg-core.c +++ b/drivers/media/platform/s5p-jpeg/jpeg-core.c @@ -775,11 +775,14 @@ static void exynos4_jpeg_parse_decode_h_tbl(struct s5p_jpeg_ctx *ctx) (unsigned long)vb2_plane_vaddr(&vb->vb2_buf, 0) + ctx->out_q.sos + 2; jpeg_buffer.curr = 0; - word = 0; - if (get_word_be(&jpeg_buffer, &word)) return; - jpeg_buffer.size = (long)word - 2; + + if (word < 2) + jpeg_buffer.size = 0; + else + jpeg_buffer.size = (long)word - 2; + jpeg_buffer.data += 2; jpeg_buffer.curr = 0; @@ -1058,6 +1061,7 @@ static int get_word_be(struct s5p_jpeg_buffer *buf, unsigned int *word) if (byte == -1) return -1; *word = (unsigned int)byte | temp; + return 0; } @@ -1145,7 +1149,7 @@ static bool s5p_jpeg_parse_hdr(struct s5p_jpeg_q_data *result, if (get_word_be(&jpeg_buffer, &word)) break; length = (long)word - 2; - if (!length) + if (length <= 0) return false; sof = jpeg_buffer.curr; /* after 0xffc0 */ sof_len = length; @@ -1176,7 +1180,7 @@ static bool s5p_jpeg_parse_hdr(struct s5p_jpeg_q_data *result, if (get_word_be(&jpeg_buffer, &word)) break; length = (long)word - 2; - if (!length) + if (length <= 0) return false; if (n_dqt >= S5P_JPEG_MAX_MARKER) return false; @@ -1189,7 +1193,7 @@ static bool s5p_jpeg_parse_hdr(struct s5p_jpeg_q_data *result, if (get_word_be(&jpeg_buffer, &word)) break; length = (long)word - 2; - if (!length) + if (length <= 0) return false; if (n_dht >= S5P_JPEG_MAX_MARKER) return false; @@ -1214,6 +1218,7 @@ static bool s5p_jpeg_parse_hdr(struct s5p_jpeg_q_data *result, if (get_word_be(&jpeg_buffer, &word)) break; length = (long)word - 2; + /* No need to check underflows as skip() does it */ skip(&jpeg_buffer, length); break; } -- 2.34.1

2 1

[PATCH OLK-5.10] btrfs: reinitialize delayed ref list after deleting it from the list
by Zizhi Wo 22 Nov '24

22 Nov '24

From: Filipe Manana <fdmanana(a)suse.com> stable inclusion from stable-v5.10.230 commit bf0b0c6d159767c0d1c21f793950d78486690ee0 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5AVH CVE: CVE-2024-50273 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- commit c9a75ec45f1111ef530ab186c2a7684d0a0c9245 upstream. At insert_delayed_ref() if we need to update the action of an existing ref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head's ref_add_list using list_del(), which leaves the ref's add_list member not reinitialized, as list_del() sets the next and prev members of the list to LIST_POISON1 and LIST_POISON2, respectively. If later we end up calling drop_delayed_ref() against the ref, which can happen during merging or when destroying delayed refs due to a transaction abort, we can trigger a crash since at drop_delayed_ref() we call list_empty() against the ref's add_list, which returns false since the list was not reinitialized after the list_del() and as a consequence we call list_del() again at drop_delayed_ref(). This results in an invalid list access since the next and prev members are set to poison pointers, resulting in a splat if CONFIG_LIST_HARDENED and CONFIG_DEBUG_LIST are set or invalid poison pointer dereferences otherwise. So fix this by deleting from the list with list_del_init() instead. Fixes: 1d57ee941692 ("btrfs: improve delayed refs iterations") CC: stable(a)vger.kernel.org # 4.19+ Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> --- fs/btrfs/delayed-ref.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c index 30883b9a26d8..e2309bc9e45d 100644 --- a/fs/btrfs/delayed-ref.c +++ b/fs/btrfs/delayed-ref.c @@ -620,7 +620,7 @@ static int insert_delayed_ref(struct btrfs_trans_handle *trans, &href->ref_add_list); else if (ref->action == BTRFS_DROP_DELAYED_REF) { ASSERT(!list_empty(&exist->add_list)); - list_del(&exist->add_list); + list_del_init(&exist->add_list); } else { ASSERT(0); } -- 2.46.1

2 1

[PATCH OLK-6.6] perf: Add PMCG platform information for HiSilicon HIP09A
by Yushan Wang 22 Nov '24

22 Nov '24

From: Qinxin Xia <xiaqinxin(a)huawei.com> driver inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IB5WVR CVE: NA ---------------------------------------------------------------------- Bugfix or Feature: Bugfix Description: HiSilicon HIP09A platforms using the same SMMU PMCG with HIP09 and thus suffers the same erratum. List them in the PMCG platform information list without introducing a new SMMU PMCG Model. Fixes: 0785c8a6d09e ("ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11") Signed-off-by: Qinxin Xia <xiaqinxin(a)huawei.com> Signed-off-by: zhangqz <14294317+zhangqizhi3(a)user.noreply.gitee.com> --- Documentation/arm64/silicon-errata.rst | 5 +++-- drivers/acpi/arm64/iort.c | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Documentation/arm64/silicon-errata.rst b/Documentation/arm64/silicon-errata.rst index 77ba5531e0ee..29287a91bbb7 100644 --- a/Documentation/arm64/silicon-errata.rst +++ b/Documentation/arm64/silicon-errata.rst @@ -147,8 +147,9 @@ stable kernels. +----------------+-----------------+-----------------+-----------------------------+ | Hisilicon | Hip08 SMMU PMCG | #162001800 | N/A | +----------------+-----------------+-----------------+-----------------------------+ -| Hisilicon | Hip{08,09,10,10C| #162001900 | N/A | -| | ,11} SMMU PMCG | | | +| Hisilicon | Hip{08,09,09A, | #162001900 | N/A | +| | 10,10C,11} | | | +| | SMMU PMCG | | | +----------------+-----------------+-----------------+-----------------------------+ | Hisilicon | TSV{110,200} | #1980005 | HISILICON_ERRATUM_1980005 | +----------------+-----------------+-----------------+-----------------------------+ diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c index a0786cd8ca83..a86f65e47d17 100644 --- a/drivers/acpi/arm64/iort.c +++ b/drivers/acpi/arm64/iort.c @@ -1481,6 +1481,8 @@ static struct acpi_platform_list pmcg_plat_info[] __initdata = { /* HiSilicon Hip09 Platform */ {"HISI ", "HIP09 ", 0, ACPI_SIG_IORT, greater_than_or_equal, "Erratum #162001900", IORT_SMMU_V3_PMCG_HISI_HIP09}, + {"HISI ", "HIP09A ", 0, ACPI_SIG_IORT, greater_than_or_equal, + "Erratum #162001900", IORT_SMMU_V3_PMCG_HISI_HIP09}, /* HiSilicon Hip10/11 Platform uses the same SMMU IP with Hip09 */ {"HISI ", "HIP10 ", 0, ACPI_SIG_IORT, greater_than_or_equal, "Erratum #162001900", IORT_SMMU_V3_PMCG_HISI_HIP09}, -- 2.33.0

2 1

[openeuler:OLK-6.6 1513/1513] drivers/crypto/montage/tsse/tsse_ipc_api.c:62:36: warning: variable 'device_handle' is uninitialized when used here
by kernel test robot 22 Nov '24

22 Nov '24

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: dccd6d8473b2f20aaa76e23820a3bf4934fc8d36 commit: 914854f2adb6988ac3b6521088ec96833d6743e2 [1513/1513] driver: crypto - update support for Mont-TSSE Driver config: x86_64-allyesconfig (https://download.01.org/0day-ci/archive/20241122/202411221252.PUnKjTWH-lkp@…) compiler: clang version 19.1.3 (https://github.com/llvm/llvm-project ab51eccf88f5321e7c60591c5546b254b6afab99) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241122/202411221252.PUnKjTWH-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202411221252.PUnKjTWH-lkp@intel.com/ All warnings (new ones prefixed by >>): In file included from drivers/crypto/montage/tsse/tsse_ipc_api.c:10: In file included from drivers/crypto/montage/tsse/tsse_dev.h:13: In file included from include/linux/pci.h:1669: In file included from include/linux/dmapool.h:14: In file included from include/linux/scatterlist.h:8: In file included from include/linux/mm.h:2243: include/linux/vmstat.h:508:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion] 508 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS + | ~~~~~~~~~~~~~~~~~~~~~ ^ 509 | item]; | ~~~~ include/linux/vmstat.h:515:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion] 515 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS + | ~~~~~~~~~~~~~~~~~~~~~ ^ 516 | NR_VM_NUMA_EVENT_ITEMS + | ~~~~~~~~~~~~~~~~~~~~~~ include/linux/vmstat.h:522:36: warning: arithmetic between different enumeration types ('enum node_stat_item' and 'enum lru_list') [-Wenum-enum-conversion] 522 | return node_stat_name(NR_LRU_BASE + lru) + 3; // skip "nr_" | ~~~~~~~~~~~ ^ ~~~ include/linux/vmstat.h:527:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion] 527 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS + | ~~~~~~~~~~~~~~~~~~~~~ ^ 528 | NR_VM_NUMA_EVENT_ITEMS + | ~~~~~~~~~~~~~~~~~~~~~~ include/linux/vmstat.h:536:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion] 536 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS + | ~~~~~~~~~~~~~~~~~~~~~ ^ 537 | NR_VM_NUMA_EVENT_ITEMS + | ~~~~~~~~~~~~~~~~~~~~~~ >> drivers/crypto/montage/tsse/tsse_ipc_api.c:62:36: warning: variable 'device_handle' is uninitialized when used here [-Wuninitialized] 62 | service_instance->device_handle = device_handle; | ^~~~~~~~~~~~~ drivers/crypto/montage/tsse/tsse_ipc_api.c:56:19: note: initialize the variable 'device_handle' to silence this warning 56 | int device_handle; | ^ | = 0 6 warnings generated. vim +/device_handle +62 drivers/crypto/montage/tsse/tsse_ipc_api.c 41 42 /** 43 * tsse_im_service_handle_alloc() - Allocate IPC Message service handle for specific service. 44 * @name: IPC Message service name 45 * @cb: request callback for the service 46 * @handle: function output for the service handle 47 * Return: 0 if allocated successfully, other values for failure 48 */ 49 int tsse_im_service_handle_alloc( 50 const char *name, 51 tsse_im_cb_func cb, 52 tsse_im_service_handle *handle) 53 { 54 struct tsse_service_instance *service_instance; 55 int ret; 56 int device_handle; 57 58 service_instance = kzalloc(sizeof(struct tsse_service_instance), GFP_ATOMIC); 59 if (!service_instance) 60 return -ENOMEM; 61 service_instance->service_opened = 0; > 62 service_instance->device_handle = device_handle; 63 service_instance->cb = cb; 64 strscpy(service_instance->service_name, name, TSSE_IM_SERVICE_NAME_LEN); 65 66 ret = tsse_schedule_device_handle(service_instance); 67 if (ret) { 68 kfree(service_instance); 69 return ret; 70 } 71 72 ret = tsse_service_open(service_instance); 73 if (ret) { 74 pr_err("%s(): open service: %s failed: %d\n", 75 __func__, service_instance->service_name, ret); 76 kfree(service_instance); 77 return ret; 78 } 79 *handle = service_instance; 80 return 0; 81 } 82 EXPORT_SYMBOL_GPL(tsse_im_service_handle_alloc); 83 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:openEuler-1.0-LTS 1304/1304] kernel/sched/core.c:5845:2: error: implicit declaration of function 'tg_update_affinity_domains'
by kernel test robot 22 Nov '24

22 Nov '24

Hi Hui, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: 81e029d5dd0cae934243168eee37ef303ebcce38 commit: 713cfd2684fa5ea08b144d92b9858b932c0f1705 [1304/1304] sched: Introduce smart grid scheduling strategy for cfs config: x86_64-randconfig-002-20241122 (https://download.01.org/0day-ci/archive/20241122/202411221242.ljLHS46N-lkp@…) compiler: clang version 19.1.3 (https://github.com/llvm/llvm-project ab51eccf88f5321e7c60591c5546b254b6afab99) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241122/202411221242.ljLHS46N-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202411221242.ljLHS46N-lkp@intel.com/ All errors (new ones prefixed by >>): In file included from kernel/sched/core.c:8: In file included from kernel/sched/sched.h:39: In file included from include/linux/blkdev.h:16: include/linux/pagemap.h:425:21: warning: cast from 'int (*)(struct file *, struct page *)' to 'filler_t *' (aka 'int (*)(void *, struct page *)') converts to incompatible function type [-Wcast-function-type-strict] 425 | filler_t *filler = (filler_t *)mapping->a_ops->readpage; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from kernel/sched/core.c:8: kernel/sched/sched.h:1249:15: warning: cast from 'void (*)(struct rq *)' to 'void (*)(struct callback_head *)' converts to incompatible function type [-Wcast-function-type-strict] 1249 | head->func = (void (*)(struct callback_head *))func; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/sched/core.c:1587:6: warning: no previous prototype for function 'sched_set_stop_task' [-Wmissing-prototypes] 1587 | void sched_set_stop_task(int cpu, struct task_struct *stop) | ^ kernel/sched/core.c:1587:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 1587 | void sched_set_stop_task(int cpu, struct task_struct *stop) | ^ | static kernel/sched/core.c:2741:10: warning: cast from 'void (*)(struct callback_head *)' to 'void (*)(struct rq *)' converts to incompatible function type [-Wcast-function-type-strict] 2741 | func = (void (*)(struct rq *))head->func; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/sched/core.c:3632:35: warning: no previous prototype for function 'schedule_user' [-Wmissing-prototypes] 3632 | asmlinkage __visible void __sched schedule_user(void) | ^ kernel/sched/core.c:3632:22: note: declare 'static' if the function is not intended to be used outside of this translation unit 3632 | asmlinkage __visible void __sched schedule_user(void) | ^ | static kernel/sched/core.c:3771:35: warning: no previous prototype for function 'preempt_schedule_irq' [-Wmissing-prototypes] 3771 | asmlinkage __visible void __sched preempt_schedule_irq(void) | ^ kernel/sched/core.c:3771:22: note: declare 'static' if the function is not intended to be used outside of this translation unit 3771 | asmlinkage __visible void __sched preempt_schedule_irq(void) | ^ | static >> kernel/sched/core.c:5845:2: error: implicit declaration of function 'tg_update_affinity_domains' [-Werror,-Wimplicit-function-declaration] 5845 | tg_update_affinity_domains(cpu, 1); | ^ kernel/sched/core.c:5904:2: error: implicit declaration of function 'tg_update_affinity_domains' [-Werror,-Wimplicit-function-declaration] 5904 | tg_update_affinity_domains(cpu, 0); | ^ kernel/sched/core.c:5976:2: error: implicit declaration of function 'init_auto_affinity' [-Werror,-Wimplicit-function-declaration] 5976 | init_auto_affinity(&root_task_group); | ^ kernel/sched/core.c:5976:2: note: did you mean 'irq_set_affinity'? include/linux/interrupt.h:292:1: note: 'irq_set_affinity' declared here 292 | irq_set_affinity(unsigned int irq, const struct cpumask *cpumask) | ^ kernel/sched/core.c:5976:22: error: use of undeclared identifier 'root_task_group'; did you mean 'task_group'? 5976 | init_auto_affinity(&root_task_group); | ^~~~~~~~~~~~~~~ | task_group kernel/sched/sched.h:1444:34: note: 'task_group' declared here 1444 | static inline struct task_group *task_group(struct task_struct *p) | ^ kernel/sched/core.c:6029:32: warning: variable 'ptr' set but not used [-Wunused-but-set-variable] 6029 | unsigned long alloc_size = 0, ptr; | ^ 7 warnings and 4 errors generated. vim +/tg_update_affinity_domains +5845 kernel/sched/core.c 5831 5832 int sched_cpu_activate(unsigned int cpu) 5833 { 5834 struct rq *rq = cpu_rq(cpu); 5835 struct rq_flags rf; 5836 5837 #ifdef CONFIG_SCHED_SMT 5838 /* 5839 * When going up, increment the number of cores with SMT present. 5840 */ 5841 if (cpumask_weight(cpu_smt_mask(cpu)) == 2) 5842 static_branch_inc_cpuslocked(&sched_smt_present); 5843 #endif 5844 set_cpu_active(cpu, true); > 5845 tg_update_affinity_domains(cpu, 1); 5846 5847 if (sched_smp_initialized) { 5848 sched_domains_numa_masks_set(cpu); 5849 cpuset_cpu_active(); 5850 } 5851 5852 /* 5853 * Put the rq online, if not already. This happens: 5854 * 5855 * 1) In the early boot process, because we build the real domains 5856 * after all CPUs have been brought up. 5857 * 5858 * 2) At runtime, if cpuset_cpu_active() fails to rebuild the 5859 * domains. 5860 */ 5861 rq_lock_irqsave(rq, &rf); 5862 if (rq->rd) { 5863 BUG_ON(!cpumask_test_cpu(cpu, rq->rd->span)); 5864 set_rq_online(rq); 5865 } 5866 rq_unlock_irqrestore(rq, &rf); 5867 5868 update_max_interval(); 5869 5870 return 0; 5871 } 5872 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

2024

2023

2022

2021

2020

2019

Kernel November 2024