July 2024 - Kernel - mailweb.openeuler.org

[openeuler:OLK-6.6] BUILD SUCCESS 2857df6af1b0781edf606627cde70dc74ac1ab31
by kernel test robot 25 Jul '24

25 Jul '24

tree/branch: https://gitee.com/openeuler/kernel.git OLK-6.6 branch HEAD: 2857df6af1b0781edf606627cde70dc74ac1ab31 !10254 fbdev: savage: Handle err return when savagefb_check_var failed Warning ids grouped by kconfigs: recent_errors |-- loongarch-allmodconfig | `-- arch-loongarch-kvm-..-..-..-virt-kvm-kvm_main.c:warning:kvmalloc_array-sizes-specified-with-sizeof-in-the-earlier-argument-and-not-in-the-later-argument `-- loongarch-randconfig-002-20240725 `-- drivers-char-virtio_console.c:warning:u-directive-output-may-be-truncated-writing-between-and-bytes-into-a-region-of-size-between-and elapsed time: 724m configs tested: 20 configs skipped: 124 The following configs have been built successfully. More configs may be tested in the coming days. tested configs: arm64 allmodconfig clang-20 arm64 allnoconfig gcc-14.1.0 arm64 randconfig-001-20240725 clang-20 arm64 randconfig-002-20240725 clang-20 arm64 randconfig-003-20240725 gcc-14.1.0 arm64 randconfig-004-20240725 gcc-14.1.0 loongarch allmodconfig gcc-14.1.0 loongarch allnoconfig gcc-14.1.0 loongarch randconfig-001-20240725 gcc-14.1.0 loongarch randconfig-002-20240725 gcc-14.1.0 x86_64 allnoconfig clang-18 x86_64 allyesconfig clang-18 x86_64 buildonly-randconfig-001-20240725 clang-18 x86_64 buildonly-randconfig-002-20240725 clang-18 x86_64 buildonly-randconfig-003-20240725 clang-18 x86_64 buildonly-randconfig-004-20240725 clang-18 x86_64 buildonly-randconfig-005-20240725 gcc-13 x86_64 buildonly-randconfig-006-20240725 gcc-13 x86_64 defconfig gcc-13 x86_64 rhel-8.3-rust clang-18 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-1.0-LTS] jfs: xattr: fix buffer overflow for invalid xattr
by Xia Fukun 25 Jul '24

25 Jul '24

From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> mainline inclusion from mainline-v6.10-rc1 commit 7c55b78818cfb732680c4a72ab270cc2d2ee3d0f category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAD0FK CVE: CVE-2024-40902 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer. Fix this all up by properly restricting the size of the debug hex dump in the kernel log. Reported-by: syzbot+9dfe490c8176301c1d06(a)syzkaller.appspotmail.com Cc: Dave Kleikamp <shaggy(a)kernel.org> Link: https://lore.kernel.org/r/2024051433-slider-cloning-98f9@gregkh Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Xia Fukun <xiafukun(a)huawei.com> --- fs/jfs/xattr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c index a6797986b625..e8b12e708428 100644 --- a/fs/jfs/xattr.c +++ b/fs/jfs/xattr.c @@ -570,9 +570,11 @@ static int ea_get(struct inode *inode, struct ea_buffer *ea_buf, int min_size) size_check: if (EALIST_SIZE(ea_buf->xattr) != ea_size) { + int size = min_t(int, EALIST_SIZE(ea_buf->xattr), ea_size); + printk(KERN_ERR "ea_get: invalid extended attribute\n"); print_hex_dump(KERN_ERR, "", DUMP_PREFIX_ADDRESS, 16, 1, - ea_buf->xattr, ea_size, 1); + ea_buf->xattr, size, 1); ea_release(inode, ea_buf); rc = -EIO; goto clean_up; -- 2.34.1

2 1

[openeuler:openEuler-1.0-LTS] BUILD REGRESSION 0a1bad10c9f0f69fbd09f08348ff59f98231875a
by kernel test robot 25 Jul '24

25 Jul '24

tree/branch: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS branch HEAD: 0a1bad10c9f0f69fbd09f08348ff59f98231875a !10310 batman-adv: bypass empty buckets in batadv_purge_orig_ref() Error/Warning reports: https://lore.kernel.org/oe-kbuild-all/202407250304.iuUXdu7B-lkp@intel.com Error/Warning: (recently discovered and may have been fixed) drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:165:55: error: 'NGBE_TPR' undeclared (first use in this function); did you mean 'NGBE_ERR'? drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:166:1: warning: control reaches end of non-void function [-Wreturn-type] drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:364:13: warning: unused variable 'link_speed' [-Wunused-variable] drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:770:6: warning: no previous prototype for 'ngbe_del_proc_entries' [-Wmissing-prototypes] drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:779:25: error: 'NGBE_MAX_SENSORS' undeclared (first use in this function); did you mean 'NGBE_MAX_EITR'? drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:780:39: error: invalid use of undefined type 'struct proc_dir_entry' drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:82:14: error: 'NGBE_LINK_SPEED_10GB_FULL' undeclared (first use in this function); did you mean 'NGBE_LINK_SPEED_1GB_FULL'? drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:833:13: warning: unused variable 'i' [-Wunused-variable] drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:859:23: error: implicit declaration of function 'create_proc_read_entry' [-Werror=implicit-function-declaration] drivers/net/ethernet/netswift/ngbe/ngbe_type.h:2761:40: error: 'struct ngbe_hw' has no member named 'ops' Error/Warning ids grouped by kconfigs: recent_errors |-- arm64-randconfig-003-20240725 | |-- drivers-net-ethernet-netswift-ngbe-ngbe_procfs.c:error:NGBE_LINK_SPEED_10GB_FULL-undeclared-(first-use-in-this-function) | |-- drivers-net-ethernet-netswift-ngbe-ngbe_procfs.c:error:NGBE_MAX_SENSORS-undeclared-(first-use-in-this-function) | |-- drivers-net-ethernet-netswift-ngbe-ngbe_procfs.c:error:NGBE_TPR-undeclared-(first-use-in-this-function) | |-- drivers-net-ethernet-netswift-ngbe-ngbe_procfs.c:error:implicit-declaration-of-function-create_proc_read_entry | |-- drivers-net-ethernet-netswift-ngbe-ngbe_procfs.c:error:invalid-use-of-undefined-type-struct-proc_dir_entry | |-- drivers-net-ethernet-netswift-ngbe-ngbe_procfs.c:warning:control-reaches-end-of-non-void-function | |-- drivers-net-ethernet-netswift-ngbe-ngbe_procfs.c:warning:no-previous-prototype-for-ngbe_del_proc_entries | |-- drivers-net-ethernet-netswift-ngbe-ngbe_procfs.c:warning:unused-variable-i | |-- drivers-net-ethernet-netswift-ngbe-ngbe_procfs.c:warning:unused-variable-link_speed | `-- drivers-net-ethernet-netswift-ngbe-ngbe_type.h:error:struct-ngbe_hw-has-no-member-named-ops |-- arm64-randconfig-004-20240725 | `-- drivers-mmc-host-phytium-sdci.c:error:lvalue-required-as-unary-operand `-- x86_64-buildonly-randconfig-006-20240725 `-- include-asm-generic-atomic-instrumented.h:warning:wait_req-may-be-used-uninitialized elapsed time: 729m configs tested: 28 configs skipped: 128 tested configs: arm64 allmodconfig gcc-14.1.0 arm64 allnoconfig gcc-14.1.0 arm64 randconfig-001-20240725 gcc-14.1.0 arm64 randconfig-002-20240725 gcc-14.1.0 arm64 randconfig-003-20240725 gcc-14.1.0 arm64 randconfig-004-20240725 gcc-14.1.0 x86_64 allnoconfig clang-18 x86_64 allyesconfig clang-18 x86_64 buildonly-randconfig-001-20240725 clang-18 x86_64 buildonly-randconfig-002-20240725 clang-18 x86_64 buildonly-randconfig-003-20240725 clang-18 x86_64 buildonly-randconfig-004-20240725 clang-18 x86_64 buildonly-randconfig-005-20240725 gcc-13 x86_64 buildonly-randconfig-006-20240725 gcc-13 x86_64 defconfig gcc-13 x86_64 randconfig-001-20240725 clang-18 x86_64 randconfig-002-20240725 clang-18 x86_64 randconfig-003-20240725 clang-18 x86_64 randconfig-004-20240725 clang-18 x86_64 randconfig-005-20240725 gcc-13 x86_64 randconfig-006-20240725 gcc-13 x86_64 randconfig-011-20240725 gcc-10 x86_64 randconfig-012-20240725 clang-18 x86_64 randconfig-013-20240725 gcc-13 x86_64 randconfig-014-20240725 gcc-13 x86_64 randconfig-015-20240725 clang-18 x86_64 randconfig-016-20240725 gcc-8 x86_64 rhel-8.3-rust clang-18 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-5.10] BUILD SUCCESS c516c8ef905082317494ad56998c05d743334dd3
by kernel test robot 25 Jul '24

25 Jul '24

tree/branch: https://gitee.com/openeuler/kernel.git OLK-5.10 branch HEAD: c516c8ef905082317494ad56998c05d743334dd3 !10309 net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr elapsed time: 735m configs tested: 34 configs skipped: 126 The following configs have been built successfully. More configs may be tested in the coming days. tested configs: arm64 allmodconfig clang-19 arm64 allnoconfig gcc-14.1.0 arm64 randconfig-001-20240724 gcc-14.1.0 arm64 randconfig-002-20240724 gcc-14.1.0 arm64 randconfig-003-20240724 gcc-14.1.0 arm64 randconfig-004-20240724 gcc-14.1.0 x86_64 allnoconfig clang-18 x86_64 allyesconfig clang-18 x86_64 buildonly-randconfig-001-20240725 clang-18 x86_64 buildonly-randconfig-002-20240725 clang-18 x86_64 buildonly-randconfig-003-20240725 clang-18 x86_64 buildonly-randconfig-004-20240725 clang-18 x86_64 buildonly-randconfig-005-20240725 gcc-13 x86_64 buildonly-randconfig-006-20240725 gcc-13 x86_64 defconfig gcc-13 x86_64 randconfig-001-20240725 clang-18 x86_64 randconfig-002-20240725 clang-18 x86_64 randconfig-003-20240725 clang-18 x86_64 randconfig-004-20240725 clang-18 x86_64 randconfig-005-20240725 gcc-13 x86_64 randconfig-006-20240725 gcc-13 x86_64 randconfig-011-20240725 gcc-10 x86_64 randconfig-012-20240725 clang-18 x86_64 randconfig-013-20240725 gcc-13 x86_64 randconfig-014-20240725 gcc-13 x86_64 randconfig-015-20240725 clang-18 x86_64 randconfig-016-20240725 gcc-8 x86_64 randconfig-071-20240725 gcc-13 x86_64 randconfig-072-20240725 clang-18 x86_64 randconfig-073-20240725 gcc-8 x86_64 randconfig-074-20240725 clang-18 x86_64 randconfig-075-20240725 clang-18 x86_64 randconfig-076-20240725 gcc-12 x86_64 rhel-8.3-rust clang-18 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-6.6] BUILD SUCCESS 45c11497989a10c6aaba1cd66b27ec26110ade51
by kernel test robot 25 Jul '24

25 Jul '24

tree/branch: https://gitee.com/openeuler/kernel.git OLK-6.6 branch HEAD: 45c11497989a10c6aaba1cd66b27ec26110ade51 !10078 bpf: Set run context for rawtp test_run callback Warning ids grouped by kconfigs: recent_errors |-- arm64-allmodconfig | `-- clang:warning:no-such-include-directory:drivers-infiniband-hw-hiroce3-include-mag |-- arm64-randconfig-001-20240724 | `-- drivers-char-virtio_console.c:warning:u-directive-output-may-be-truncated-writing-between-and-bytes-into-a-region-of-size-between-and |-- arm64-randconfig-003-20240724 | |-- WARNING:modpost:vmlinux:section-mismatch-in-reference:arm_smmu_device_probe-(section:.text)-arm_smmu_v3_plat_info-(section:.init.data) | `-- drivers-char-virtio_console.c:warning:u-directive-output-may-be-truncated-writing-between-and-bytes-into-a-region-of-size-between-and |-- arm64-randconfig-004-20240724 | `-- drivers-char-virtio_console.c:warning:u-directive-output-may-be-truncated-writing-between-and-bytes-into-a-region-of-size-between-and |-- loongarch-allmodconfig | `-- arch-loongarch-kvm-..-..-..-virt-kvm-kvm_main.c:warning:kvmalloc_array-sizes-specified-with-sizeof-in-the-earlier-argument-and-not-in-the-later-argument `-- x86_64-allyesconfig `-- drivers-gpu-drm-amd-amdgpu-..-amdkfd-kfd_topology.c:warning:stack-frame-size-()-exceeds-limit-()-in-kfd_topology_add_device elapsed time: 722m configs tested: 38 configs skipped: 132 The following configs have been built successfully. More configs may be tested in the coming days. tested configs: arm64 allmodconfig clang-19 arm64 allnoconfig gcc-14.1.0 arm64 randconfig-001-20240724 gcc-14.1.0 arm64 randconfig-002-20240724 gcc-14.1.0 arm64 randconfig-003-20240724 gcc-14.1.0 arm64 randconfig-004-20240724 gcc-14.1.0 loongarch allmodconfig gcc-14.1.0 loongarch allnoconfig gcc-14.1.0 loongarch randconfig-001-20240724 gcc-14.1.0 loongarch randconfig-002-20240724 gcc-14.1.0 x86_64 allnoconfig clang-18 x86_64 allyesconfig clang-18 x86_64 buildonly-randconfig-001-20240724 clang-18 x86_64 buildonly-randconfig-002-20240724 clang-18 x86_64 buildonly-randconfig-003-20240724 gcc-13 x86_64 buildonly-randconfig-004-20240724 clang-18 x86_64 buildonly-randconfig-005-20240724 clang-18 x86_64 buildonly-randconfig-006-20240724 clang-18 x86_64 defconfig gcc-13 x86_64 randconfig-001-20240724 clang-18 x86_64 randconfig-002-20240724 clang-18 x86_64 randconfig-003-20240724 clang-18 x86_64 randconfig-004-20240724 gcc-10 x86_64 randconfig-005-20240724 clang-18 x86_64 randconfig-006-20240724 gcc-13 x86_64 randconfig-011-20240724 clang-18 x86_64 randconfig-012-20240724 gcc-13 x86_64 randconfig-013-20240724 clang-18 x86_64 randconfig-014-20240724 clang-18 x86_64 randconfig-015-20240724 clang-18 x86_64 randconfig-016-20240724 clang-18 x86_64 randconfig-071-20240724 gcc-13 x86_64 randconfig-072-20240724 gcc-11 x86_64 randconfig-073-20240724 clang-18 x86_64 randconfig-074-20240724 gcc-13 x86_64 randconfig-075-20240724 gcc-13 x86_64 randconfig-076-20240724 gcc-13 x86_64 rhel-8.3-rust clang-18 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:openEuler-1.0-LTS 18554/23360] drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:82:14: error: 'NGBE_LINK_SPEED_10GB_FULL' undeclared; did you mean 'NGBE_LINK_SPEED_1GB_FULL'?
by kernel test robot 25 Jul '24

25 Jul '24

tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: 0a1bad10c9f0f69fbd09f08348ff59f98231875a commit: 206f9c11a8c8b0197da5a26859d96d2ed65f5757 [18554/23360] net: ngbe: Add Netswift Giga NIC driver config: arm64-randconfig-003-20240725 (https://download.01.org/0day-ci/archive/20240725/202407250304.iuUXdu7B-lkp@…) compiler: aarch64-linux-gcc (GCC) 14.1.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240725/202407250304.iuUXdu7B-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202407250304.iuUXdu7B-lkp@intel.com/ All error/warnings (new ones prefixed by >>): In file included from include/linux/sctp.h:57, from drivers/net/ethernet/netswift/ngbe/ngbe.h:28, from drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:19: include/uapi/linux/sctp.h:390:1: warning: alignment 4 of 'struct sctp_paddr_change' is less than 8 [-Wpacked-not-aligned] 390 | } __attribute__((packed, aligned(4))); | ^ include/uapi/linux/sctp.h:719:1: warning: alignment 4 of 'struct sctp_setpeerprim' is less than 8 [-Wpacked-not-aligned] 719 | } __attribute__((packed, aligned(4))); | ^ include/uapi/linux/sctp.h:718:33: warning: 'sspp_addr' offset 4 in 'struct sctp_setpeerprim' isn't aligned to 8 [-Wpacked-not-aligned] 718 | struct sockaddr_storage sspp_addr; | ^~~~~~~~~ include/uapi/linux/sctp.h:732:1: warning: alignment 4 of 'struct sctp_prim' is less than 8 [-Wpacked-not-aligned] 732 | } __attribute__((packed, aligned(4))); | ^ include/uapi/linux/sctp.h:731:33: warning: 'ssp_addr' offset 4 in 'struct sctp_prim' isn't aligned to 8 [-Wpacked-not-aligned] 731 | struct sockaddr_storage ssp_addr; | ^~~~~~~~ include/uapi/linux/sctp.h:783:1: warning: alignment 4 of 'struct sctp_paddrparams' is less than 8 [-Wpacked-not-aligned] 783 | } __attribute__((packed, aligned(4))); | ^ include/uapi/linux/sctp.h:775:33: warning: 'spp_address' offset 4 in 'struct sctp_paddrparams' isn't aligned to 8 [-Wpacked-not-aligned] 775 | struct sockaddr_storage spp_address; | ^~~~~~~~~~~ include/uapi/linux/sctp.h:896:1: warning: alignment 4 of 'struct sctp_paddrinfo' is less than 8 [-Wpacked-not-aligned] 896 | } __attribute__((packed, aligned(4))); | ^ include/uapi/linux/sctp.h:890:33: warning: 'spinfo_address' offset 4 in 'struct sctp_paddrinfo' isn't aligned to 8 [-Wpacked-not-aligned] 890 | struct sockaddr_storage spinfo_address; | ^~~~~~~~~~~~~~ drivers/net/ethernet/netswift/ngbe/ngbe.h: In function 'ngbe_misc_isb': drivers/net/ethernet/netswift/ngbe/ngbe.h:764:13: warning: variable 'cur_diff' set but not used [-Wunused-but-set-variable] 764 | u32 cur_diff = 0; | ^~~~~~~~ drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c: In function 'ngbe_portspeed': >> drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:82:14: error: 'NGBE_LINK_SPEED_10GB_FULL' undeclared (first use in this function); did you mean 'NGBE_LINK_SPEED_1GB_FULL'? 82 | case NGBE_LINK_SPEED_10GB_FULL: | ^~~~~~~~~~~~~~~~~~~~~~~~~ | NGBE_LINK_SPEED_1GB_FULL drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:82:14: note: each undeclared identifier is reported only once for each function it appears in drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c: In function 'ngbe_rxupacks': >> drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:165:55: error: 'NGBE_TPR' undeclared (first use in this function); did you mean 'NGBE_ERR'? 165 | return snprintf(page, count, "%d\n", rd32(hw, NGBE_TPR)); | ^~~~~~~~ | NGBE_ERR drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c: In function 'ngbe_linkstat': >> drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:364:13: warning: unused variable 'link_speed' [-Wunused-variable] 364 | u32 link_speed; | ^~~~~~~~~~ drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c: At top level: >> drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:770:6: warning: no previous prototype for 'ngbe_del_proc_entries' [-Wmissing-prototypes] 770 | void ngbe_del_proc_entries(struct ngbe_adapter *adapter) | ^~~~~~~~~~~~~~~~~~~~~ drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c: In function 'ngbe_del_proc_entries': >> drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:779:25: error: 'NGBE_MAX_SENSORS' undeclared (first use in this function); did you mean 'NGBE_MAX_EITR'? 779 | for (i = 0; i < NGBE_MAX_SENSORS; i++) { | ^~~~~~~~~~~~~~~~ | NGBE_MAX_EITR >> drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:780:39: error: invalid use of undefined type 'struct proc_dir_entry' 780 | if (adapter->therm_dir[i] == NULL) | ^ drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:780:21: error: invalid use of undefined type 'struct proc_dir_entry' 780 | if (adapter->therm_dir[i] == NULL) | ^~~~~~~ drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c: In function 'ngbe_procfs_init': >> drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:859:23: error: implicit declaration of function 'create_proc_read_entry' [-Werror=implicit-function-declaration] 859 | if (!(create_proc_read_entry(ngbe_proc_entries[index].name, | ^~~~~~~~~~~~~~~~~~~~~~ In file included from drivers/net/ethernet/netswift/ngbe/ngbe.h:39: >> drivers/net/ethernet/netswift/ngbe/ngbe_type.h:2761:40: error: 'struct ngbe_hw' has no member named 'ops' 2761 | #define TCALL(hw, func, args...) (((hw)->func != NULL) \ | ^~ drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:869:14: note: in expansion of macro 'TCALL' 869 | if (!TCALL(&(adapter->hw), ops.init_thermal_sensor_thresh)) | ^~~~~ drivers/net/ethernet/netswift/ngbe/ngbe_type.h:2762:23: error: 'struct ngbe_hw' has no member named 'ops' 2762 | ? (hw)->func((hw), ##args) : NGBE_NOT_IMPLEMENTED) | ^~ drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:869:14: note: in expansion of macro 'TCALL' 869 | if (!TCALL(&(adapter->hw), ops.init_thermal_sensor_thresh)) | ^~~~~ >> drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:833:13: warning: unused variable 'i' [-Wunused-variable] 833 | int i; | ^ drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c: In function 'ngbe_rxupacks': >> drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c:166:1: warning: control reaches end of non-void function [-Wreturn-type] 166 | } | ^ cc1: some warnings being treated as errors vim +82 drivers/net/ethernet/netswift/ngbe/ngbe_procfs.c 64 65 static int ngbe_portspeed(char *page, char __always_unused **start, 66 off_t __always_unused off, int count, 67 int __always_unused *eof, void *data) 68 { 69 struct ngbe_adapter *adapter = (struct ngbe_adapter *)data; 70 int speed = 0; 71 72 if (adapter == NULL) 73 return snprintf(page, count, "error: no adapter\n"); 74 75 switch (adapter->link_speed) { 76 case NGBE_LINK_SPEED_100_FULL: 77 speed = 1; 78 break; 79 case NGBE_LINK_SPEED_1GB_FULL: 80 speed = 10; 81 break; > 82 case NGBE_LINK_SPEED_10GB_FULL: 83 speed = 100; 84 break; 85 default: 86 break; 87 } 88 return snprintf(page, count, "%d\n", speed); 89 } 90 91 static int ngbe_wqlflag(char *page, char __always_unused **start, 92 off_t __always_unused off, int count, 93 int __always_unused *eof, void *data) 94 { 95 struct ngbe_adapter *adapter = (struct ngbe_adapter *)data; 96 if (adapter == NULL) 97 return snprintf(page, count, "error: no adapter\n"); 98 99 return snprintf(page, count, "%d\n", adapter->wol); 100 } 101 102 static int ngbe_xflowctl(char *page, char __always_unused **start, 103 off_t __always_unused off, int count, 104 int __always_unused *eof, void *data) 105 { 106 struct ngbe_adapter *adapter = (struct ngbe_adapter *)data; 107 struct ngbe_hw *hw; 108 109 if (adapter == NULL) 110 return snprintf(page, count, "error: no adapter\n"); 111 112 hw = &adapter->hw; 113 if (hw == NULL) 114 return snprintf(page, count, "error: no hw data\n"); 115 116 return snprintf(page, count, "%d\n", hw->fc.current_mode); 117 } 118 119 static int ngbe_rxdrops(char *page, char __always_unused **start, 120 off_t __always_unused off, int count, 121 int __always_unused *eof, void *data) 122 { 123 struct ngbe_adapter *adapter = (struct ngbe_adapter *)data; 124 struct net_device_stats *net_stats; 125 126 if (adapter == NULL) 127 return snprintf(page, count, "error: no adapter\n"); 128 net_stats = procfs_get_stats(adapter->netdev); 129 if (net_stats == NULL) 130 return snprintf(page, count, "error: no net stats\n"); 131 132 return snprintf(page, count, "%lu\n", 133 net_stats->rx_dropped); 134 } 135 136 static int ngbe_rxerrors(char *page, char __always_unused **start, 137 off_t __always_unused off, int count, 138 int __always_unused *eof, void *data) 139 { 140 struct ngbe_adapter *adapter = (struct ngbe_adapter *)data; 141 struct net_device_stats *net_stats; 142 143 if (adapter == NULL) 144 return snprintf(page, count, "error: no adapter\n"); 145 net_stats = procfs_get_stats(adapter->netdev); 146 if (net_stats == NULL) 147 return snprintf(page, count, "error: no net stats\n"); 148 149 return snprintf(page, count, "%lu\n", net_stats->rx_errors); 150 } 151 152 static int ngbe_rxupacks(char *page, char __always_unused **start, 153 off_t __always_unused off, int count, 154 int __always_unused *eof, void *data) 155 { 156 struct ngbe_hw *hw; 157 struct ngbe_adapter *adapter = (struct ngbe_adapter *)data; 158 if (adapter == NULL) 159 return snprintf(page, count, "error: no adapter\n"); 160 161 hw = &adapter->hw; 162 if (hw == NULL) 163 return snprintf(page, count, "error: no hw data\n"); 164 > 165 return snprintf(page, count, "%d\n", rd32(hw, NGBE_TPR)); > 166 } 167 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-6.6] bpf: Fix too early release of tcx_entry
by Liu Jian 24 Jul '24

24 Jul '24

From: Daniel Borkmann <daniel(a)iogearbox.net> stable inclusion from stable-v6.6.41 commit 230bb13650b0f186f540500fd5f5f7096a822a2a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IADR5O CVE: CVE-2024-41010 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- [ Upstream commit 1cb6f0bae50441f4b4b32a28315853b279c7404e ] Pedro Pinto and later independently also Hyunwoo Kim and Wongi Lee reported an issue that the tcx_entry can be released too early leading to a use after free (UAF) when an active old-style ingress or clsact qdisc with a shared tc block is later replaced by another ingress or clsact instance. Essentially, the sequence to trigger the UAF (one example) can be as follows: 1. A network namespace is created 2. An ingress qdisc is created. This allocates a tcx_entry, and &tcx_entry->miniq is stored in the qdisc's miniqp->p_miniq. At the same time, a tcf block with index 1 is created. 3. chain0 is attached to the tcf block. chain0 must be connected to the block linked to the ingress qdisc to later reach the function tcf_chain0_head_change_cb_del() which triggers the UAF. 4. Create and graft a clsact qdisc. This causes the ingress qdisc created in step 1 to be removed, thus freeing the previously linked tcx_entry: rtnetlink_rcv_msg() => tc_modify_qdisc() => qdisc_create() => clsact_init() [a] => qdisc_graft() => qdisc_destroy() => __qdisc_destroy() => ingress_destroy() [b] => tcx_entry_free() => kfree_rcu() // tcx_entry freed 5. Finally, the network namespace is closed. This registers the cleanup_net worker, and during the process of releasing the remaining clsact qdisc, it accesses the tcx_entry that was already freed in step 4, causing the UAF to occur: cleanup_net() => ops_exit_list() => default_device_exit_batch() => unregister_netdevice_many() => unregister_netdevice_many_notify() => dev_shutdown() => qdisc_put() => clsact_destroy() [c] => tcf_block_put_ext() => tcf_chain0_head_change_cb_del() => tcf_chain_head_change_item() => clsact_chain_head_change() => mini_qdisc_pair_swap() // UAF There are also other variants, the gist is to add an ingress (or clsact) qdisc with a specific shared block, then to replace that qdisc, waiting for the tcx_entry kfree_rcu() to be executed and subsequently accessing the current active qdisc's miniq one way or another. The correct fix is to turn the miniq_active boolean into a counter. What can be observed, at step 2 above, the counter transitions from 0->1, at step [a] from 1->2 (in order for the miniq object to remain active during the replacement), then in [b] from 2->1 and finally [c] 1->0 with the eventual release. The reference counter in general ranges from [0,2] and it does not need to be atomic since all access to the counter is protected by the rtnl mutex. With this in place, there is no longer a UAF happening and the tcx_entry is freed at the correct time. Fixes: e420bed02507 ("bpf: Add fd-based tcx multi-prog infra with link support") Reported-by: Pedro Pinto <xten(a)osec.io> Co-developed-by: Pedro Pinto <xten(a)osec.io> Signed-off-by: Pedro Pinto <xten(a)osec.io> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Cc: Hyunwoo Kim <v4bel(a)theori.io> Cc: Wongi Lee <qwerty(a)theori.io> Cc: Martin KaFai Lau <martin.lau(a)kernel.org> Link: https://lore.kernel.org/r/20240708133130.11609-1-daniel@iogearbox.net Signed-off-by: Martin KaFai Lau <martin.lau(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- include/net/tcx.h | 13 +++++++++---- net/sched/sch_ingress.c | 12 ++++++------ 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/include/net/tcx.h b/include/net/tcx.h index 264f147953ba..a0f78fd5cb28 100644 --- a/include/net/tcx.h +++ b/include/net/tcx.h @@ -13,7 +13,7 @@ struct mini_Qdisc; struct tcx_entry { struct mini_Qdisc __rcu *miniq; struct bpf_mprog_bundle bundle; - bool miniq_active; + u32 miniq_active; struct rcu_head rcu; }; @@ -129,11 +129,16 @@ static inline void tcx_skeys_dec(bool ingress) tcx_dec(); } -static inline void tcx_miniq_set_active(struct bpf_mprog_entry *entry, - const bool active) +static inline void tcx_miniq_inc(struct bpf_mprog_entry *entry) { ASSERT_RTNL(); - tcx_entry(entry)->miniq_active = active; + tcx_entry(entry)->miniq_active++; +} + +static inline void tcx_miniq_dec(struct bpf_mprog_entry *entry) +{ + ASSERT_RTNL(); + tcx_entry(entry)->miniq_active--; } static inline bool tcx_entry_is_active(struct bpf_mprog_entry *entry) diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c index a463a63192c3..8dde3548dc11 100644 --- a/net/sched/sch_ingress.c +++ b/net/sched/sch_ingress.c @@ -91,7 +91,7 @@ static int ingress_init(struct Qdisc *sch, struct nlattr *opt, entry = tcx_entry_fetch_or_create(dev, true, &created); if (!entry) return -ENOMEM; - tcx_miniq_set_active(entry, true); + tcx_miniq_inc(entry); mini_qdisc_pair_init(&q->miniqp, sch, &tcx_entry(entry)->miniq); if (created) tcx_entry_update(dev, entry, true); @@ -121,7 +121,7 @@ static void ingress_destroy(struct Qdisc *sch) tcf_block_put_ext(q->block, sch, &q->block_info); if (entry) { - tcx_miniq_set_active(entry, false); + tcx_miniq_dec(entry); if (!tcx_entry_is_active(entry)) { tcx_entry_update(dev, NULL, true); tcx_entry_free(entry); @@ -256,7 +256,7 @@ static int clsact_init(struct Qdisc *sch, struct nlattr *opt, entry = tcx_entry_fetch_or_create(dev, true, &created); if (!entry) return -ENOMEM; - tcx_miniq_set_active(entry, true); + tcx_miniq_inc(entry); mini_qdisc_pair_init(&q->miniqp_ingress, sch, &tcx_entry(entry)->miniq); if (created) tcx_entry_update(dev, entry, true); @@ -275,7 +275,7 @@ static int clsact_init(struct Qdisc *sch, struct nlattr *opt, entry = tcx_entry_fetch_or_create(dev, false, &created); if (!entry) return -ENOMEM; - tcx_miniq_set_active(entry, true); + tcx_miniq_inc(entry); mini_qdisc_pair_init(&q->miniqp_egress, sch, &tcx_entry(entry)->miniq); if (created) tcx_entry_update(dev, entry, false); @@ -301,7 +301,7 @@ static void clsact_destroy(struct Qdisc *sch) tcf_block_put_ext(q->egress_block, sch, &q->egress_block_info); if (ingress_entry) { - tcx_miniq_set_active(ingress_entry, false); + tcx_miniq_dec(ingress_entry); if (!tcx_entry_is_active(ingress_entry)) { tcx_entry_update(dev, NULL, true); tcx_entry_free(ingress_entry); @@ -309,7 +309,7 @@ static void clsact_destroy(struct Qdisc *sch) } if (egress_entry) { - tcx_miniq_set_active(egress_entry, false); + tcx_miniq_dec(egress_entry); if (!tcx_entry_is_active(egress_entry)) { tcx_entry_update(dev, NULL, false); tcx_entry_free(egress_entry); -- 2.34.1

2 1

[PATCH OLK-6.6] wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
by Yue Haibing 24 Jul '24

24 Jul '24

From: Nicolas Escande <nico.escande(a)gmail.com> stable inclusion from stable-v6.6.35 commit 63d5f89bb5664d60edbf8cf0df911aaae8ed96a4 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAD6H2 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit b7d7f11a291830fdf69d3301075dd0fb347ced84 ] The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned. Fix this by flushing all corresponding items of the preq_queue in mesh_path_flush_pending(). This should take care of KASAN reports like this: unreferenced object 0xffff00000668d800 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419552 (age 1836.444s) hex dump (first 32 bytes): 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h..... 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>........... backtrace: [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c [<00000000049bd418>] kmalloc_trace+0x34/0x80 [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8 [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4 [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764 [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4 [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440 [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4 [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508 [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c [<00000000b36425d1>] worker_thread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] ret_from_fork+0x10/0x20 unreferenced object 0xffff000009051f00 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419553 (age 1836.440s) hex dump (first 32 bytes): 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h..... 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy..... backtrace: [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c [<00000000049bd418>] kmalloc_trace+0x34/0x80 [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8 [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4 [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764 [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4 [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440 [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4 [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508 [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c [<00000000b36425d1>] worker_thread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] ret_from_fork+0x10/0x20 Fixes: 050ac52cbe1f ("mac80211: code for on-demand Hybrid Wireless Mesh Protocol") Signed-off-by: Nicolas Escande <nico.escande(a)gmail.com> Link: https://msgid.link/20240528142605.1060566-1-nico.escande@gmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Wang Hai <wanghai38(a)huawei.com> Signed-off-by: Yue Haibing <yuehaibing(a)huawei.com> --- net/mac80211/mesh_pathtbl.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c index 59f7264194ce..530581ba812b 100644 --- a/net/mac80211/mesh_pathtbl.c +++ b/net/mac80211/mesh_pathtbl.c @@ -1011,10 +1011,23 @@ void mesh_path_discard_frame(struct ieee80211_sub_if_data *sdata, */ void mesh_path_flush_pending(struct mesh_path *mpath) { + struct ieee80211_sub_if_data *sdata = mpath->sdata; + struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; + struct mesh_preq_queue *preq, *tmp; struct sk_buff *skb; while ((skb = skb_dequeue(&mpath->frame_queue)) != NULL) mesh_path_discard_frame(mpath->sdata, skb); + + spin_lock_bh(&ifmsh->mesh_preq_queue_lock); + list_for_each_entry_safe(preq, tmp, &ifmsh->preq_queue.list, list) { + if (ether_addr_equal(mpath->dst, preq->dst)) { + list_del(&preq->list); + kfree(preq); + --ifmsh->preq_queue_len; + } + } + spin_unlock_bh(&ifmsh->mesh_preq_queue_lock); } /** -- 2.34.1

2 1

[PATCH openEuler-1.0-LTS] batman-adv: bypass empty buckets in batadv_purge_orig_ref()
by Liu Jian 24 Jul '24

24 Jul '24

From: Eric Dumazet <edumazet(a)google.com> stable inclusion from stable-v4.19.317 commit 79636f636126775436a11ee9cf00a9253a33ac11 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IACS84 CVE: CVE-2024-40981 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- [ Upstream commit 40dc8ab605894acae1473e434944924a22cfaaa0 ] Many syzbot reports are pointing to soft lockups in batadv_purge_orig_ref() [1] Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting reports. [1] watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621] Modules linked in: irq event stamp: 6182794 hardirqs last enabled at (6182793): [<ffff8000801dae10>] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 hardirqs last disabled at (6182794): [<ffff80008ad66a78>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (6182794): [<ffff80008ad66a78>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (6182792): [<ffff80008aab71c4>] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (6182792): [<ffff80008aab71c4>] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 softirqs last disabled at (6182790): [<ffff80008aab61dc>] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (6182790): [<ffff80008aab61dc>] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271 CPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: bat_events batadv_purge_orig pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline] pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388 lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 sp : ffff800099007970 x29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000 x26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001 x23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4 x20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0 x17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001 x14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline] __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300 process_one_work+0x694/0x1204 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51 lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103 sp : ffff800093a17d30 x29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4 x26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002 x23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000 x20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396 x17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001 x14: 1fffe00036805f10 x13: 0000000000000000 x12: 0000000000000003 x11: 0000000000000001 x10: 0000000000000003 x9 : 0000000000000000 x8 : 00000000000ce8d1 x7 : ffff8000804609e4 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff80008ad6aac0 x2 : 0000000000000000 x1 : ffff80008aedea60 x0 : ffff800125436000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:49 cpuidle_idle_call kernel/sched/idle.c:170 [inline] do_idle+0x1f0/0x4e8 kernel/sched/idle.c:312 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:410 secondary_start_kernel+0x198/0x1c0 arch/arm64/kernel/smp.c:272 __secondary_switched+0xb8/0xbc arch/arm64/kernel/head.S:404 Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- net/batman-adv/originator.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c index 1d295da3e342..c1ad1ae21eea 100644 --- a/net/batman-adv/originator.c +++ b/net/batman-adv/originator.c @@ -1358,6 +1358,8 @@ void batadv_purge_orig_ref(struct batadv_priv *bat_priv) /* for all origins... */ for (i = 0; i < hash->size; i++) { head = &hash->table[i]; + if (hlist_empty(head)) + continue; list_lock = &hash->list_locks[i]; spin_lock_bh(list_lock); -- 2.34.1

2 1

[PATCH OLK-5.10] net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr
by Liu Jian 24 Jul '24

24 Jul '24

From: Miaoqian Lin <linmq006(a)gmail.com> mainline inclusion from mainline-v5.17-rc8 commit c9ffa3e2bc451816ce0295e40063514fabf2bd36 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IADGT8 CVE: CVE-2022-48859 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… --------------------------- This node pointer is returned by of_find_compatible_node() with refcount incremented. Calling of_node_put() to aovid the refcount leak. Fixes: 501ef3066c89 ("net: marvell: prestera: Add driver for Prestera family ASIC devices") Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Conflicts: drivers/net/ethernet/marvell/prestera/prestera_main.c [Did not backport 83216e3988cd1.] Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- drivers/net/ethernet/marvell/prestera/prestera_main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/ethernet/marvell/prestera/prestera_main.c b/drivers/net/ethernet/marvell/prestera/prestera_main.c index f406f5b517b0..e1e251f84c7d 100644 --- a/drivers/net/ethernet/marvell/prestera/prestera_main.c +++ b/drivers/net/ethernet/marvell/prestera/prestera_main.c @@ -480,6 +480,7 @@ static int prestera_switch_set_base_mac_addr(struct prestera_switch *sw) eth_random_addr(sw->base_mac); dev_info(prestera_dev(sw), "using random base mac address\n"); } + of_node_put(np); return prestera_hw_switch_mac_set(sw, sw->base_mac); } -- 2.34.1

2 1