July 2024 - Kernel - mailweb.openeuler.org

[openeuler:OLK-6.6 3269/10596] drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c:3942:23: sparse: sparse: incorrect type in assignment (different address spaces)
by kernel test robot 08 Jul '24

08 Jul '24

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 3b421b6002e287e38790cbdad4a3e08baf7e1bc4 commit: 86b90dc581ce2fcc6b724b4ffaea6103122a4b68 [3269/10596] iommu/arm-smmu-v3: Add support for ECMDQ register mode config: arm64-randconfig-r131-20240707 (https://download.01.org/0day-ci/archive/20240708/202407080437.gW9dgdMn-lkp@…) compiler: clang version 19.0.0git (https://github.com/llvm/llvm-project a0c6b8aef853eedaa0980f07c0a502a5a8a9740e) reproduce: (https://download.01.org/0day-ci/archive/20240708/202407080437.gW9dgdMn-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202407080437.gW9dgdMn-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) >> drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c:3942:23: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct arm_smmu_ecmdq *ecmdq @@ got struct arm_smmu_ecmdq [noderef] __percpu * @@ drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c:3942:23: sparse: expected struct arm_smmu_ecmdq *ecmdq drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c:3942:23: sparse: got struct arm_smmu_ecmdq [noderef] __percpu * drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c:3947:58: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected void const [noderef] __percpu *__vpp_verify @@ got struct arm_smmu_ecmdq * @@ drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c:3947:58: sparse: expected void const [noderef] __percpu *__vpp_verify drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c:3947:58: sparse: got struct arm_smmu_ecmdq * >> drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c:3973:45: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const *addr @@ got void [noderef] __iomem *base @@ drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c:3973:45: sparse: expected void const *addr drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c:3973:45: sparse: got void [noderef] __iomem *base drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c: note: in included file (through arch/arm64/include/asm/atomic.h, include/linux/atomic.h, include/asm-generic/bitops/atomic.h, ...): arch/arm64/include/asm/cmpxchg.h:168:1: sparse: sparse: cast truncates bits from constant value (ffffffff80000000 becomes 0) arch/arm64/include/asm/cmpxchg.h:168:1: sparse: sparse: cast truncates bits from constant value (ffffffff80000000 becomes 0) vim +3942 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c 3934 3935 #ifdef CONFIG_ARM_SMMU_V3_ECMDQ 3936 static int arm_smmu_ecmdq_layout(struct arm_smmu_device *smmu) 3937 { 3938 int cpu; 3939 struct arm_smmu_ecmdq *ecmdq; 3940 3941 if (num_possible_cpus() <= smmu->nr_ecmdq) { > 3942 ecmdq = devm_alloc_percpu(smmu->dev, *ecmdq); 3943 if (!ecmdq) 3944 return -ENOMEM; 3945 3946 for_each_possible_cpu(cpu) 3947 *per_cpu_ptr(smmu->ecmdq, cpu) = per_cpu_ptr(ecmdq, cpu); 3948 3949 /* A core requires at most one ECMDQ */ 3950 smmu->nr_ecmdq = num_possible_cpus(); 3951 3952 return 0; 3953 } 3954 3955 return -ENOSPC; 3956 } 3957 3958 static int arm_smmu_ecmdq_probe(struct arm_smmu_device *smmu) 3959 { 3960 int ret, cpu; 3961 u32 i, nump, numq, gap; 3962 u32 reg, shift_increment; 3963 u64 addr, smmu_dma_base; 3964 void __iomem *cp_regs, *cp_base; 3965 3966 /* IDR6 */ 3967 reg = readl_relaxed(smmu->base + ARM_SMMU_IDR6); 3968 nump = 1 << FIELD_GET(IDR6_LOG2NUMP, reg); 3969 numq = 1 << FIELD_GET(IDR6_LOG2NUMQ, reg); 3970 smmu->nr_ecmdq = nump * numq; 3971 gap = ECMDQ_CP_RRESET_SIZE >> FIELD_GET(IDR6_LOG2NUMQ, reg); 3972 > 3973 smmu_dma_base = (vmalloc_to_pfn(smmu->base) << PAGE_SHIFT); 3974 cp_regs = ioremap(smmu_dma_base + ARM_SMMU_ECMDQ_CP_BASE, PAGE_SIZE); 3975 if (!cp_regs) 3976 return -ENOMEM; 3977 3978 for (i = 0; i < nump; i++) { 3979 u64 val, pre_addr; 3980 3981 val = readq_relaxed(cp_regs + 32 * i); 3982 if (!(val & ECMDQ_CP_PRESET)) { 3983 iounmap(cp_regs); 3984 dev_err(smmu->dev, "ecmdq control page %u is memory mode\n", i); 3985 return -EFAULT; 3986 } 3987 3988 if (i && ((val & ECMDQ_CP_ADDR) != (pre_addr + ECMDQ_CP_RRESET_SIZE))) { 3989 iounmap(cp_regs); 3990 dev_err(smmu->dev, "ecmdq_cp memory region is not contiguous\n"); 3991 return -EFAULT; 3992 } 3993 3994 pre_addr = val & ECMDQ_CP_ADDR; 3995 } 3996 3997 addr = readl_relaxed(cp_regs) & ECMDQ_CP_ADDR; 3998 iounmap(cp_regs); 3999 4000 cp_base = devm_ioremap(smmu->dev, smmu_dma_base + addr, ECMDQ_CP_RRESET_SIZE * nump); 4001 if (!cp_base) 4002 return -ENOMEM; 4003 4004 smmu->ecmdq = devm_alloc_percpu(smmu->dev, struct arm_smmu_ecmdq *); 4005 if (!smmu->ecmdq) 4006 return -ENOMEM; 4007 4008 ret = arm_smmu_ecmdq_layout(smmu); 4009 if (ret) 4010 return ret; 4011 4012 shift_increment = order_base_2(num_possible_cpus() / smmu->nr_ecmdq); 4013 4014 addr = 0; 4015 for_each_possible_cpu(cpu) { 4016 struct arm_smmu_ecmdq *ecmdq; 4017 struct arm_smmu_queue *q; 4018 4019 ecmdq = *per_cpu_ptr(smmu->ecmdq, cpu); 4020 ecmdq->base = cp_base + addr; 4021 4022 q = &ecmdq->cmdq.q; 4023 4024 q->llq.max_n_shift = ECMDQ_MAX_SZ_SHIFT + shift_increment; 4025 ret = arm_smmu_init_one_queue(smmu, q, ecmdq->base, ARM_SMMU_ECMDQ_PROD, 4026 ARM_SMMU_ECMDQ_CONS, CMDQ_ENT_DWORDS, "ecmdq"); 4027 if (ret) 4028 return ret; 4029 4030 q->ecmdq_prod = ECMDQ_PROD_EN; 4031 rwlock_init(&q->ecmdq_lock); 4032 4033 ret = arm_smmu_ecmdq_init(&ecmdq->cmdq); 4034 if (ret) { 4035 dev_err(smmu->dev, "ecmdq[%d] init failed\n", i); 4036 return ret; 4037 } 4038 4039 addr += gap; 4040 } 4041 4042 return 0; 4043 } 4044 #endif 4045 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-6.6 3778/10596] drivers/video/fbdev/ls2k500sfb.c:322:49: sparse: sparse: incorrect type in argument 2 (different address spaces)
by kernel test robot 08 Jul '24

08 Jul '24

Hi Xianglai, First bad commit (maybe != root cause): tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 3b421b6002e287e38790cbdad4a3e08baf7e1bc4 commit: 351aa968603500987e891b20cc97a677602ae7c2 [3778/10596] loongarch/kernel: Fix loongarch compilation error config: loongarch-randconfig-r132-20240707 (https://download.01.org/0day-ci/archive/20240708/202407080311.6JOR7V5E-lkp@…) compiler: loongarch64-linux-gcc (GCC) 13.2.0 reproduce: (https://download.01.org/0day-ci/archive/20240708/202407080311.6JOR7V5E-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202407080311.6JOR7V5E-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) drivers/video/fbdev/ls2k500sfb.c:144:27: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected void *static p @@ got void [noderef] __iomem * @@ drivers/video/fbdev/ls2k500sfb.c:144:27: sparse: expected void *static p drivers/video/fbdev/ls2k500sfb.c:144:27: sparse: got void [noderef] __iomem * drivers/video/fbdev/ls2k500sfb.c:146:30: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const volatile [noderef] __iomem *addr @@ got void *static p @@ drivers/video/fbdev/ls2k500sfb.c:146:30: sparse: expected void const volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:146:30: sparse: got void *static p drivers/video/fbdev/ls2k500sfb.c:201:36: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected void volatile [noderef] __iomem *addr @@ got void *static p @@ drivers/video/fbdev/ls2k500sfb.c:201:36: sparse: expected void volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:201:36: sparse: got void *static p drivers/video/fbdev/ls2k500sfb.c:203:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const volatile [noderef] __iomem *addr @@ got void * @@ drivers/video/fbdev/ls2k500sfb.c:203:37: sparse: expected void const volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:203:37: sparse: got void * drivers/video/fbdev/ls2k500sfb.c:256:13: sparse: sparse: symbol 'ls2k500sfb_interrupt' was not declared. Should it be static? drivers/video/fbdev/ls2k500sfb.c:322:22: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const volatile [noderef] __iomem *addr @@ got void * @@ drivers/video/fbdev/ls2k500sfb.c:322:22: sparse: expected void const volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:322:22: sparse: got void * >> drivers/video/fbdev/ls2k500sfb.c:322:49: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected void volatile [noderef] __iomem *addr @@ got void * @@ drivers/video/fbdev/ls2k500sfb.c:322:49: sparse: expected void volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:322:49: sparse: got void * drivers/video/fbdev/ls2k500sfb.c:323:22: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const volatile [noderef] __iomem *addr @@ got void * @@ drivers/video/fbdev/ls2k500sfb.c:323:22: sparse: expected void const volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:323:22: sparse: got void * drivers/video/fbdev/ls2k500sfb.c:323:53: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected void volatile [noderef] __iomem *addr @@ got void * @@ drivers/video/fbdev/ls2k500sfb.c:323:53: sparse: expected void volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:323:53: sparse: got void * drivers/video/fbdev/ls2k500sfb.c:324:22: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const volatile [noderef] __iomem *addr @@ got void * @@ drivers/video/fbdev/ls2k500sfb.c:324:22: sparse: expected void const volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:324:22: sparse: got void * drivers/video/fbdev/ls2k500sfb.c:324:53: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected void volatile [noderef] __iomem *addr @@ got void * @@ drivers/video/fbdev/ls2k500sfb.c:324:53: sparse: expected void volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:324:53: sparse: got void * drivers/video/fbdev/ls2k500sfb.c:325:22: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const volatile [noderef] __iomem *addr @@ got void * @@ drivers/video/fbdev/ls2k500sfb.c:325:22: sparse: expected void const volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:325:22: sparse: got void * drivers/video/fbdev/ls2k500sfb.c:325:51: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected void volatile [noderef] __iomem *addr @@ got void * @@ drivers/video/fbdev/ls2k500sfb.c:325:51: sparse: expected void volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:325:51: sparse: got void * drivers/video/fbdev/ls2k500sfb.c:458:28: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const volatile [noderef] __iomem *addr @@ got char *preg @@ drivers/video/fbdev/ls2k500sfb.c:458:28: sparse: expected void const volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:458:28: sparse: got char *preg drivers/video/fbdev/ls2k500sfb.c:459:32: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected void volatile [noderef] __iomem *addr @@ got char *preg @@ drivers/video/fbdev/ls2k500sfb.c:459:32: sparse: expected void volatile [noderef] __iomem *addr drivers/video/fbdev/ls2k500sfb.c:459:32: sparse: got char *preg drivers/video/fbdev/ls2k500sfb.c:571:19: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected char *penv @@ got void [noderef] __iomem * @@ drivers/video/fbdev/ls2k500sfb.c:571:19: sparse: expected char *penv drivers/video/fbdev/ls2k500sfb.c:571:19: sparse: got void [noderef] __iomem * drivers/video/fbdev/ls2k500sfb.c:572:19: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected char *preg @@ got void [noderef] __iomem * @@ drivers/video/fbdev/ls2k500sfb.c:572:19: sparse: expected char *preg drivers/video/fbdev/ls2k500sfb.c:572:19: sparse: got void [noderef] __iomem * drivers/video/fbdev/ls2k500sfb.c:674:14: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected char *penv @@ got void [noderef] __iomem * @@ drivers/video/fbdev/ls2k500sfb.c:674:14: sparse: expected char *penv drivers/video/fbdev/ls2k500sfb.c:674:14: sparse: got void [noderef] __iomem * vim +322 drivers/video/fbdev/ls2k500sfb.c 8248d42b7c5f433 Chong Qiao 2023-12-11 113 4fbeaa84ef36adc Chong Qiao 2023-12-11 114 static unsigned long event_jiffies; 8248d42b7c5f433 Chong Qiao 2023-12-11 115 static void ls2k500sfb_events_fn(struct work_struct *work) 8248d42b7c5f433 Chong Qiao 2023-12-11 116 { 8248d42b7c5f433 Chong Qiao 2023-12-11 117 struct ls2k500sfb_struct *priv = container_of(work, struct ls2k500sfb_struct, work); 8248d42b7c5f433 Chong Qiao 2023-12-11 118 struct pci_dev *pdev = priv->dev; 8248d42b7c5f433 Chong Qiao 2023-12-11 119 struct pci_dev *ppdev = pdev->bus->self; 8248d42b7c5f433 Chong Qiao 2023-12-11 120 uint32_t i, d, timeout, retry = 0; 8248d42b7c5f433 Chong Qiao 2023-12-11 121 static const uint32_t index[] = { 8248d42b7c5f433 Chong Qiao 2023-12-11 122 0x10, 0x14, 0x18, 0x1c, 0x20, 0x24, 0x30, 0x3c, 0x54, 0x58, 0x78, 0x7c, 0x80, 4 8248d42b7c5f433 Chong Qiao 2023-12-11 123 }; 8248d42b7c5f433 Chong Qiao 2023-12-11 124 8248d42b7c5f433 Chong Qiao 2023-12-11 125 static uint32_t data[sizeof(index) / 4]; 8248d42b7c5f433 Chong Qiao 2023-12-11 126 static const uint32_t cindex[] = { 0x10, 0x3c, 4 }; 8248d42b7c5f433 Chong Qiao 2023-12-11 127 8248d42b7c5f433 Chong Qiao 2023-12-11 128 static uint32_t cdata[sizeof(cindex) / 4]; 8248d42b7c5f433 Chong Qiao 2023-12-11 129 static uint32_t d80c, d71c, ctrl; 8248d42b7c5f433 Chong Qiao 2023-12-11 130 static void *p; 8248d42b7c5f433 Chong Qiao 2023-12-11 131 8248d42b7c5f433 Chong Qiao 2023-12-11 132 if (!priv->running) { 8248d42b7c5f433 Chong Qiao 2023-12-11 133 for (i = 0; i < ARRAY_SIZE(index); i++) 8248d42b7c5f433 Chong Qiao 2023-12-11 134 pci_read_config_dword(ppdev, index[i], &data[i]); 8248d42b7c5f433 Chong Qiao 2023-12-11 135 for (i = 0; i < ARRAY_SIZE(cindex); i++) 8248d42b7c5f433 Chong Qiao 2023-12-11 136 pci_read_config_dword(pdev, cindex[i], &cdata[i]); 8248d42b7c5f433 Chong Qiao 2023-12-11 137 if (ppdev->vendor == 0x14) { 8248d42b7c5f433 Chong Qiao 2023-12-11 138 pci_read_config_dword(ppdev, 0x80c, &d80c); 8248d42b7c5f433 Chong Qiao 2023-12-11 139 d80c = (d80c & ~(3 << 17)) | (1 << 17); 8248d42b7c5f433 Chong Qiao 2023-12-11 140 8248d42b7c5f433 Chong Qiao 2023-12-11 141 pci_read_config_dword(ppdev, 0x71c, &d71c); 8248d42b7c5f433 Chong Qiao 2023-12-11 142 d71c |= 1 << 26; 8248d42b7c5f433 Chong Qiao 2023-12-11 143 8248d42b7c5f433 Chong Qiao 2023-12-11 144 p = pci_iomap(ppdev, 0, 0x100); 8248d42b7c5f433 Chong Qiao 2023-12-11 145 } 8248d42b7c5f433 Chong Qiao 2023-12-11 146 ctrl = readl(p); 8248d42b7c5f433 Chong Qiao 2023-12-11 147 return; 8248d42b7c5f433 Chong Qiao 2023-12-11 148 } 8248d42b7c5f433 Chong Qiao 2023-12-11 149 local_bh_disable(); 8248d42b7c5f433 Chong Qiao 2023-12-11 150 pciebreak_smp_send_stop(100); 8248d42b7c5f433 Chong Qiao 2023-12-11 151 wmb(); /* flush all write before we disable pcie window */ 8248d42b7c5f433 Chong Qiao 2023-12-11 152 pci_write_config_dword(ppdev, 0x18, 0); 8248d42b7c5f433 Chong Qiao 2023-12-11 153 pci_write_config_dword(ppdev, 0x1c, 0); 8248d42b7c5f433 Chong Qiao 2023-12-11 154 pci_write_config_dword(ppdev, 0x20, 0); 4fbeaa84ef36adc Chong Qiao 2023-12-11 155 event_jiffies = jiffies; 8248d42b7c5f433 Chong Qiao 2023-12-11 156 atomic_set(&waiting_for_pciebreak_ipi, 0); 8248d42b7c5f433 Chong Qiao 2023-12-11 157 wmb(); /* flush all write after change pcie window */ 8248d42b7c5f433 Chong Qiao 2023-12-11 158 local_bh_enable(); 8248d42b7c5f433 Chong Qiao 2023-12-11 159 if (ppdev->vendor == 0x14) { 8248d42b7c5f433 Chong Qiao 2023-12-11 160 timeout = 10000; 8248d42b7c5f433 Chong Qiao 2023-12-11 161 while (timeout) { 8248d42b7c5f433 Chong Qiao 2023-12-11 162 pci_read_config_dword(ppdev, 0x10, &d); 8248d42b7c5f433 Chong Qiao 2023-12-11 163 d &= ~0xf; 8248d42b7c5f433 Chong Qiao 2023-12-11 164 if (!d) 8248d42b7c5f433 Chong Qiao 2023-12-11 165 break; 8248d42b7c5f433 Chong Qiao 2023-12-11 166 mdelay(1); 8248d42b7c5f433 Chong Qiao 2023-12-11 167 timeout--; 8248d42b7c5f433 Chong Qiao 2023-12-11 168 }; 8248d42b7c5f433 Chong Qiao 2023-12-11 169 if (!timeout) 8248d42b7c5f433 Chong Qiao 2023-12-11 170 pr_info("bar not clear 0\n"); 8248d42b7c5f433 Chong Qiao 2023-12-11 171 8248d42b7c5f433 Chong Qiao 2023-12-11 172 pci_read_config_dword(ppdev, 0x0, &d); 8248d42b7c5f433 Chong Qiao 2023-12-11 173 pr_info("pcie port deviceid=0x%x recover begin\n", d); 8248d42b7c5f433 Chong Qiao 2023-12-11 174 retrain: 8248d42b7c5f433 Chong Qiao 2023-12-11 175 while (1) { 8248d42b7c5f433 Chong Qiao 2023-12-11 176 pci_write_config_dword(ppdev, index[0], data[0]); 8248d42b7c5f433 Chong Qiao 2023-12-11 177 pci_read_config_dword(ppdev, index[0], &d); 8248d42b7c5f433 Chong Qiao 2023-12-11 178 d &= ~0xf; 8248d42b7c5f433 Chong Qiao 2023-12-11 179 if (d) 8248d42b7c5f433 Chong Qiao 2023-12-11 180 break; 8248d42b7c5f433 Chong Qiao 2023-12-11 181 mdelay(1); 8248d42b7c5f433 Chong Qiao 2023-12-11 182 } 8248d42b7c5f433 Chong Qiao 2023-12-11 183 8248d42b7c5f433 Chong Qiao 2023-12-11 184 while (1) { 8248d42b7c5f433 Chong Qiao 2023-12-11 185 for (i = 0; i < ARRAY_SIZE(index); i++) { 8248d42b7c5f433 Chong Qiao 2023-12-11 186 if (index[i] != 0x18 && index[i] != 0x1c && index[i] != 0x20) 8248d42b7c5f433 Chong Qiao 2023-12-11 187 pci_write_config_dword(ppdev, index[i], data[i]); 8248d42b7c5f433 Chong Qiao 2023-12-11 188 } 8248d42b7c5f433 Chong Qiao 2023-12-11 189 pci_write_config_dword(ppdev, 0x80c, d80c); 8248d42b7c5f433 Chong Qiao 2023-12-11 190 pci_write_config_dword(ppdev, 0x71c, d71c); 8248d42b7c5f433 Chong Qiao 2023-12-11 191 8248d42b7c5f433 Chong Qiao 2023-12-11 192 pci_read_config_dword(ppdev, 0x10, &d); 8248d42b7c5f433 Chong Qiao 2023-12-11 193 d &= ~0xf; 8248d42b7c5f433 Chong Qiao 2023-12-11 194 if (d) 8248d42b7c5f433 Chong Qiao 2023-12-11 195 break; 8248d42b7c5f433 Chong Qiao 2023-12-11 196 mdelay(1); 8248d42b7c5f433 Chong Qiao 2023-12-11 197 } 8248d42b7c5f433 Chong Qiao 2023-12-11 198 8248d42b7c5f433 Chong Qiao 2023-12-11 199 timeout = 10000; 8248d42b7c5f433 Chong Qiao 2023-12-11 200 8248d42b7c5f433 Chong Qiao 2023-12-11 @201 writel(ctrl | 0x8, p); 8248d42b7c5f433 Chong Qiao 2023-12-11 202 while (1) { 8248d42b7c5f433 Chong Qiao 2023-12-11 203 d = readl(p + 0xc); 8248d42b7c5f433 Chong Qiao 2023-12-11 204 if ((d & 0x11) == 0x11) { 8248d42b7c5f433 Chong Qiao 2023-12-11 205 break; 8248d42b7c5f433 Chong Qiao 2023-12-11 206 } else if (!timeout) { 8248d42b7c5f433 Chong Qiao 2023-12-11 207 pr_info("pcie train failed status=0x%x\n", d); 8248d42b7c5f433 Chong Qiao 2023-12-11 208 goto out; 8248d42b7c5f433 Chong Qiao 2023-12-11 209 } 8248d42b7c5f433 Chong Qiao 2023-12-11 210 mdelay(1); 8248d42b7c5f433 Chong Qiao 2023-12-11 211 timeout--; 8248d42b7c5f433 Chong Qiao 2023-12-11 212 } 8248d42b7c5f433 Chong Qiao 2023-12-11 213 8248d42b7c5f433 Chong Qiao 2023-12-11 214 8248d42b7c5f433 Chong Qiao 2023-12-11 215 pr_info("pcie recovered done\n"); 8248d42b7c5f433 Chong Qiao 2023-12-11 216 8248d42b7c5f433 Chong Qiao 2023-12-11 217 if (!retry) { 8248d42b7c5f433 Chong Qiao 2023-12-11 218 /*wait u-boot ddr config */ 8248d42b7c5f433 Chong Qiao 2023-12-11 219 set_current_state(TASK_UNINTERRUPTIBLE); 8248d42b7c5f433 Chong Qiao 2023-12-11 220 schedule_timeout(HZ*resetbootwait); 8248d42b7c5f433 Chong Qiao 2023-12-11 221 set_current_state(TASK_RUNNING); 8248d42b7c5f433 Chong Qiao 2023-12-11 222 pci_read_config_dword(ppdev, 0x10, &d); 8248d42b7c5f433 Chong Qiao 2023-12-11 223 d &= ~0xf; 8248d42b7c5f433 Chong Qiao 2023-12-11 224 if (!d) { 8248d42b7c5f433 Chong Qiao 2023-12-11 225 retry = 1; 8248d42b7c5f433 Chong Qiao 2023-12-11 226 goto retrain; 8248d42b7c5f433 Chong Qiao 2023-12-11 227 } 8248d42b7c5f433 Chong Qiao 2023-12-11 228 } 8248d42b7c5f433 Chong Qiao 2023-12-11 229 } else { 8248d42b7c5f433 Chong Qiao 2023-12-11 230 set_current_state(TASK_UNINTERRUPTIBLE); 8248d42b7c5f433 Chong Qiao 2023-12-11 231 schedule_timeout(HZ*resetbootwait); 8248d42b7c5f433 Chong Qiao 2023-12-11 232 set_current_state(TASK_RUNNING); 8248d42b7c5f433 Chong Qiao 2023-12-11 233 } 8248d42b7c5f433 Chong Qiao 2023-12-11 234 local_bh_disable(); 8248d42b7c5f433 Chong Qiao 2023-12-11 235 pciebreak_smp_send_stop(10000); 8248d42b7c5f433 Chong Qiao 2023-12-11 236 wmb(); /* flush all write before we update pcie window */ 8248d42b7c5f433 Chong Qiao 2023-12-11 237 for (i = 0; i < ARRAY_SIZE(index); i++) 8248d42b7c5f433 Chong Qiao 2023-12-11 238 pci_write_config_dword(ppdev, index[i], data[i]); 8248d42b7c5f433 Chong Qiao 2023-12-11 239 8248d42b7c5f433 Chong Qiao 2023-12-11 240 for (i = 0; i < ARRAY_SIZE(cindex); i++) 8248d42b7c5f433 Chong Qiao 2023-12-11 241 pci_write_config_dword(pdev, cindex[i], cdata[i]); 8248d42b7c5f433 Chong Qiao 2023-12-11 242 atomic_set(&waiting_for_pciebreak_ipi, 0); 8248d42b7c5f433 Chong Qiao 2023-12-11 243 wmb(); /* flush all write after we update pcie window */ 8248d42b7c5f433 Chong Qiao 2023-12-11 244 local_bh_enable(); 8248d42b7c5f433 Chong Qiao 2023-12-11 245 8248d42b7c5f433 Chong Qiao 2023-12-11 246 8248d42b7c5f433 Chong Qiao 2023-12-11 247 pr_info("redraw console\n"); 8248d42b7c5f433 Chong Qiao 2023-12-11 248 8248d42b7c5f433 Chong Qiao 2023-12-11 249 saved_console = fg_console; 8248d42b7c5f433 Chong Qiao 2023-12-11 250 switch_console(fg_console > 0?fg_console - 1 : fg_console + 1); 8248d42b7c5f433 Chong Qiao 2023-12-11 251 queue_delayed_work(priv->wq, &priv->redraw_work, HZ); 8248d42b7c5f433 Chong Qiao 2023-12-11 252 out: 8248d42b7c5f433 Chong Qiao 2023-12-11 253 priv->running = 0; 8248d42b7c5f433 Chong Qiao 2023-12-11 254 } 8248d42b7c5f433 Chong Qiao 2023-12-11 255 8248d42b7c5f433 Chong Qiao 2023-12-11 256 irqreturn_t ls2k500sfb_interrupt(int irq, void *arg) 8248d42b7c5f433 Chong Qiao 2023-12-11 257 { 8248d42b7c5f433 Chong Qiao 2023-12-11 258 struct ls2k500sfb_struct *priv = arg; 8248d42b7c5f433 Chong Qiao 2023-12-11 259 struct pci_dev *pdev = priv->dev; 8248d42b7c5f433 Chong Qiao 2023-12-11 260 8248d42b7c5f433 Chong Qiao 2023-12-11 261 if (irq == pdev->irq) 8248d42b7c5f433 Chong Qiao 2023-12-11 262 pr_info("ls2k500sfb pcie interrupt\n"); 8248d42b7c5f433 Chong Qiao 2023-12-11 263 else 8248d42b7c5f433 Chong Qiao 2023-12-11 264 pr_info("ls2k500sfb gpio interrupt\n"); 8248d42b7c5f433 Chong Qiao 2023-12-11 265 if (system_state != SYSTEM_RUNNING) 8248d42b7c5f433 Chong Qiao 2023-12-11 266 return IRQ_HANDLED; 8248d42b7c5f433 Chong Qiao 2023-12-11 267 8248d42b7c5f433 Chong Qiao 2023-12-11 268 if (!priv->running) { 8248d42b7c5f433 Chong Qiao 2023-12-11 269 if (!resetdelay || time_after(jiffies, priv->reset_time + resetdelay * HZ)) { 8248d42b7c5f433 Chong Qiao 2023-12-11 270 priv->running = 1; 8248d42b7c5f433 Chong Qiao 2023-12-11 271 queue_work(priv->wq, &priv->work); 8248d42b7c5f433 Chong Qiao 2023-12-11 272 } 8248d42b7c5f433 Chong Qiao 2023-12-11 273 priv->reset_time = jiffies; 8248d42b7c5f433 Chong Qiao 2023-12-11 274 } 8248d42b7c5f433 Chong Qiao 2023-12-11 275 return IRQ_HANDLED; 8248d42b7c5f433 Chong Qiao 2023-12-11 276 } 8248d42b7c5f433 Chong Qiao 2023-12-11 277 8248d42b7c5f433 Chong Qiao 2023-12-11 278 #ifdef CONFIG_LOONGARCH 8248d42b7c5f433 Chong Qiao 2023-12-11 279 #define GPIO_OEN ((void *)IO_BASE+0x1fe00000+0x500) 8248d42b7c5f433 Chong Qiao 2023-12-11 280 #define GPIO_FUNCEN ((void *)IO_BASE+0x1fe00000+0x504) 8248d42b7c5f433 Chong Qiao 2023-12-11 281 #define GPIO_OUT ((void *)IO_BASE+0x1fe00000+0x508) 8248d42b7c5f433 Chong Qiao 2023-12-11 282 #define GPIO_IN ((void *)IO_BASE+0x1fe00000+0x50c) 8248d42b7c5f433 Chong Qiao 2023-12-11 283 #define GPIO_INTPOL ((void *)IO_BASE+0x1fe00000+0x510) 8248d42b7c5f433 Chong Qiao 2023-12-11 284 #define GPIO_INTEN ((void *)IO_BASE+0x1fe00000+0x514) 8248d42b7c5f433 Chong Qiao 2023-12-11 285 8248d42b7c5f433 Chong Qiao 2023-12-11 286 static int gpiochip_match_name(struct gpio_chip *chip, void *data) 8248d42b7c5f433 Chong Qiao 2023-12-11 287 { 8248d42b7c5f433 Chong Qiao 2023-12-11 288 const char *name = data; 8248d42b7c5f433 Chong Qiao 2023-12-11 289 8248d42b7c5f433 Chong Qiao 2023-12-11 290 return !strcmp(chip->label, name); 8248d42b7c5f433 Chong Qiao 2023-12-11 291 } 8248d42b7c5f433 Chong Qiao 2023-12-11 292 static int get_gpio_irq_from_acpi_table(int gpio) 8248d42b7c5f433 Chong Qiao 2023-12-11 293 { 8248d42b7c5f433 Chong Qiao 2023-12-11 294 struct gpio_chip *chip; 8248d42b7c5f433 Chong Qiao 2023-12-11 295 struct gpio_desc *desc; 8248d42b7c5f433 Chong Qiao 2023-12-11 296 8248d42b7c5f433 Chong Qiao 2023-12-11 297 chip = gpiochip_find("LOON0007:00", gpiochip_match_name); 8248d42b7c5f433 Chong Qiao 2023-12-11 298 if (!chip) 8248d42b7c5f433 Chong Qiao 2023-12-11 299 return -ENOENT; 8248d42b7c5f433 Chong Qiao 2023-12-11 300 desc = gpiochip_request_own_desc(chip, gpio, "reboot", GPIO_LOOKUP_FLAGS_DEFAULT, GPIOD_IN); 8248d42b7c5f433 Chong Qiao 2023-12-11 301 if (!desc) 8248d42b7c5f433 Chong Qiao 2023-12-11 302 return -ENOENT; 8248d42b7c5f433 Chong Qiao 2023-12-11 303 return gpiod_to_irq(desc); 8248d42b7c5f433 Chong Qiao 2023-12-11 304 } 8248d42b7c5f433 Chong Qiao 2023-12-11 305 8248d42b7c5f433 Chong Qiao 2023-12-11 306 static int get_gpio_irq_from_acpi_gsi(int gpio) 8248d42b7c5f433 Chong Qiao 2023-12-11 307 { 8248d42b7c5f433 Chong Qiao 2023-12-11 308 int gsi = 16 + (gpio & 7); 8248d42b7c5f433 Chong Qiao 2023-12-11 309 8248d42b7c5f433 Chong Qiao 2023-12-11 310 return acpi_register_gsi(NULL, gsi, ACPI_EDGE_SENSITIVE, ACPI_ACTIVE_LOW); 8248d42b7c5f433 Chong Qiao 2023-12-11 311 } 8248d42b7c5f433 Chong Qiao 2023-12-11 312 8248d42b7c5f433 Chong Qiao 2023-12-11 313 static int register_gpio_reboot_handler(struct ls2k500sfb_struct *priv) 8248d42b7c5f433 Chong Qiao 2023-12-11 314 { 8248d42b7c5f433 Chong Qiao 2023-12-11 315 int irq = get_gpio_irq_from_acpi_table(GPIO); 8248d42b7c5f433 Chong Qiao 2023-12-11 316 8248d42b7c5f433 Chong Qiao 2023-12-11 317 if (irq < 0) { 8248d42b7c5f433 Chong Qiao 2023-12-11 318 irq = get_gpio_irq_from_acpi_gsi(GPIO); 8248d42b7c5f433 Chong Qiao 2023-12-11 319 pr_notice("gsi gpio irq %d\n", irq); 8248d42b7c5f433 Chong Qiao 2023-12-11 320 } else 8248d42b7c5f433 Chong Qiao 2023-12-11 321 pr_notice("acpi gpio irq %d\n", irq); 8248d42b7c5f433 Chong Qiao 2023-12-11 @322 writel(readl(GPIO_OEN) | (0x1 << GPIO), GPIO_OEN); 8248d42b7c5f433 Chong Qiao 2023-12-11 323 writel(readl(GPIO_FUNCEN) & ~(0x1 << GPIO), GPIO_FUNCEN); 8248d42b7c5f433 Chong Qiao 2023-12-11 324 writel(readl(GPIO_INTPOL) & ~(0x1 << GPIO), GPIO_INTPOL); 8248d42b7c5f433 Chong Qiao 2023-12-11 325 writel(readl(GPIO_INTEN) | (0x1 << GPIO), GPIO_INTEN); 8248d42b7c5f433 Chong Qiao 2023-12-11 326 if (request_irq(irq, ls2k500sfb_interrupt, IRQF_SHARED | IRQF_TRIGGER_FALLING, 8248d42b7c5f433 Chong Qiao 2023-12-11 327 "ls2k500sfb", priv)) 8248d42b7c5f433 Chong Qiao 2023-12-11 328 pr_err("request_irq(%d) failed\n", irq); 8248d42b7c5f433 Chong Qiao 2023-12-11 329 return 0; 8248d42b7c5f433 Chong Qiao 2023-12-11 330 } 8248d42b7c5f433 Chong Qiao 2023-12-11 331 #endif 8248d42b7c5f433 Chong Qiao 2023-12-11 332 :::::: The code at line 322 was first introduced by commit :::::: 8248d42b7c5f4338a54f26d8efebec8614b43466 fbdev: add ls2k500sfb driver for ls2k500 bmc. :::::: TO: Chong Qiao <qiaochong(a)loongson.cn> :::::: CC: Hongchen Zhang <zhanghongchen(a)loongson.cn> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-6.6] BUILD SUCCESS 3b421b6002e287e38790cbdad4a3e08baf7e1bc4
by kernel test robot 07 Jul '24

07 Jul '24

tree/branch: https://gitee.com/openeuler/kernel.git OLK-6.6 branch HEAD: 3b421b6002e287e38790cbdad4a3e08baf7e1bc4 !9770 Add a switch to enable hungtask check for io Warning ids grouped by kconfigs: recent_errors `-- arm64-allmodconfig `-- clang:warning:no-such-include-directory:drivers-infiniband-hw-hiroce3-include-mag elapsed time: 723m configs tested: 38 configs skipped: 123 The following configs have been built successfully. More configs may be tested in the coming days. tested configs: arm64 allmodconfig clang-19 arm64 allnoconfig gcc-13.2.0 arm64 randconfig-001-20240706 gcc-13.2.0 arm64 randconfig-002-20240706 gcc-13.2.0 arm64 randconfig-003-20240706 clang-16 arm64 randconfig-004-20240706 clang-19 loongarch allmodconfig gcc-13.2.0 loongarch allnoconfig gcc-13.2.0 loongarch randconfig-001-20240706 gcc-13.2.0 loongarch randconfig-002-20240706 gcc-13.2.0 x86_64 allnoconfig clang-18 x86_64 allyesconfig clang-18 x86_64 buildonly-randconfig-001-20240706 clang-18 x86_64 buildonly-randconfig-002-20240706 clang-18 x86_64 buildonly-randconfig-003-20240706 clang-18 x86_64 buildonly-randconfig-004-20240706 clang-18 x86_64 buildonly-randconfig-005-20240706 gcc-13 x86_64 buildonly-randconfig-006-20240706 clang-18 x86_64 defconfig gcc-13 x86_64 randconfig-001-20240706 gcc-9 x86_64 randconfig-002-20240706 clang-18 x86_64 randconfig-003-20240706 clang-18 x86_64 randconfig-004-20240706 clang-18 x86_64 randconfig-005-20240706 clang-18 x86_64 randconfig-006-20240706 clang-18 x86_64 randconfig-011-20240706 gcc-12 x86_64 randconfig-012-20240706 gcc-12 x86_64 randconfig-013-20240706 clang-18 x86_64 randconfig-014-20240706 gcc-13 x86_64 randconfig-015-20240706 gcc-13 x86_64 randconfig-016-20240706 gcc-13 x86_64 randconfig-071-20240706 gcc-12 x86_64 randconfig-072-20240706 gcc-13 x86_64 randconfig-073-20240706 gcc-12 x86_64 randconfig-074-20240706 gcc-13 x86_64 randconfig-075-20240706 clang-18 x86_64 randconfig-076-20240706 gcc-13 x86_64 rhel-8.3-rust clang-18 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-5.10] BUILD SUCCESS 1cc61a82256cf82a5f06287eb7c64d9b94f43786
by kernel test robot 07 Jul '24

07 Jul '24

tree/branch: https://gitee.com/openeuler/kernel.git OLK-5.10 branch HEAD: 1cc61a82256cf82a5f06287eb7c64d9b94f43786 !9792 v3 net: fix one NULL pointer dereference bug in net_rship module Warning ids grouped by kconfigs: recent_errors `-- x86_64-allnoconfig `-- drivers-arm-spe-spe.c:linux-perf-arm_pmu.h-is-included-more-than-once. elapsed time: 727m configs tested: 34 configs skipped: 126 The following configs have been built successfully. More configs may be tested in the coming days. tested configs: arm64 allmodconfig clang-19 arm64 allnoconfig gcc-13.2.0 arm64 randconfig-001-20240706 gcc-13.2.0 arm64 randconfig-002-20240706 gcc-13.2.0 arm64 randconfig-003-20240706 clang-16 arm64 randconfig-004-20240706 clang-19 x86_64 allnoconfig clang-18 x86_64 allyesconfig clang-18 x86_64 buildonly-randconfig-001-20240706 clang-18 x86_64 buildonly-randconfig-002-20240706 clang-18 x86_64 buildonly-randconfig-003-20240706 clang-18 x86_64 buildonly-randconfig-004-20240706 clang-18 x86_64 buildonly-randconfig-005-20240706 gcc-13 x86_64 buildonly-randconfig-006-20240706 clang-18 x86_64 defconfig gcc-13 x86_64 randconfig-001-20240706 gcc-9 x86_64 randconfig-002-20240706 clang-18 x86_64 randconfig-003-20240706 clang-18 x86_64 randconfig-004-20240706 clang-18 x86_64 randconfig-005-20240706 clang-18 x86_64 randconfig-006-20240706 clang-18 x86_64 randconfig-011-20240706 gcc-12 x86_64 randconfig-012-20240706 gcc-12 x86_64 randconfig-013-20240706 clang-18 x86_64 randconfig-014-20240706 gcc-13 x86_64 randconfig-015-20240706 gcc-13 x86_64 randconfig-016-20240706 gcc-13 x86_64 randconfig-071-20240706 gcc-12 x86_64 randconfig-072-20240706 gcc-13 x86_64 randconfig-073-20240706 gcc-12 x86_64 randconfig-074-20240706 gcc-13 x86_64 randconfig-075-20240706 clang-18 x86_64 randconfig-076-20240706 gcc-13 x86_64 rhel-8.3-rust clang-18 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:openEuler-1.0-LTS] BUILD SUCCESS d127ee13b4d5627947830da5f044541d1144dc44
by kernel test robot 07 Jul '24

07 Jul '24

tree/branch: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS branch HEAD: d127ee13b4d5627947830da5f044541d1144dc44 !9797 sch_cake: do not call cake_destroy() from cake_init() elapsed time: 726m configs tested: 34 configs skipped: 127 The following configs have been built successfully. More configs may be tested in the coming days. tested configs: arm64 allmodconfig gcc-13.2.0 arm64 allnoconfig gcc-13.2.0 arm64 randconfig-001-20240706 gcc-13.2.0 arm64 randconfig-002-20240706 gcc-13.2.0 arm64 randconfig-003-20240706 gcc-13.2.0 arm64 randconfig-004-20240706 gcc-13.2.0 x86_64 allnoconfig clang-18 x86_64 allyesconfig clang-18 x86_64 buildonly-randconfig-001-20240706 clang-18 x86_64 buildonly-randconfig-002-20240706 clang-18 x86_64 buildonly-randconfig-003-20240706 clang-18 x86_64 buildonly-randconfig-004-20240706 clang-18 x86_64 buildonly-randconfig-005-20240706 gcc-13 x86_64 buildonly-randconfig-006-20240706 clang-18 x86_64 defconfig gcc-13 x86_64 randconfig-001-20240706 gcc-9 x86_64 randconfig-002-20240706 clang-18 x86_64 randconfig-003-20240706 clang-18 x86_64 randconfig-004-20240706 clang-18 x86_64 randconfig-005-20240706 clang-18 x86_64 randconfig-006-20240706 clang-18 x86_64 randconfig-011-20240706 gcc-12 x86_64 randconfig-012-20240706 gcc-12 x86_64 randconfig-013-20240706 clang-18 x86_64 randconfig-014-20240706 gcc-13 x86_64 randconfig-015-20240706 gcc-13 x86_64 randconfig-016-20240706 gcc-13 x86_64 randconfig-071-20240706 gcc-12 x86_64 randconfig-072-20240706 gcc-13 x86_64 randconfig-073-20240706 gcc-12 x86_64 randconfig-074-20240706 gcc-13 x86_64 randconfig-075-20240706 clang-18 x86_64 randconfig-076-20240706 gcc-13 x86_64 rhel-8.3-rust clang-18 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-22.03-LTS-SP1] null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
by Li Nan 06 Jul '24

06 Jul '24

From: Yu Kuai <yukuai3(a)huawei.com> mainline inclusion from mainline-v6.10-rc1 commit a2db328b0839312c169eb42746ec46fc1ab53ed2 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA7D6H CVE: CVE-2024-36478 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -p /sys/kernel/config/nullb/nullb0 while true; do echo 1 > submit_queues; echo 4 > submit_queues; done & while true; do echo 1 > power; echo 0 > power; done Test result: BUG: kernel NULL pointer dereference, address: 0000000000000148 Oops: 0000 [#1] PREEMPT SMP RIP: 0010:__lock_acquire+0x41d/0x28f0 Call Trace: <TASK> lock_acquire+0x121/0x450 down_write+0x5f/0x1d0 simple_recursive_removal+0x12f/0x5c0 blk_mq_debugfs_unregister_hctxs+0x7c/0x100 blk_mq_update_nr_hw_queues+0x4a3/0x720 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_submit_queues_store+0x79/0xf0 [null_blk] configfs_write_iter+0x119/0x1e0 vfs_write+0x326/0x730 ksys_write+0x74/0x150 This is because del_gendisk() can concurrent with blk_mq_update_nr_hw_queues(): nullb_device_power_store nullb_apply_submit_queues null_del_dev del_gendisk nullb_update_nr_hw_queues if (!dev->nullb) // still set while gendisk is deleted return 0 blk_mq_update_nr_hw_queues dev->nullb = NULL Fix this problem by resuing the global mutex to protect nullb_device_power_store() and nullb_update_nr_hw_queues() from configfs. Fixes: 45919fbfe1c4 ("null_blk: Enable modifying 'submit_queues' after an instance has been configured") Reported-and-tested-by: Yi Zhang <yi.zhang(a)redhat.com> Closes: https://lore.kernel.org/all/CAHj4cs9LgsHLnjg8z06LQ3Pr5cax-+Ps+xT7AP7TPnEjSt… Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Reviewed-by: Zhu Yanjun <yanjun.zhu(a)linux.dev> Link: https://lore.kernel.org/r/20240523153934.1937851-1-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Conflicts: drivers/block/null_blk/main.c [ A lot of conflict, this patch just expand the protection range of mutex, ignore conflict. ] Signed-off-by: Li Nan <linan122(a)huawei.com> --- drivers/block/null_blk/main.c | 43 +++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c index 35b390a785dd..91c8412442d0 100644 --- a/drivers/block/null_blk/main.c +++ b/drivers/block/null_blk/main.c @@ -323,11 +323,9 @@ CONFIGFS_ATTR(nullb_device_, NAME); static int nullb_apply_submit_queues(struct nullb_device *dev, unsigned int submit_queues) { - struct nullb *nullb = dev->nullb; + struct nullb *nullb; struct blk_mq_tag_set *set; - - if (!nullb) - return 0; + int ret = 0; /* * Make sure that null_init_hctx() does not access nullb->queues[] past @@ -335,9 +333,20 @@ static int nullb_apply_submit_queues(struct nullb_device *dev, */ if (submit_queues > nr_cpu_ids) return -EINVAL; + + mutex_lock(&lock); + + nullb = dev->nullb; + if (!nullb) + goto out; + set = nullb->tag_set; blk_mq_update_nr_hw_queues(set, submit_queues); - return set->nr_hw_queues == submit_queues ? 0 : -ENOMEM; + ret = set->nr_hw_queues == submit_queues ? 0 : -ENOMEM; + +out: + mutex_unlock(&lock); + return ret; } NULLB_DEVICE_ATTR(size, ulong, NULL); @@ -378,27 +387,31 @@ static ssize_t nullb_device_power_store(struct config_item *item, if (ret < 0) return ret; + ret = count; + mutex_lock(&lock); if (!dev->power && newp) { if (test_and_set_bit(NULLB_DEV_FL_UP, &dev->flags)) - return count; + goto out; + if (null_add_dev(dev)) { clear_bit(NULLB_DEV_FL_UP, &dev->flags); - return -ENOMEM; + ret = -ENOMEM; + goto out; } set_bit(NULLB_DEV_FL_CONFIGURED, &dev->flags); dev->power = newp; } else if (dev->power && !newp) { if (test_and_clear_bit(NULLB_DEV_FL_UP, &dev->flags)) { - mutex_lock(&lock); dev->power = newp; null_del_dev(dev->nullb); - mutex_unlock(&lock); } clear_bit(NULLB_DEV_FL_CONFIGURED, &dev->flags); } - return count; +out: + mutex_unlock(&lock); + return ret; } CONFIGFS_ATTR(nullb_device_, power); @@ -1880,15 +1893,11 @@ static int null_add_dev(struct nullb_device *dev) blk_queue_flag_set(QUEUE_FLAG_NONROT, nullb->q); blk_queue_flag_clear(QUEUE_FLAG_ADD_RANDOM, nullb->q); - mutex_lock(&lock); rv = ida_simple_get(&nullb_indexes, 0, 0, GFP_KERNEL); - if (rv < 0) { - mutex_unlock(&lock); + if (rv < 0) goto out_cleanup_zone; - } nullb->index = rv; dev->index = rv; - mutex_unlock(&lock); blk_queue_logical_block_size(nullb->q, dev->blocksize); blk_queue_physical_block_size(nullb->q, dev->blocksize); @@ -1901,9 +1910,7 @@ static int null_add_dev(struct nullb_device *dev) if (rv) goto out_ida_free; - mutex_lock(&lock); list_add_tail(&nullb->list, &nullb_list); - mutex_unlock(&lock); return 0; @@ -1985,7 +1992,9 @@ static int __init null_init(void) ret = -ENOMEM; goto err_dev; } + mutex_lock(&lock); ret = null_add_dev(dev); + mutex_unlock(&lock); if (ret) { null_free_dev(dev); goto err_dev; -- 2.39.2

2 1

[PATCH OLK-5.10] null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
by Li Nan 06 Jul '24

06 Jul '24

From: Yu Kuai <yukuai3(a)huawei.com> mainline inclusion from mainline-v6.10-rc1 commit a2db328b0839312c169eb42746ec46fc1ab53ed2 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA7D6H CVE: CVE-2024-36478 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -p /sys/kernel/config/nullb/nullb0 while true; do echo 1 > submit_queues; echo 4 > submit_queues; done & while true; do echo 1 > power; echo 0 > power; done Test result: BUG: kernel NULL pointer dereference, address: 0000000000000148 Oops: 0000 [#1] PREEMPT SMP RIP: 0010:__lock_acquire+0x41d/0x28f0 Call Trace: <TASK> lock_acquire+0x121/0x450 down_write+0x5f/0x1d0 simple_recursive_removal+0x12f/0x5c0 blk_mq_debugfs_unregister_hctxs+0x7c/0x100 blk_mq_update_nr_hw_queues+0x4a3/0x720 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_submit_queues_store+0x79/0xf0 [null_blk] configfs_write_iter+0x119/0x1e0 vfs_write+0x326/0x730 ksys_write+0x74/0x150 This is because del_gendisk() can concurrent with blk_mq_update_nr_hw_queues(): nullb_device_power_store nullb_apply_submit_queues null_del_dev del_gendisk nullb_update_nr_hw_queues if (!dev->nullb) // still set while gendisk is deleted return 0 blk_mq_update_nr_hw_queues dev->nullb = NULL Fix this problem by resuing the global mutex to protect nullb_device_power_store() and nullb_update_nr_hw_queues() from configfs. Fixes: 45919fbfe1c4 ("null_blk: Enable modifying 'submit_queues' after an instance has been configured") Reported-and-tested-by: Yi Zhang <yi.zhang(a)redhat.com> Closes: https://lore.kernel.org/all/CAHj4cs9LgsHLnjg8z06LQ3Pr5cax-+Ps+xT7AP7TPnEjSt… Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Reviewed-by: Zhu Yanjun <yanjun.zhu(a)linux.dev> Link: https://lore.kernel.org/r/20240523153934.1937851-1-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Conflicts: drivers/block/null_blk/main.c [ A lot of conflict, this patch just expand the protection range of mutex, ignore conflict. ] Signed-off-by: Li Nan <linan122(a)huawei.com> --- drivers/block/null_blk/main.c | 43 +++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c index 35b390a785dd..91c8412442d0 100644 --- a/drivers/block/null_blk/main.c +++ b/drivers/block/null_blk/main.c @@ -323,11 +323,9 @@ CONFIGFS_ATTR(nullb_device_, NAME); static int nullb_apply_submit_queues(struct nullb_device *dev, unsigned int submit_queues) { - struct nullb *nullb = dev->nullb; + struct nullb *nullb; struct blk_mq_tag_set *set; - - if (!nullb) - return 0; + int ret = 0; /* * Make sure that null_init_hctx() does not access nullb->queues[] past @@ -335,9 +333,20 @@ static int nullb_apply_submit_queues(struct nullb_device *dev, */ if (submit_queues > nr_cpu_ids) return -EINVAL; + + mutex_lock(&lock); + + nullb = dev->nullb; + if (!nullb) + goto out; + set = nullb->tag_set; blk_mq_update_nr_hw_queues(set, submit_queues); - return set->nr_hw_queues == submit_queues ? 0 : -ENOMEM; + ret = set->nr_hw_queues == submit_queues ? 0 : -ENOMEM; + +out: + mutex_unlock(&lock); + return ret; } NULLB_DEVICE_ATTR(size, ulong, NULL); @@ -378,27 +387,31 @@ static ssize_t nullb_device_power_store(struct config_item *item, if (ret < 0) return ret; + ret = count; + mutex_lock(&lock); if (!dev->power && newp) { if (test_and_set_bit(NULLB_DEV_FL_UP, &dev->flags)) - return count; + goto out; + if (null_add_dev(dev)) { clear_bit(NULLB_DEV_FL_UP, &dev->flags); - return -ENOMEM; + ret = -ENOMEM; + goto out; } set_bit(NULLB_DEV_FL_CONFIGURED, &dev->flags); dev->power = newp; } else if (dev->power && !newp) { if (test_and_clear_bit(NULLB_DEV_FL_UP, &dev->flags)) { - mutex_lock(&lock); dev->power = newp; null_del_dev(dev->nullb); - mutex_unlock(&lock); } clear_bit(NULLB_DEV_FL_CONFIGURED, &dev->flags); } - return count; +out: + mutex_unlock(&lock); + return ret; } CONFIGFS_ATTR(nullb_device_, power); @@ -1880,15 +1893,11 @@ static int null_add_dev(struct nullb_device *dev) blk_queue_flag_set(QUEUE_FLAG_NONROT, nullb->q); blk_queue_flag_clear(QUEUE_FLAG_ADD_RANDOM, nullb->q); - mutex_lock(&lock); rv = ida_simple_get(&nullb_indexes, 0, 0, GFP_KERNEL); - if (rv < 0) { - mutex_unlock(&lock); + if (rv < 0) goto out_cleanup_zone; - } nullb->index = rv; dev->index = rv; - mutex_unlock(&lock); blk_queue_logical_block_size(nullb->q, dev->blocksize); blk_queue_physical_block_size(nullb->q, dev->blocksize); @@ -1901,9 +1910,7 @@ static int null_add_dev(struct nullb_device *dev) if (rv) goto out_ida_free; - mutex_lock(&lock); list_add_tail(&nullb->list, &nullb_list); - mutex_unlock(&lock); return 0; @@ -1985,7 +1992,9 @@ static int __init null_init(void) ret = -ENOMEM; goto err_dev; } + mutex_lock(&lock); ret = null_add_dev(dev); + mutex_unlock(&lock); if (ret) { null_free_dev(dev); goto err_dev; -- 2.39.2

2 1

[PATCH openEuler-1.0-LTS] ftrace: Use preempt disable instead of rcu lock in ftrace_location_range()
by Zheng Yejian 06 Jul '24

06 Jul '24

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAA3U5 CVE: NA -------------------------------- After commit 5e66a5bdad69 ("ftrace: Fix rcu warn in ftrace_location()"), syzkaller reports following warning: WARNING: lock held when returning to user space! 4.18.0+ #16 Tainted: G W ---------r- - ------------------------------------------------ modprobe/4255 is leaving the kernel with locks still held! 1 lock held by modprobe/4255: #0: 0000000012ba3568 (rcu_read_lock){....}, at: ftrace_location_range+0x292/0x440 BUG: scheduling while atomic: modprobe/4255/0x00000002 ============================= BUG: scheduling while atomic: modprobe/4256/0x00000002 INFO: lockdep is turned off. Modules linked in: Kernel panic - not syncing: scheduling while atomic It seems that rcu_read_lock() is held but rcu_read_unlock() is not called, this is most likely due to the inconsistent state when calling in_atomic(). To fix it, use preemt_{disable,enable}_notrace() instead of rcu_read_{,un}lock(). Fixes: 5e66a5bdad69 ("ftrace: Fix rcu warn in ftrace_location()") Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> --- kernel/trace/ftrace.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index ad4440da5b78..ceb4bab432f1 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1581,12 +1581,7 @@ unsigned long ftrace_location_range(unsigned long start, unsigned long end) key.ip = start; key.flags = end; /* overload flags, as it is unsigned long */ - /* - * It is in atomic context when called from ftrace_int3_handler(), - * in this case rcu lock is not needed. - */ - if (!in_atomic()) - rcu_read_lock(); + preempt_disable_notrace(); for (pg = ftrace_pages_start; pg; pg = pg->next) { if (pg->index == 0 || end < pg->records[0].ip || @@ -1600,8 +1595,7 @@ unsigned long ftrace_location_range(unsigned long start, unsigned long end) break; } } - if (!in_atomic()) - rcu_read_unlock(); + preempt_enable_notrace(); return ip; } -- 2.25.1

2 1

[PATCH openEuler-1.0-LTS] sch_cake: do not call cake_destroy() from cake_init()
by Xiang Yang 06 Jul '24

06 Jul '24

From: Eric Dumazet <edumazet(a)google.com> stable inclusion from stable-v4.19.222 commit 4e388232e630ebe4f94b4a0715ec98c0e2b314a3 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA6SGX CVE: CVE-2021-47598 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… -------------------------------- [ Upstream commit ab443c53916730862cec202078d36fd4008bea79 ] qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock_common kernel/locking/mutex.c:586 [inline] WARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock+0x9ec/0x12f0 kernel/locking/mutex.c:740 Modules linked in: CPU: 0 PID: 21902 Comm: syz-executor189 Not tainted 5.16.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__mutex_lock_common kernel/locking/mutex.c:586 [inline] RIP: 0010:__mutex_lock+0x9ec/0x12f0 kernel/locking/mutex.c:740 Code: 08 84 d2 0f 85 19 08 00 00 8b 05 97 38 4b 04 85 c0 0f 85 27 f7 ff ff 48 c7 c6 20 00 ac 89 48 c7 c7 a0 fe ab 89 e8 bf 76 ba ff <0f> 0b e9 0d f7 ff ff 48 8b 44 24 40 48 8d b8 c8 08 00 00 48 89 f8 RSP: 0018:ffffc9000627f290 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff88802315d700 RSI: ffffffff815f1db8 RDI: fffff52000c4fe44 RBP: ffff88818f28e000 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff815ebb5e R11: 0000000000000000 R12: 0000000000000000 R13: dffffc0000000000 R14: ffffc9000627f458 R15: 0000000093c30000 FS: 0000555556abc400(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fda689c3303 CR3: 000000001cfbb000 CR4: 0000000000350ef0 Call Trace: <TASK> tcf_chain0_head_change_cb_del+0x2e/0x3d0 net/sched/cls_api.c:810 tcf_block_put_ext net/sched/cls_api.c:1381 [inline] tcf_block_put_ext net/sched/cls_api.c:1376 [inline] tcf_block_put+0xbc/0x130 net/sched/cls_api.c:1394 cake_destroy+0x3f/0x80 net/sched/sch_cake.c:2695 qdisc_create.constprop.0+0x9da/0x10f0 net/sched/sch_api.c:1293 tc_modify_qdisc+0x4c5/0x1980 net/sched/sch_api.c:1660 rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5571 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2496 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x904/0xdf0 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f1bb06badb9 Code: Unable to access opcode bytes at RIP 0x7f1bb06bad8f. RSP: 002b:00007fff3012a658 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1bb06badb9 RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000003 R10: 0000000000000003 R11: 0000000000000246 R12: 00007fff3012a688 R13: 00007fff3012a6a0 R14: 00007fff3012a6e0 R15: 00000000000013c2 </TASK> Fixes: 046f6fd5daef ("sched: Add Common Applications Kept Enhanced (cake) qdisc") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Acked-by: Toke Høiland-Jørgensen <toke(a)toke.dk> Link: https://lore.kernel.org/r/20211210142046.698336-1-eric.dumazet@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Xiang Yang <xiangyang3(a)huawei.com> --- net/sched/sch_cake.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/net/sched/sch_cake.c b/net/sched/sch_cake.c index 2025f0f559de..18c207b85d51 100644 --- a/net/sched/sch_cake.c +++ b/net/sched/sch_cake.c @@ -2675,7 +2675,7 @@ static int cake_init(struct Qdisc *sch, struct nlattr *opt, q->tins = kvcalloc(CAKE_MAX_TINS, sizeof(struct cake_tin_data), GFP_KERNEL); if (!q->tins) - goto nomem; + return -ENOMEM; for (i = 0; i < CAKE_MAX_TINS; i++) { struct cake_tin_data *b = q->tins + i; @@ -2705,10 +2705,6 @@ static int cake_init(struct Qdisc *sch, struct nlattr *opt, q->min_netlen = ~0; q->min_adjlen = ~0; return 0; - -nomem: - cake_destroy(sch); - return -ENOMEM; } static int cake_dump(struct Qdisc *sch, struct sk_buff *skb) -- 2.34.1

2 1

[PATCH OLK-5.10] drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
by Zheng Zucheng 06 Jul '24

06 Jul '24

From: Aleksandr Mishin <amishin(a)t-argos.ru> stable inclusion from stable-v6.6.33 commit dcf53e6103b26e7458be71491d0641f49fbd5840 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA6SEW CVE: CVE-2024-38548 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 935a92a1c400285545198ca2800a4c6c519c650a ] In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it in drm_mode_set_name(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Fix this bug add a check of mhdp_state->current_mode. Fixes: fb43aa0acdfd ("drm: bridge: Add support for Cadence MHDP8546 DPI/DP bridge") Signed-off-by: Aleksandr Mishin <amishin(a)t-argos.ru> Reviewed-by: Robert Foss <rfoss(a)kernel.org> Signed-off-by: Robert Foss <rfoss(a)kernel.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240408125810.21899-1-amishi… Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: ZhangPeng <zhangpeng362(a)huawei.com> Signed-off-by: Zheng Zucheng <zhengzucheng(a)huawei.com> --- drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c b/drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c index 6af565ac307a..858f5b650849 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c @@ -2057,6 +2057,9 @@ static void cdns_mhdp_atomic_enable(struct drm_bridge *bridge, mhdp_state = to_cdns_mhdp_bridge_state(new_state); mhdp_state->current_mode = drm_mode_duplicate(bridge->dev, mode); + if (!mhdp_state->current_mode) + return; + drm_mode_set_name(mhdp_state->current_mode); dev_dbg(mhdp->dev, "%s: Enabling mode %s\n", __func__, mode->name); -- 2.34.1

2 1

2024

2023

2022

2021

2020

2019

Kernel July 2024