August 2024 - Kernel - mailweb.openeuler.org

[PATCH openEuler-22.03-LTS-SP1] wifi: cfg80211: Lock wiphy in cfg80211_get_station
by Dong Chenchen 01 Aug '24

01 Aug '24

From: Remi Pommarel <repk(a)triplefau.lt> mainline inclusion from mainline-v6.10-rc3 commit 642f89daa34567d02f312d03e41523a894906dae category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAD02L CVE: CVE-2024-40911 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Wiphy should be locked before calling rdev_get_station() (see lockdep assert in ieee80211_get_station()). This fixes the following kernel NULL dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000003001000 [0000000000000050] pgd=0800000002dca003, p4d=0800000002dca003, pud=08000000028e9003, pmd=0000000000000000 Internal error: Oops: 0000000096000006 [#1] SMP Modules linked in: netconsole dwc3_meson_g12a dwc3_of_simple dwc3 ip_gre gre ath10k_pci ath10k_core ath9k ath9k_common ath9k_hw ath CPU: 0 PID: 1091 Comm: kworker/u8:0 Not tainted 6.4.0-02144-g565f9a3a7911-dirty #705 Hardware name: RPT (r1) (DT) Workqueue: bat_events batadv_v_elp_throughput_metric_update pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ath10k_sta_statistics+0x10/0x2dc [ath10k_core] lr : sta_set_sinfo+0xcc/0xbd4 sp : ffff000007b43ad0 x29: ffff000007b43ad0 x28: ffff0000071fa900 x27: ffff00000294ca98 x26: ffff000006830880 x25: ffff000006830880 x24: ffff00000294c000 x23: 0000000000000001 x22: ffff000007b43c90 x21: ffff800008898acc x20: ffff00000294c6e8 x19: ffff000007b43c90 x18: 0000000000000000 x17: 445946354d552d78 x16: 62661f7200000000 x15: 57464f445946354d x14: 0000000000000000 x13: 00000000000000e3 x12: d5f0acbcebea978e x11: 00000000000000e3 x10: 000000010048fe41 x9 : 0000000000000000 x8 : ffff000007b43d90 x7 : 000000007a1e2125 x6 : 0000000000000000 x5 : ffff0000024e0900 x4 : ffff800000a0250c x3 : ffff000007b43c90 x2 : ffff00000294ca98 x1 : ffff000006831920 x0 : 0000000000000000 Call trace: ath10k_sta_statistics+0x10/0x2dc [ath10k_core] sta_set_sinfo+0xcc/0xbd4 ieee80211_get_station+0x2c/0x44 cfg80211_get_station+0x80/0x154 batadv_v_elp_get_throughput+0x138/0x1fc batadv_v_elp_throughput_metric_update+0x1c/0xa4 process_one_work+0x1ec/0x414 worker_thread+0x70/0x46c kthread+0xdc/0xe0 ret_from_fork+0x10/0x20 Code: a9bb7bfd 910003fd a90153f3 f9411c40 (f9402814) This happens because STA has time to disconnect and reconnect before batadv_v_elp_throughput_metric_update() delayed work gets scheduled. In this situation, ath10k_sta_state() can be in the middle of resetting arsta data when the work queue get chance to be scheduled and ends up accessing it. Locking wiphy prevents that. Fixes: 7406353d43c8 ("cfg80211: implement cfg80211_get_station cfg80211 API") Signed-off-by: Remi Pommarel <repk(a)triplefau.lt> Reviewed-by: Nicolas Escande <nico.escande(a)gmail.com> Acked-by: Antonio Quartulli <a(a)unstable.cc> Link: https://msgid.link/983b24a6a176e0800c01aedcd74480d9b551cb13.1716046653.git.… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> --- net/wireless/util.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/wireless/util.c b/net/wireless/util.c index 5177fd63b1b8..831e457f9eab 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -2005,6 +2005,7 @@ int cfg80211_get_station(struct net_device *dev, const u8 *mac_addr, { struct cfg80211_registered_device *rdev; struct wireless_dev *wdev; + int ret; wdev = dev->ieee80211_ptr; if (!wdev) @@ -2016,7 +2017,11 @@ int cfg80211_get_station(struct net_device *dev, const u8 *mac_addr, memset(sinfo, 0, sizeof(*sinfo)); - return rdev_get_station(rdev, dev, mac_addr, sinfo); + wiphy_lock(&rdev->wiphy); + ret = rdev_get_station(rdev, dev, mac_addr, sinfo); + wiphy_unlock(&rdev->wiphy); + + return ret; } EXPORT_SYMBOL(cfg80211_get_station); -- 2.25.1

2 1

[PATCH OLK-5.10] wifi: cfg80211: Lock wiphy in cfg80211_get_station
by Dong Chenchen 01 Aug '24

01 Aug '24

From: Remi Pommarel <repk(a)triplefau.lt> mainline inclusion from mainline-v6.10-rc3 commit 642f89daa34567d02f312d03e41523a894906dae category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAD02L CVE: CVE-2024-40911 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Wiphy should be locked before calling rdev_get_station() (see lockdep assert in ieee80211_get_station()). This fixes the following kernel NULL dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000003001000 [0000000000000050] pgd=0800000002dca003, p4d=0800000002dca003, pud=08000000028e9003, pmd=0000000000000000 Internal error: Oops: 0000000096000006 [#1] SMP Modules linked in: netconsole dwc3_meson_g12a dwc3_of_simple dwc3 ip_gre gre ath10k_pci ath10k_core ath9k ath9k_common ath9k_hw ath CPU: 0 PID: 1091 Comm: kworker/u8:0 Not tainted 6.4.0-02144-g565f9a3a7911-dirty #705 Hardware name: RPT (r1) (DT) Workqueue: bat_events batadv_v_elp_throughput_metric_update pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ath10k_sta_statistics+0x10/0x2dc [ath10k_core] lr : sta_set_sinfo+0xcc/0xbd4 sp : ffff000007b43ad0 x29: ffff000007b43ad0 x28: ffff0000071fa900 x27: ffff00000294ca98 x26: ffff000006830880 x25: ffff000006830880 x24: ffff00000294c000 x23: 0000000000000001 x22: ffff000007b43c90 x21: ffff800008898acc x20: ffff00000294c6e8 x19: ffff000007b43c90 x18: 0000000000000000 x17: 445946354d552d78 x16: 62661f7200000000 x15: 57464f445946354d x14: 0000000000000000 x13: 00000000000000e3 x12: d5f0acbcebea978e x11: 00000000000000e3 x10: 000000010048fe41 x9 : 0000000000000000 x8 : ffff000007b43d90 x7 : 000000007a1e2125 x6 : 0000000000000000 x5 : ffff0000024e0900 x4 : ffff800000a0250c x3 : ffff000007b43c90 x2 : ffff00000294ca98 x1 : ffff000006831920 x0 : 0000000000000000 Call trace: ath10k_sta_statistics+0x10/0x2dc [ath10k_core] sta_set_sinfo+0xcc/0xbd4 ieee80211_get_station+0x2c/0x44 cfg80211_get_station+0x80/0x154 batadv_v_elp_get_throughput+0x138/0x1fc batadv_v_elp_throughput_metric_update+0x1c/0xa4 process_one_work+0x1ec/0x414 worker_thread+0x70/0x46c kthread+0xdc/0xe0 ret_from_fork+0x10/0x20 Code: a9bb7bfd 910003fd a90153f3 f9411c40 (f9402814) This happens because STA has time to disconnect and reconnect before batadv_v_elp_throughput_metric_update() delayed work gets scheduled. In this situation, ath10k_sta_state() can be in the middle of resetting arsta data when the work queue get chance to be scheduled and ends up accessing it. Locking wiphy prevents that. Fixes: 7406353d43c8 ("cfg80211: implement cfg80211_get_station cfg80211 API") Signed-off-by: Remi Pommarel <repk(a)triplefau.lt> Reviewed-by: Nicolas Escande <nico.escande(a)gmail.com> Acked-by: Antonio Quartulli <a(a)unstable.cc> Link: https://msgid.link/983b24a6a176e0800c01aedcd74480d9b551cb13.1716046653.git.… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> --- net/wireless/util.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/wireless/util.c b/net/wireless/util.c index 5177fd63b1b8..831e457f9eab 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -2005,6 +2005,7 @@ int cfg80211_get_station(struct net_device *dev, const u8 *mac_addr, { struct cfg80211_registered_device *rdev; struct wireless_dev *wdev; + int ret; wdev = dev->ieee80211_ptr; if (!wdev) @@ -2016,7 +2017,11 @@ int cfg80211_get_station(struct net_device *dev, const u8 *mac_addr, memset(sinfo, 0, sizeof(*sinfo)); - return rdev_get_station(rdev, dev, mac_addr, sinfo); + wiphy_lock(&rdev->wiphy); + ret = rdev_get_station(rdev, dev, mac_addr, sinfo); + wiphy_unlock(&rdev->wiphy); + + return ret; } EXPORT_SYMBOL(cfg80211_get_station); -- 2.25.1

2 1

[PATCH OLK-5.10] powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
by Jinjie Ruan 01 Aug '24

01 Aug '24

From: Mahesh Salgaonkar <mahesh(a)linux.ibm.com> stable inclusion from stable-v6.6.39 commit 0f37946c62c48a907625348cbc720a7a0c547d1e category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGPSI CVE: CVE-2024-42126 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 0db880fc865ffb522141ced4bfa66c12ab1fbb70 ] nmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling (e.g. early HMI/MCE interrupt handler) if percpu allocation comes from vmalloc area. Early HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI() wrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when percpu allocation is from the embedded first chunk. However with CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu allocation can come from the vmalloc area. With kernel command line "percpu_alloc=page" we can force percpu allocation to come from vmalloc area and can see kernel crash in machine_check_early: [ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110 [ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0 [ 1.215719] --- interrupt: 200 [ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable) [ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0 [ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8 Fix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu first chunk is not embedded. Reviewed-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> Tested-by: Shirisha Ganta <shirisha(a)linux.ibm.com> Signed-off-by: Mahesh Salgaonkar <mahesh(a)linux.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240410043006.81577-1-mahesh@linux.ibm.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: arch/powerpc/kernel/setup_64.c arch/powerpc/include/asm/interrupt.h [Because machine_check_early() has been refactored] Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> --- arch/powerpc/include/asm/percpu.h | 10 ++++++++++ arch/powerpc/kernel/mce.c | 14 +++++++++++--- arch/powerpc/kernel/setup_64.c | 2 ++ 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/include/asm/percpu.h b/arch/powerpc/include/asm/percpu.h index 8e5b7d0b851c..634970ce13c6 100644 --- a/arch/powerpc/include/asm/percpu.h +++ b/arch/powerpc/include/asm/percpu.h @@ -15,6 +15,16 @@ #endif /* CONFIG_SMP */ #endif /* __powerpc64__ */ +#if defined(CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK) && defined(CONFIG_SMP) +#include <linux/jump_label.h> +DECLARE_STATIC_KEY_FALSE(__percpu_first_chunk_is_paged); + +#define percpu_first_chunk_is_paged \ + (static_key_enabled(&__percpu_first_chunk_is_paged.key)) +#else +#define percpu_first_chunk_is_paged false +#endif /* CONFIG_PPC64 && CONFIG_SMP */ + #include <asm-generic/percpu.h> #include <asm/paca.h> diff --git a/arch/powerpc/kernel/mce.c b/arch/powerpc/kernel/mce.c index 63702c0badb9..b652105fc4c8 100644 --- a/arch/powerpc/kernel/mce.c +++ b/arch/powerpc/kernel/mce.c @@ -594,8 +594,15 @@ long notrace machine_check_early(struct pt_regs *regs) u8 ftrace_enabled = this_cpu_get_ftrace_enabled(); this_cpu_set_ftrace_enabled(0); - /* Do not use nmi_enter/exit for pseries hpte guest */ - if (radix_enabled() || !firmware_has_feature(FW_FEATURE_LPAR)) + /* + * Do not use nmi_enter/exit for pseries hpte guest. + * + * Likewise, do not use it in real mode if percpu first chunk is not + * embedded. With CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there + * are chances where percpu allocation can come from vmalloc area. + */ + if ((radix_enabled() || !firmware_has_feature(FW_FEATURE_LPAR)) && + !percpu_first_chunk_is_paged) nmi_enter(); hv_nmi_check_nonrecoverable(regs); @@ -606,7 +613,8 @@ long notrace machine_check_early(struct pt_regs *regs) if (ppc_md.machine_check_early) handled = ppc_md.machine_check_early(regs); - if (radix_enabled() || !firmware_has_feature(FW_FEATURE_LPAR)) + if ((radix_enabled() || !firmware_has_feature(FW_FEATURE_LPAR)) && + !percpu_first_chunk_is_paged) nmi_exit(); this_cpu_set_ftrace_enabled(ftrace_enabled); diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index cc285e0b9722..4875e84eb975 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -827,6 +827,7 @@ static int pcpu_cpu_distance(unsigned int from, unsigned int to) unsigned long __per_cpu_offset[NR_CPUS] __read_mostly; EXPORT_SYMBOL(__per_cpu_offset); +DEFINE_STATIC_KEY_FALSE(__percpu_first_chunk_is_paged); static void __init pcpu_populate_pte(unsigned long addr) { @@ -906,6 +907,7 @@ void __init setup_per_cpu_areas(void) if (rc < 0) panic("cannot initialize percpu area (err=%d)", rc); + static_key_enable(&__percpu_first_chunk_is_paged.key); delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start; for_each_possible_cpu(cpu) { __per_cpu_offset[cpu] = delta + pcpu_unit_offsets[cpu]; -- 2.34.1

2 1

[PATCH OLK-6.6] usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
by heyujie 01 Aug '24

01 Aug '24

From: Meng Li <Meng.Li(a)windriver.com> mainline inclusion from mainline-v6.10-rc6 commit 7838de15bb700c2898a7d741db9b1f3cbc86c136 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGEOX CVE: CVE-2024-42085 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- When config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system to enter suspend status with below command: echo mem > /sys/power/state There will be a deadlock issue occurring. Detailed invoking path as below: dwc3_suspend_common() spin_lock_irqsave(&dwc->lock, flags); <-- 1st dwc3_gadget_suspend(dwc); dwc3_gadget_soft_disconnect(dwc); spin_lock_irqsave(&dwc->lock, flags); <-- 2nd This issue is exposed by commit c7ebd8149ee5 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend") that removes the code of checking whether dwc->gadget_driver is NULL or not. It causes the following code is executed and deadlock occurs when trying to get the spinlock. In fact, the root cause is the commit 5265397f9442("usb: dwc3: Remove DWC3 locking during gadget suspend/resume") that forgot to remove the lock of otg mode. So, remove the redundant lock of otg mode during gadget suspend/resume. Fixes: 5265397f9442 ("usb: dwc3: Remove DWC3 locking during gadget suspend/resume") Cc: Xu Yang <xu.yang_2(a)nxp.com> Cc: stable(a)vger.kernel.org Signed-off-by: Meng Li <Meng.Li(a)windriver.com> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Link: https://lore.kernel.org/r/20240618031918.2585799-1-Meng.Li@windriver.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: He Yujie <coka.heyujie(a)huawei.com> --- drivers/usb/dwc3/core.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 1f66578c671e..1a2303663179 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2044,7 +2044,6 @@ static int dwc3_core_init_for_resume(struct dwc3 *dwc) static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) { - unsigned long flags; u32 reg; switch (dwc->current_dr_role) { @@ -2082,9 +2081,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - spin_lock_irqsave(&dwc->lock, flags); dwc3_gadget_suspend(dwc); - spin_unlock_irqrestore(&dwc->lock, flags); synchronize_irq(dwc->irq_gadget); } @@ -2101,7 +2098,6 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) { - unsigned long flags; int ret; u32 reg; @@ -2150,9 +2146,7 @@ static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) if (dwc->current_otg_role == DWC3_OTG_ROLE_HOST) { dwc3_otg_host_init(dwc); } else if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - spin_lock_irqsave(&dwc->lock, flags); dwc3_gadget_resume(dwc); - spin_unlock_irqrestore(&dwc->lock, flags); } break; -- 2.34.1

2 1

[PATCH OLK-6.6] powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
by Jinjie Ruan 01 Aug '24

01 Aug '24

From: Mahesh Salgaonkar <mahesh(a)linux.ibm.com> stable inclusion from stable-v6.6.39 commit 0f37946c62c48a907625348cbc720a7a0c547d1e category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGPSI CVE: CVE-2024-42126 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 0db880fc865ffb522141ced4bfa66c12ab1fbb70 ] nmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling (e.g. early HMI/MCE interrupt handler) if percpu allocation comes from vmalloc area. Early HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI() wrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when percpu allocation is from the embedded first chunk. However with CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu allocation can come from the vmalloc area. With kernel command line "percpu_alloc=page" we can force percpu allocation to come from vmalloc area and can see kernel crash in machine_check_early: [ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110 [ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0 [ 1.215719] --- interrupt: 200 [ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable) [ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0 [ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8 Fix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu first chunk is not embedded. Reviewed-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> Tested-by: Shirisha Ganta <shirisha(a)linux.ibm.com> Signed-off-by: Mahesh Salgaonkar <mahesh(a)linux.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240410043006.81577-1-mahesh@linux.ibm.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> --- arch/powerpc/include/asm/interrupt.h | 10 ++++++++++ arch/powerpc/include/asm/percpu.h | 10 ++++++++++ arch/powerpc/kernel/setup_64.c | 2 ++ 3 files changed, 22 insertions(+) diff --git a/arch/powerpc/include/asm/interrupt.h b/arch/powerpc/include/asm/interrupt.h index a4196ab1d016..5f9d61b2159c 100644 --- a/arch/powerpc/include/asm/interrupt.h +++ b/arch/powerpc/include/asm/interrupt.h @@ -336,6 +336,14 @@ static inline void interrupt_nmi_enter_prepare(struct pt_regs *regs, struct inte if (IS_ENABLED(CONFIG_KASAN)) return; + /* + * Likewise, do not use it in real mode if percpu first chunk is not + * embedded. With CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there + * are chances where percpu allocation can come from vmalloc area. + */ + if (percpu_first_chunk_is_paged) + return; + /* Otherwise, it should be safe to call it */ nmi_enter(); } @@ -351,6 +359,8 @@ static inline void interrupt_nmi_exit_prepare(struct pt_regs *regs, struct inter // no nmi_exit for a pseries hash guest taking a real mode exception } else if (IS_ENABLED(CONFIG_KASAN)) { // no nmi_exit for KASAN in real mode + } else if (percpu_first_chunk_is_paged) { + // no nmi_exit if percpu first chunk is not embedded } else { nmi_exit(); } diff --git a/arch/powerpc/include/asm/percpu.h b/arch/powerpc/include/asm/percpu.h index 8e5b7d0b851c..634970ce13c6 100644 --- a/arch/powerpc/include/asm/percpu.h +++ b/arch/powerpc/include/asm/percpu.h @@ -15,6 +15,16 @@ #endif /* CONFIG_SMP */ #endif /* __powerpc64__ */ +#if defined(CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK) && defined(CONFIG_SMP) +#include <linux/jump_label.h> +DECLARE_STATIC_KEY_FALSE(__percpu_first_chunk_is_paged); + +#define percpu_first_chunk_is_paged \ + (static_key_enabled(&__percpu_first_chunk_is_paged.key)) +#else +#define percpu_first_chunk_is_paged false +#endif /* CONFIG_PPC64 && CONFIG_SMP */ + #include <asm-generic/percpu.h> #include <asm/paca.h> diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index 15ece83ab7ac..6231a42eb0a0 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -837,6 +837,7 @@ static __init int pcpu_cpu_to_node(int cpu) unsigned long __per_cpu_offset[NR_CPUS] __read_mostly; EXPORT_SYMBOL(__per_cpu_offset); +DEFINE_STATIC_KEY_FALSE(__percpu_first_chunk_is_paged); void __init setup_per_cpu_areas(void) { @@ -879,6 +880,7 @@ void __init setup_per_cpu_areas(void) if (rc < 0) panic("cannot initialize percpu area (err=%d)", rc); + static_key_enable(&__percpu_first_chunk_is_paged.key); delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start; for_each_possible_cpu(cpu) { __per_cpu_offset[cpu] = delta + pcpu_unit_offsets[cpu]; -- 2.34.1

2 1

[PATCH OLK-5.10 v2 0/5] xfs: fix tail alignment for forcealign
by Long Li 01 Aug '24

01 Aug '24

This patch set fix maxlen fallback to availble len, it cause tail is no alignment. Dave Chinner (3): xfs: only allow minlen allocations when near ENOSPC xfs: always tail align maxlen allocations xfs: align args->minlen for forced allocation alignment John Garry (1): xfs: Don't revert allocated offset for forcealign Long Li (1): xfs: set minlen to align for forcealign fs/xfs/libxfs/xfs_alloc.c | 31 ++++++++++++++++++----------- fs/xfs/libxfs/xfs_bmap.c | 42 +++++++++++++++++++++++++++++---------- 2 files changed, 50 insertions(+), 23 deletions(-) -- 2.39.2

2 6

[PATCH openEuler-1.0-LTS] ASoC: fsl-asoc-card: set priv->pdev before using it
by Ye Bin 01 Aug '24

01 Aug '24

From: Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> mainline inclusion from mainline-v6.10-rc6 commit 90f3feb24172185f1832636264943e8b5e289245 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAGEP3 CVE: CVE-2024-42089 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… ------------------------------------------- priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations. Fixes: 708b4351f08c ("ASoC: fsl: Add Freescale Generic ASoC Sound Card with ASRC support") Signed-off-by: Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> Link: https://patch.msgid.link/20240620132511.4291-2-elinor.montmasson@savoirfair… Signed-off-by: Mark Brown <broonie(a)kernel.org> Conflicts: sound/soc/fsl/fsl-asoc-card.c [resolved context change] Signed-off-by: Ye Bin <yebin10(a)huawei.com> --- sound/soc/fsl/fsl-asoc-card.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/fsl/fsl-asoc-card.c b/sound/soc/fsl/fsl-asoc-card.c index 600d9be9706e..b2929c31c001 100644 --- a/sound/soc/fsl/fsl-asoc-card.c +++ b/sound/soc/fsl/fsl-asoc-card.c @@ -479,6 +479,8 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) if (!priv) return -ENOMEM; + priv->pdev = pdev; + cpu_np = of_parse_phandle(np, "audio-cpu", 0); /* Give a chance to old DT binding */ if (!cpu_np) @@ -591,7 +593,6 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) codec_dev->name); /* Initialize sound card */ - priv->pdev = pdev; priv->card.dev = &pdev->dev; priv->card.name = priv->name; priv->card.dai_link = priv->dai_link; -- 2.31.1

2 1

[PATCH openEuler-22.03-LTS-SP1] ASoC: fsl-asoc-card: set priv->pdev before using it
by Ye Bin 01 Aug '24

01 Aug '24

From: Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> mainline inclusion from mainline-v6.10-rc6 commit 90f3feb24172185f1832636264943e8b5e289245 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAGEP3 CVE: CVE-2024-42089 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… ------------------------------------------- priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations. Fixes: 708b4351f08c ("ASoC: fsl: Add Freescale Generic ASoC Sound Card with ASRC support") Signed-off-by: Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> Link: https://patch.msgid.link/20240620132511.4291-2-elinor.montmasson@savoirfair… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Ye Bin <yebin10(a)huawei.com> --- sound/soc/fsl/fsl-asoc-card.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/fsl/fsl-asoc-card.c b/sound/soc/fsl/fsl-asoc-card.c index 7cd14d6b9436..8ae55c4c3589 100644 --- a/sound/soc/fsl/fsl-asoc-card.c +++ b/sound/soc/fsl/fsl-asoc-card.c @@ -538,6 +538,8 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) if (!priv) return -ENOMEM; + priv->pdev = pdev; + cpu_np = of_parse_phandle(np, "audio-cpu", 0); /* Give a chance to old DT binding */ if (!cpu_np) @@ -718,7 +720,6 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) } /* Initialize sound card */ - priv->pdev = pdev; priv->card.dev = &pdev->dev; priv->card.owner = THIS_MODULE; ret = snd_soc_of_parse_card_name(&priv->card, "model"); -- 2.31.1

2 1

[PATCH OLK-5.10] ASoC: fsl-asoc-card: set priv->pdev before using it
by Ye Bin 01 Aug '24

01 Aug '24

From: Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> mainline inclusion from mainline-v6.10-rc6 commit 90f3feb24172185f1832636264943e8b5e289245 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAGEP3 CVE: CVE-2024-42089 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… ------------------------------------------- priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations. Fixes: 708b4351f08c ("ASoC: fsl: Add Freescale Generic ASoC Sound Card with ASRC support") Signed-off-by: Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> Link: https://patch.msgid.link/20240620132511.4291-2-elinor.montmasson@savoirfair… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Ye Bin <yebin10(a)huawei.com> --- sound/soc/fsl/fsl-asoc-card.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/fsl/fsl-asoc-card.c b/sound/soc/fsl/fsl-asoc-card.c index 9a756d0a6032..c876f111d8b0 100644 --- a/sound/soc/fsl/fsl-asoc-card.c +++ b/sound/soc/fsl/fsl-asoc-card.c @@ -538,6 +538,8 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) if (!priv) return -ENOMEM; + priv->pdev = pdev; + cpu_np = of_parse_phandle(np, "audio-cpu", 0); /* Give a chance to old DT binding */ if (!cpu_np) @@ -718,7 +720,6 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) } /* Initialize sound card */ - priv->pdev = pdev; priv->card.dev = &pdev->dev; priv->card.owner = THIS_MODULE; ret = snd_soc_of_parse_card_name(&priv->card, "model"); -- 2.31.1

2 1

[openeuler:openEuler-1.0-LTS 7838/23397] mm/slab_common.o: warning: objtool: kmem_cache_create_usercopy()+0x227: unreachable instruction
by kernel test robot 01 Aug '24

01 Aug '24

tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: 5addb4b853f44eada72e0ed14b75d3d37e94bd8c commit: d4bdc26bcd632cee393b5171345d5fa6293fe42b [7838/23397] include/asm-generic/bug.h: fix "cut here" for WARN_ON for __WARN_TAINT architectures config: x86_64-randconfig-161-20240801 (https://download.01.org/0day-ci/archive/20240801/202408010934.bNS6iMjG-lkp@…) compiler: clang version 18.1.5 (https://github.com/llvm/llvm-project 617a15a9eac96088ae5e9134248d8236e34b91b1) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240801/202408010934.bNS6iMjG-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202408010934.bNS6iMjG-lkp@intel.com/ All warnings (new ones prefixed by >>): >> mm/slab_common.o: warning: objtool: kmem_cache_create_usercopy()+0x227: unreachable instruction objdump-func vmlinux.o kmem_cache_create_usercopy: 0000 00000000004525fd <kmem_cache_create_usercopy>: 0000 4525fd: 55 push %rbp 0001 4525fe: 48 89 e5 mov %rsp,%rbp 0004 452601: 41 57 push %r15 0006 452603: 41 56 push %r14 0008 452605: 41 55 push %r13 000a 452607: 41 54 push %r12 000c 452609: 53 push %rbx 000d 45260a: 48 83 ec 20 sub $0x20,%rsp 0011 45260e: 41 89 f7 mov %esi,%r15d 0014 452611: 48 89 7d c8 mov %rdi,-0x38(%rbp) 0018 452615: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 452618: R_X86_64_32S slab_mutex 001f 45261c: 31 f6 xor %esi,%esi 0021 45261e: 44 89 cb mov %r9d,%ebx 0024 452621: 45 89 c4 mov %r8d,%r12d 0027 452624: 41 89 cd mov %ecx,%r13d 002a 452627: 41 89 d6 mov %edx,%r14d 002d 45262a: e8 00 00 00 00 call 45262f <kmem_cache_create_usercopy+0x32> 45262b: R_X86_64_PLT32 mutex_lock_nested-0x4 0032 45262f: 41 f7 c5 ff 12 40 ff test $0xff4012ff,%r13d 0039 452636: 0f 85 7c 01 00 00 jne 4527b8 <kmem_cache_create_usercopy+0x1bb> 003f 45263c: 4c 8b 45 10 mov 0x10(%rbp),%r8 0043 452640: 44 89 e9 mov %r13d,%ecx 0046 452643: 81 e1 00 ed af 00 and $0xafed00,%ecx 004c 452649: 45 85 e4 test %r12d,%r12d 004f 45264c: 74 08 je 452656 <kmem_cache_create_usercopy+0x59> 0051 45264e: 85 db test %ebx,%ebx 0053 452650: 0f 84 a8 01 00 00 je 4527fe <kmem_cache_create_usercopy+0x201> 0059 452656: 44 89 f8 mov %r15d,%eax 005c 452659: 29 d8 sub %ebx,%eax 005e 45265b: 0f 82 b3 01 00 00 jb 452814 <kmem_cache_create_usercopy+0x217> 0064 452661: 44 39 e0 cmp %r12d,%eax 0067 452664: 0f 82 aa 01 00 00 jb 452814 <kmem_cache_create_usercopy+0x217> 006d 45266a: 4c 89 65 c0 mov %r12,-0x40(%rbp) 0071 45266e: 4c 8b 65 c8 mov -0x38(%rbp),%r12 0075 452672: 85 db test %ebx,%ebx 0077 452674: 0f 84 ba 01 00 00 je 452834 <kmem_cache_create_usercopy+0x237> 007d 45267a: 4c 89 e7 mov %r12,%rdi 0080 45267d: be c0 00 60 00 mov $0x6000c0,%esi 0085 452682: 89 4d d4 mov %ecx,-0x2c(%rbp) 0088 452685: e8 00 00 00 00 call 45268a <kmem_cache_create_usercopy+0x8d> 452686: R_X86_64_PLT32 kstrdup_const-0x4 008d 45268a: 48 85 c0 test %rax,%rax 0090 45268d: 48 89 45 b8 mov %rax,-0x48(%rbp) 0094 452691: 0f 84 2d 01 00 00 je 4527c4 <kmem_cache_create_usercopy+0x1c7> 009a 452697: 41 0f ba e5 0d bt $0xd,%r13d 009f 45269c: 72 06 jb 4526a4 <kmem_cache_create_usercopy+0xa7> 00a1 45269e: 48 8b 55 c0 mov -0x40(%rbp),%rdx 00a5 4526a2: eb 1a jmp 4526be <kmem_cache_create_usercopy+0xc1> 00a7 4526a4: 8b 0d 00 00 00 00 mov 0x0(%rip),%ecx # 4526aa <kmem_cache_create_usercopy+0xad> 4526a6: R_X86_64_PC32 boot_cpu_data+0xb4 00ad 4526aa: 48 8b 55 c0 mov -0x40(%rbp),%rdx 00b1 4526ae: 89 c8 mov %ecx,%eax 00b3 4526b0: d1 e9 shr %ecx 00b5 4526b2: 44 39 f9 cmp %r15d,%ecx 00b8 4526b5: 73 f7 jae 4526ae <kmem_cache_create_usercopy+0xb1> 00ba 4526b7: 44 39 f0 cmp %r14d,%eax 00bd 4526ba: 44 0f 47 f0 cmova %eax,%r14d 00c1 4526be: 41 83 fe 09 cmp $0x9,%r14d 00c5 4526c2: 41 bd 08 00 00 00 mov $0x8,%r13d 00cb 4526c8: 8d 04 1a lea (%rdx,%rbx,1),%eax 00ce 4526cb: 45 0f 43 ee cmovae %r14d,%r13d 00d2 4526cf: 44 39 f8 cmp %r15d,%eax 00d5 4526d2: 0f 87 a3 01 00 00 ja 45287b <kmem_cache_create_usercopy+0x27e> 00db 4526d8: 48 8b 3d 00 00 00 00 mov 0x0(%rip),%rdi # 4526df <kmem_cache_create_usercopy+0xe2> 4526db: R_X86_64_PC32 kmem_cache-0x4 00e2 4526df: be c0 80 60 00 mov $0x6080c0,%esi 00e7 4526e4: 49 89 d6 mov %rdx,%r14 00ea 4526e7: e8 00 00 00 00 call 4526ec <kmem_cache_create_usercopy+0xef> 4526e8: R_X86_64_PLT32 kmem_cache_alloc-0x4 00ef 4526ec: 48 85 c0 test %rax,%rax 00f2 4526ef: 74 61 je 452752 <kmem_cache_create_usercopy+0x155> 00f4 4526f1: 49 89 c4 mov %rax,%r12 00f7 4526f4: 48 8b 4d b8 mov -0x48(%rbp),%rcx 00fb 4526f8: 48 8b 45 10 mov 0x10(%rbp),%rax 00ff 4526fc: 8b 75 d4 mov -0x2c(%rbp),%esi 0102 4526ff: 41 83 c5 07 add $0x7,%r13d 0106 452703: 4c 89 e7 mov %r12,%rdi 0109 452706: 41 83 e5 f8 and $0xfffffff8,%r13d 010d 45270a: 49 89 4c 24 50 mov %rcx,0x50(%r12) 0112 45270f: 45 89 7c 24 1c mov %r15d,0x1c(%r12) 0117 452714: 45 89 7c 24 18 mov %r15d,0x18(%r12) 011c 452719: 45 89 6c 24 44 mov %r13d,0x44(%r12) 0121 45271e: 49 89 44 24 38 mov %rax,0x38(%r12) 0126 452723: 45 89 b4 24 50 01 00 00 mov %r14d,0x150(%r12) 012e 45272b: 41 89 9c 24 54 01 00 00 mov %ebx,0x154(%r12) 0136 452733: e8 00 00 00 00 call 452738 <kmem_cache_create_usercopy+0x13b> 452734: R_X86_64_PLT32 __kmem_cache_create-0x4 013b 452738: 85 c0 test %eax,%eax 013d 45273a: 74 1f je 45275b <kmem_cache_create_usercopy+0x15e> 013f 45273c: 48 8b 3d 00 00 00 00 mov 0x0(%rip),%rdi # 452743 <kmem_cache_create_usercopy+0x146> 45273f: R_X86_64_PC32 kmem_cache-0x4 0146 452743: 4c 89 e6 mov %r12,%rsi 0149 452746: 89 c3 mov %eax,%ebx 014b 452748: e8 00 00 00 00 call 45274d <kmem_cache_create_usercopy+0x150> 452749: R_X86_64_PLT32 kmem_cache_free-0x4 0150 45274d: 4c 63 e3 movslq %ebx,%r12 0153 452750: eb 39 jmp 45278b <kmem_cache_create_usercopy+0x18e> 0155 452752: 49 c7 c4 f4 ff ff ff mov $0xfffffffffffffff4,%r12 015c 452759: eb 30 jmp 45278b <kmem_cache_create_usercopy+0x18e> 015e 45275b: 48 8b 0d 00 00 00 00 mov 0x0(%rip),%rcx # 452762 <kmem_cache_create_usercopy+0x165> 45275e: R_X86_64_PC32 slab_caches-0x4 0165 452762: 4c 89 e0 mov %r12,%rax 0168 452765: 41 c7 44 24 34 01 00 00 00 movl $0x1,0x34(%r12) 0171 45276e: 48 83 c0 58 add $0x58,%rax 0175 452772: 48 89 41 08 mov %rax,0x8(%rcx) 0179 452776: 49 89 4c 24 58 mov %rcx,0x58(%r12) 017e 45277b: 49 c7 44 24 60 00 00 00 00 movq $0x0,0x60(%r12) 452780: R_X86_64_32S slab_caches 0187 452784: 48 89 05 00 00 00 00 mov %rax,0x0(%rip) # 45278b <kmem_cache_create_usercopy+0x18e> 452787: R_X86_64_PC32 slab_caches-0x4 018e 45278b: 49 81 fc 00 f0 ff ff cmp $0xfffffffffffff000,%r12 0195 452792: 0f 86 b7 00 00 00 jbe 45284f <kmem_cache_create_usercopy+0x252> 019b 452798: 48 8b 7d b8 mov -0x48(%rbp),%rdi 019f 45279c: e8 00 00 00 00 call 4527a1 <kmem_cache_create_usercopy+0x1a4> 45279d: R_X86_64_PLT32 kfree_const-0x4 01a4 4527a1: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 4527a4: R_X86_64_32S slab_mutex 01ab 4527a8: e8 00 00 00 00 call 4527ad <kmem_cache_create_usercopy+0x1b0> 4527a9: R_X86_64_PLT32 mutex_unlock-0x4 01b0 4527ad: 45 85 e4 test %r12d,%r12d 01b3 4527b0: 0f 84 a5 00 00 00 je 45285b <kmem_cache_create_usercopy+0x25e> 01b9 4527b6: eb 1e jmp 4527d6 <kmem_cache_create_usercopy+0x1d9> 01bb 4527b8: 41 bc ea ff ff ff mov $0xffffffea,%r12d 01c1 4527be: 44 89 6d d4 mov %r13d,-0x2c(%rbp) 01c5 4527c2: eb 06 jmp 4527ca <kmem_cache_create_usercopy+0x1cd> 01c7 4527c4: 41 bc f4 ff ff ff mov $0xfffffff4,%r12d 01cd 4527ca: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 4527cd: R_X86_64_32S slab_mutex 01d4 4527d1: e8 00 00 00 00 call 4527d6 <kmem_cache_create_usercopy+0x1d9> 4527d2: R_X86_64_PLT32 mutex_unlock-0x4 01d9 4527d6: 0f ba 65 d4 12 btl $0x12,-0x2c(%rbp) 01de 4527db: 0f 82 b1 00 00 00 jb 452892 <kmem_cache_create_usercopy+0x295> 01e4 4527e1: 48 8b 75 c8 mov -0x38(%rbp),%rsi 01e8 4527e5: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 4527e8: R_X86_64_32S .rodata.str1.1+0x769ae 01ef 4527ec: 44 89 e2 mov %r12d,%edx 01f2 4527ef: e8 00 00 00 00 call 4527f4 <kmem_cache_create_usercopy+0x1f7> 4527f0: R_X86_64_PLT32 printk-0x4 01f7 4527f4: e8 00 00 00 00 call 4527f9 <kmem_cache_create_usercopy+0x1fc> 4527f5: R_X86_64_PLT32 dump_stack-0x4 01fc 4527f9: 45 31 e4 xor %r12d,%r12d 01ff 4527fc: eb 5d jmp 45285b <kmem_cache_create_usercopy+0x25e> 0201 4527fe: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 452801: R_X86_64_32S .rodata.str1.1+0x5f98e 0208 452805: 89 cb mov %ecx,%ebx 020a 452807: e8 00 00 00 00 call 45280c <kmem_cache_create_usercopy+0x20f> 452808: R_X86_64_PLT32 printk-0x4 020f 45280c: 4c 8b 45 10 mov 0x10(%rbp),%r8 0213 452810: 0f 0b ud2 0215 452812: eb 14 jmp 452828 <kmem_cache_create_usercopy+0x22b> 0217 452814: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 452817: R_X86_64_32S .rodata.str1.1+0x5f98e 021e 45281b: 89 cb mov %ecx,%ebx 0220 45281d: e8 00 00 00 00 call 452822 <kmem_cache_create_usercopy+0x225> 45281e: R_X86_64_PLT32 printk-0x4 0225 452822: 0f 0b ud2 0227 452824: 4c 8b 45 10 mov 0x10(%rbp),%r8 022b 452828: 89 d9 mov %ebx,%ecx 022d 45282a: 4c 8b 65 c8 mov -0x38(%rbp),%r12 0231 45282e: 31 c0 xor %eax,%eax 0233 452830: 48 89 45 c0 mov %rax,-0x40(%rbp) 0237 452834: 4c 89 e7 mov %r12,%rdi 023a 452837: 44 89 fe mov %r15d,%esi 023d 45283a: 44 89 f2 mov %r14d,%edx 0240 45283d: 89 cb mov %ecx,%ebx 0242 45283f: e8 00 00 00 00 call 452844 <kmem_cache_create_usercopy+0x247> 452840: R_X86_64_PLT32 __kmem_cache_alias-0x4 0247 452844: 4c 89 e1 mov %r12,%rcx 024a 452847: 49 89 c4 mov %rax,%r12 024d 45284a: 48 85 c0 test %rax,%rax 0250 45284d: 74 1e je 45286d <kmem_cache_create_usercopy+0x270> 0252 45284f: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 452852: R_X86_64_32S slab_mutex 0259 452856: e8 00 00 00 00 call 45285b <kmem_cache_create_usercopy+0x25e> 452857: R_X86_64_PLT32 mutex_unlock-0x4 025e 45285b: 4c 89 e0 mov %r12,%rax 0261 45285e: 48 83 c4 20 add $0x20,%rsp 0265 452862: 5b pop %rbx 0266 452863: 41 5c pop %r12 0268 452865: 41 5d pop %r13 026a 452867: 41 5e pop %r14 026c 452869: 41 5f pop %r15 026e 45286b: 5d pop %rbp 026f 45286c: c3 ret 0270 45286d: 89 d8 mov %ebx,%eax 0272 45286f: 49 89 cc mov %rcx,%r12 0275 452872: 31 db xor %ebx,%ebx 0277 452874: 89 c1 mov %eax,%ecx 0279 452876: e9 ff fd ff ff jmp 45267a <kmem_cache_create_usercopy+0x7d> 027e 45287b: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 45287e: R_X86_64_32S .rodata.str1.1+0x5f98e 0285 452882: e8 00 00 00 00 call 452887 <kmem_cache_create_usercopy+0x28a> 452883: R_X86_64_PLT32 printk-0x4 028a 452887: 0f 0b ud2 028c 452889: 31 d2 xor %edx,%edx 028e 45288b: 31 db xor %ebx,%ebx 0290 45288d: e9 46 fe ff ff jmp 4526d8 <kmem_cache_create_usercopy+0xdb> 0295 452892: 48 8b 75 c8 mov -0x38(%rbp),%rsi 0299 452896: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 452899: R_X86_64_32S .rodata.str1.1+0x4a387 02a0 45289d: 44 89 e2 mov %r12d,%edx 02a3 4528a0: e8 00 00 00 00 call 4528a5 <kmem_cache_create_usercopy+0x2a8> 4528a1: R_X86_64_PLT32 panic-0x4 02a8 4528a5: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 4528a8: R_X86_64_32S .data+0x2f61b8 02af 4528ac: e8 00 00 00 00 call 4528b1 <kmem_cache_create> 4528ad: R_X86_64_PLT32 __ubsan_handle_builtin_unreachable-0x4 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0