- Kernel - mailweb.openeuler.org

[PATCH openEuler-22.03-LTS-SP1] fs/ntfs3: Add rough attr alloc_size check
by Zizhi Wo 14 Nov '24

14 Nov '24

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> stable inclusion from stable-v6.6.60 commit e91fbb21f248bdd8140f343dac32b77b9bc10fec category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB37BA CVE: CVE-2024-50246 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit c4a8ba334262e9a5c158d618a4820e1b9c12495c ] Reported-by: syzbot+c6d94bedd910a8216d25(a)syzkaller.appspotmail.com Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> --- fs/ntfs3/record.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index 463b0abc1051..cc1aa626bb9e 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -319,6 +319,9 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) if (attr->nres.c_unit) return NULL; + + if (alloc_size > mi->sbi->volume.size) + return NULL; } return attr; -- 2.46.1

2 1

[PATCH openEuler-22.03-LTS-SP1 V1] e100: Fix possible use after free in e100_xmit_prepare
by Zicheng Qu 14 Nov '24

14 Nov '24

From: Wang Hai <wanghai38(a)huawei.com> stable inclusion from stable-v5.10.158 commit b775f37d943966f6f77dca402f5a9dedce502c25 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYREC Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 45605c75c52c7ae7bfe902214343aabcfe5ba0ff ] In e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will resend the skb. But the skb is already freed, which will cause UAF bug when the upper layer resends the skb. Remove the harmful free. Fixes: 5e5d49422dfb ("e100: Release skb when DMA mapping is failed in e100_xmit_prepare") Signed-off-by: Wang Hai <wanghai38(a)huawei.com> Reviewed-by: Alexander Duyck <alexanderduyck(a)fb.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: drivers/net/ethernet/intel/e100.c [The purpose of the if condition is the same in both cases. In openeuler, it is `if (pci_dma_mapping_error(nic->pdev, dma_addr))`, and in version 5.10, it is `if (dma_mapping_error(&nic->pdev->dev, dma_addr))`. Both are intended to "map the skb, allowing the upper layer to try later." Therefore, retain the original `if` condition from openeuler, and remove the code that frees the skb, aligning with the patch's purpose.] Signed-off-by: Zicheng Qu <quzicheng(a)huawei.com> --- drivers/net/ethernet/intel/e100.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/net/ethernet/intel/e100.c b/drivers/net/ethernet/intel/e100.c index 8f7d2a335654..511f23f2a931 100644 --- a/drivers/net/ethernet/intel/e100.c +++ b/drivers/net/ethernet/intel/e100.c @@ -1742,11 +1742,8 @@ static int e100_xmit_prepare(struct nic *nic, struct cb *cb, dma_addr = pci_map_single(nic->pdev, skb->data, skb->len, PCI_DMA_TODEVICE); /* If we can't map the skb, have the upper layer try later */ - if (pci_dma_mapping_error(nic->pdev, dma_addr)) { - dev_kfree_skb_any(skb); - skb = NULL; + if (pci_dma_mapping_error(nic->pdev, dma_addr)) return -ENOMEM; - } /* * Use the last 4 bytes of the SKB payload packet as the CRC, used for -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1 V1] aoe: fix the potential use-after-free problem in more places
by Zicheng Qu 14 Nov '24

14 Nov '24

From: Chun-Yi Lee <joeyli.kernel(a)gmail.com> stable inclusion from stable-v5.10.227 commit f63461af2c1a86af4217910e47a5c46e3372e645 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYR9W CVE: CVE-2024-49982 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 6d6e54fc71ad1ab0a87047fd9c211e75d86084a3 upstream. For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb->dev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb->dev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue. Cc: stable(a)vger.kernel.org Link: https://nvd.nist.gov/vuln/detail/CVE-2023-6270 Fixes: f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") Reported-by: Nicolai Stange <nstange(a)suse.com> Signed-off-by: Chun-Yi Lee <jlee(a)suse.com> Link: https://lore.kernel.org/stable/20240624064418.27043-1-jlee%40suse.com Link: https://lore.kernel.org/r/20241002035458.24401-1-jlee@suse.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zicheng Qu <quzicheng(a)huawei.com> --- drivers/block/aoe/aoecmd.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/block/aoe/aoecmd.c b/drivers/block/aoe/aoecmd.c index c805909c8e77..833ccf2cd5df 100644 --- a/drivers/block/aoe/aoecmd.c +++ b/drivers/block/aoe/aoecmd.c @@ -362,6 +362,7 @@ ata_rw_frameinit(struct frame *f) } ah->cmdstat = ATA_CMD_PIO_READ | writebit | extbit; + dev_hold(t->ifp->nd); skb->dev = t->ifp->nd; } @@ -402,6 +403,8 @@ aoecmd_ata_rw(struct aoedev *d) __skb_queue_head_init(&queue); __skb_queue_tail(&queue, skb); aoenet_xmit(&queue); + } else { + dev_put(f->t->ifp->nd); } return 1; } @@ -484,10 +487,13 @@ resend(struct aoedev *d, struct frame *f) memcpy(h->dst, t->addr, sizeof h->dst); memcpy(h->src, t->ifp->nd->dev_addr, sizeof h->src); + dev_hold(t->ifp->nd); skb->dev = t->ifp->nd; skb = skb_clone(skb, GFP_ATOMIC); - if (skb == NULL) + if (skb == NULL) { + dev_put(t->ifp->nd); return; + } f->sent = ktime_get(); __skb_queue_head_init(&queue); __skb_queue_tail(&queue, skb); @@ -618,6 +624,8 @@ probe(struct aoetgt *t) __skb_queue_head_init(&queue); __skb_queue_tail(&queue, skb); aoenet_xmit(&queue); + } else { + dev_put(f->t->ifp->nd); } } @@ -1403,6 +1411,7 @@ aoecmd_ata_id(struct aoedev *d) ah->cmdstat = ATA_CMD_ID_ATA; ah->lba3 = 0xa0; + dev_hold(t->ifp->nd); skb->dev = t->ifp->nd; d->rttavg = RTTAVG_INIT; @@ -1412,6 +1421,8 @@ aoecmd_ata_id(struct aoedev *d) skb = skb_clone(skb, GFP_ATOMIC); if (skb) f->sent = ktime_get(); + else + dev_put(t->ifp->nd); return skb; } -- 2.34.1

2 1

[PATCH OLK-5.10 V1] aoe: fix the potential use-after-free problem in more places
by Zicheng Qu 14 Nov '24

14 Nov '24

From: Chun-Yi Lee <joeyli.kernel(a)gmail.com> stable inclusion from stable-v5.10.227 commit f63461af2c1a86af4217910e47a5c46e3372e645 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYR9W CVE: CVE-2024-49982 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 6d6e54fc71ad1ab0a87047fd9c211e75d86084a3 upstream. For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb->dev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb->dev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue. Cc: stable(a)vger.kernel.org Link: https://nvd.nist.gov/vuln/detail/CVE-2023-6270 Fixes: f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") Reported-by: Nicolai Stange <nstange(a)suse.com> Signed-off-by: Chun-Yi Lee <jlee(a)suse.com> Link: https://lore.kernel.org/stable/20240624064418.27043-1-jlee%40suse.com Link: https://lore.kernel.org/r/20241002035458.24401-1-jlee@suse.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zicheng Qu <quzicheng(a)huawei.com> --- drivers/block/aoe/aoecmd.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/block/aoe/aoecmd.c b/drivers/block/aoe/aoecmd.c index c805909c8e77..833ccf2cd5df 100644 --- a/drivers/block/aoe/aoecmd.c +++ b/drivers/block/aoe/aoecmd.c @@ -362,6 +362,7 @@ ata_rw_frameinit(struct frame *f) } ah->cmdstat = ATA_CMD_PIO_READ | writebit | extbit; + dev_hold(t->ifp->nd); skb->dev = t->ifp->nd; } @@ -402,6 +403,8 @@ aoecmd_ata_rw(struct aoedev *d) __skb_queue_head_init(&queue); __skb_queue_tail(&queue, skb); aoenet_xmit(&queue); + } else { + dev_put(f->t->ifp->nd); } return 1; } @@ -484,10 +487,13 @@ resend(struct aoedev *d, struct frame *f) memcpy(h->dst, t->addr, sizeof h->dst); memcpy(h->src, t->ifp->nd->dev_addr, sizeof h->src); + dev_hold(t->ifp->nd); skb->dev = t->ifp->nd; skb = skb_clone(skb, GFP_ATOMIC); - if (skb == NULL) + if (skb == NULL) { + dev_put(t->ifp->nd); return; + } f->sent = ktime_get(); __skb_queue_head_init(&queue); __skb_queue_tail(&queue, skb); @@ -618,6 +624,8 @@ probe(struct aoetgt *t) __skb_queue_head_init(&queue); __skb_queue_tail(&queue, skb); aoenet_xmit(&queue); + } else { + dev_put(f->t->ifp->nd); } } @@ -1403,6 +1411,7 @@ aoecmd_ata_id(struct aoedev *d) ah->cmdstat = ATA_CMD_ID_ATA; ah->lba3 = 0xa0; + dev_hold(t->ifp->nd); skb->dev = t->ifp->nd; d->rttavg = RTTAVG_INIT; @@ -1412,6 +1421,8 @@ aoecmd_ata_id(struct aoedev *d) skb = skb_clone(skb, GFP_ATOMIC); if (skb) f->sent = ktime_get(); + else + dev_put(t->ifp->nd); return skb; } -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1 V1] scsi: pm80xx: Set phy->enable_completion only when we wait for it
by Zicheng Qu 14 Nov '24

14 Nov '24

From: Igor Pylypiv <ipylypiv(a)google.com> stable inclusion from stable-v6.6.51 commit 7b1d779647afaea9185fa2f150b1721e7c1aae89 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAVU94 CVE: CVE-2024-47666 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit e4f949ef1516c0d74745ee54a0f4882c1f6c7aea ] pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash. Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Signed-off-by: Terrence Adams <tadamsjr(a)google.com> Link: https://lore.kernel.org/r/20240627155924.2361370-2-tadamsjr@google.com Acked-by: Jack Wang <jinpu.wang(a)ionos.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: drivers/scsi/pm8001/pm8001_sas.c [The 5.10 stable version lacks this patch 7b1d779647afaea9185fa2f150b1721e7c1aae89, which was pulled from 6.6. Missing commits a961ea0afd632cc570b71e455fe4328ee2fd9348 and 4851c39aae3a917d09983e1c6948fa9d749b5448 in 5.10 led to manually removing the if (PM8001_CHIP_DISP->fatal_errors(pm8001_ha)) code.] Signed-off-by: Zicheng Qu <quzicheng(a)huawei.com> --- drivers/scsi/pm8001/pm8001_sas.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c index f77061396871..2d5f2ab0a0f7 100644 --- a/drivers/scsi/pm8001/pm8001_sas.c +++ b/drivers/scsi/pm8001/pm8001_sas.c @@ -163,7 +163,6 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, unsigned long flags; pm8001_ha = sas_phy->ha->lldd_ha; phy = &pm8001_ha->phy[phy_id]; - pm8001_ha->phy[phy_id].enable_completion = &completion; switch (func) { case PHY_FUNC_SET_LINK_RATE: rates = funcdata; @@ -176,6 +175,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, rates->maximum_linkrate; } if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } @@ -184,6 +184,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, break; case PHY_FUNC_HARD_RESET: if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } @@ -192,6 +193,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, break; case PHY_FUNC_LINK_RESET: if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } -- 2.34.1

2 1

[PATCH OLK-5.10 V1] scsi: pm80xx: Set phy->enable_completion only when we wait for it
by Zicheng Qu 14 Nov '24

14 Nov '24

From: Igor Pylypiv <ipylypiv(a)google.com> stable inclusion from stable-v6.6.51 commit 7b1d779647afaea9185fa2f150b1721e7c1aae89 category: bugfix bugzilla: IAVU94 CVE: CVE-2024-47666 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit e4f949ef1516c0d74745ee54a0f4882c1f6c7aea ] pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash. Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Signed-off-by: Terrence Adams <tadamsjr(a)google.com> Link: https://lore.kernel.org/r/20240627155924.2361370-2-tadamsjr@google.com Acked-by: Jack Wang <jinpu.wang(a)ionos.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: drivers/scsi/pm8001/pm8001_sas.c [The 5.10 stable version lacks this patch 7b1d779647afaea9185fa2f150b1721e7c1aae89, which was pulled from 6.6. Missing commits a961ea0afd632cc570b71e455fe4328ee2fd9348 and 4851c39aae3a917d09983e1c6948fa9d749b5448 in 5.10 led to manually removing the if (PM8001_CHIP_DISP->fatal_errors(pm8001_ha)) code.] Signed-off-by: Zicheng Qu <quzicheng(a)huawei.com> --- drivers/scsi/pm8001/pm8001_sas.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c index f77061396871..2d5f2ab0a0f7 100644 --- a/drivers/scsi/pm8001/pm8001_sas.c +++ b/drivers/scsi/pm8001/pm8001_sas.c @@ -163,7 +163,6 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, unsigned long flags; pm8001_ha = sas_phy->ha->lldd_ha; phy = &pm8001_ha->phy[phy_id]; - pm8001_ha->phy[phy_id].enable_completion = &completion; switch (func) { case PHY_FUNC_SET_LINK_RATE: rates = funcdata; @@ -176,6 +175,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, rates->maximum_linkrate; } if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } @@ -184,6 +184,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, break; case PHY_FUNC_HARD_RESET: if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } @@ -192,6 +193,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, break; case PHY_FUNC_LINK_RESET: if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1 V1] staging: iio: frequency: ad9834: Validate frequency parameter value
by Zicheng Qu 14 Nov '24

14 Nov '24

From: Aleksandr Mishin <amishin(a)t-argos.ru> stable inclusion from stable-v5.10.226 commit 41cc91e3138fe52f8da92a81bebcd0e6cf488c53 category: bugfix bugzilla: IAVU8A CVE: CVE-2024-47663 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit b48aa991758999d4e8f9296c5bbe388f293ef465 upstream. In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value. Modify parameters checking. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 12b9d5bf76bf ("Staging: IIO: DDS: AD9833 / AD9834 driver") Suggested-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Aleksandr Mishin <amishin(a)t-argos.ru> Reviewed-by: Dan Carpenter <dan.carpenter(a)linaro.org> Link: https://patch.msgid.link/20240703154506.25584-1-amishin@t-argos.ru Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zicheng Qu <quzicheng(a)huawei.com> --- drivers/staging/iio/frequency/ad9834.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/iio/frequency/ad9834.c b/drivers/staging/iio/frequency/ad9834.c index 262c3590e64e..fa0a7056dea4 100644 --- a/drivers/staging/iio/frequency/ad9834.c +++ b/drivers/staging/iio/frequency/ad9834.c @@ -115,7 +115,7 @@ static int ad9834_write_frequency(struct ad9834_state *st, clk_freq = clk_get_rate(st->mclk); - if (fout > (clk_freq / 2)) + if (!clk_freq || fout > (clk_freq / 2)) return -EINVAL; regval = ad9834_calc_freqreg(clk_freq, fout); -- 2.34.1

2 1

[openeuler:openEuler-1.0-LTS 1294/1294] block/blk-io-hierarchy/debugfs.c:63:2: error: implicit declaration of function 'hierarchy_show_slow_io'
by kernel test robot 14 Nov '24

14 Nov '24

tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: a81d020c58c2c6a55ebaf15846470a9ecb69bd1a commit: b2f723aef027af0f194ff0c9f53f8ae6a7cb7de3 [1294/1294] blk-io-hierarchy: support to recored the number of slow IO config: x86_64-randconfig-123-20241114 (https://download.01.org/0day-ci/archive/20241114/202411140945.MlPVuer1-lkp@…) compiler: clang version 19.1.3 (https://github.com/llvm/llvm-project ab51eccf88f5321e7c60591c5546b254b6afab99) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241114/202411140945.MlPVuer1-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202411140945.MlPVuer1-lkp@intel.com/ All errors (new ones prefixed by >>): block/blk-io-hierarchy/debugfs.c: note: in included file (through include/linux/kernel.h, include/linux/list.h, include/linux/wait.h, ...): /opt/cross/clang-ab51eccf88/lib/clang/19/include/stdarg.h:22:44: sparse: sparse: Expected ) in function call /opt/cross/clang-ab51eccf88/lib/clang/19/include/stdarg.h:22:44: sparse: sparse: got < /opt/cross/clang-ab51eccf88/lib/clang/19/include/stdarg.h:22:43: sparse: sparse: not a function <noident> /opt/cross/clang-ab51eccf88/lib/clang/19/include/stdarg.h:22:22: sparse: sparse: bad constant expression type block/blk-io-hierarchy/debugfs.c: note: in included file (through include/linux/printk.h, include/linux/kernel.h, include/linux/list.h, ...): /opt/cross/clang-ab51eccf88/lib/clang/19/include/stdarg.h:22:44: sparse: sparse: Expected ) in function call /opt/cross/clang-ab51eccf88/lib/clang/19/include/stdarg.h:22:44: sparse: sparse: got < /opt/cross/clang-ab51eccf88/lib/clang/19/include/stdarg.h:22:43: sparse: sparse: not a function <noident> /opt/cross/clang-ab51eccf88/lib/clang/19/include/stdarg.h:22:22: sparse: sparse: bad constant expression type block/blk-io-hierarchy/debugfs.c: note: in included file (through include/linux/string.h, include/linux/bitmap.h, include/linux/cpumask.h, ...): /opt/cross/clang-ab51eccf88/lib/clang/19/include/stdarg.h:22:44: sparse: sparse: Expected ) in function call /opt/cross/clang-ab51eccf88/lib/clang/19/include/stdarg.h:22:44: sparse: sparse: got < /opt/cross/clang-ab51eccf88/lib/clang/19/include/stdarg.h:22:43: sparse: sparse: not a function <noident> /opt/cross/clang-ab51eccf88/lib/clang/19/include/stdarg.h:22:22: sparse: sparse: bad constant expression type block/blk-io-hierarchy/debugfs.c:63:9: sparse: sparse: undefined identifier 'hierarchy_show_slow_io' In file included from block/blk-io-hierarchy/debugfs.c:15: In file included from include/linux/blkdev.h:16: include/linux/pagemap.h:425:21: warning: cast from 'int (*)(struct file *, struct page *)' to 'filler_t *' (aka 'int (*)(void *, struct page *)') converts to incompatible function type [-Wcast-function-type-strict] 425 | filler_t *filler = (filler_t *)mapping->a_ops->readpage; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> block/blk-io-hierarchy/debugfs.c:63:2: error: implicit declaration of function 'hierarchy_show_slow_io' [-Werror,-Wimplicit-function-declaration] 63 | hierarchy_show_slow_io(hstats_data, m); | ^ block/blk-io-hierarchy/debugfs.c:63:2: note: did you mean 'hierarchy_account_slow_io'? block/blk-io-hierarchy/iodump.h:85:1: note: 'hierarchy_account_slow_io' declared here 85 | hierarchy_account_slow_io(struct hierarchy_stage *hstage, | ^ 1 warning and 1 error generated. -- In file included from block/blk-io-hierarchy/debugfs.c:15: In file included from include/linux/blkdev.h:16: include/linux/pagemap.h:425:21: warning: cast from 'int (*)(struct file *, struct page *)' to 'filler_t *' (aka 'int (*)(void *, struct page *)') converts to incompatible function type [-Wcast-function-type-strict] 425 | filler_t *filler = (filler_t *)mapping->a_ops->readpage; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> block/blk-io-hierarchy/debugfs.c:63:2: error: implicit declaration of function 'hierarchy_show_slow_io' [-Werror,-Wimplicit-function-declaration] 63 | hierarchy_show_slow_io(hstats_data, m); | ^ block/blk-io-hierarchy/debugfs.c:63:2: note: did you mean 'hierarchy_account_slow_io'? block/blk-io-hierarchy/iodump.h:85:1: note: 'hierarchy_account_slow_io' declared here 85 | hierarchy_account_slow_io(struct hierarchy_stage *hstage, | ^ 1 warning and 1 error generated. Kconfig warnings: (for reference only) WARNING: unmet direct dependencies detected for SPI_PHYTIUM Depends on [n]: SPI [=y] && SPI_MASTER [=y] && (ARCH_PHYTIUM || COMPILE_TEST [=n]) Selected by [y]: - SPI_PHYTIUM_PLAT [=y] && SPI [=y] && SPI_MASTER [=y] vim +/hierarchy_show_slow_io +63 block/blk-io-hierarchy/debugfs.c 28 29 static int __hierarchy_stats_show(struct hierarchy_stats_data *hstats_data, 30 struct seq_file *m, enum stage_group stage) 31 { 32 u64 dispatched[NR_NEW_STAT_GROUPS] = {0}; 33 u64 completed[NR_NEW_STAT_GROUPS] = {0}; 34 u64 latency[NR_NEW_STAT_GROUPS] = {0}; 35 int cpu; 36 int i; 37 38 for_each_possible_cpu(cpu) { 39 struct hierarchy_stats *stat = 40 per_cpu_ptr(hstats_data->hstats, cpu); 41 42 for (i = 0; i < NR_NEW_STAT_GROUPS; ++i) { 43 dispatched[i] += stat->dispatched[i]; 44 completed[i] += stat->completed[i]; 45 latency[i] += stage_is_rq(stage) ? 46 stat->jiffies[i] : stat->nsecs[i]; 47 } 48 } 49 50 if (stage_is_rq(stage)) 51 for (i = 0; i < NR_NEW_STAT_GROUPS; ++i) 52 latency[i] = 53 jiffies_to_msecs(latency[i]) * NSEC_PER_MSEC; 54 55 seq_printf(m, "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu %llu %llu", 56 dispatched[STAT_READ], completed[STAT_READ], 57 latency[STAT_READ], dispatched[STAT_WRITE], 58 completed[STAT_WRITE], latency[STAT_WRITE], 59 dispatched[STAT_DISCARD], completed[STAT_DISCARD], 60 latency[STAT_DISCARD], dispatched[STAT_FLUSH], 61 completed[STAT_FLUSH], latency[STAT_FLUSH]); 62 > 63 hierarchy_show_slow_io(hstats_data, m); 64 seq_putc(m, '\n'); 65 return 0; 66 } 67 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-5.10V1] staging: iio: frequency: ad9834: Validate frequency parameter value
by Zicheng Qu 14 Nov '24

14 Nov '24

From: Aleksandr Mishin <amishin(a)t-argos.ru> stable inclusion from stable-v5.10.226 commit 41cc91e3138fe52f8da92a81bebcd0e6cf488c53 category: bugfix bugzilla: IAVU8A CVE: CVE-2024-47663 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit b48aa991758999d4e8f9296c5bbe388f293ef465 upstream. In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value. Modify parameters checking. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 12b9d5bf76bf ("Staging: IIO: DDS: AD9833 / AD9834 driver") Suggested-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Aleksandr Mishin <amishin(a)t-argos.ru> Reviewed-by: Dan Carpenter <dan.carpenter(a)linaro.org> Link: https://patch.msgid.link/20240703154506.25584-1-amishin@t-argos.ru Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zicheng Qu <quzicheng(a)huawei.com> --- drivers/staging/iio/frequency/ad9834.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/iio/frequency/ad9834.c b/drivers/staging/iio/frequency/ad9834.c index 262c3590e64e..fa0a7056dea4 100644 --- a/drivers/staging/iio/frequency/ad9834.c +++ b/drivers/staging/iio/frequency/ad9834.c @@ -115,7 +115,7 @@ static int ad9834_write_frequency(struct ad9834_state *st, clk_freq = clk_get_rate(st->mclk); - if (fout > (clk_freq / 2)) + if (!clk_freq || fout > (clk_freq / 2)) return -EINVAL; regval = ad9834_calc_freqreg(clk_freq, fout); -- 2.34.1

1 0

[openeuler:openEuler-1.0-LTS 1291/1291] kernel/watchdog_hld.c:123:13: error: implicit declaration of function 'is_hardlockup'
by kernel test robot 14 Nov '24

14 Nov '24

Hi Xiongfeng, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: a81d020c58c2c6a55ebaf15846470a9ecb69bd1a commit: 818ac22d9d2f02632b39ef1a4f472e6dbe0d417a [1291/1291] sdei_watchdog: fix compile error when CONFIG_HARDLOCKUP_DETECTOR is not set config: arm64-randconfig-004-20241113 (https://download.01.org/0day-ci/archive/20241114/202411140951.wQy7SE1b-lkp@…) compiler: aarch64-linux-gcc (GCC) 14.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241114/202411140951.wQy7SE1b-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202411140951.wQy7SE1b-lkp@intel.com/ All errors (new ones prefixed by >>): kernel/watchdog_hld.c: In function 'watchdog_hardlockup_check': >> kernel/watchdog_hld.c:123:13: error: implicit declaration of function 'is_hardlockup' [-Werror=implicit-function-declaration] 123 | if (is_hardlockup()) { | ^~~~~~~~~~~~~ >> kernel/watchdog_hld.c:142:21: error: 'sysctl_hardlockup_all_cpu_backtrace' undeclared (first use in this function) 142 | if (sysctl_hardlockup_all_cpu_backtrace && | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/watchdog_hld.c:142:21: note: each undeclared identifier is reported only once for each function it appears in cc1: some warnings being treated as errors Kconfig warnings: (for reference only) WARNING: unmet direct dependencies detected for HARDLOCKUP_DETECTOR Depends on [n]: DEBUG_KERNEL [=n] && !S390 && (HAVE_HARDLOCKUP_DETECTOR_PERF [=n] || HAVE_HARDLOCKUP_DETECTOR_ARCH [=y]) Selected by [y]: - SDEI_WATCHDOG [=y] && <choice> && ARM_SDE_INTERFACE [=y] && !HARDLOCKUP_CHECK_TIMESTAMP [=n] vim +/is_hardlockup +123 kernel/watchdog_hld.c 7edaeb6841dfb2 Thomas Gleixner 2017-08-15 106 b8163908982cff Xiongfeng Wang 2019-01-28 107 void watchdog_hardlockup_check(struct pt_regs *regs) 73ce0511c43686 Babu Moger 2016-12-14 108 { 73ce0511c43686 Babu Moger 2016-12-14 109 if (__this_cpu_read(watchdog_nmi_touch) == true) { 73ce0511c43686 Babu Moger 2016-12-14 110 __this_cpu_write(watchdog_nmi_touch, false); 73ce0511c43686 Babu Moger 2016-12-14 111 return; 73ce0511c43686 Babu Moger 2016-12-14 112 } 73ce0511c43686 Babu Moger 2016-12-14 113 7edaeb6841dfb2 Thomas Gleixner 2017-08-15 114 if (!watchdog_check_timestamp()) 7edaeb6841dfb2 Thomas Gleixner 2017-08-15 115 return; 7edaeb6841dfb2 Thomas Gleixner 2017-08-15 116 73ce0511c43686 Babu Moger 2016-12-14 117 /* check for a hardlockup 73ce0511c43686 Babu Moger 2016-12-14 118 * This is done by making sure our timer interrupt 73ce0511c43686 Babu Moger 2016-12-14 119 * is incrementing. The timer interrupt should have 73ce0511c43686 Babu Moger 2016-12-14 120 * fired multiple times before we overflow'd. If it hasn't 73ce0511c43686 Babu Moger 2016-12-14 121 * then this is a good indication the cpu is stuck 73ce0511c43686 Babu Moger 2016-12-14 122 */ 73ce0511c43686 Babu Moger 2016-12-14 @123 if (is_hardlockup()) { 73ce0511c43686 Babu Moger 2016-12-14 124 int this_cpu = smp_processor_id(); 73ce0511c43686 Babu Moger 2016-12-14 125 73ce0511c43686 Babu Moger 2016-12-14 126 /* only print hardlockups once */ 73ce0511c43686 Babu Moger 2016-12-14 127 if (__this_cpu_read(hard_watchdog_warn) == true) 73ce0511c43686 Babu Moger 2016-12-14 128 return; 73ce0511c43686 Babu Moger 2016-12-14 129 73ce0511c43686 Babu Moger 2016-12-14 130 pr_emerg("Watchdog detected hard LOCKUP on cpu %d", this_cpu); 73ce0511c43686 Babu Moger 2016-12-14 131 print_modules(); 73ce0511c43686 Babu Moger 2016-12-14 132 print_irqtrace_events(current); 73ce0511c43686 Babu Moger 2016-12-14 133 if (regs) 73ce0511c43686 Babu Moger 2016-12-14 134 show_regs(regs); 73ce0511c43686 Babu Moger 2016-12-14 135 else 73ce0511c43686 Babu Moger 2016-12-14 136 dump_stack(); 73ce0511c43686 Babu Moger 2016-12-14 137 73ce0511c43686 Babu Moger 2016-12-14 138 /* 73ce0511c43686 Babu Moger 2016-12-14 139 * Perform all-CPU dump only once to avoid multiple hardlockups 73ce0511c43686 Babu Moger 2016-12-14 140 * generating interleaving traces 73ce0511c43686 Babu Moger 2016-12-14 141 */ 73ce0511c43686 Babu Moger 2016-12-14 @142 if (sysctl_hardlockup_all_cpu_backtrace && 73ce0511c43686 Babu Moger 2016-12-14 143 !test_and_set_bit(0, &hardlockup_allcpu_dumped)) 73ce0511c43686 Babu Moger 2016-12-14 144 trigger_allbutself_cpu_backtrace(); 73ce0511c43686 Babu Moger 2016-12-14 145 73ce0511c43686 Babu Moger 2016-12-14 146 if (hardlockup_panic) 73ce0511c43686 Babu Moger 2016-12-14 147 nmi_panic(regs, "Hard LOCKUP"); 73ce0511c43686 Babu Moger 2016-12-14 148 73ce0511c43686 Babu Moger 2016-12-14 149 __this_cpu_write(hard_watchdog_warn, true); 73ce0511c43686 Babu Moger 2016-12-14 150 return; 73ce0511c43686 Babu Moger 2016-12-14 151 } 73ce0511c43686 Babu Moger 2016-12-14 152 73ce0511c43686 Babu Moger 2016-12-14 153 __this_cpu_write(hard_watchdog_warn, false); 73ce0511c43686 Babu Moger 2016-12-14 154 return; 73ce0511c43686 Babu Moger 2016-12-14 155 } 6c19c0e5140a24 Xiongfeng Wang 2019-04-20 156 NOKPROBE_SYMBOL(watchdog_hardlockup_check); 73ce0511c43686 Babu Moger 2016-12-14 157 :::::: The code at line 123 was first introduced by commit :::::: 73ce0511c43686095efd2f65ef564aab952e07bc kernel/watchdog.c: move hardlockup detector to separate file :::::: TO: Babu Moger <babu.moger(a)oracle.com> :::::: CC: Linus Torvalds <torvalds(a)linux-foundation.org> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

2025

2024

2023

2022

2021

2020

2019

Kernel