- Kernel - mailweb.openeuler.org

[PATCH OLK-6.6 0/1] fix CVE-2024-49852
by Liao Chen 24 Oct '24

24 Oct '24

fix CVE-2024-49852 Dan Carpenter (1): scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() drivers/scsi/elx/libefc/efc_nport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.34.1

2 2

[openeuler:OLK-6.6 13479/15255] drivers/crypto/ccp/hygon/hct.c:1730:51: error: 'struct device' has no member named 'numa_node'
by kernel test robot 24 Oct '24

24 Oct '24

Hi Yabin, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: e7bc79687a034a22f94328123d5cf8c4d4436c35 commit: c74ae2c5da57becf3f41c596d79b3dd30fa1baa6 [13479/15255] hct: add mediated ccp driver support for hygon crypto technology. config: x86_64-buildonly-randconfig-006-20241024 (https://download.01.org/0day-ci/archive/20241024/202410241021.mDLDP8B3-lkp@…) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241024/202410241021.mDLDP8B3-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202410241021.mDLDP8B3-lkp@intel.com/ All errors (new ones prefixed by >>): drivers/crypto/ccp/hygon/hct.c:1333:15: warning: no previous prototype for 'hct_pin_memory' [-Wmissing-prototypes] 1333 | struct page **hct_pin_memory(struct hct_private *private, unsigned long uaddr, | ^~~~~~~~~~~~~~ drivers/crypto/ccp/hygon/hct.c: In function 'hct_get_page': >> drivers/crypto/ccp/hygon/hct.c:1730:51: error: 'struct device' has no member named 'numa_node' 1730 | *node = hct_data.iommu[page_idx].pdev->dev.numa_node; | ^ vim +1730 drivers/crypto/ccp/hygon/hct.c 1713 1714 static struct page *hct_get_page(pgoff_t page_idx) 1715 { 1716 u64 *node; 1717 1718 mutex_lock(&hct_share.lock); 1719 if (!hct_share.pages[page_idx]) { 1720 hct_share.pages[page_idx] = 1721 alloc_pages(GFP_HIGHUSER | __GFP_ZERO, 0); 1722 if (!hct_share.pages[page_idx]) { 1723 mutex_unlock(&hct_share.lock); 1724 return NULL; 1725 } 1726 } 1727 get_page(hct_share.pages[page_idx]); 1728 1729 node = page_to_virt(hct_share.pages[page_idx]) + PAGE_SIZE - 8; > 1730 *node = hct_data.iommu[page_idx].pdev->dev.numa_node; 1731 mutex_unlock(&hct_share.lock); 1732 1733 return hct_share.pages[page_idx]; 1734 } 1735 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-22.03-LTS-SP1] cgroup: Protect css->cgroup write under css_set_lock
by Chen Ridong 24 Oct '24

24 Oct '24

From: Waiman Long <longman(a)redhat.com> stable inclusion from stable-v4.19.322 commit 6760357063f593a17613e015aed2051cfd4197c6 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAYN0Z Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 57b56d16800e8961278ecff0dc755d46c4575092 ] The writing of css->cgroup associated with the cgroup root in rebind_subsystems() is currently protected only by cgroup_mutex. However, the reading of css->cgroup in both proc_cpuset_show() and proc_cgroup_show() is protected just by css_set_lock. That makes the readers susceptible to racing problems like data tearing or caching. It is also a problem that can be reported by KCSAN. This can be fixed by using READ_ONCE() and WRITE_ONCE() to access css->cgroup. Alternatively, the writing of css->cgroup can be moved under css_set_lock as well which is done by this patch. Signed-off-by: Waiman Long <longman(a)redhat.com> Signed-off-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Chen Ridong <chenridong(a)huawei.com> --- kernel/cgroup/cgroup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 1339b93f7054..7b3c1491cc88 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -1717,9 +1717,9 @@ int rebind_subsystems(struct cgroup_root *dst_root, u16 ss_mask) RCU_INIT_POINTER(scgrp->subsys[ssid], NULL); rcu_assign_pointer(dcgrp->subsys[ssid], css); ss->root = dst_root; - css->cgroup = dcgrp; spin_lock_irq(&css_set_lock); + css->cgroup = dcgrp; WARN_ON(!list_empty(&dcgrp->e_csets[ss->id])); list_for_each_entry_safe(cset, cset_pos, &scgrp->e_csets[ss->id], e_cset_node[ss->id]) { -- 2.34.1

2 1

[OLK-6.6] f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error()
by Bowen You 24 Oct '24

24 Oct '24

From: Chao Yu <chao(a)kernel.org> mainline inclusion from mainline-v6.12-rc1 commit 930c6ab93492c4b15436524e704950b364b2930c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/https://gitee.com/src-openeul… CVE: CVE-2024-47689 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- syzbot reports a f2fs bug as below: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 58 at kernel/rcu/sync.c:177 rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177 CPU: 1 UID: 0 PID: 58 Comm: kworker/1:2 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 Workqueue: events destroy_super_work RIP: 0010:rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177 Call Trace: percpu_free_rwsem+0x41/0x80 kernel/locking/percpu-rwsem.c:42 destroy_super_work+0xec/0x130 fs/super.c:282 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 As Christian Brauner pointed out [1]: the root cause is f2fs sets SB_RDONLY flag in internal function, rather than setting the flag covered w/ sb->s_umount semaphore via remount procedure, then below race condition causes this bug: - freeze_super() - sb_wait_write(sb, SB_FREEZE_WRITE) - sb_wait_write(sb, SB_FREEZE_PAGEFAULT) - sb_wait_write(sb, SB_FREEZE_FS) - f2fs_handle_critical_error - sb->s_flags |= SB_RDONLY - thaw_super - thaw_super_locked - sb_rdonly() is true, so it skips sb_freeze_unlock(sb, SB_FREEZE_FS) - deactivate_locked_super Since f2fs has almost the same logic as ext4 [2] when handling critical error in filesystem if it mounts w/ errors=remount-ro option: - set CP_ERROR_FLAG flag which indicates filesystem is stopped - record errors to superblock - set SB_RDONLY falg Once we set CP_ERROR_FLAG flag, all writable interfaces can detect the flag and stop any further updates on filesystem. So, it is safe to not set SB_RDONLY flag, let's remove the logic and keep in line w/ ext4 [3]. [1] https://lore.kernel.org/all/20240729-himbeeren-funknetz-96e62f9c7aee@brauner [2] https://lore.kernel.org/all/20240729132721.hxih6ehigadqf7wx@quack3 [3] https://lore.kernel.org/linux-ext4/20240805201241.27286-1-jack@suse.cz Fixes: b62e71be2110 ("f2fs: support errors=remount-ro|continue|panic mountoption") Reported-by: syzbot+20d7e439f76bbbd863a7(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000b90a8e061e21d12f@google.com/ Cc: Jan Kara <jack(a)suse.cz> Cc: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Chao Yu <chao(a)kernel.org> Reviewed-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Bowen You <youbowen2(a)huawei.com> --- fs/f2fs/super.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c062fd2bdb13..0bd97c63969a 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -4131,12 +4131,14 @@ void f2fs_handle_critical_error(struct f2fs_sb_info *sbi, unsigned char reason, } f2fs_warn(sbi, "Remounting filesystem read-only"); + /* - * Make sure updated value of ->s_mount_flags will be visible before - * ->s_flags update + * We have already set CP_ERROR_FLAG flag to stop all updates + * to filesystem, so it doesn't need to set SB_RDONLY flag here + * because the flag should be set covered w/ sb->s_umount semaphore + * via remount procedure, otherwise, it will confuse code like + * freeze_super() which will lead to deadlocks and other problems. */ - smp_wmb(); - sb->s_flags |= SB_RDONLY; } static void f2fs_record_error_work(struct work_struct *work) -- 2.34.1

1 0

[PATCH openEuler-1.0-LTS] ida: Fix crash in ida_free when the bitmap is empty
by Wenyu Huang 24 Oct '24

24 Oct '24

From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> stable inclusion from stable-v4.19.320 commit 89db5346acb5a15e670c4fb3b8f3c30fa30ebc15 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAZAKK Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… ------------------------------------------------- commit af73483f4e8b6f5c68c9aa63257bdd929a9c194a upstream. The IDA usually detects double-frees, but that detection failed to consider the case when there are no nearby IDs allocated and so we have a NULL bitmap rather than simply having a clear bit. Add some tests to the test-suite to be sure we don't inadvertently reintroduce this problem. Unfortunately they're quite noisy so include a message to disregard the warnings. Reported-by: Zhenghan Wang <wzhmmmmm(a)gmail.com> Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Wenyu Huang <huangwenyu5(a)huawei.com> --- lib/idr.c | 2 +- lib/test_ida.c | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/lib/idr.c b/lib/idr.c index 82c24a417dc65..5c31870dcc91d 100644 --- a/lib/idr.c +++ b/lib/idr.c @@ -471,7 +471,7 @@ static void ida_remove(struct ida *ida, int id) } else { btmp = bitmap->bitmap; } - if (!test_bit(offset, btmp)) + if (!bitmap || !test_bit(offset, btmp)) goto err; __clear_bit(offset, btmp); diff --git a/lib/test_ida.c b/lib/test_ida.c index b068806259615..55105baa19da9 100644 --- a/lib/test_ida.c +++ b/lib/test_ida.c @@ -150,6 +150,45 @@ static void ida_check_conv(struct ida *ida) IDA_BUG_ON(ida, !ida_is_empty(ida)); } +/* + * Check various situations where we attempt to free an ID we don't own. + */ +static void ida_check_bad_free(struct ida *ida) +{ + unsigned long i; + + printk("vvv Ignore \"not allocated\" warnings\n"); + /* IDA is empty; all of these will fail */ + ida_free(ida, 0); + for (i = 0; i < 31; i++) + ida_free(ida, 1 << i); + + /* IDA contains a single value entry */ + IDA_BUG_ON(ida, ida_alloc_min(ida, 3, GFP_KERNEL) != 3); + ida_free(ida, 0); + for (i = 0; i < 31; i++) + ida_free(ida, 1 << i); + + /* IDA contains a single bitmap */ + IDA_BUG_ON(ida, ida_alloc_min(ida, 1023, GFP_KERNEL) != 1023); + ida_free(ida, 0); + for (i = 0; i < 31; i++) + ida_free(ida, 1 << i); + + /* IDA contains a tree */ + IDA_BUG_ON(ida, ida_alloc_min(ida, (1 << 20) - 1, GFP_KERNEL) != (1 << 20) - 1); + ida_free(ida, 0); + for (i = 0; i < 31; i++) + ida_free(ida, 1 << i); + printk("^^^ \"not allocated\" warnings over\n"); + + ida_free(ida, 3); + ida_free(ida, 1023); + ida_free(ida, (1 << 20) - 1); + + IDA_BUG_ON(ida, !ida_is_empty(ida)); +} + static DEFINE_IDA(ida); static int ida_checks(void) @@ -162,6 +201,7 @@ static int ida_checks(void) ida_check_leaf(&ida, 1024 * 64); ida_check_max(&ida); ida_check_conv(&ida); + ida_check_bad_free(&ida); printk("IDA: %u of %u tests passed\n", tests_passed, tests_run); return (tests_run != tests_passed) ? 0 : -EINVAL; -- 2.34.1

2 1

[openeuler:OLK-6.6] BUILD REGRESSION e7bc79687a034a22f94328123d5cf8c4d4436c35
by kernel test robot 24 Oct '24

24 Oct '24

tree/branch: https://gitee.com/openeuler/kernel.git OLK-6.6 branch HEAD: e7bc79687a034a22f94328123d5cf8c4d4436c35 !12066 drm/amd/display: added NULL check at start of dc_validate_stream Error/Warning (recently discovered and may have been fixed): https://lore.kernel.org/oe-kbuild-all/202410231921.YFrtM1y8-lkp@intel.com https://lore.kernel.org/oe-kbuild-all/202410232346.tk5fQNpz-lkp@intel.com https://lore.kernel.org/oe-kbuild-all/202410240121.PVeRwkG2-lkp@intel.com https://lore.kernel.org/oe-kbuild-all/202410240834.gfaxos6R-lkp@intel.com https://lore.kernel.org/oe-kbuild-all/202410240848.VbEcgWD6-lkp@intel.com https://lore.kernel.org/oe-kbuild-all/202410240917.ylHeViWu-lkp@intel.com arch/x86/events/amd/iommu.c:441:64: warning: '%u' directive output may be truncated writing between 1 and 10 bytes into a region of size 6 [-Wformat-truncation=] arch/x86/kernel/zhaoxin_kh40000.c:87:47: error: implicit declaration of function 'iommu_get_dma_domain'; did you mean 'iommu_is_dma_domain'? [-Werror=implicit-function-declaration] arch/x86/kvm/../../../virt/kvm/vfio.c:184: warning: Excess function parameter 'kvm' description in 'cvm_vfio_add_kvm_to_smmu_domain' arch/x86/kvm/../../../virt/kvm/vfio.c:184: warning: Function parameter or member 'kv' not described in 'cvm_vfio_add_kvm_to_smmu_domain' arch/x86/kvm/../../../virt/kvm/vfio.c:519: warning: Excess function parameter 'kvf' description in 'find_arm_smmu_domain' arch/x86/kvm/../../../virt/kvm/vfio.c:519: warning: Excess function parameter 'smmu_domain_group_list' description in 'find_arm_smmu_domain' arch/x86/kvm/../../../virt/kvm/vfio.c:519: warning: Function parameter or member 'data' not described in 'find_arm_smmu_domain' arch/x86/kvm/../../../virt/kvm/vfio.c:519: warning: Function parameter or member 'dev' not described in 'find_arm_smmu_domain' drivers/crypto/ccp/hygon/tdm-kernel-guard.c:308:37: error: 'NR_syscalls' undeclared (first use in this function); did you mean 'si_syscall'? drivers/net/ethernet/nebula-matrix/nbl/nbl_core.h:10:10: fatal error: 'nbl_product_base.h' file not found drivers/net/ethernet/nebula-matrix/nbl/nbl_hw/nbl_hw_leonis/nbl_queue_leonis.h:10:10: fatal error: 'nbl_resource.h' file not found drivers/net/ethernet/nebula-matrix/nbl/nbl_hw/nbl_hw_leonis/nbl_resource_leonis.h:10:10: fatal error: 'nbl_resource.h' file not found Error/Warning ids grouped by kconfigs: recent_errors |-- arm64-allmodconfig | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h-file-not-found | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h-file-not-found | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h-file-not-found |-- arm64-defconfig | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_export:No-such-file-or-directory | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_include:No-such-file-or-directory | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h:No-such-file-or-directory | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory |-- loongarch-allmodconfig | `-- include-linux-dma-direct.h:fatal-error:asm-dma-direct.h:No-such-file-or-directory |-- loongarch-allnoconfig | |-- arch-loongarch-kernel-efi.c:error:incompatible-types-when-assigning-to-type-pmd_t-from-type-int | |-- drivers-irqchip-irq-loongson-eiointc.c:error:NODES_PER_FLATMODE_NODE-undeclared-(first-use-in-this-function) | `-- include-linux-dma-direct.h:fatal-error:asm-dma-direct.h:No-such-file-or-directory |-- x86_64-allnoconfig | |-- Warning:drivers-net-ethernet-nebula-matrix-Kconfig-references-a-file-that-doesn-t-exist:file:Documentation-networking-device_drivers-ethernet-nebula-matrix-m18110.rst | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_include-nbl_include.h:linux-pci.h-is-included-more-than-once. |-- x86_64-allyesconfig | |-- arch-x86-kvm-..-..-..-virt-kvm-vfio.c:warning:Excess-function-parameter-kvm-description-in-cvm_vfio_add_kvm_to_smmu_domain | |-- arch-x86-kvm-..-..-..-virt-kvm-vfio.c:warning:Function-parameter-or-member-kv-not-described-in-cvm_vfio_add_kvm_to_smmu_domain | |-- drivers-crypto-ccp-hygon-csv-dev.c:warning:no-previous-prototype-for-function-vpsp_do_cmd | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:Cannot-understand-brief-Directly-convert-the-gpa-address-into-hpa-and-forward-it-to-PSP | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:Cannot-understand-brief-copy-data-in-gpa-to-host-memory-and-send-it-to-psp-for-processing. | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:This-comment-starts-with-but-isn-t-a-kernel-doc-comment.-Refer-Documentation-doc-guide-kernel-doc.rst | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h-file-not-found | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h-file-not-found | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h-file-not-found |-- x86_64-buildonly-randconfig-001-20241024 | `-- arch-x86-kernel-zhaoxin_kh40000.c:error:implicit-declaration-of-function-iommu_get_dma_domain |-- x86_64-buildonly-randconfig-004-20241024 | `-- arch-x86-events-amd-iommu.c:warning:u-directive-output-may-be-truncated-writing-between-and-bytes-into-a-region-of-size |-- x86_64-buildonly-randconfig-005-20241024 | |-- drivers-crypto-ccp-hygon-csv-dev.c:warning:no-previous-prototype-for-function-vpsp_do_cmd | |-- drivers-crypto-ccp-hygon-tdm-kernel-guard.c:error:use-of-undeclared-identifier-NR_syscalls | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:Cannot-understand-brief-Directly-convert-the-gpa-address-into-hpa-and-forward-it-to-PSP | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:Cannot-understand-brief-copy-data-in-gpa-to-host-memory-and-send-it-to-psp-for-processing. | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:This-comment-starts-with-but-isn-t-a-kernel-doc-comment.-Refer-Documentation-doc-guide-kernel-doc.rst | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h-file-not-found | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h-file-not-found | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h-file-not-found |-- x86_64-buildonly-randconfig-006-20241024 | |-- drivers-crypto-ccp-hygon-csv-dev.c:warning:no-previous-prototype-for-vpsp_do_cmd | |-- drivers-crypto-ccp-hygon-tdm-kernel-guard.c:error:NR_syscalls-undeclared-(first-use-in-this-function) | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:Cannot-understand-brief-Directly-convert-the-gpa-address-into-hpa-and-forward-it-to-PSP | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:Cannot-understand-brief-copy-data-in-gpa-to-host-memory-and-send-it-to-psp-for-processing. | `-- drivers-crypto-ccp-hygon-vpsp.c:warning:This-comment-starts-with-but-isn-t-a-kernel-doc-comment.-Refer-Documentation-doc-guide-kernel-doc.rst |-- x86_64-kexec | |-- arch-x86-kvm-..-..-..-virt-kvm-vfio.c:warning:Excess-function-parameter-kvf-description-in-find_arm_smmu_domain | |-- arch-x86-kvm-..-..-..-virt-kvm-vfio.c:warning:Excess-function-parameter-kvm-description-in-cvm_vfio_add_kvm_to_smmu_domain | |-- arch-x86-kvm-..-..-..-virt-kvm-vfio.c:warning:Excess-function-parameter-smmu_domain_group_list-description-in-find_arm_smmu_domain | |-- arch-x86-kvm-..-..-..-virt-kvm-vfio.c:warning:Function-parameter-or-member-data-not-described-in-find_arm_smmu_domain | |-- arch-x86-kvm-..-..-..-virt-kvm-vfio.c:warning:Function-parameter-or-member-dev-not-described-in-find_arm_smmu_domain | `-- arch-x86-kvm-..-..-..-virt-kvm-vfio.c:warning:Function-parameter-or-member-kv-not-described-in-cvm_vfio_add_kvm_to_smmu_domain |-- x86_64-randconfig-002-20241024 | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_export:No-such-file-or-directory | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_include:No-such-file-or-directory | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h:No-such-file-or-directory | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory |-- x86_64-randconfig-003-20241024 | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h-file-not-found | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h-file-not-found | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h-file-not-found |-- x86_64-randconfig-004-20241024 | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_export:No-such-file-or-directory | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_include:No-such-file-or-directory | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h:No-such-file-or-directory | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory |-- x86_64-randconfig-012-20241024 | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_export:No-such-file-or-directory | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_include:No-such-file-or-directory | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h:No-such-file-or-directory | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory |-- x86_64-randconfig-013-20241024 | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h-file-not-found | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h-file-not-found | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h-file-not-found |-- x86_64-randconfig-161-20241024 | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_export:No-such-file-or-directory | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_include:No-such-file-or-directory | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h:No-such-file-or-directory | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory |-- x86_64-rhel-8.3 | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_export:No-such-file-or-directory | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_include:No-such-file-or-directory | |-- drivers-crypto-ccp-hygon-csv-dev.c:warning:no-previous-prototype-for-vpsp_do_cmd | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:Cannot-understand-brief-Directly-convert-the-gpa-address-into-hpa-and-forward-it-to-PSP | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:Cannot-understand-brief-copy-data-in-gpa-to-host-memory-and-send-it-to-psp-for-processing. | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:This-comment-starts-with-but-isn-t-a-kernel-doc-comment.-Refer-Documentation-doc-guide-kernel-doc.rst | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h:No-such-file-or-directory | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory |-- x86_64-rhel-8.3-func | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_export:No-such-file-or-directory | |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_include:No-such-file-or-directory | |-- drivers-crypto-ccp-hygon-csv-dev.c:warning:no-previous-prototype-for-vpsp_do_cmd | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:Cannot-understand-brief-Directly-convert-the-gpa-address-into-hpa-and-forward-it-to-PSP | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:Cannot-understand-brief-copy-data-in-gpa-to-host-memory-and-send-it-to-psp-for-processing. | |-- drivers-crypto-ccp-hygon-vpsp.c:warning:This-comment-starts-with-but-isn-t-a-kernel-doc-comment.-Refer-Documentation-doc-guide-kernel-doc.rst | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h:No-such-file-or-directory | |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory | `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory `-- x86_64-rhel-8.3-kselftests |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_export:No-such-file-or-directory |-- cc1:warning:drivers-net-ethernet-nebula-matrix-nbl-nbl_include:No-such-file-or-directory |-- drivers-crypto-ccp-hygon-csv-dev.c:warning:no-previous-prototype-for-vpsp_do_cmd |-- drivers-crypto-ccp-hygon-vpsp.c:warning:Cannot-understand-brief-Directly-convert-the-gpa-address-into-hpa-and-forward-it-to-PSP |-- drivers-crypto-ccp-hygon-vpsp.c:warning:Cannot-understand-brief-copy-data-in-gpa-to-host-memory-and-send-it-to-psp-for-processing. |-- drivers-crypto-ccp-hygon-vpsp.c:warning:This-comment-starts-with-but-isn-t-a-kernel-doc-comment.-Refer-Documentation-doc-guide-kernel-doc.rst |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_core.h:fatal-error:nbl_product_base.h:No-such-file-or-directory |-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_queue_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory `-- drivers-net-ethernet-nebula-matrix-nbl-nbl_hw-nbl_hw_leonis-nbl_resource_leonis.h:fatal-error:nbl_resource.h:No-such-file-or-directory elapsed time: 1089m configs tested: 26 configs skipped: 91 tested configs: arm64 allmodconfig clang-20 arm64 allnoconfig gcc-14.1.0 arm64 defconfig gcc-14.1.0 loongarch allmodconfig gcc-14.1.0 loongarch allnoconfig gcc-14.1.0 x86_64 allnoconfig clang-18 x86_64 allyesconfig clang-18 x86_64 buildonly-randconfig-001-20241024 gcc-11 x86_64 buildonly-randconfig-002-20241024 gcc-12 x86_64 buildonly-randconfig-003-20241024 gcc-12 x86_64 buildonly-randconfig-004-20241024 gcc-12 x86_64 buildonly-randconfig-005-20241024 clang-18 x86_64 buildonly-randconfig-006-20241024 gcc-12 x86_64 defconfig gcc-11 x86_64 kexec clang-18 x86_64 randconfig-001-20241024 gcc-12 x86_64 randconfig-002-20241024 gcc-12 x86_64 randconfig-003-20241024 clang-18 x86_64 randconfig-004-20241024 gcc-12 x86_64 randconfig-005-20241024 gcc-12 x86_64 randconfig-006-20241024 gcc-12 x86_64 randconfig-011-20241024 gcc-12 x86_64 randconfig-012-20241024 gcc-12 x86_64 randconfig-013-20241024 clang-18 x86_64 randconfig-014-20241024 gcc-12 x86_64 rhel-8.3 gcc-12 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-22.03-LTS-SP1] i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
by Yipeng Zou 24 Oct '24

24 Oct '24

From: Marek Vasut <marex(a)denx.de> stable inclusion from stable-v5.10.227 commit 9b8bc33ad64192f54142396470cc34ce539a8940 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRCQ CVE: CVE-2024-49985 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 048bbbdbf85e5e00258dfb12f5e368f908801d7b upstream. In case there is any sort of clock controller attached to this I2C bus controller, for example Versaclock or even an AIC32x4 I2C codec, then an I2C transfer triggered from the clock controller clk_ops .prepare callback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex. This is because the clock controller first grabs the prepare_lock mutex and then performs the prepare operation, including its I2C access. The I2C access resumes this I2C bus controller via .runtime_resume callback, which calls clk_prepare_enable(), which attempts to grab the prepare_lock mutex again and deadlocks. Since the clock are already prepared since probe() and unprepared in remove(), use simple clk_enable()/clk_disable() calls to enable and disable the clock on runtime suspend and resume, to avoid hitting the prepare_lock mutex. Acked-by: Alain Volmat <alain.volmat(a)foss.st.com> Signed-off-by: Marek Vasut <marex(a)denx.de> Fixes: 4e7bca6fc07b ("i2c: i2c-stm32f7: add PM Runtime support") Cc: <stable(a)vger.kernel.org> # v5.0+ Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Yipeng Zou <zouyipeng(a)huawei.com> --- drivers/i2c/busses/i2c-stm32f7.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/i2c/busses/i2c-stm32f7.c b/drivers/i2c/busses/i2c-stm32f7.c index 0f4c0282028b..da3ff7802307 100644 --- a/drivers/i2c/busses/i2c-stm32f7.c +++ b/drivers/i2c/busses/i2c-stm32f7.c @@ -2275,7 +2275,7 @@ static int __maybe_unused stm32f7_i2c_runtime_suspend(struct device *dev) struct stm32f7_i2c_dev *i2c_dev = dev_get_drvdata(dev); if (!stm32f7_i2c_is_slave_registered(i2c_dev)) - clk_disable_unprepare(i2c_dev->clk); + clk_disable(i2c_dev->clk); return 0; } @@ -2286,9 +2286,9 @@ static int __maybe_unused stm32f7_i2c_runtime_resume(struct device *dev) int ret; if (!stm32f7_i2c_is_slave_registered(i2c_dev)) { - ret = clk_prepare_enable(i2c_dev->clk); + ret = clk_enable(i2c_dev->clk); if (ret) { - dev_err(dev, "failed to prepare_enable clock\n"); + dev_err(dev, "failed to enable clock\n"); return ret; } } -- 2.34.1

2 1

[PATCH OLK-6.6] i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
by Yipeng Zou 24 Oct '24

24 Oct '24

From: Marek Vasut <marex(a)denx.de> stable inclusion from stable-v6.6.55 commit 22a1f8a5b56ba93d3e8b7a1dafa24e01c8bb48ba category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRCQ CVE: CVE-2024-49985 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 048bbbdbf85e5e00258dfb12f5e368f908801d7b upstream. In case there is any sort of clock controller attached to this I2C bus controller, for example Versaclock or even an AIC32x4 I2C codec, then an I2C transfer triggered from the clock controller clk_ops .prepare callback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex. This is because the clock controller first grabs the prepare_lock mutex and then performs the prepare operation, including its I2C access. The I2C access resumes this I2C bus controller via .runtime_resume callback, which calls clk_prepare_enable(), which attempts to grab the prepare_lock mutex again and deadlocks. Since the clock are already prepared since probe() and unprepared in remove(), use simple clk_enable()/clk_disable() calls to enable and disable the clock on runtime suspend and resume, to avoid hitting the prepare_lock mutex. Acked-by: Alain Volmat <alain.volmat(a)foss.st.com> Signed-off-by: Marek Vasut <marex(a)denx.de> Fixes: 4e7bca6fc07b ("i2c: i2c-stm32f7: add PM Runtime support") Cc: <stable(a)vger.kernel.org> # v5.0+ Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Yipeng Zou <zouyipeng(a)huawei.com> --- drivers/i2c/busses/i2c-stm32f7.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/i2c/busses/i2c-stm32f7.c b/drivers/i2c/busses/i2c-stm32f7.c index 887d55ae4096..b4f10ff31102 100644 --- a/drivers/i2c/busses/i2c-stm32f7.c +++ b/drivers/i2c/busses/i2c-stm32f7.c @@ -2394,7 +2394,7 @@ static int __maybe_unused stm32f7_i2c_runtime_suspend(struct device *dev) struct stm32f7_i2c_dev *i2c_dev = dev_get_drvdata(dev); if (!stm32f7_i2c_is_slave_registered(i2c_dev)) - clk_disable_unprepare(i2c_dev->clk); + clk_disable(i2c_dev->clk); return 0; } @@ -2405,9 +2405,9 @@ static int __maybe_unused stm32f7_i2c_runtime_resume(struct device *dev) int ret; if (!stm32f7_i2c_is_slave_registered(i2c_dev)) { - ret = clk_prepare_enable(i2c_dev->clk); + ret = clk_enable(i2c_dev->clk); if (ret) { - dev_err(dev, "failed to prepare_enable clock\n"); + dev_err(dev, "failed to enable clock\n"); return ret; } } -- 2.34.1

2 1

[PATCH OLK-5.10] i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
by Yipeng Zou 24 Oct '24

24 Oct '24

From: Marek Vasut <marex(a)denx.de> stable inclusion from stable-v5.10.227 commit 9b8bc33ad64192f54142396470cc34ce539a8940 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRCQ CVE: CVE-2024-49985 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 048bbbdbf85e5e00258dfb12f5e368f908801d7b upstream. In case there is any sort of clock controller attached to this I2C bus controller, for example Versaclock or even an AIC32x4 I2C codec, then an I2C transfer triggered from the clock controller clk_ops .prepare callback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex. This is because the clock controller first grabs the prepare_lock mutex and then performs the prepare operation, including its I2C access. The I2C access resumes this I2C bus controller via .runtime_resume callback, which calls clk_prepare_enable(), which attempts to grab the prepare_lock mutex again and deadlocks. Since the clock are already prepared since probe() and unprepared in remove(), use simple clk_enable()/clk_disable() calls to enable and disable the clock on runtime suspend and resume, to avoid hitting the prepare_lock mutex. Acked-by: Alain Volmat <alain.volmat(a)foss.st.com> Signed-off-by: Marek Vasut <marex(a)denx.de> Fixes: 4e7bca6fc07b ("i2c: i2c-stm32f7: add PM Runtime support") Cc: <stable(a)vger.kernel.org> # v5.0+ Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Yipeng Zou <zouyipeng(a)huawei.com> --- drivers/i2c/busses/i2c-stm32f7.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/i2c/busses/i2c-stm32f7.c b/drivers/i2c/busses/i2c-stm32f7.c index 7b9272f9cc21..0b4e73e63820 100644 --- a/drivers/i2c/busses/i2c-stm32f7.c +++ b/drivers/i2c/busses/i2c-stm32f7.c @@ -2278,7 +2278,7 @@ static int __maybe_unused stm32f7_i2c_runtime_suspend(struct device *dev) struct stm32f7_i2c_dev *i2c_dev = dev_get_drvdata(dev); if (!stm32f7_i2c_is_slave_registered(i2c_dev)) - clk_disable_unprepare(i2c_dev->clk); + clk_disable(i2c_dev->clk); return 0; } @@ -2289,9 +2289,9 @@ static int __maybe_unused stm32f7_i2c_runtime_resume(struct device *dev) int ret; if (!stm32f7_i2c_is_slave_registered(i2c_dev)) { - ret = clk_prepare_enable(i2c_dev->clk); + ret = clk_enable(i2c_dev->clk); if (ret) { - dev_err(dev, "failed to prepare_enable clock\n"); + dev_err(dev, "failed to enable clock\n"); return ret; } } -- 2.34.1

2 1

[PATCH OLK-5.10] neighbour: fix data-races around n->output
by Wang Liang 24 Oct '24

24 Oct '24

From: Eric Dumazet <edumazet(a)google.com> mainline inclusion from mainline-v6.6-rc5 commit 5baa0433a15eadd729625004c37463acb982eca7 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAZ542 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- n->output field can be read locklessly, while a writer might change the pointer concurrently. Add missing annotations to prevent load-store tearing. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Conflicts: net/core/neighbour.c [conflicts due to mergered 09eed1192cec ("neighbour: switch to standard rcu, instead of rcu_bh")] Signed-off-by: Wang Liang <wangliang74(a)huawei.com> --- include/net/neighbour.h | 2 +- net/bridge/br_netfilter_hooks.c | 2 +- net/core/neighbour.c | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/net/neighbour.h b/include/net/neighbour.h index 8e4404efd910..ef310154818e 100644 --- a/include/net/neighbour.h +++ b/include/net/neighbour.h @@ -514,7 +514,7 @@ static inline int neigh_output(struct neighbour *n, struct sk_buff *skb, READ_ONCE(hh->hh_len)) return neigh_hh_output(hh, skb); - return n->output(n, skb); + return READ_ONCE(n->output)(n, skb); } static inline struct neighbour * diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index 119b1a36a126..a65a77eb740d 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -305,7 +305,7 @@ int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_ /* tell br_dev_xmit to continue with forwarding */ nf_bridge->bridged_dnat = 1; /* FIXME Need to refragment */ - ret = neigh->output(neigh, skb); + ret = READ_ONCE(neigh->output)(neigh, skb); } neigh_release(neigh); return ret; diff --git a/net/core/neighbour.c b/net/core/neighbour.c index 432e3a64dc4a..168868fb8e6c 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -364,7 +364,7 @@ static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev, */ __skb_queue_purge(&n->arp_queue); n->arp_queue_len_bytes = 0; - n->output = neigh_blackhole; + WRITE_ONCE(n->output, neigh_blackhole); if (n->nud_state & NUD_VALID) n->nud_state = NUD_NOARP; else @@ -875,7 +875,7 @@ static void neigh_suspect(struct neighbour *neigh) { neigh_dbg(2, "neigh %p is suspected\n", neigh); - neigh->output = neigh->ops->output; + WRITE_ONCE(neigh->output, neigh->ops->output); } /* Neighbour state is OK; @@ -887,7 +887,7 @@ static void neigh_connect(struct neighbour *neigh) { neigh_dbg(2, "neigh %p is connected\n", neigh); - neigh->output = neigh->ops->connected_output; + WRITE_ONCE(neigh->output, neigh->ops->connected_output); } static void neigh_periodic_work(struct work_struct *work) @@ -1402,7 +1402,7 @@ static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, if (n2) n1 = n2; } - n1->output(n1, skb); + READ_ONCE(n1->output)(n1, skb); if (n2) neigh_release(n2); rcu_read_unlock(); @@ -3027,7 +3027,7 @@ int neigh_xmit(int index, struct net_device *dev, rcu_read_unlock_bh(); goto out_kfree_skb; } - err = neigh->output(neigh, skb); + err = READ_ONCE(neigh->output)(neigh, skb); rcu_read_unlock_bh(); } else if (index == NEIGH_LINK_TABLE) { -- 2.34.1

2 1

2025

2024

2023

2022

2021

2020

2019

Kernel