- Kernel - mailweb.openeuler.org

[openeuler:OLK-5.10 2818/2818] ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:283:22: error: field 'call_used' has incomplete type 'pt_solution'
by kernel test robot 26 Oct '25

26 Oct '25

Hi Kees, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: ca1036e548e57768ca272bbd5f5cbde3b153f803 commit: f72cad446f70dd9383453a5ef36ada358c589f8f [2818/2818] gcc-plugins: Reorganize gimple includes for GCC 13 config: arm64-randconfig-002-20250321 (https://download.01.org/0day-ci/archive/20251026/202510260121.5zFoZ4F6-lkp@…) compiler: aarch64-linux-gcc (GCC) 5.5.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251026/202510260121.5zFoZ4F6-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202510260121.5zFoZ4F6-lkp@intel.com/ All errors (new ones prefixed by >>): In file included from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/tm.h:24, from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gcc-plugin.h:31, from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/plugin.h:23, from scripts/gcc-plugins/gcc-common.h:9, from scripts/gcc-plugins/sancov_plugin.c:22: ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:102:21: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 102 | fprintf ((FILE), "%s"HOST_WIDE_INT_PRINT_UNSIGNED"\n",\ | ^ In file included from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/tm.h:24, from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gcc-plugin.h:31, from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/plugin.h:23, from scripts/gcc-plugins/gcc-common.h:9, from scripts/gcc-plugins/randomize_layout_plugin.c:19: ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:102:21: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 102 | fprintf ((FILE), "%s"HOST_WIDE_INT_PRINT_UNSIGNED"\n",\ | ^ In file included from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/tm.h:24, from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gcc-plugin.h:31, from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/plugin.h:23, from scripts/gcc-plugins/gcc-common.h:9, from scripts/gcc-plugins/stackleak_plugin.c:30: ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:102:21: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 102 | fprintf ((FILE), "%s"HOST_WIDE_INT_PRINT_UNSIGNED"\n",\ | ^ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:170:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 170 | fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ | ^ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:170:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 170 | fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ | ^ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:170:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 170 | fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ | ^ In file included from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/tm.h:41: ../lib/gcc/aarch64-linux/5.5.0/plugin/include/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 126 | fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ | ^ In file included from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/tm.h:41: ../lib/gcc/aarch64-linux/5.5.0/plugin/include/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 126 | fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ | ^ In file included from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/tm.h:41: ../lib/gcc/aarch64-linux/5.5.0/plugin/include/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 126 | fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ | ^ In file included from scripts/gcc-plugins/gcc-common.h:113: >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:283:22: error: field 'call_used' has incomplete type 'pt_solution' 283 | struct pt_solution call_used; | ^~~~~~~~~ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:283:10: note: forward declaration of 'struct pt_solution' 283 | struct pt_solution call_used; | ^~~~~~~~~~~ >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:284:22: error: field 'call_clobbered' has incomplete type 'pt_solution' 284 | struct pt_solution call_clobbered; | ^~~~~~~~~~~~~~ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:283:10: note: forward declaration of 'struct pt_solution' 283 | struct pt_solution call_used; | ^~~~~~~~~~~ In file included from scripts/gcc-plugins/gcc-common.h:113: >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:283:22: error: field 'call_used' has incomplete type 'pt_solution' 283 | struct pt_solution call_used; | ^~~~~~~~~ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:283:10: note: forward declaration of 'struct pt_solution' 283 | struct pt_solution call_used; | ^~~~~~~~~~~ >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:284:22: error: field 'call_clobbered' has incomplete type 'pt_solution' 284 | struct pt_solution call_clobbered; | ^~~~~~~~~~~~~~ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:283:10: note: forward declaration of 'struct pt_solution' 283 | struct pt_solution call_used; | ^~~~~~~~~~~ In file included from scripts/gcc-plugins/gcc-common.h:113: >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:283:22: error: field 'call_used' has incomplete type 'pt_solution' 283 | struct pt_solution call_used; | ^~~~~~~~~ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:283:10: note: forward declaration of 'struct pt_solution' 283 | struct pt_solution call_used; | ^~~~~~~~~~~ >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:284:22: error: field 'call_clobbered' has incomplete type 'pt_solution' 284 | struct pt_solution call_clobbered; | ^~~~~~~~~~~~~~ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:283:10: note: forward declaration of 'struct pt_solution' 283 | struct pt_solution call_used; | ^~~~~~~~~~~ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h: In function 'bool gimple_store_p(const_gimple)': >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:2556:18: error: 'is_gimple_reg' was not declared in this scope; did you mean 'is_gimple_assign'? 2556 | return lhs && !is_gimple_reg (lhs); | ^~~~~~~~~~~~~ | is_gimple_assign ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h: In function 'bool gimple_store_p(const_gimple)': >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:2556:18: error: 'is_gimple_reg' was not declared in this scope; did you mean 'is_gimple_assign'? 2556 | return lhs && !is_gimple_reg (lhs); | ^~~~~~~~~~~~~ | is_gimple_assign ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h: In function 'bool gimple_store_p(const_gimple)': >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:2556:18: error: 'is_gimple_reg' was not declared in this scope; did you mean 'is_gimple_assign'? 2556 | return lhs && !is_gimple_reg (lhs); | ^~~~~~~~~~~~~ | is_gimple_assign ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h: In function 'tree_node* gimple_call_fndecl(const_gimple)': >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:2790:10: error: 'gimple_call_addr_fndecl' was not declared in this scope; did you mean 'gimple_call_set_fndecl'? 2790 | return gimple_call_addr_fndecl (gimple_call_fn (gs)); | ^~~~~~~~~~~~~~~~~~~~~~~ | gimple_call_set_fndecl ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h: In function 'tree_node* gimple_call_fndecl(const_gimple)': >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:2790:10: error: 'gimple_call_addr_fndecl' was not declared in this scope; did you mean 'gimple_call_set_fndecl'? 2790 | return gimple_call_addr_fndecl (gimple_call_fn (gs)); | ^~~~~~~~~~~~~~~~~~~~~~~ | gimple_call_set_fndecl ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h: In function 'tree_node* gimple_call_fndecl(const_gimple)': >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gimple.h:2790:10: error: 'gimple_call_addr_fndecl' was not declared in this scope; did you mean 'gimple_call_set_fndecl'? 2790 | return gimple_call_addr_fndecl (gimple_call_fn (gs)); | ^~~~~~~~~~~~~~~~~~~~~~~ | gimple_call_set_fndecl make[3]: *** [scripts/gcc-plugins/Makefile:47: scripts/gcc-plugins/stackleak_plugin.so] Error 1 shuffle=1096673560 make[3]: *** [scripts/gcc-plugins/Makefile:47: scripts/gcc-plugins/sancov_plugin.so] Error 1 shuffle=1096673560 make[3]: *** [scripts/gcc-plugins/Makefile:47: scripts/gcc-plugins/randomize_layout_plugin.so] Error 1 shuffle=1096673560 make[3]: Target '__build' not remade because of errors. make[2]: *** [scripts/Makefile.build:503: scripts/gcc-plugins] Error 2 shuffle=1096673560 make[2]: Target '__build' not remade because of errors. make[1]: *** [Makefile:1238: scripts] Error 2 shuffle=1096673560 make[1]: Target 'prepare' not remade because of errors. make: *** [Makefile:194: __sub-make] Error 2 shuffle=1096673560 make: Target 'prepare' not remade because of errors. -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-5.10 2818/2818] ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:102:21: warning: invalid suffix on literal; C++11 requires a space between literal and string macro
by kernel test robot 25 Oct '25

25 Oct '25

Hi Valdis, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: ca1036e548e57768ca272bbd5f5cbde3b153f803 commit: 0908fe0570df658beb3866ddcb7bc55b0fb834b0 [2818/2818] gcc-plugins: fix gcc 11 indigestion with plugins... config: arm64-randconfig-002-20250321 (https://download.01.org/0day-ci/archive/20251025/202510252350.GbojS8BE-lkp@…) compiler: aarch64-linux-gcc (GCC) 5.5.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251025/202510252350.GbojS8BE-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202510252350.GbojS8BE-lkp@intel.com/ All warnings (new ones prefixed by >>): In file included from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/tm.h:24, from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gcc-plugin.h:31, from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/plugin.h:23, from scripts/gcc-plugins/gcc-common.h:9, from scripts/gcc-plugins/stackleak_plugin.c:30: >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:102:21: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 102 | fprintf ((FILE), "%s"HOST_WIDE_INT_PRINT_UNSIGNED"\n",\ | ^ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:170:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 170 | fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ | ^ In file included from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/tm.h:41: >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 126 | fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ | ^ In file included from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/tm.h:24, from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gcc-plugin.h:31, from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/plugin.h:23, from scripts/gcc-plugins/gcc-common.h:9, from scripts/gcc-plugins/sancov_plugin.c:22: >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:102:21: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 102 | fprintf ((FILE), "%s"HOST_WIDE_INT_PRINT_UNSIGNED"\n",\ | ^ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:170:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 170 | fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ | ^ In file included from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/tm.h:24, from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/gcc-plugin.h:31, from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/plugin.h:23, from scripts/gcc-plugins/gcc-common.h:9, from scripts/gcc-plugins/randomize_layout_plugin.c:19: >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:102:21: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 102 | fprintf ((FILE), "%s"HOST_WIDE_INT_PRINT_UNSIGNED"\n",\ | ^ ../lib/gcc/aarch64-linux/5.5.0/plugin/include/config/elfos.h:170:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 170 | fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ | ^ In file included from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/tm.h:41: >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 126 | fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ | ^ In file included from ../lib/gcc/aarch64-linux/5.5.0/plugin/include/tm.h:41: >> ../lib/gcc/aarch64-linux/5.5.0/plugin/include/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] 126 | fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ | ^ ../libexec/gcc/aarch64-linux/5.5.0/cc1: error while loading shared libraries: libmpfr.so.4: cannot open shared object file: No such file or directory make[2]: *** [scripts/Makefile.build:280: scripts/mod/empty.o] Error 1 shuffle=1096673560 ../libexec/gcc/aarch64-linux/5.5.0/cc1: error while loading shared libraries: libmpfr.so.4: cannot open shared object file: No such file or directory make[2]: *** [scripts/Makefile.build:117: scripts/mod/devicetable-offsets.s] Error 1 shuffle=1096673560 make[2]: Target '__build' not remade because of errors. make[1]: *** [Makefile:1214: prepare0] Error 2 shuffle=1096673560 make[1]: Target 'prepare' not remade because of errors. make: *** [Makefile:185: __sub-make] Error 2 shuffle=1096673560 make: Target 'prepare' not remade because of errors. -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-6.6] BUILD REGRESSION 4c00b18c122c4cdb2747e44b469af328b8cecb28
by kernel test robot 25 Oct '25

25 Oct '25

tree/branch: https://gitee.com/openeuler/kernel.git OLK-6.6 branch HEAD: 4c00b18c122c4cdb2747e44b469af328b8cecb28 !17676 [OLK-6.6] Backported patches of Transient Scheduler Attacks (TSA) Error/Warning (recently discovered and may have been fixed): https://lore.kernel.org/oe-kbuild-all/202509270718.sknQhwd3-lkp@intel.com https://lore.kernel.org/oe-kbuild-all/202510140608.bItB1nUr-lkp@intel.com https://lore.kernel.org/oe-kbuild-all/202510170107.BBlmteyz-lkp@intel.com https://lore.kernel.org/oe-kbuild-all/202510171010.KAuyBISF-lkp@intel.com https://lore.kernel.org/oe-kbuild-all/202510251138.4pyXr8W0-lkp@intel.com drivers/platform/mpam/mpam_devices.c:1276:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/nfs/enfs/pm_ping.c:196:6: warning: no previous prototype for function 'enfs_test_reconnect_time' [-Wmissing-prototypes] include/linux/fortify-string.h:606:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning] include/linux/virtcca_cvm_domain.h:71:51: warning: declaration of 'struct pci_dev' will not be visible outside of this function [-Wvisibility] Error/Warning ids grouped by kconfigs: recent_errors |-- arm64-allmodconfig | |-- drivers-platform-mpam-mpam_devices.c:warning:unannotated-fall-through-between-switch-labels | |-- fs-nfs-enfs-pm_ping.c:warning:no-previous-prototype-for-function-enfs_test_reconnect_time | `-- include-linux-fortify-string.h:error:call-to-__read_overflow2_field-declared-with-warning-attribute:detected-read-beyond-size-of-field-(2nd-parameter)-maybe-use-struct_group()-Werror-Wattribute-warnin |-- x86_64-allyesconfig | |-- fs-nfs-enfs-pm_ping.c:warning:no-previous-prototype-for-function-enfs_test_reconnect_time | `-- include-linux-fortify-string.h:error:call-to-__read_overflow2_field-declared-with-warning-attribute:detected-read-beyond-size-of-field-(2nd-parameter)-maybe-use-struct_group()-Werror-Wattribute-warnin |-- x86_64-buildonly-randconfig-006-20251025 | |-- include-linux-fortify-string.h:error:call-to-__read_overflow2_field-declared-with-warning-attribute:detected-read-beyond-size-of-field-(2nd-parameter)-maybe-use-struct_group()-Werror-Wattribute-warnin | `-- include-linux-virtcca_cvm_domain.h:warning:declaration-of-struct-pci_dev-will-not-be-visible-outside-of-this-function |-- x86_64-randconfig-122-20251025 | `-- mm-memblock.c:sparse:sparse:symbol-memblock_alloc_range_nid_flags-was-not-declared.-Should-it-be-static `-- x86_64-randconfig-r054-20251025 `-- include-linux-fortify-string.h:error:call-to-__read_overflow2_field-declared-with-warning-attribute:detected-read-beyond-size-of-field-(2nd-parameter)-maybe-use-struct_group()-Werror-Wattribute-warnin elapsed time: 724m configs tested: 20 configs skipped: 111 tested configs: arm64 allmodconfig clang-19 arm64 allnoconfig gcc-15.1.0 arm64 randconfig-001-20251025 gcc-14.3.0 arm64 randconfig-002-20251025 gcc-11.5.0 arm64 randconfig-003-20251025 gcc-9.5.0 arm64 randconfig-004-20251025 clang-22 loongarch allmodconfig clang-19 loongarch allnoconfig clang-22 loongarch randconfig-001-20251025 clang-22 loongarch randconfig-002-20251025 clang-22 x86_64 allnoconfig clang-20 x86_64 allyesconfig clang-20 x86_64 buildonly-randconfig-001-20251025 gcc-14 x86_64 buildonly-randconfig-002-20251025 gcc-14 x86_64 buildonly-randconfig-003-20251025 gcc-14 x86_64 buildonly-randconfig-004-20251025 clang-20 x86_64 buildonly-randconfig-005-20251025 clang-20 x86_64 buildonly-randconfig-006-20251025 clang-20 x86_64 defconfig gcc-14 x86_64 rhel-9.4-rust clang-20 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-1.0-LTS] PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
by Ziming Du 25 Oct '25

25 Oct '25

From: Ding Hui <dinghui(a)sangfor.com.cn> mainline inclusion from mainline-v6.5 commit 456d8aa37d0f56fc9e985e812496e861dcd6f2f2 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ICYQS7 CVE: CVE-2023-53446 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- Struct pcie_link_state->downstream is a pointer to the pci_dev of function 0. Previously we retained that pointer when removing function 0, and subsequent ASPM policy changes dereferenced it, resulting in a use-after-free warning from KASAN, e.g.: # echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove # echo powersave > /sys/module/pcie_aspm/parameters/policy BUG: KASAN: slab-use-after-free in pcie_config_aspm_link+0x42d/0x500 Call Trace: kasan_report+0xae/0xe0 pcie_config_aspm_link+0x42d/0x500 pcie_aspm_set_policy+0x8e/0x1a0 param_attr_store+0x162/0x2c0 module_attr_store+0x3e/0x80 PCIe spec r6.0, sec 7.5.3.7, recommends that software program the same ASPM Control value in all functions of multi-function devices. Disable ASPM and free the pcie_link_state when any child function is removed so we can discard the dangling pcie_link_state->downstream pointer and maintain the same ASPM Control configuration for all functions. [bhelgaas: commit log and comment] Debugged-by: Zongquan Qin <qinzongquan(a)sangfor.com.cn> Suggested-by: Bjorn Helgaas <bhelgaas(a)google.com> Fixes: b5a0a9b59c81 ("PCI/ASPM: Read and set up L1 substate capabilities") Link: https://lore.kernel.org/r/20230507034057.20970-1-dinghui@sangfor.com.cn Signed-off-by: Ding Hui <dinghui(a)sangfor.com.cn> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Conflicts: drivers/pci/pcie/aspm.c [Ziming Du: context conflict] Signed-off-by: Ziming Du <duziming2(a)huawei.com> --- drivers/pci/pcie/aspm.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c index 54fc2856995d5..0a21070a7557b 100644 --- a/drivers/pci/pcie/aspm.c +++ b/drivers/pci/pcie/aspm.c @@ -1004,22 +1004,25 @@ void pcie_aspm_exit_link_state(struct pci_dev *pdev) down_read(&pci_bus_sem); mutex_lock(&aspm_lock); - /* - * All PCIe functions are in one slot, remove one function will remove - * the whole slot, so just wait until we are the last function left. - */ - if (!list_empty(&parent->subordinate->devices)) - goto out; link = parent->link_state; root = link->root; parent_link = link->parent; - /* All functions are removed, so just disable ASPM for the link */ + /* + * link->downstream is a pointer to the pci_dev of function 0. If + * we remove that function, the pci_dev is about to be deallocated, + * so we can't use link->downstream again. Free the link state to + * avoid this. + * + * If we're removing a non-0 function, it's possible we could + * retain the link state, but PCIe r6.0, sec 7.5.3.7, recommends + * programming the same ASPM Control value for all functions of + * multi-function devices, so disable ASPM for all of them. + */ pcie_config_aspm_link(link, 0); list_del(&link->sibling); list_del(&link->link); - /* Clock PM is for endpoint device */ free_link_state(link); /* Recheck latencies and configure upstream links */ @@ -1027,7 +1030,7 @@ void pcie_aspm_exit_link_state(struct pci_dev *pdev) pcie_update_aspm_capable(root); pcie_config_aspm_path(parent_link); } -out: + mutex_unlock(&aspm_lock); up_read(&pci_bus_sem); } -- 2.43.0

2 1

[PATCH OLK-6.6 0/2] arm64/mpam: Fix MBWU monitor overflow handling
by Zeng Heng 25 Oct '25

25 Oct '25

Zeng Heng (2): arm64/mpam: Fix MBWU monitor overflow handling arm64/mpam: Print MPAM register operation for debug drivers/platform/mpam/mpam_devices.c | 33 ++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) -- 2.25.1

2 3

[PATCH OLK-6.6] cnic: Fix use-after-free bugs in cnic_delete_task
by Yao Kai 25 Oct '25

25 Oct '25

From: Duoming Zhou <duoming(a)zju.edu.cn> stable inclusion from stable-v6.6.108 commit 8eeb2091e72d75df8ceaa2172638d61b4cf8929a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ID0U8X CVE: CVE-2025-39945 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit cfa7d9b1e3a8604afc84e9e51d789c29574fb216 ] The original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(), which does not guarantee that the delayed work item 'delete_task' has fully completed if it was already running. Additionally, the delayed work item is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only blocks and waits for work items that were already queued to the workqueue prior to its invocation. Any work items submitted after flush_workqueue() is called are not included in the set of tasks that the flush operation awaits. This means that after the cyclic work items have finished executing, a delayed work item may still exist in the workqueue. This leads to use-after-free scenarios where the cnic_dev is deallocated by cnic_free_dev(), while delete_task remains active and attempt to dereference cnic_dev in cnic_delete_task(). A typical race condition is illustrated below: CPU 0 (cleanup) | CPU 1 (delayed work callback) cnic_netdev_event() | cnic_stop_hw() | cnic_delete_task() cnic_cm_stop_bnx2x_hw() | ... cancel_delayed_work() | /* the queue_delayed_work() flush_workqueue() | executes after flush_workqueue()*/ | queue_delayed_work() cnic_free_dev(dev)//free | cnic_delete_task() //new instance | dev = cp->dev; //use Replace cancel_delayed_work() with cancel_delayed_work_sync() to ensure that the cyclic delayed work item is properly canceled and that any ongoing execution of the work item completes before the cnic_dev is deallocated. Furthermore, since cancel_delayed_work_sync() uses __flush_work(work, true) to synchronously wait for any currently executing instance of the work item to finish, the flush_workqueue() becomes redundant and should be removed. This bug was identified through static analysis. To reproduce the issue and validate the fix, I simulated the cnic PCI device in QEMU and introduced intentional delays — such as inserting calls to ssleep() within the cnic_delete_task() function — to increase the likelihood of triggering the bug. Fixes: fdf24086f475 ("cnic: Defer iscsi connection cleanup") Signed-off-by: Duoming Zhou <duoming(a)zju.edu.cn> Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Yao Kai <yaokai34(a)huawei.com> --- drivers/net/ethernet/broadcom/cnic.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/net/ethernet/broadcom/cnic.c b/drivers/net/ethernet/broadcom/cnic.c index 7926aaef8f0c..ad2745c07c1a 100644 --- a/drivers/net/ethernet/broadcom/cnic.c +++ b/drivers/net/ethernet/broadcom/cnic.c @@ -4220,8 +4220,7 @@ static void cnic_cm_stop_bnx2x_hw(struct cnic_dev *dev) cnic_bnx2x_delete_wait(dev, 0); - cancel_delayed_work(&cp->delete_task); - flush_workqueue(cnic_wq); + cancel_delayed_work_sync(&cp->delete_task); if (atomic_read(&cp->iscsi_conn) != 0) netdev_warn(dev->netdev, "%d iSCSI connections not destroyed\n", -- 2.43.0

2 9

[openeuler:OLK-6.6 3039/3039] mm/memblock.c:1409:20: sparse: sparse: symbol 'memblock_alloc_range_nid_flags' was not declared. Should it be static?
by kernel test robot 25 Oct '25

25 Oct '25

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 4c00b18c122c4cdb2747e44b469af328b8cecb28 commit: 64018b291c1f49622c4b23b303364d760306d662 [3039/3039] mm/memblock: Introduce ability to alloc memory from specify memory region config: x86_64-randconfig-122-20251025 (https://download.01.org/0day-ci/archive/20251025/202510251138.4pyXr8W0-lkp@…) compiler: gcc-12 (Debian 12.4.0-5) 12.4.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251025/202510251138.4pyXr8W0-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202510251138.4pyXr8W0-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) >> mm/memblock.c:1409:20: sparse: sparse: symbol 'memblock_alloc_range_nid_flags' was not declared. Should it be static? vim +/memblock_alloc_range_nid_flags +1409 mm/memblock.c 1386 1387 /** 1388 * memblock_alloc_range_nid_flags - allocate boot memory block with specify flag 1389 * @size: size of memory block to be allocated in bytes 1390 * @align: alignment of the region and block's size 1391 * @start: the lower bound of the memory region to allocate (phys address) 1392 * @end: the upper bound of the memory region to allocate (phys address) 1393 * @nid: nid of the free area to find, %NUMA_NO_NODE for any node 1394 * @exact_nid: control the allocation fall back to other nodes 1395 * @flags: alloc memory from specify memblock flag 1396 * 1397 * The allocation is performed from memory region limited by 1398 * memblock.current_limit if @end == %MEMBLOCK_ALLOC_ACCESSIBLE. 1399 * 1400 * If the specified node can not hold the requested memory and @exact_nid 1401 * is false, the allocation falls back to any node in the system. 1402 * 1403 * In addition, function sets the min_count to 0 using kmemleak_alloc_phys for 1404 * allocated boot memory block, so that it is never reported as leaks. 1405 * 1406 * Return: 1407 * Physical address of allocated memory block on success, %0 on failure. 1408 */ > 1409 phys_addr_t __init memblock_alloc_range_nid_flags(phys_addr_t size, 1410 phys_addr_t align, phys_addr_t start, 1411 phys_addr_t end, int nid, 1412 bool exact_nid, 1413 enum memblock_flags flags) 1414 { 1415 phys_addr_t found; 1416 1417 if (WARN_ONCE(nid == MAX_NUMNODES, "Usage of MAX_NUMNODES is deprecated. Use NUMA_NO_NODE instead\n")) 1418 nid = NUMA_NO_NODE; 1419 1420 if (!align) { 1421 /* Can't use WARNs this early in boot on powerpc */ 1422 dump_stack(); 1423 align = SMP_CACHE_BYTES; 1424 } 1425 1426 again: 1427 found = memblock_find_in_range_node(size, align, start, end, nid, 1428 flags); 1429 if (found && !memblock_reserve(found, size)) 1430 goto done; 1431 1432 if (nid != NUMA_NO_NODE && !exact_nid) { 1433 found = memblock_find_in_range_node(size, align, start, 1434 end, NUMA_NO_NODE, 1435 flags); 1436 if (found && !memblock_reserve(found, size)) 1437 goto done; 1438 } 1439 1440 if (flags & MEMBLOCK_MIRROR) { 1441 flags &= ~MEMBLOCK_MIRROR; 1442 pr_warn_ratelimited("Could not allocate %pap bytes of mirrored memory\n", 1443 &size); 1444 goto again; 1445 } 1446 1447 return 0; 1448 1449 done: 1450 /* 1451 * Skip kmemleak for those places like kasan_init() and 1452 * early_pgtable_alloc() due to high volume. 1453 */ 1454 if (end != MEMBLOCK_ALLOC_NOLEAKTRACE) 1455 /* 1456 * Memblock allocated blocks are never reported as 1457 * leaks. This is because many of these blocks are 1458 * only referred via the physical address which is 1459 * not looked up by kmemleak. 1460 */ 1461 kmemleak_alloc_phys(found, size, 0); 1462 1463 /* 1464 * Some Virtual Machine platforms, such as Intel TDX or AMD SEV-SNP, 1465 * require memory to be accepted before it can be used by the 1466 * guest. 1467 * 1468 * Accept the memory of the allocated buffer. 1469 */ 1470 accept_memory(found, found + size); 1471 1472 return found; 1473 } 1474 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-6.6] arm64/mpam: Fix L2 MBWU monitor multiplexing issue
by Zeng Heng 25 Oct '25

25 Oct '25

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/ID29QH -------------------------------- The MBWU monitor performs long-term cumulative statistics on bandwidth for a specified PARTID. However, the number of L2 physical monitors is very limited. To support the expanded quantities of PARTIDs and PMGs, the MBWU monitors need to multiplex. Therefore, when a monitor tracks a new PARTID or PMG, which means a change in monitor configuration is detected, the accumulated correction should set to zero. Fixes: 21ac9fc8f275 ("arm_mpam: Track bandwidth counter state for overflow and power management") Signed-off-by: Zeng Heng <zengheng4(a)huawei.com> --- drivers/platform/mpam/mpam_devices.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/platform/mpam/mpam_devices.c b/drivers/platform/mpam/mpam_devices.c index c2e58fc4c0e8..ae6791b05e8a 100644 --- a/drivers/platform/mpam/mpam_devices.c +++ b/drivers/platform/mpam/mpam_devices.c @@ -1011,7 +1011,7 @@ static void __ris_msmon_read(void *arg) bool reset_on_next_read = false; struct mpam_msc_ris *ris = m->ris; struct mpam_msc *msc = m->ris->msc; - struct msmon_mbwu_state *mbwu_state; + struct msmon_mbwu_state *mbwu_state = NULL; u32 mon_sel, ctl_val, flt_val, cur_ctl, cur_flt; lockdep_assert_held(&msc->lock); @@ -1043,8 +1043,14 @@ static void __ris_msmon_read(void *arg) config_mismatch = cur_flt != flt_val || cur_ctl != (ctl_val | MSMON_CFG_x_CTL_EN); - if (config_mismatch || reset_on_next_read) + if (config_mismatch || reset_on_next_read) { write_msmon_ctl_flt_vals(m, ctl_val, flt_val); + if (mbwu_state) { + mbwu_state->prev_val = 0; + mbwu_state->correction = 0; + mbwu_overflow = false; + } + } /* * Selects the monitor instance associated to the specified PARTID -- 2.25.1

2 1

[PATCH OLK-6.6 0/2] arm64/mpam: Fix MBWU monitor overflow handling
by Zeng Heng 25 Oct '25

25 Oct '25

Zeng Heng (2): arm64/mpam: Fix MBWU monitor overflow handling arm64/mpam: Print MPAM register operation for debug drivers/platform/mpam/mpam_devices.c | 29 ++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) -- 2.25.1

2 3

[PATCH openEuler-1.0-LTS] posix-timers: Ensure timer ID search-loop limit is valid
by Jinjie Ruan 25 Oct '25

25 Oct '25

From: Thomas Gleixner <tglx(a)linutronix.de> stable inclusion from stable-v4.19.291 commit 9ea26a8494a0a9337e7415eafd6f3ed940327dc5 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ID33F2 CVE: CVE-2023-53728 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 8ce8849dd1e78dadcee0ec9acbd259d239b7069f ] posix_timer_add() tries to allocate a posix timer ID by starting from the cached ID which was stored by the last successful allocation. This is done in a loop searching the ID space for a free slot one by one. The loop has to terminate when the search wrapped around to the starting point. But that's racy vs. establishing the starting point. That is read out lockless, which leads to the following problem: CPU0 CPU1 posix_timer_add() start = sig->posix_timer_id; lock(hash_lock); ... posix_timer_add() if (++sig->posix_timer_id < 0) start = sig->posix_timer_id; sig->posix_timer_id = 0; So CPU1 can observe a negative start value, i.e. -1, and the loop break never happens because the condition can never be true: if (sig->posix_timer_id == start) break; While this is unlikely to ever turn into an endless loop as the ID space is huge (INT_MAX), the racy read of the start value caught the attention of KCSAN and Dmitry unearthed that incorrectness. Rewrite it so that all id operations are under the hash lock. Reported-by: syzbot+5c54bd3eb218bb595aa9(a)syzkaller.appspotmail.com Reported-by: Dmitry Vyukov <dvyukov(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Frederic Weisbecker <frederic(a)kernel.org> Link: https://lore.kernel.org/r/87bkhzdn6g.ffs@tglx Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: include/linux/sched/signal.h [ conflict because of kabi change. ] Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> --- include/linux/sched/signal.h | 4 ++++ kernel/time/posix-timers.c | 31 ++++++++++++++++++------------- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h index 8bde85ac0e77..66afd36b7de9 100644 --- a/include/linux/sched/signal.h +++ b/include/linux/sched/signal.h @@ -128,7 +128,11 @@ struct signal_struct { #ifdef CONFIG_POSIX_TIMERS /* POSIX.1b Interval Timers */ +#ifdef __GENKSYMS__ int posix_timer_id; +#else + unsigned int next_posix_timer_id; +#endif struct list_head posix_timers; /* ITIMER_REAL timer for the process */ diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c index d86fdabc5748..9b22171f7339 100644 --- a/kernel/time/posix-timers.c +++ b/kernel/time/posix-timers.c @@ -159,25 +159,30 @@ static struct k_itimer *posix_timer_by_id(timer_t id) static int posix_timer_add(struct k_itimer *timer) { struct signal_struct *sig = current->signal; - int first_free_id = sig->posix_timer_id; struct hlist_head *head; - int ret = -ENOENT; + unsigned int cnt, id; - do { + /* + * FIXME: Replace this by a per signal struct xarray once there is + * a plan to handle the resulting CRIU regression gracefully. + */ + for (cnt = 0; cnt <= INT_MAX; cnt++) { spin_lock(&hash_lock); - head = &posix_timers_hashtable[hash(sig, sig->posix_timer_id)]; - if (!__posix_timers_find(head, sig, sig->posix_timer_id)) { + id = sig->next_posix_timer_id; + + /* Write the next ID back. Clamp it to the positive space */ + sig->next_posix_timer_id = (id + 1) & INT_MAX; + + head = &posix_timers_hashtable[hash(sig, id)]; + if (!__posix_timers_find(head, sig, id)) { hlist_add_head_rcu(&timer->t_hash, head); - ret = sig->posix_timer_id; + spin_unlock(&hash_lock); + return id; } - if (++sig->posix_timer_id < 0) - sig->posix_timer_id = 0; - if ((sig->posix_timer_id == first_free_id) && (ret == -ENOENT)) - /* Loop over all possible ids completed */ - ret = -EAGAIN; spin_unlock(&hash_lock); - } while (ret == -ENOENT); - return ret; + } + /* POSIX return code when no timer ID could be allocated */ + return -EAGAIN; } static inline void unlock_timer(struct k_itimer *timr, unsigned long flags) -- 2.34.1

2 1