- Kernel - mailweb.openeuler.org

[PATCH openEuler-1.0-LTS] md/raid10: fix memleak for 'conf->bio_split'
by Zheng Qixing 30 Dec '25

30 Dec '25

From: Yu Kuai <yukuai3(a)huawei.com> stable inclusion from stable-v4.19.283 commit 133008af833b4f2e021d2c294c29c70364a3f0ba category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/12980 CVE: CVE-2023-54123 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… ------------------ [ Upstream commit c9ac2acde53f5385de185bccf6aaa91cf9ac1541 ] In the error path of raid10_run(), 'conf' need be freed, however, 'conf->bio_split' is missed and memory will be leaked. Since there are 3 places to free 'conf', factor out a helper to fix the problem. Fixes: fc9977dd069e ("md/raid10: simplify the splitting of requests.") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Signed-off-by: Song Liu <song(a)kernel.org> Link: https://lore.kernel.org/r/20230310073855.1337560-6-yukuai1@huaweicloud.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Zheng Qixing <zhengqixing(a)huawei.com> --- drivers/md/raid10.c | 37 +++++++++++++++++-------------------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c index 67493be59f7f..8b7de02f5796 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c @@ -3700,6 +3700,20 @@ static int setup_geo(struct geom *geo, struct mddev *mddev, enum geo_type new) return nc*fc; } +static void raid10_free_conf(struct r10conf *conf) +{ + if (!conf) + return; + + mempool_exit(&conf->r10bio_pool); + kfree(conf->mirrors); + kfree(conf->mirrors_old); + kfree(conf->mirrors_new); + safe_put_page(conf->tmppage); + bioset_exit(&conf->bio_split); + kfree(conf); +} + static struct r10conf *setup_conf(struct mddev *mddev) { struct r10conf *conf = NULL; @@ -3782,13 +3796,7 @@ static struct r10conf *setup_conf(struct mddev *mddev) return conf; out: - if (conf) { - mempool_exit(&conf->r10bio_pool); - kfree(conf->mirrors); - safe_put_page(conf->tmppage); - bioset_exit(&conf->bio_split); - kfree(conf); - } + raid10_free_conf(conf); return ERR_PTR(err); } @@ -4002,10 +4010,7 @@ static int raid10_run(struct mddev *mddev) out_free_conf: md_unregister_thread(&mddev->thread); - mempool_exit(&conf->r10bio_pool); - safe_put_page(conf->tmppage); - kfree(conf->mirrors); - kfree(conf); + raid10_free_conf(conf); mddev->private = NULL; out: return -EIO; @@ -4013,15 +4018,7 @@ static int raid10_run(struct mddev *mddev) static void raid10_free(struct mddev *mddev, void *priv) { - struct r10conf *conf = priv; - - mempool_exit(&conf->r10bio_pool); - safe_put_page(conf->tmppage); - kfree(conf->mirrors); - kfree(conf->mirrors_old); - kfree(conf->mirrors_new); - bioset_exit(&conf->bio_split); - kfree(conf); + raid10_free_conf(priv); } static void raid10_quiesce(struct mddev *mddev, int quiesce) -- 2.39.2

2 1

[PATCH OLK-6.6] md: fix rcu protection in md_wakeup_thread
by Zheng Qixing 30 Dec '25

30 Dec '25

From: Yun Zhou <yun.zhou(a)windriver.com> mainline inclusion from mainline-v6.19-rc1 commit 0dc76205549b4c25705e54345f211b9f66e018a0 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/12725 CVE: CVE-2025-68374 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… ------------------ We attempted to use RCU to protect the pointer 'thread', but directly passed the value when calling md_wakeup_thread(). This means that the RCU pointer has been acquired before rcu_read_lock(), which renders rcu_read_lock() ineffective and could lead to a use-after-free. Link: https://lore.kernel.org/linux-raid/20251015083227.1079009-1-yun.zhou@windri… Fixes: 446931543982 ("md: protect md_thread with rcu") Signed-off-by: Yun Zhou <yun.zhou(a)windriver.com> Reviewed-by: Li Nan <linan122(a)huawei.com> Reviewed-by: Yu Kuai <yukuai(a)fnnas.com> Signed-off-by: Yu Kuai <yukuai(a)fnnas.com> Conflicts: drivers/md/md.c drivers/md/md.h [Context conflicts.] Signed-off-by: Zheng Qixing <zhengqixing(a)huawei.com> --- drivers/md/md.c | 14 ++++++-------- drivers/md/md.h | 8 +++++++- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/drivers/md/md.c b/drivers/md/md.c index 715f6be52ea7..b1b0307df654 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -97,7 +97,7 @@ static int remove_and_add_spares(struct mddev *mddev, struct md_rdev *this); static void mddev_detach(struct mddev *mddev); static void export_rdev(struct md_rdev *rdev, struct mddev *mddev); -static void md_wakeup_thread_directly(struct md_thread __rcu *thread); +static void md_wakeup_thread_directly(struct md_thread __rcu **thread); enum md_ro_state { MD_RDWR, @@ -4943,7 +4943,7 @@ static void stop_sync_thread(struct mddev *mddev, bool locked, bool check_seq) * Thread might be blocked waiting for metadata update which will now * never happen */ - md_wakeup_thread_directly(mddev->sync_thread); + md_wakeup_thread_directly(&mddev->sync_thread); if (work_pending(&mddev->sync_work)) flush_work(&mddev->sync_work); @@ -8053,31 +8053,29 @@ static int md_thread(void *arg) return 0; } -static void md_wakeup_thread_directly(struct md_thread __rcu *thread) +static void md_wakeup_thread_directly(struct md_thread __rcu **thread) { struct md_thread *t; rcu_read_lock(); - t = rcu_dereference(thread); + t = rcu_dereference(*thread); if (t) wake_up_process(t->tsk); rcu_read_unlock(); } -void md_wakeup_thread(struct md_thread __rcu *thread) +void __md_wakeup_thread(struct md_thread __rcu *thread) { struct md_thread *t; - rcu_read_lock(); t = rcu_dereference(thread); if (t) { pr_debug("md: waking up MD thread %s.\n", t->tsk->comm); set_bit(THREAD_WAKEUP, &t->flags); wake_up(&t->wqueue); } - rcu_read_unlock(); } -EXPORT_SYMBOL(md_wakeup_thread); +EXPORT_SYMBOL(__md_wakeup_thread); struct md_thread *md_register_thread(void (*run) (struct md_thread *), struct mddev *mddev, const char *name) diff --git a/drivers/md/md.h b/drivers/md/md.h index c91da1abef42..db1eb827ddce 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h @@ -726,6 +726,12 @@ struct md_io_clone { #define THREAD_WAKEUP 0 +#define md_wakeup_thread(thread) do { \ + rcu_read_lock(); \ + __md_wakeup_thread(thread); \ + rcu_read_unlock(); \ +} while (0) + static inline void safe_put_page(struct page *p) { if (p) put_page(p); @@ -743,7 +749,7 @@ extern struct md_thread *md_register_thread( struct mddev *mddev, const char *name); extern void md_unregister_thread(struct mddev *mddev, struct md_thread __rcu **threadp); -extern void md_wakeup_thread(struct md_thread __rcu *thread); +extern void __md_wakeup_thread(struct md_thread __rcu *thread); extern void md_check_recovery(struct mddev *mddev); extern void md_reap_sync_thread(struct mddev *mddev); extern bool md_write_start(struct mddev *mddev, struct bio *bi); -- 2.39.2

2 1

[PATCH OLK-6.6] nvme-multipath: fix lockdep WARN due to partition scan work
by Zheng Qixing 30 Dec '25

30 Dec '25

From: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> stable inclusion from stable-v6.6.118 commit e2a897ad5f538d314955c747a0a2edb184fcdecd category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/11562 CVE: CVE-2025-68218 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… ------------------ [ Upstream commit 6d87cd5335784351280f82c47cc8a657271929c3 ] Blktests test cases nvme/014, 057 and 058 fail occasionally due to a lockdep WARN. As reported in the Closes tag URL, the WARN indicates that a deadlock can happen due to the dependency among disk->open_mutex, kblockd workqueue completion and partition_scan_work completion. To avoid the lockdep WARN and the potential deadlock, cut the dependency by running the partition_scan_work not by kblockd workqueue but by nvme_wq. Reported-by: Yi Zhang <yi.zhang(a)redhat.com> Closes: https://lore.kernel.org/linux-block/CAHj4cs8mJ+R_GmQm9R8ebResKAWUE8kF5+_WVg… Link: https://lore.kernel.org/linux-block/oeyzci6ffshpukpfqgztsdeke5ost5hzsuz4rrs… Fixes: 1f021341eef4 ("nvme-multipath: defer partition scanning") Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Zheng Qixing <zhengqixing(a)huawei.com> --- drivers/nvme/host/multipath.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c index 119afdfe4b91..e72c47651ce0 100644 --- a/drivers/nvme/host/multipath.c +++ b/drivers/nvme/host/multipath.c @@ -684,7 +684,7 @@ static void nvme_mpath_set_live(struct nvme_ns *ns) return; } nvme_add_ns_head_cdev(head); - kblockd_schedule_work(&head->partition_scan_work); + queue_work(nvme_wq, &head->partition_scan_work); } mutex_lock(&head->lock); -- 2.39.2

2 1

[PATCH openEuler-1.0-LTS] crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
by Ze Zuo 30 Dec '25

30 Dec '25

From: Mark O'Donovan <shiftee(a)posteo.net> stable inclusion from stable-v4.19.295 commit ae63e84ffda74267bf7277c38415ba38389229a0 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/11356 CVE: CVE-2023-53817 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 9e47a758b70167c9301d2b44d2569f86c7796f2d ] During NVMeTCP Authentication a controller can trigger a kernel oops by specifying the 8192 bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie Hellamn value. mpi_cmp_ui() was detecting this if the second parameter was 0, but 1 is passed from dh_is_pubkey_valid(). This causes the null pointer u->d to be dereferenced towards the end of mpi_cmp_ui() Signed-off-by: Mark O'Donovan <shiftee(a)posteo.net> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Ze Zuo <zuoze1(a)huawei.com> --- lib/mpi/mpi-cmp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/mpi/mpi-cmp.c b/lib/mpi/mpi-cmp.c index d25e9e96c310..ceaebe181cd7 100644 --- a/lib/mpi/mpi-cmp.c +++ b/lib/mpi/mpi-cmp.c @@ -25,8 +25,12 @@ int mpi_cmp_ui(MPI u, unsigned long v) mpi_limb_t limb = v; mpi_normalize(u); - if (!u->nlimbs && !limb) - return 0; + if (u->nlimbs == 0) { + if (v == 0) + return 0; + else + return -1; + } if (u->sign) return -1; if (u->nlimbs > 1) -- 2.25.1

2 1

[PATCH] crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
by Ze Zuo 30 Dec '25

30 Dec '25

From: Mark O'Donovan <shiftee(a)posteo.net> stable inclusion from stable-v4.19.295 commit ae63e84ffda74267bf7277c38415ba38389229a0 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/11356 CVE: CVE-2023-53817 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 9e47a758b70167c9301d2b44d2569f86c7796f2d ] During NVMeTCP Authentication a controller can trigger a kernel oops by specifying the 8192 bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie Hellamn value. mpi_cmp_ui() was detecting this if the second parameter was 0, but 1 is passed from dh_is_pubkey_valid(). This causes the null pointer u->d to be dereferenced towards the end of mpi_cmp_ui() Signed-off-by: Mark O'Donovan <shiftee(a)posteo.net> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Ze Zuo <zuoze1(a)huawei.com> --- lib/mpi/mpi-cmp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/mpi/mpi-cmp.c b/lib/mpi/mpi-cmp.c index d25e9e96c310..ceaebe181cd7 100644 --- a/lib/mpi/mpi-cmp.c +++ b/lib/mpi/mpi-cmp.c @@ -25,8 +25,12 @@ int mpi_cmp_ui(MPI u, unsigned long v) mpi_limb_t limb = v; mpi_normalize(u); - if (!u->nlimbs && !limb) - return 0; + if (u->nlimbs == 0) { + if (v == 0) + return 0; + else + return -1; + } if (u->sign) return -1; if (u->nlimbs > 1) -- 2.25.1

1 0

[PATCH OLK-5.10] scsi: qla2xxx: Clear cmds after chip reset
by Tengda Wu 30 Dec '25

30 Dec '25

From: Tony Battersby <tonyb(a)cybernetics.com> mainline inclusion from mainline-v6.19 commit d46c69a087aa3d1513f7a78f871b80251ea0c1ae category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/12897 CVE: CVE-2025-68745 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Commit aefed3e5548f ("scsi: qla2xxx: target: Fix offline port handling and host reset handling") caused two problems: 1. Commands sent to FW, after chip reset got stuck and never freed as FW is not going to respond to them anymore. 2. BUG_ON(cmd->sg_mapped) in qlt_free_cmd(). Commit 26f9ce53817a ("scsi: qla2xxx: Fix missed DMA unmap for aborted commands") attempted to fix this, but introduced another bug under different circumstances when two different CPUs were racing to call qlt_unmap_sg() at the same time: BUG_ON(!valid_dma_direction(dir)) in dma_unmap_sg_attrs(). So revert "scsi: qla2xxx: Fix missed DMA unmap for aborted commands" and partially revert "scsi: qla2xxx: target: Fix offline port handling and host reset handling" at __qla2x00_abort_all_cmds. Fixes: aefed3e5548f ("scsi: qla2xxx: target: Fix offline port handling and host reset handling") Fixes: 26f9ce53817a ("scsi: qla2xxx: Fix missed DMA unmap for aborted commands") Co-developed-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> Signed-off-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> Signed-off-by: Tony Battersby <tonyb(a)cybernetics.com> Link: https://patch.msgid.link/0e7e5d26-e7a0-42d1-8235-40eeb27f3e98@cybernetics.c… Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Tengda Wu <wutengda2(a)huawei.com> --- drivers/scsi/qla2xxx/qla_os.c | 20 ++++++++++++++++++-- drivers/scsi/qla2xxx/qla_target.c | 5 +---- drivers/scsi/qla2xxx/qla_target.h | 1 + 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index d6e39031bc1f..2775262a57c5 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -1790,10 +1790,26 @@ __qla2x00_abort_all_cmds(struct qla_qpair *qp, int res) continue; } cmd = (struct qla_tgt_cmd *)sp; - cmd->aborted = 1; + + if (cmd->sg_mapped) + qlt_unmap_sg(vha, cmd); + + if (cmd->state == QLA_TGT_STATE_NEED_DATA) { + cmd->aborted = 1; + cmd->write_data_transferred = 0; + cmd->state = QLA_TGT_STATE_DATA_IN; + ha->tgt.tgt_ops->handle_data(cmd); + } else { + ha->tgt.tgt_ops->free_cmd(cmd); + } break; case TYPE_TGT_TMCMD: - /* Skip task management functions. */ + /* + * Currently, only ABTS response gets on the + * outstanding_cmds[] + */ + ha->tgt.tgt_ops->free_mcmd( + (struct qla_tgt_mgmt_cmd *) sp); break; default: break; diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c index d2433f162815..17fccf310702 100644 --- a/drivers/scsi/qla2xxx/qla_target.c +++ b/drivers/scsi/qla2xxx/qla_target.c @@ -2465,7 +2465,7 @@ static int qlt_pci_map_calc_cnt(struct qla_tgt_prm *prm) return -1; } -static void qlt_unmap_sg(struct scsi_qla_host *vha, struct qla_tgt_cmd *cmd) +void qlt_unmap_sg(struct scsi_qla_host *vha, struct qla_tgt_cmd *cmd) { struct qla_hw_data *ha; struct qla_qpair *qpair; @@ -3783,9 +3783,6 @@ int qlt_abort_cmd(struct qla_tgt_cmd *cmd) spin_lock_irqsave(&cmd->cmd_lock, flags); if (cmd->aborted) { - if (cmd->sg_mapped) - qlt_unmap_sg(vha, cmd); - spin_unlock_irqrestore(&cmd->cmd_lock, flags); /* * It's normal to see 2 calls in this path: diff --git a/drivers/scsi/qla2xxx/qla_target.h b/drivers/scsi/qla2xxx/qla_target.h index 1e94586c7eb2..7a8f0876ffa2 100644 --- a/drivers/scsi/qla2xxx/qla_target.h +++ b/drivers/scsi/qla2xxx/qla_target.h @@ -1049,6 +1049,7 @@ extern int qlt_abort_cmd(struct qla_tgt_cmd *); extern void qlt_xmit_tm_rsp(struct qla_tgt_mgmt_cmd *); extern void qlt_free_mcmd(struct qla_tgt_mgmt_cmd *); extern void qlt_free_cmd(struct qla_tgt_cmd *cmd); +extern void qlt_unmap_sg(struct scsi_qla_host *vha, struct qla_tgt_cmd *cmd); extern void qlt_async_event(uint16_t, struct scsi_qla_host *, uint16_t *); extern void qlt_enable_vha(struct scsi_qla_host *); extern void qlt_vport_create(struct scsi_qla_host *, struct qla_hw_data *); -- 2.34.1

2 1

[PATCH OLK-6.6] scsi: qla2xxx: Clear cmds after chip reset
by Tengda Wu 30 Dec '25

30 Dec '25

From: Tony Battersby <tonyb(a)cybernetics.com> mainline inclusion from mainline-v6.19 commit d46c69a087aa3d1513f7a78f871b80251ea0c1ae category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/12897 CVE: CVE-2025-68745 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Commit aefed3e5548f ("scsi: qla2xxx: target: Fix offline port handling and host reset handling") caused two problems: 1. Commands sent to FW, after chip reset got stuck and never freed as FW is not going to respond to them anymore. 2. BUG_ON(cmd->sg_mapped) in qlt_free_cmd(). Commit 26f9ce53817a ("scsi: qla2xxx: Fix missed DMA unmap for aborted commands") attempted to fix this, but introduced another bug under different circumstances when two different CPUs were racing to call qlt_unmap_sg() at the same time: BUG_ON(!valid_dma_direction(dir)) in dma_unmap_sg_attrs(). So revert "scsi: qla2xxx: Fix missed DMA unmap for aborted commands" and partially revert "scsi: qla2xxx: target: Fix offline port handling and host reset handling" at __qla2x00_abort_all_cmds. Fixes: aefed3e5548f ("scsi: qla2xxx: target: Fix offline port handling and host reset handling") Fixes: 26f9ce53817a ("scsi: qla2xxx: Fix missed DMA unmap for aborted commands") Co-developed-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> Signed-off-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> Signed-off-by: Tony Battersby <tonyb(a)cybernetics.com> Link: https://patch.msgid.link/0e7e5d26-e7a0-42d1-8235-40eeb27f3e98@cybernetics.c… Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Tengda Wu <wutengda2(a)huawei.com> --- drivers/scsi/qla2xxx/qla_os.c | 20 ++++++++++++++++++-- drivers/scsi/qla2xxx/qla_target.c | 5 +---- drivers/scsi/qla2xxx/qla_target.h | 1 + 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index 91d12198cc6c..b05539022af3 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -1893,10 +1893,26 @@ __qla2x00_abort_all_cmds(struct qla_qpair *qp, int res) continue; } cmd = (struct qla_tgt_cmd *)sp; - cmd->aborted = 1; + + if (cmd->sg_mapped) + qlt_unmap_sg(vha, cmd); + + if (cmd->state == QLA_TGT_STATE_NEED_DATA) { + cmd->aborted = 1; + cmd->write_data_transferred = 0; + cmd->state = QLA_TGT_STATE_DATA_IN; + ha->tgt.tgt_ops->handle_data(cmd); + } else { + ha->tgt.tgt_ops->free_cmd(cmd); + } break; case TYPE_TGT_TMCMD: - /* Skip task management functions. */ + /* + * Currently, only ABTS response gets on the + * outstanding_cmds[] + */ + ha->tgt.tgt_ops->free_mcmd( + (struct qla_tgt_mgmt_cmd *) sp); break; default: break; diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c index d7551b1443e4..ed9a60a292c3 100644 --- a/drivers/scsi/qla2xxx/qla_target.c +++ b/drivers/scsi/qla2xxx/qla_target.c @@ -2487,7 +2487,7 @@ static int qlt_pci_map_calc_cnt(struct qla_tgt_prm *prm) return -1; } -static void qlt_unmap_sg(struct scsi_qla_host *vha, struct qla_tgt_cmd *cmd) +void qlt_unmap_sg(struct scsi_qla_host *vha, struct qla_tgt_cmd *cmd) { struct qla_hw_data *ha; struct qla_qpair *qpair; @@ -3817,9 +3817,6 @@ int qlt_abort_cmd(struct qla_tgt_cmd *cmd) spin_lock_irqsave(&cmd->cmd_lock, flags); if (cmd->aborted) { - if (cmd->sg_mapped) - qlt_unmap_sg(vha, cmd); - spin_unlock_irqrestore(&cmd->cmd_lock, flags); /* * It's normal to see 2 calls in this path: diff --git a/drivers/scsi/qla2xxx/qla_target.h b/drivers/scsi/qla2xxx/qla_target.h index 354fca2e7feb..3644ab140ff9 100644 --- a/drivers/scsi/qla2xxx/qla_target.h +++ b/drivers/scsi/qla2xxx/qla_target.h @@ -1059,6 +1059,7 @@ extern int qlt_abort_cmd(struct qla_tgt_cmd *); extern void qlt_xmit_tm_rsp(struct qla_tgt_mgmt_cmd *); extern void qlt_free_mcmd(struct qla_tgt_mgmt_cmd *); extern void qlt_free_cmd(struct qla_tgt_cmd *cmd); +extern void qlt_unmap_sg(struct scsi_qla_host *vha, struct qla_tgt_cmd *cmd); extern void qlt_async_event(uint16_t, struct scsi_qla_host *, uint16_t *); extern void qlt_enable_vha(struct scsi_qla_host *); extern void qlt_vport_create(struct scsi_qla_host *, struct qla_hw_data *); -- 2.34.1

2 1

[openeuler:OLK-6.6 0/15] drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1374:9: sparse: sparse: incorrect type in argument 1 (different address spaces)
by kernel test robot 30 Dec '25

30 Dec '25

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: f148785f0bb856bba8ceca2b699a2f102f22174a commit: f0db1bf5852542c46c16d0b305193069e265f769 [0/15] Huawei BMA: Adding Huawei BMA driver: host_edma_drv config: x86_64-randconfig-121-20251230 (https://download.01.org/0day-ci/archive/20251230/202512301413.8DZpsCQ4-lkp@…) compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251230/202512301413.8DZpsCQ4-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202512301413.8DZpsCQ4-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:108:16: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:110:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:131:35: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:136:28: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:147:16: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:254:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:413:25: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:581:6: sparse: sparse: symbol 'host_dma_transfer_without_list' was not declared. Should it be static? drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:629:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:608:6: sparse: sparse: symbol 'host_dma_transfer_withlist' was not declared. Should it be static? drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:653:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:668:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:708:25: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:716:9: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:748:25: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:754:25: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:759:25: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:765:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:777:27: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:791:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:810:9: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:852:35: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:859:49: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:869:49: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:876:33: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:960:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:966:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:996:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1046:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1050:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1061:9: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1087:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1102:9: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1126:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1138:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1160:25: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1162:44: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1165:22: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1166:33: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const volatile [noderef] __iomem *addr @@ got unsigned char * @@ drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1166:33: sparse: expected void const volatile [noderef] __iomem *addr drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1166:33: sparse: got unsigned char * drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1167:22: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1167:22: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const volatile [noderef] __iomem *addr @@ got unsigned char * @@ drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1167:22: sparse: expected void const volatile [noderef] __iomem *addr drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1167:22: sparse: got unsigned char * drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1169:9: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1175:28: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1175:28: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected void volatile [noderef] __iomem *addr @@ got void * @@ drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1175:28: sparse: expected void volatile [noderef] __iomem *addr drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1175:28: sparse: got void * drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1181:25: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1186:25: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1196:33: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1200:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1201:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1203:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1217:25: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1218:25: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1219:25: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1227:36: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1227:36: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected void volatile [noderef] __iomem *addr @@ got void * @@ drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1227:36: sparse: expected void volatile [noderef] __iomem *addr drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1227:36: sparse: got void * drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1272:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1282:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1287:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1299:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1356:17: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1372:23: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1371:35: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected void [noderef] __iomem *edma_send_addr @@ got void * @@ drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1371:35: sparse: expected void [noderef] __iomem *edma_send_addr drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1371:35: sparse: got void * >> drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1374:9: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const * @@ got void [noderef] __iomem *edma_send_addr @@ drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1374:9: sparse: expected void const * drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1374:9: sparse: got void [noderef] __iomem *edma_send_addr >> drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1374:9: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const * @@ got void [noderef] __iomem *edma_send_addr @@ drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1374:9: sparse: expected void const * drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1374:9: sparse: got void [noderef] __iomem *edma_send_addr drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1374:9: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void *p @@ got void [noderef] __iomem *edma_send_addr @@ drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1374:9: sparse: expected void *p drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1374:9: sparse: got void [noderef] __iomem *edma_send_addr drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1377:23: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1376:35: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected void [noderef] __iomem *edma_recv_addr @@ got void * @@ drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1376:35: sparse: expected void [noderef] __iomem *edma_recv_addr drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1376:35: sparse: got void * drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1380:9: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1406:16: sparse: sparse: cast removes address space '__iomem' of expression drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1413:9: sparse: sparse: Using plain integer as NULL pointer drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c:1442:16: sparse: sparse: cast removes address space '__iomem' of expression vim +1374 drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c 1353 1354 edma_host->msg_send_buf = kmalloc(HOST_MAX_SEND_MBX_LEN, GFP_KERNEL); 1355 if (!edma_host->msg_send_buf) { 1356 BMA_LOG(DLOG_ERROR, "malloc msg_send_buf failed!"); 1357 ret = -ENOMEM; 1358 goto failed1; 1359 } 1360 1361 edma_host->msg_send_write = 0; 1362 1363 spin_lock_init(&edma_host->send_msg_lock); 1364 1365 tasklet_init(&edma_host->tasklet, 1366 (void (*)(unsigned long))edma_host_isr_tasklet, 1367 (unsigned long)edma_host); 1368 1369 edma_host->edma_flag = bma_dev->bma_pci_dev->edma_swap_addr; 1370 1371 edma_host->edma_send_addr = 1372 (void *)((unsigned char *)bma_dev->bma_pci_dev->edma_swap_addr + 1373 HOST_DMA_FLAG_LEN); > 1374 memset(edma_host->edma_send_addr, 0, SIZE_OF_MBX_HDR); 1375 1376 edma_host->edma_recv_addr = 1377 (void *)((unsigned char *)edma_host->edma_send_addr + 1378 HOST_MAX_SEND_MBX_LEN); 1379 1380 BMA_LOG(DLOG_DEBUG, 1381 "edma_flag = %p, edma_send_addr = %p, edma_recv_addr = %p\n", 1382 edma_host->edma_flag, edma_host->edma_send_addr, 1383 edma_host->edma_recv_addr); 1384 1385 edma_host->hostrtc_viraddr = bma_dev->bma_pci_dev->hostrtc_viraddr; 1386 1387 init_waitqueue_head(&edma_host->wq_dmah2b); 1388 init_waitqueue_head(&edma_host->wq_dmab2h); 1389 1390 spin_lock_init(&edma_host->reg_lock); 1391 1392 edma_host->h2b_state = H2BSTATE_IDLE; 1393 edma_host->b2h_state = B2HSTATE_IDLE; 1394 1395 #ifdef HAVE_TIMER_SETUP 1396 timer_setup(&edma_host->heartbeat_timer, 1397 edma_host_heartbeat_timer, 0); 1398 #else 1399 setup_timer(&edma_host->heartbeat_timer, 1400 edma_host_heartbeat_timer, 1401 (unsigned long)edma_host); 1402 #endif 1403 (void)mod_timer(&edma_host->heartbeat_timer, 1404 jiffies_64 + HEARTBEAT_TIMER_INTERVAL_CHECK); 1405 1406 pnm = (struct notify_msg *)edma_host->edma_flag; 1407 if (pnm) 1408 pnm->host_registered = REGISTERED; 1409 1410 GET_SYS_SECONDS(edma_host->statistics.init_time); 1411 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-1.0-LTS] scsi/hiraid: Support New Raid feature
by LinKun 30 Dec '25

30 Dec '25

From: 岳智超 <yuezhichao1(a)h-partners.com> driver inclusion category: feature bugzilla: https://atomgit.com/openeuler/kernel/issues/8291 CVE: NA -------------------------------- Add thread irq for io queue Signed-off-by: 岳智超 <yuezhichao1(a)h-partners.com> --- drivers/scsi/hisi_raid/hiraid.h | 1 + drivers/scsi/hisi_raid/hiraid_main.c | 61 ++++++++++++++++++++++++++-- 2 files changed, 58 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/hisi_raid/hiraid.h b/drivers/scsi/hisi_raid/hiraid.h index 1ebc3dd..bc4e05a 100644 --- a/drivers/scsi/hisi_raid/hiraid.h +++ b/drivers/scsi/hisi_raid/hiraid.h @@ -683,6 +683,7 @@ struct hiraid_queue { atomic_t inflight; void *sense_buffer_virt; dma_addr_t sense_buffer_phy; + s32 pci_irq; struct dma_pool *prp_small_pool; }; diff --git a/drivers/scsi/hisi_raid/hiraid_main.c b/drivers/scsi/hisi_raid/hiraid_main.c index f84182f..d9f21f3 100644 --- a/drivers/scsi/hisi_raid/hiraid_main.c +++ b/drivers/scsi/hisi_raid/hiraid_main.c @@ -107,6 +107,13 @@ static u32 log_debug_switch; module_param(log_debug_switch, uint, 0644); MODULE_PARM_DESC(log_debug_switch, "set log state, default zero for switch off"); +static bool threaded_irq = false; +module_param(threaded_irq, bool, 0444); +MODULE_PARM_DESC(threaded_irq, "use threaded irq for io queue, default on"); + +static u32 poll_delay_min = 9; +static u32 poll_delay_max = 19; + static int extra_pool_num_set(const char *val, const struct kernel_param *kp) { u8 n = 0; @@ -153,7 +160,7 @@ static struct workqueue_struct *work_queue; __func__, ##__VA_ARGS__); \ } while (0) -#define HIRAID_DRV_VERSION "1.1.0.0" +#define HIRAID_DRV_VERSION "1.1.0.1" #define ADMIN_TIMEOUT (admin_tmout * HZ) #define USRCMD_TIMEOUT (180 * HZ) @@ -1305,6 +1312,7 @@ static int hiraid_alloc_queue(struct hiraid_dev *hdev, u16 qid, u16 depth) hiraidq->q_depth = depth; hiraidq->qid = qid; hiraidq->cq_vector = -1; + hiraidq->pci_irq = -1; hdev->queue_count++; return 0; @@ -1646,6 +1654,39 @@ static irqreturn_t hiraid_handle_irq(int irq, void *data) return ret; } +static irqreturn_t hiraid_io_poll(int irq, void *data) +{ + struct hiraid_queue *hiraidq = data; + irqreturn_t ret = IRQ_NONE; + u16 start, end; + + do { + spin_lock(&hiraidq->cq_lock); + hiraid_process_cq(hiraidq, &start, &end, -1); + hiraidq->last_cq_head = hiraidq->cq_head; + spin_unlock(&hiraidq->cq_lock); + + if (start != end) { + hiraid_complete_cqes(hiraidq, start, end); + ret = IRQ_HANDLED; + } + usleep_range(poll_delay_min, poll_delay_max); + } while (start != end); + enable_irq(hiraidq->pci_irq); + return ret; +} + +static irqreturn_t hiraid_io_irq(int irq, void *data) +{ + struct hiraid_queue *q = data; + + if (hiraid_cqe_pending(q)) { + disable_irq_nosync(q->pci_irq); + return IRQ_WAKE_THREAD; + } + return IRQ_NONE; +} + static int hiraid_setup_admin_queue(struct hiraid_dev *hdev) { struct hiraid_queue *adminq = &hdev->queues[0]; @@ -1681,9 +1722,11 @@ static int hiraid_setup_admin_queue(struct hiraid_dev *hdev) NULL, adminq, "hiraid%d_q%d", hdev->instance, adminq->qid); if (ret) { adminq->cq_vector = -1; + adminq->pci_irq = -1; return ret; } + adminq->pci_irq = pci_irq_vector(hdev->pdev, adminq->cq_vector); hiraid_init_queue(adminq, 0); dev_info(hdev->dev, "setup admin queue success, queuecount[%d] online[%d] pagesize[%d]\n", @@ -1958,14 +2001,23 @@ static int hiraid_create_queue(struct hiraid_queue *hiraidq, u16 qid) goto delete_cq; hiraidq->cq_vector = cq_vector; - ret = pci_request_irq(hdev->pdev, cq_vector, hiraid_handle_irq, NULL, - hiraidq, "hiraid%d_q%d", hdev->instance, qid); + if (threaded_irq) + ret = pci_request_irq(hdev->pdev, cq_vector, hiraid_io_irq, + hiraid_io_poll, hiraidq, "hiraid%d_q%d", + hdev->instance, qid); + else + ret = pci_request_irq(hdev->pdev, cq_vector, hiraid_handle_irq, + NULL, hiraidq, "hiraid%d_q%d", + hdev->instance, qid); + if (ret) { hiraidq->cq_vector = -1; + hiraidq->pci_irq = -1; dev_err(hdev->dev, "request queue[%d] irq failed\n", qid); goto delete_sq; } + hiraidq->pci_irq = pci_irq_vector(hdev->pdev, hiraidq->cq_vector); hiraid_init_queue(hiraidq, qid); return 0; @@ -2122,10 +2174,11 @@ static int hiraid_setup_io_queues(struct hiraid_dev *hdev) adminq, "hiraid%d_q%d", hdev->instance, adminq->qid); if (ret) { dev_err(hdev->dev, "request admin irq failed\n"); + adminq->pci_irq = -1; adminq->cq_vector = -1; return ret; } - + adminq->pci_irq = pci_irq_vector(hdev->pdev, adminq->cq_vector); hdev->online_queues++; for (i = hdev->queue_count; i <= hdev->max_qid; i++) { -- 2.45.1.windows.1

2 1

[openeuler:OLK-6.6 0/15] drivers/gpu/drm/phytium/phytium_crtc.c:189:1: sparse: sparse: symbol 'phytium_crtc_atomic_destroy_state' was not declared. Should it be static?
by kernel test robot 30 Dec '25

30 Dec '25

Hi xuyan, First bad commit (maybe != root cause): tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: f148785f0bb856bba8ceca2b699a2f102f22174a commit: 3b4a5906fa714bdc9a15fc04374942888737eb4c [0/15] drm/phytium: Fix Phytium DRM build fail config: x86_64-randconfig-123-20251230 (https://download.01.org/0day-ci/archive/20251230/202512301151.0nHQqquE-lkp@…) compiler: gcc-14 (Debian 14.2.0-19) 14.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251230/202512301151.0nHQqquE-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202512301151.0nHQqquE-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) >> drivers/gpu/drm/phytium/phytium_platform.c:35:38: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected void *pool_virt_addr @@ got void [noderef] __iomem * @@ drivers/gpu/drm/phytium/phytium_platform.c:35:38: sparse: expected void *pool_virt_addr drivers/gpu/drm/phytium/phytium_platform.c:35:38: sparse: got void [noderef] __iomem * drivers/gpu/drm/phytium/phytium_platform.c:58:21: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void volatile [noderef] __iomem *addr @@ got void *pool_virt_addr @@ drivers/gpu/drm/phytium/phytium_platform.c:58:21: sparse: expected void volatile [noderef] __iomem *addr drivers/gpu/drm/phytium/phytium_platform.c:58:21: sparse: got void *pool_virt_addr >> drivers/gpu/drm/phytium/phytium_platform.c:22:5: sparse: sparse: symbol 'phytium_platform_carveout_mem_init' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_platform.c:68:29: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void volatile [noderef] __iomem *addr @@ got void *pool_virt_addr @@ drivers/gpu/drm/phytium/phytium_platform.c:68:29: sparse: expected void volatile [noderef] __iomem *addr drivers/gpu/drm/phytium/phytium_platform.c:68:29: sparse: got void *pool_virt_addr >> drivers/gpu/drm/phytium/phytium_platform.c:63:6: sparse: sparse: symbol 'phytium_platform_carveout_mem_fini' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_platform.c:372:10: sparse: sparse: Initializer entry defined twice drivers/gpu/drm/phytium/phytium_platform.c:380:10: sparse: also defined here -- >> drivers/gpu/drm/phytium/pe220x_dp.c:465:6: sparse: sparse: symbol 'pe220x_dp_hw_spread_is_enable' was not declared. Should it be static? drivers/gpu/drm/phytium/pe220x_dp.c:470:5: sparse: sparse: symbol 'pe220x_dp_hw_reset' was not declared. Should it be static? >> drivers/gpu/drm/phytium/pe220x_dp.c:485:9: sparse: sparse: symbol 'pe220x_dp_hw_get_source_lane_count' was not declared. Should it be static? -- >> drivers/gpu/drm/phytium/phytium_pci.c:20:5: sparse: sparse: symbol 'dc_msi_enable' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_pci.c:24:6: sparse: sparse: symbol 'phytium_pci_vram_hw_init' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_pci.c:57:46: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected void *pool_virt_addr @@ got void [noderef] __iomem * @@ drivers/gpu/drm/phytium/phytium_pci.c:57:46: sparse: expected void *pool_virt_addr drivers/gpu/drm/phytium/phytium_pci.c:57:46: sparse: got void [noderef] __iomem * drivers/gpu/drm/phytium/phytium_pci.c:61:46: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected void *pool_virt_addr @@ got void [noderef] __iomem * @@ drivers/gpu/drm/phytium/phytium_pci.c:61:46: sparse: expected void *pool_virt_addr drivers/gpu/drm/phytium/phytium_pci.c:61:46: sparse: got void [noderef] __iomem * drivers/gpu/drm/phytium/phytium_pci.c:88:38: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected void [noderef] __iomem *addr @@ got void *pool_virt_addr @@ drivers/gpu/drm/phytium/phytium_pci.c:88:38: sparse: expected void [noderef] __iomem *addr drivers/gpu/drm/phytium/phytium_pci.c:88:38: sparse: got void *pool_virt_addr drivers/gpu/drm/phytium/phytium_pci.c:49:5: sparse: sparse: symbol 'phytium_pci_vram_init' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_pci.c:98:46: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected void [noderef] __iomem *addr @@ got void *pool_virt_addr @@ drivers/gpu/drm/phytium/phytium_pci.c:98:46: sparse: expected void [noderef] __iomem *addr drivers/gpu/drm/phytium/phytium_pci.c:98:46: sparse: got void *pool_virt_addr drivers/gpu/drm/phytium/phytium_pci.c:93:6: sparse: sparse: symbol 'phytium_pci_vram_fini' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_pci.c:115:5: sparse: sparse: symbol 'phytium_pci_dma_init' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_pci.c:163:6: sparse: sparse: symbol 'phytium_pci_dma_fini' was not declared. Should it be static? -- drivers/gpu/drm/phytium/phytium_plane.c:30:6: sparse: sparse: symbol 'phytium_plane_destroy' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_plane.c:72:1: sparse: sparse: symbol 'phytium_plane_atomic_set_property' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_plane.c:81:24: sparse: sparse: symbol 'phytium_plane_atomic_duplicate_state' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_plane.c:103:1: sparse: sparse: symbol 'phytium_plane_atomic_destroy_state' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_plane.c:140:30: sparse: sparse: symbol 'phytium_plane_funcs' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_plane.c:543:37: sparse: sparse: symbol 'phytium_plane_helper_funcs' was not declared. Should it be static? -- drivers/gpu/drm/phytium/phytium_crtc.c:173:23: sparse: sparse: symbol 'phytium_crtc_atomic_duplicate_state' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_crtc.c:189:1: sparse: sparse: symbol 'phytium_crtc_atomic_destroy_state' was not declared. Should it be static? -- drivers/gpu/drm/phytium/phytium_dp.c:506:6: sparse: sparse: symbol 'phytium_dp_coding_8b10b_need_enable' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_dp.c:523:6: sparse: sparse: symbol 'phytium_dp_scrambled_need_enable' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:656:6: sparse: sparse: symbol 'phytium_dp_hw_enable_audio' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_dp.c:825:6: sparse: sparse: symbol 'phytium_dp_hw_disable_video' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_dp.c:836:6: sparse: sparse: symbol 'phytium_dp_hw_video_is_enable' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:847:6: sparse: sparse: symbol 'phytium_dp_hw_enable_video' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:859:6: sparse: sparse: symbol 'phytium_dp_hw_config_video' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_dp.c:951:6: sparse: sparse: symbol 'phytium_dp_hw_disable_output' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:963:6: sparse: sparse: symbol 'phytium_dp_hw_enable_output' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:975:6: sparse: sparse: symbol 'phytium_dp_hw_enable_input_source' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:986:6: sparse: sparse: symbol 'phytium_dp_hw_disable_input_source' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:996:6: sparse: sparse: symbol 'phytium_dp_hw_output_is_enable' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:1033:6: sparse: sparse: symbol 'phytium_dp_hw_hpd_irq_setup' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_dp.c:1048:5: sparse: sparse: symbol 'phytium_dp_hw_init' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:1226:6: sparse: sparse: symbol 'phytium_dp_dpcd_sink_dpms' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:1451:5: sparse: sparse: symbol 'phytium_dp_get_link_train_fallback_values' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_dp.c:1500:5: sparse: sparse: symbol 'phytium_dp_start_link_train' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_dp.c:1815:6: sparse: sparse: symbol 'phytium_dp_hpd_poll_handler' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_dp.c:1962:6: sparse: sparse: symbol 'phytium_dp_fast_link_train' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:2153:6: sparse: sparse: symbol 'phytium_dp_adjust_link_train_parameter' was not declared. Should it be static? drivers/gpu/drm/phytium/phytium_dp.c:2213:1: sparse: sparse: symbol 'phytium_encoder_mode_valid' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:2269:6: sparse: sparse: symbol 'phytium_dp_encoder_destroy' was not declared. Should it be static? >> drivers/gpu/drm/phytium/phytium_dp.c:2482:5: sparse: sparse: symbol 'phytium_get_encoder_crtc_mask' was not declared. Should it be static? vim +/phytium_crtc_atomic_destroy_state +189 drivers/gpu/drm/phytium/phytium_crtc.c b80df10f845813 lishuo 2024-01-31 187 b80df10f845813 lishuo 2024-01-31 188 void b80df10f845813 lishuo 2024-01-31 @189 phytium_crtc_atomic_destroy_state(struct drm_crtc *crtc, b80df10f845813 lishuo 2024-01-31 190 struct drm_crtc_state *state) b80df10f845813 lishuo 2024-01-31 191 { b80df10f845813 lishuo 2024-01-31 192 struct phytium_crtc_state *phytium_crtc_state = b80df10f845813 lishuo 2024-01-31 193 to_phytium_crtc_state(state); b80df10f845813 lishuo 2024-01-31 194 b80df10f845813 lishuo 2024-01-31 195 phytium_crtc_state = to_phytium_crtc_state(state); b80df10f845813 lishuo 2024-01-31 196 __drm_atomic_helper_crtc_destroy_state(state); b80df10f845813 lishuo 2024-01-31 197 kfree(phytium_crtc_state); b80df10f845813 lishuo 2024-01-31 198 } b80df10f845813 lishuo 2024-01-31 199 :::::: The code at line 189 was first introduced by commit :::::: b80df10f845813bb4fc2002b5386ecdfa8be5f6c DRM: Phytium display DRM driver :::::: TO: lishuo <lishuo(a)phytium.com.cn> :::::: CC: lishuo <lishuo(a)phytium.com.cn> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0