hulk inclusion
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB8UN5
CVE: CVE-2022-48975
--------------------------------
Commit aa1e2bfdc899 attempt to fix a CVE problem, but the patch
conflicted with current version. When the patch is adapted,
an error is introduced in the function of gpiochip_add_data_with_key.
After the gdev is released, the gdev is still accessed, resulting in
use-after-free.
The value of gdev->ngpio is assigned from gc->ngpio and is not changed
during the processing of function. Therefore, this patch changes
gdev->ngpio to gc->ngpio to solve the above use-after-free problem.
Fixes: aa1e2bfdc899 ("gpiolib: fix memory leak in gpiochip_setup_dev()")
Signed-off-by: He Yujie <coka.heyujie(a)huawei.com>
---
drivers/gpio/gpiolib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index ae000b513bc1..9e717cf180d4 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -795,7 +795,7 @@ int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data,
err_print_message:
/* failures here can mean systems won't boot... */
pr_err("%s: GPIOs %d..%d (%s) failed to register, %d\n", __func__,
- base, base + gdev->ngpio - 1,
+ base, base + (int)gc->ngpio - 1,
gc->label ? : "generic", ret);
return ret;
}
--
2.34.1
tree: https://gitee.com/openeuler/kernel.git OLK-6.6
head: 46064348cc445799cf9e8fd030323a0426fbb5e4
commit: 1ab6383ee94e788fe424d7eac10dc8ec3bfa6828 [1613/1613] ACPI / PPTT: Provide a helper to walk processor containers
config: loongarch-randconfig-r111-20241210 (https://download.01.org/0day-ci/archive/20241218/202412180435.xFKN88By-lkp@…)
compiler: loongarch64-linux-gcc (GCC) 14.2.0
reproduce: (https://download.01.org/0day-ci/archive/20241218/202412180435.xFKN88By-lkp@…)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp(a)intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202412180435.xFKN88By-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
>> drivers/acpi/pptt.c:309:5: sparse: sparse: symbol 'acpi_pptt_for_each_container' was not declared. Should it be static?
drivers/acpi/pptt.c: note: in included file (through include/linux/mmzone.h, include/linux/gfp.h, include/linux/slab.h, ...):
include/linux/page-flags.h:245:46: sparse: sparse: self-comparison always evaluates to false
vim +/acpi_pptt_for_each_container +309 drivers/acpi/pptt.c
297
298 /**
299 * acpi_pptt_for_each_container() - Iterate over all processor containers
300 *
301 * Not all 'Processor' entries in the PPTT are either a CPU or a Processor
302 * Container, they may exist purely to describe a Private resource. CPUs
303 * have to be leaves, so a Processor Container is a non-leaf that has the
304 * 'ACPI Processor ID valid' flag set.
305 *
306 * Return: 0 for a complete walk, or the first non-zero value from the callback
307 * that stopped the walk.
308 */
> 309 int acpi_pptt_for_each_container(acpi_pptt_cpu_callback_t callback, void *arg)
310 {
311 struct acpi_pptt_processor *cpu_node;
312 struct acpi_table_header *table_hdr;
313 struct acpi_subtable_header *entry;
314 bool leaf_flag, has_leaf_flag = false;
315 unsigned long table_end;
316 acpi_status status;
317 u32 proc_sz;
318 int ret = 0;
319
320 status = acpi_get_table(ACPI_SIG_PPTT, 0, &table_hdr);
321 if (ACPI_FAILURE(status))
322 return 0;
323
324 if (table_hdr->revision > 1)
325 has_leaf_flag = true;
326
327 table_end = (unsigned long)table_hdr + table_hdr->length;
328 entry = ACPI_ADD_PTR(struct acpi_subtable_header, table_hdr,
329 sizeof(struct acpi_table_pptt));
330 proc_sz = sizeof(struct acpi_pptt_processor);
331 while ((unsigned long)entry + proc_sz < table_end) {
332 cpu_node = (struct acpi_pptt_processor *)entry;
333 if (entry->type == ACPI_PPTT_TYPE_PROCESSOR &&
334 cpu_node->flags & ACPI_PPTT_ACPI_PROCESSOR_ID_VALID)
335 {
336 leaf_flag = cpu_node->flags & ACPI_PPTT_ACPI_LEAF_NODE;
337 if ((has_leaf_flag && !leaf_flag) ||
338 (!has_leaf_flag && !acpi_pptt_leaf_node(table_hdr, cpu_node)))
339 {
340 ret = callback(cpu_node, arg);
341 if (ret)
342 break;
343 }
344 }
345 entry = ACPI_ADD_PTR(struct acpi_subtable_header, entry,
346 entry->length);
347 }
348
349 acpi_put_table(table_hdr);
350
351 return ret;
352 }
353
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IBBRHP
---------------------------------------------------------------
The list_head entry in iopf_group has been moved to iopf_group_extend
for KABI compatibility and the lack of KABI reserve entry. Reserve extra
kabi entry for future usage.
Signed-off-by: Zhang Zekun <zhangzekun11(a)huawei.com>
---
include/linux/iommu.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/include/linux/iommu.h b/include/linux/iommu.h
index bb463cb96a44..83ec4bf9809e 100644
--- a/include/linux/iommu.h
+++ b/include/linux/iommu.h
@@ -155,6 +155,10 @@ struct iopf_group {
KABI_USE(2, u32 cookie)
KABI_RESERVE(3)
KABI_RESERVE(4)
+ KABI_RESERVE(5)
+ KABI_RESERVE(6)
+ KABI_RESERVE(7)
+ KABI_RESERVE(8)
};
struct iopf_group_extend {
--
2.22.0