- Kernel - mailweb.openeuler.org

[PATCH OLK-5.10] ext4: sanity check for NULL pointer after ext4_force_shutdown
by Zizhi Wo 28 Aug '24

28 Aug '24

From: Wojciech Gładysz <wojciech.gladysz(a)infogain.com> stable inclusion from stable-6.6.47 commit 3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAMM9L CVE: CVE-2024-43898 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- [ Upstream commit 83f4414b8f84249d538905825b088ff3ae555652 ] Test case: 2 threads write short inline data to a file. In ext4_page_mkwrite the resulting inline data is converted. Handling ext4_grp_locked_error with description "block bitmap and bg descriptor inconsistent: X vs Y free clusters" calls ext4_force_shutdown. The conversion clears EXT4_STATE_MAY_INLINE_DATA but fails for ext4_destroy_inline_data_nolock and ext4_mark_iloc_dirty due to ext4_forced_shutdown. The restoration of inline data fails for the same reason not setting EXT4_STATE_MAY_INLINE_DATA. Without the flag set a regular process path in ext4_da_write_end follows trying to dereference page folio private pointer that has not been set. The fix calls early return with -EIO error shall the pointer to private be NULL. Sample crash report: Unable to handle kernel paging request at virtual address dfff800000000004 KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [dfff800000000004] address between user and kernel address ranges Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 20274 Comm: syz-executor185 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __block_commit_write+0x64/0x2b0 fs/buffer.c:2167 lr : __block_commit_write+0x3c/0x2b0 fs/buffer.c:2160 sp : ffff8000a1957600 x29: ffff8000a1957610 x28: dfff800000000000 x27: ffff0000e30e34b0 x26: 0000000000000000 x25: dfff800000000000 x24: dfff800000000000 x23: fffffdffc397c9e0 x22: 0000000000000020 x21: 0000000000000020 x20: 0000000000000040 x19: fffffdffc397c9c0 x18: 1fffe000367bd196 x17: ffff80008eead000 x16: ffff80008ae89e3c x15: 00000000200000c0 x14: 1fffe0001cbe4e04 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000001 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 0000000000000004 x7 : 0000000000000000 x6 : 0000000000000000 x5 : fffffdffc397c9c0 x4 : 0000000000000020 x3 : 0000000000000020 x2 : 0000000000000040 x1 : 0000000000000020 x0 : fffffdffc397c9c0 Call trace: __block_commit_write+0x64/0x2b0 fs/buffer.c:2167 block_write_end+0xb4/0x104 fs/buffer.c:2253 ext4_da_do_write_end fs/ext4/inode.c:2955 [inline] ext4_da_write_end+0x2c4/0xa40 fs/ext4/inode.c:3028 generic_perform_write+0x394/0x588 mm/filemap.c:3985 ext4_buffered_write_iter+0x2c0/0x4ec fs/ext4/file.c:299 ext4_file_write_iter+0x188/0x1780 call_write_iter include/linux/fs.h:2110 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x968/0xc3c fs/read_write.c:590 ksys_write+0x15c/0x26c fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __arm64_sys_write+0x7c/0x90 fs/read_write.c:652 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Code: 97f85911 f94002da 91008356 d343fec8 (38796908) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: 97f85911 bl 0xffffffffffe16444 4: f94002da ldr x26, [x22] 8: 91008356 add x22, x26, #0x20 c: d343fec8 lsr x8, x22, #3 * 10: 38796908 ldrb w8, [x8, x25] <-- trapping instruction Reported-by: syzbot+18df508cf00a0598d9a6(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=18df508cf00a0598d9a6 Link: https://lore.kernel.org/all/000000000000f19a1406109eb5c5@google.com/T/ Signed-off-by: Wojciech Gładysz <wojciech.gladysz(a)infogain.com> Link: https://patch.msgid.link/20240703070112.10235-1-wojciech.gladysz@infogain.c… Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: fs/buffer.c fs/ext4/inode.c [Since folio is not defined in the earlier version, page_private is judged ahead of time.] Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> --- fs/buffer.c | 3 +++ fs/ext4/inode.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/fs/buffer.c b/fs/buffer.c index a74312b1bb42..0419cbff9419 100644 --- a/fs/buffer.c +++ b/fs/buffer.c @@ -2070,6 +2070,9 @@ static int __block_commit_write(struct inode *inode, struct page *page, unsigned blocksize; struct buffer_head *bh, *head; + if (!page_private(page)) + return 0; + bh = head = page_buffers(page); blocksize = bh->b_size; diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 8e4407120cbc..c9326e059e3b 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3078,6 +3078,9 @@ static int ext4_da_do_write_end(struct address_space *mapping, bool disksize_changed = false; loff_t new_i_size; + if (unlikely(!page_private(page))) + return -EIO; + /* * block_write_end() will mark the inode as dirty with I_DIRTY_PAGES * flag, which all that's needed to trigger page writeback. -- 2.39.2

2 1

[PATCH openEuler-22.03-LTS-SP1] ext4: sanity check for NULL pointer after ext4_force_shutdown
by Zizhi Wo 28 Aug '24

28 Aug '24

From: Wojciech Gładysz <wojciech.gladysz(a)infogain.com> stable inclusion from stable-6.6.47 commit 3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAMM9L CVE: CVE-2024-43898 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- [ Upstream commit 83f4414b8f84249d538905825b088ff3ae555652 ] Test case: 2 threads write short inline data to a file. In ext4_page_mkwrite the resulting inline data is converted. Handling ext4_grp_locked_error with description "block bitmap and bg descriptor inconsistent: X vs Y free clusters" calls ext4_force_shutdown. The conversion clears EXT4_STATE_MAY_INLINE_DATA but fails for ext4_destroy_inline_data_nolock and ext4_mark_iloc_dirty due to ext4_forced_shutdown. The restoration of inline data fails for the same reason not setting EXT4_STATE_MAY_INLINE_DATA. Without the flag set a regular process path in ext4_da_write_end follows trying to dereference page folio private pointer that has not been set. The fix calls early return with -EIO error shall the pointer to private be NULL. Sample crash report: Unable to handle kernel paging request at virtual address dfff800000000004 KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [dfff800000000004] address between user and kernel address ranges Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 20274 Comm: syz-executor185 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __block_commit_write+0x64/0x2b0 fs/buffer.c:2167 lr : __block_commit_write+0x3c/0x2b0 fs/buffer.c:2160 sp : ffff8000a1957600 x29: ffff8000a1957610 x28: dfff800000000000 x27: ffff0000e30e34b0 x26: 0000000000000000 x25: dfff800000000000 x24: dfff800000000000 x23: fffffdffc397c9e0 x22: 0000000000000020 x21: 0000000000000020 x20: 0000000000000040 x19: fffffdffc397c9c0 x18: 1fffe000367bd196 x17: ffff80008eead000 x16: ffff80008ae89e3c x15: 00000000200000c0 x14: 1fffe0001cbe4e04 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000001 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 0000000000000004 x7 : 0000000000000000 x6 : 0000000000000000 x5 : fffffdffc397c9c0 x4 : 0000000000000020 x3 : 0000000000000020 x2 : 0000000000000040 x1 : 0000000000000020 x0 : fffffdffc397c9c0 Call trace: __block_commit_write+0x64/0x2b0 fs/buffer.c:2167 block_write_end+0xb4/0x104 fs/buffer.c:2253 ext4_da_do_write_end fs/ext4/inode.c:2955 [inline] ext4_da_write_end+0x2c4/0xa40 fs/ext4/inode.c:3028 generic_perform_write+0x394/0x588 mm/filemap.c:3985 ext4_buffered_write_iter+0x2c0/0x4ec fs/ext4/file.c:299 ext4_file_write_iter+0x188/0x1780 call_write_iter include/linux/fs.h:2110 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x968/0xc3c fs/read_write.c:590 ksys_write+0x15c/0x26c fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __arm64_sys_write+0x7c/0x90 fs/read_write.c:652 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Code: 97f85911 f94002da 91008356 d343fec8 (38796908) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: 97f85911 bl 0xffffffffffe16444 4: f94002da ldr x26, [x22] 8: 91008356 add x22, x26, #0x20 c: d343fec8 lsr x8, x22, #3 * 10: 38796908 ldrb w8, [x8, x25] <-- trapping instruction Reported-by: syzbot+18df508cf00a0598d9a6(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=18df508cf00a0598d9a6 Link: https://lore.kernel.org/all/000000000000f19a1406109eb5c5@google.com/T/ Signed-off-by: Wojciech Gładysz <wojciech.gladysz(a)infogain.com> Link: https://patch.msgid.link/20240703070112.10235-1-wojciech.gladysz@infogain.c… Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: fs/buffer.c fs/ext4/inode.c [Since folio is not defined in the earlier version, page_private is judged ahead of time.] Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> --- fs/buffer.c | 3 +++ fs/ext4/inode.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/fs/buffer.c b/fs/buffer.c index 93324b06ecb4..a22d35004874 100644 --- a/fs/buffer.c +++ b/fs/buffer.c @@ -2070,6 +2070,9 @@ static int __block_commit_write(struct inode *inode, struct page *page, unsigned blocksize; struct buffer_head *bh, *head; + if (!page_private(page)) + return 0; + bh = head = page_buffers(page); blocksize = bh->b_size; diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 690f7866dc0c..f8459b6b9a27 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3089,6 +3089,9 @@ static int ext4_da_do_write_end(struct address_space *mapping, bool disksize_changed = false; loff_t new_i_size; + if (unlikely(!page_private(page))) + return -EIO; + /* * block_write_end() will mark the inode as dirty with I_DIRTY_PAGES * flag, which all that's needed to trigger page writeback. -- 2.39.2

2 1

[openeuler:OLK-5.10 27211/30000] arch/x86/kvm/x86.c:1076:6: warning: no previous prototype for function 'kvm_post_set_cr4'
by kernel test robot 28 Aug '24

28 Aug '24

Hi Yu, FYI, the error/warning was bisected to this commit, please ignore it if it's irrelevant. tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: d96e94294726506c2893c3a71305c65168c22526 commit: 8a7e6f51a756aa6e88ebd5da8a5f3b6744cd07b5 [27211/30000] KVM: x86: Introduce kvm_post_set_cr4 to post handle the CR4 emulation config: x86_64-rhel-8.3-rust (https://download.01.org/0day-ci/archive/20240828/202408281404.nd7rLidC-lkp@…) compiler: clang version 18.1.5 (https://github.com/llvm/llvm-project 617a15a9eac96088ae5e9134248d8236e34b91b1) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240828/202408281404.nd7rLidC-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202408281404.nd7rLidC-lkp@intel.com/ All warnings (new ones prefixed by >>): arch/x86/kvm/x86.c:893:6: warning: no previous prototype for function 'kvm_post_set_cr0' [-Wmissing-prototypes] 893 | void kvm_post_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0) | ^ arch/x86/kvm/x86.c:893:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 893 | void kvm_post_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0) | ^ | static >> arch/x86/kvm/x86.c:1076:6: warning: no previous prototype for function 'kvm_post_set_cr4' [-Wmissing-prototypes] 1076 | void kvm_post_set_cr4(struct kvm_vcpu *vcpu, unsigned long old_cr4, unsigned long cr4) | ^ arch/x86/kvm/x86.c:1076:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 1076 | void kvm_post_set_cr4(struct kvm_vcpu *vcpu, unsigned long old_cr4, unsigned long cr4) | ^ | static 2 warnings generated. vim +/kvm_post_set_cr4 +1076 arch/x86/kvm/x86.c 1075 > 1076 void kvm_post_set_cr4(struct kvm_vcpu *vcpu, unsigned long old_cr4, unsigned long cr4) 1077 { 1078 unsigned long mmu_role_bits = X86_CR4_PGE | X86_CR4_PSE | X86_CR4_PAE | 1079 X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE; 1080 1081 if (((cr4 ^ old_cr4) & mmu_role_bits) || 1082 (!(cr4 & X86_CR4_PCIDE) && (old_cr4 & X86_CR4_PCIDE))) 1083 kvm_mmu_reset_context(vcpu); 1084 } 1085 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-6.6] nfs: pass explicit offset/count to trace events
by Zizhi Wo 28 Aug '24

28 Aug '24

From: Christoph Hellwig <hch(a)lst.de> stable inclusion from stable-v6.10.3 commit 387e6e9d110250946df4d4ebef9c2def5c7a4722 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKQ2A CVE: CVE-2024-43826 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- [ Upstream commit fada32ed6dbc748f447c8d050a961b75d946055a ] nfs_folio_length is unsafe to use without having the folio locked and a check for a NULL ->f_mapping that protects against truncations and can lead to kernel crashes. E.g. when running xfstests generic/065 with all nfs trace points enabled. Follow the model of the XFS trace points and pass in an explіcit offset and length. This has the additional benefit that these values can be more accurate as some of the users touch partial folio ranges. Fixes: eb5654b3b89d ("NFS: Enable tracing of nfs_invalidate_folio() and nfs_launder_folio()") Reported-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Anna Schumaker <Anna.Schumaker(a)Netapp.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: fs/nfs/file.c [Trace context conflict, no adaptation required.] Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> --- fs/nfs/file.c | 5 +++-- fs/nfs/nfstrace.h | 36 ++++++++++++++++++++---------------- fs/nfs/read.c | 8 +++++--- fs/nfs/write.c | 10 +++++----- 4 files changed, 33 insertions(+), 26 deletions(-) diff --git a/fs/nfs/file.c b/fs/nfs/file.c index 3f9768810427..9342f8074801 100644 --- a/fs/nfs/file.c +++ b/fs/nfs/file.c @@ -434,7 +434,7 @@ static void nfs_invalidate_folio(struct folio *folio, size_t offset, /* Cancel any unstarted writes on this page */ nfs_wb_folio_cancel(inode, folio); folio_wait_fscache(folio); - trace_nfs_invalidate_folio(inode, folio); + trace_nfs_invalidate_folio(inode, folio_pos(folio) + offset, length); } /* @@ -502,7 +502,8 @@ static int nfs_launder_folio(struct folio *folio) folio_wait_fscache(folio); ret = nfs_wb_folio(inode, folio); - trace_nfs_launder_folio_done(inode, folio, ret); + trace_nfs_launder_folio_done(inode, folio_pos(folio), + folio_size(folio), ret); return ret; } diff --git a/fs/nfs/nfstrace.h b/fs/nfs/nfstrace.h index 4e90ca531176..004c25f0782b 100644 --- a/fs/nfs/nfstrace.h +++ b/fs/nfs/nfstrace.h @@ -933,10 +933,11 @@ TRACE_EVENT(nfs_sillyrename_unlink, DECLARE_EVENT_CLASS(nfs_folio_event, TP_PROTO( const struct inode *inode, - struct folio *folio + loff_t offset, + size_t count ), - TP_ARGS(inode, folio), + TP_ARGS(inode, offset, count), TP_STRUCT__entry( __field(dev_t, dev) @@ -944,7 +945,7 @@ DECLARE_EVENT_CLASS(nfs_folio_event, __field(u64, fileid) __field(u64, version) __field(loff_t, offset) - __field(u32, count) + __field(size_t, count) ), TP_fast_assign( @@ -954,13 +955,13 @@ DECLARE_EVENT_CLASS(nfs_folio_event, __entry->fileid = nfsi->fileid; __entry->fhandle = nfs_fhandle_hash(&nfsi->fh); __entry->version = inode_peek_iversion_raw(inode); - __entry->offset = folio_file_pos(folio); - __entry->count = nfs_folio_length(folio); + __entry->offset = offset, + __entry->count = count; ), TP_printk( "fileid=%02x:%02x:%llu fhandle=0x%08x version=%llu " - "offset=%lld count=%u", + "offset=%lld count=%zu", MAJOR(__entry->dev), MINOR(__entry->dev), (unsigned long long)__entry->fileid, __entry->fhandle, __entry->version, @@ -972,18 +973,20 @@ DECLARE_EVENT_CLASS(nfs_folio_event, DEFINE_EVENT(nfs_folio_event, name, \ TP_PROTO( \ const struct inode *inode, \ - struct folio *folio \ + loff_t offset, \ + size_t count \ ), \ - TP_ARGS(inode, folio)) + TP_ARGS(inode, offset, count)) DECLARE_EVENT_CLASS(nfs_folio_event_done, TP_PROTO( const struct inode *inode, - struct folio *folio, + loff_t offset, + size_t count, int ret ), - TP_ARGS(inode, folio, ret), + TP_ARGS(inode, offset, count, ret), TP_STRUCT__entry( __field(dev_t, dev) @@ -992,7 +995,7 @@ DECLARE_EVENT_CLASS(nfs_folio_event_done, __field(u64, fileid) __field(u64, version) __field(loff_t, offset) - __field(u32, count) + __field(size_t, count) ), TP_fast_assign( @@ -1002,14 +1005,14 @@ DECLARE_EVENT_CLASS(nfs_folio_event_done, __entry->fileid = nfsi->fileid; __entry->fhandle = nfs_fhandle_hash(&nfsi->fh); __entry->version = inode_peek_iversion_raw(inode); - __entry->offset = folio_file_pos(folio); - __entry->count = nfs_folio_length(folio); + __entry->offset = offset, + __entry->count = count, __entry->ret = ret; ), TP_printk( "fileid=%02x:%02x:%llu fhandle=0x%08x version=%llu " - "offset=%lld count=%u ret=%d", + "offset=%lld count=%zu ret=%d", MAJOR(__entry->dev), MINOR(__entry->dev), (unsigned long long)__entry->fileid, __entry->fhandle, __entry->version, @@ -1021,10 +1024,11 @@ DECLARE_EVENT_CLASS(nfs_folio_event_done, DEFINE_EVENT(nfs_folio_event_done, name, \ TP_PROTO( \ const struct inode *inode, \ - struct folio *folio, \ + loff_t offset, \ + size_t count, \ int ret \ ), \ - TP_ARGS(inode, folio, ret)) + TP_ARGS(inode, offset, count, ret)) DEFINE_NFS_FOLIO_EVENT(nfs_aop_readpage); DEFINE_NFS_FOLIO_EVENT_DONE(nfs_aop_readpage_done); diff --git a/fs/nfs/read.c b/fs/nfs/read.c index a142287d86f6..88e6a78d37fb 100644 --- a/fs/nfs/read.c +++ b/fs/nfs/read.c @@ -332,13 +332,15 @@ int nfs_read_add_folio(struct nfs_pageio_descriptor *pgio, int nfs_read_folio(struct file *file, struct folio *folio) { struct inode *inode = file_inode(file); + loff_t pos = folio_pos(folio); + size_t len = folio_size(folio); struct nfs_pageio_descriptor pgio; struct nfs_open_context *ctx; int ret; - trace_nfs_aop_readpage(inode, folio); + trace_nfs_aop_readpage(inode, pos, len); nfs_inc_stats(inode, NFSIOS_VFSREADPAGE); - task_io_account_read(folio_size(folio)); + task_io_account_read(len); /* * Try to flush any pending writes to the file.. @@ -381,7 +383,7 @@ int nfs_read_folio(struct file *file, struct folio *folio) out_put: put_nfs_open_context(ctx); out: - trace_nfs_aop_readpage_done(inode, folio, ret); + trace_nfs_aop_readpage_done(inode, pos, len, ret); return ret; out_unlock: folio_unlock(folio); diff --git a/fs/nfs/write.c b/fs/nfs/write.c index 7d03811f44a4..6bc36cef14cd 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c @@ -2088,17 +2088,17 @@ int nfs_wb_folio_cancel(struct inode *inode, struct folio *folio) */ int nfs_wb_folio(struct inode *inode, struct folio *folio) { - loff_t range_start = folio_file_pos(folio); - loff_t range_end = range_start + (loff_t)folio_size(folio) - 1; + loff_t range_start = folio_pos(folio); + size_t len = folio_size(folio); struct writeback_control wbc = { .sync_mode = WB_SYNC_ALL, .nr_to_write = 0, .range_start = range_start, - .range_end = range_end, + .range_end = range_start + len - 1, }; int ret; - trace_nfs_writeback_folio(inode, folio); + trace_nfs_writeback_folio(inode, range_start, len); for (;;) { folio_wait_writeback(folio); @@ -2116,7 +2116,7 @@ int nfs_wb_folio(struct inode *inode, struct folio *folio) goto out_error; } out_error: - trace_nfs_writeback_folio_done(inode, folio, ret); + trace_nfs_writeback_folio_done(inode, range_start, len, ret); return ret; } -- 2.39.2

2 1

[PATCH OLK-5.10] apparmor: Fix null pointer deref when receiving skb during sock creation
by Gu Bowen 28 Aug '24

28 Aug '24

From: Xiao Liang <shaw.leon(a)gmail.com> stable inclusion from stable-v5.10.224 commit 347dcb84a4874b5fb375092c08d8cc4069b94f81 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKPW7 CVE: CVE-2023-52889 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit fce09ea314505a52f2436397608fa0a5d0934fb1 ] The panic below is observed when receiving ICMP packets with secmark set while an ICMP raw socket is being created. SK_CTX(sk)->label is updated in apparmor_socket_post_create(), but the packet is delivered to the socket before that, causing the null pointer dereference. Drop the packet if label context is not set. BUG: kernel NULL pointer dereference, address: 000000000000004c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020 RIP: 0010:aa_label_next_confined+0xb/0x40 Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2 RSP: 0018:ffffa92940003b08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002 R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0 PKRU: 55555554 Call Trace: <IRQ> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? exc_page_fault+0x7f/0x180 ? asm_exc_page_fault+0x26/0x30 ? aa_label_next_confined+0xb/0x40 apparmor_secmark_check+0xec/0x330 security_sock_rcv_skb+0x35/0x50 sk_filter_trim_cap+0x47/0x250 sock_queue_rcv_skb_reason+0x20/0x60 raw_rcv+0x13c/0x210 raw_local_deliver+0x1f3/0x250 ip_protocol_deliver_rcu+0x4f/0x2f0 ip_local_deliver_finish+0x76/0xa0 __netif_receive_skb_one_core+0x89/0xa0 netif_receive_skb+0x119/0x170 ? __netdev_alloc_skb+0x3d/0x140 vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] __napi_poll+0x28/0x1b0 net_rx_action+0x2a4/0x380 __do_softirq+0xd1/0x2c8 __irq_exit_rcu+0xbb/0xf0 common_interrupt+0x86/0xa0 </IRQ> <TASK> asm_common_interrupt+0x26/0x40 RIP: 0010:apparmor_socket_post_create+0xb/0x200 Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48 RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286 RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003 R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748 ? __pfx_apparmor_socket_post_create+0x10/0x10 security_socket_post_create+0x4b/0x80 __sock_create+0x176/0x1f0 __sys_socket+0x89/0x100 __x64_sys_socket+0x17/0x20 do_syscall_64+0x5d/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc Fixes: ab9f2115081a ("apparmor: Allow filtering based on secmark policy") Signed-off-by: Xiao Liang <shaw.leon(a)gmail.com> Signed-off-by: John Johansen <john.johansen(a)canonical.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Gu Bowen <gubowen5(a)huawei.com> --- security/apparmor/lsm.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 052f1b920e43..37aa1650c74e 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1048,6 +1048,13 @@ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) if (!skb->secmark) return 0; + /* + * If reach here before socket_post_create hook is called, in which + * case label is null, drop the packet. + */ + if (!ctx->label) + return -EACCES; + return apparmor_secmark_check(ctx->label, OP_RECVMSG, AA_MAY_RECEIVE, skb->secmark, sk); } -- 2.25.1

2 1

[PATCH openEuler-1.0-LTS] io_uring: add a schedule point in io_add_buffers()
by Zizhi Wo 28 Aug '24

28 Aug '24

From: Eric Dumazet <edumazet(a)google.com> stable inclusion from stable-5.10.103 commit 4a93c6594613c3429b6f30136fff115c7f803af4 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IALQ20 CVE: CVE-2022-48937 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- commit f240762f88b4b1b58561939ffd44837759756477 upstream. Looping ~65535 times doing kmalloc() calls can trigger soft lockups, especially with DEBUG features (like KASAN). [ 253.536212] watchdog: BUG: soft lockup - CPU#64 stuck for 26s! [b219417889:12575] [ 253.544433] Modules linked in: vfat fat i2c_mux_pca954x i2c_mux spidev cdc_acm xhci_pci xhci_hcd sha3_generic gq(O) [ 253.544451] CPU: 64 PID: 12575 Comm: b219417889 Tainted: G S O 5.17.0-smp-DEV #801 [ 253.544457] RIP: 0010:kernel_text_address (./include/asm-generic/sections.h:192 ./include/linux/kallsyms.h:29 kernel/extable.c:67 kernel/extable.c:98) [ 253.544464] Code: 0f 93 c0 48 c7 c1 e0 63 d7 a4 48 39 cb 0f 92 c1 20 c1 0f b6 c1 5b 5d c3 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 53 48 89 fb <48> c7 c0 00 00 80 a0 41 be 01 00 00 00 48 39 c7 72 0c 48 c7 c0 40 [ 253.544468] RSP: 0018:ffff8882d8baf4c0 EFLAGS: 00000246 [ 253.544471] RAX: 1ffff1105b175e00 RBX: ffffffffa13ef09a RCX: 00000000a13ef001 [ 253.544474] RDX: ffffffffa13ef09a RSI: ffff8882d8baf558 RDI: ffffffffa13ef09a [ 253.544476] RBP: ffff8882d8baf4d8 R08: ffff8882d8baf5e0 R09: 0000000000000004 [ 253.544479] R10: ffff8882d8baf5e8 R11: ffffffffa0d59a50 R12: ffff8882eab20380 [ 253.544481] R13: ffffffffa0d59a50 R14: dffffc0000000000 R15: 1ffff1105b175eb0 [ 253.544483] FS: 00000000016d3380(0000) GS:ffff88af48c00000(0000) knlGS:0000000000000000 [ 253.544486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 253.544488] CR2: 00000000004af0f0 CR3: 00000002eabfa004 CR4: 00000000003706e0 [ 253.544491] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 253.544492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 253.544494] Call Trace: [ 253.544496] <TASK> [ 253.544498] ? io_queue_sqe (fs/io_uring.c:7143) [ 253.544505] __kernel_text_address (kernel/extable.c:78) [ 253.544508] unwind_get_return_address (arch/x86/kernel/unwind_frame.c:19) [ 253.544514] arch_stack_walk (arch/x86/kernel/stacktrace.c:27) [ 253.544517] ? io_queue_sqe (fs/io_uring.c:7143) [ 253.544521] stack_trace_save (kernel/stacktrace.c:123) [ 253.544527] ____kasan_kmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515) [ 253.544531] ? ____kasan_kmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515) [ 253.544533] ? __kasan_kmalloc (mm/kasan/common.c:524) [ 253.544535] ? kmem_cache_alloc_trace (./include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544541] ? io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828) [ 253.544544] ? __io_queue_sqe (fs/io_uring.c:?) [ 253.544551] __kasan_kmalloc (mm/kasan/common.c:524) [ 253.544553] kmem_cache_alloc_trace (./include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544556] ? io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828) [ 253.544560] io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828) [ 253.544564] ? __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469) [ 253.544567] ? __kasan_slab_alloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469) [ 253.544569] ? kmem_cache_alloc_bulk (mm/slab.h:732 mm/slab.c:3546) [ 253.544573] ? __io_alloc_req_refill (fs/io_uring.c:2078) [ 253.544578] ? io_submit_sqes (fs/io_uring.c:7441) [ 253.544581] ? __se_sys_io_uring_enter (fs/io_uring.c:10154 fs/io_uring.c:10096) [ 253.544584] ? __x64_sys_io_uring_enter (fs/io_uring.c:10096) [ 253.544587] ? do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) [ 253.544590] ? entry_SYSCALL_64_after_hwframe (??:?) [ 253.544596] __io_queue_sqe (fs/io_uring.c:?) [ 253.544600] io_queue_sqe (fs/io_uring.c:7143) [ 253.544603] io_submit_sqe (fs/io_uring.c:?) [ 253.544608] io_submit_sqes (fs/io_uring.c:?) [ 253.544612] __se_sys_io_uring_enter (fs/io_uring.c:10154 fs/io_uring.c:10096) [ 253.544616] __x64_sys_io_uring_enter (fs/io_uring.c:10096) [ 253.544619] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) [ 253.544623] entry_SYSCALL_64_after_hwframe (??:?) Fixes: ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Pavel Begunkov <asml.silence(a)gmail.com> Cc: io-uring <io-uring(a)vger.kernel.org> Reported-by: syzbot <syzkaller(a)googlegroups.com> Link: https://lore.kernel.org/r/20220215041003.2394784-1-eric.dumazet@gmail.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Zizhi Wo <wozizhi(a)huawei.com> --- fs/io_uring.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/io_uring.c b/fs/io_uring.c index dde9205fc287..411b7491f3f5 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3647,6 +3647,7 @@ static int io_add_buffers(struct io_provide_buf *pbuf, struct io_buffer **head) } else { list_add_tail(&buf->list, &(*head)->list); } + cond_resched(); } return i ? i : -ENOMEM; -- 2.39.2

2 1

[openeuler:openEuler-1.0-LTS 17746/23570] drivers/dax/.tmp_bus.o: warning: objtool: __dax_driver_register()+0xd5: unreachable instruction
by kernel test robot 28 Aug '24

28 Aug '24

tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: 7ad52b4435297d752bdb8c2fce6524544448d4af commit: 9bb67bd58e6a7e3ef00793b4966be7bb0a346830 [17746/23570] Intel: device-dax: Add support for a dax override driver config: x86_64-buildonly-randconfig-004-20240825 (https://download.01.org/0day-ci/archive/20240828/202408281448.DeW129VU-lkp@…) compiler: clang version 18.1.5 (https://github.com/llvm/llvm-project 617a15a9eac96088ae5e9134248d8236e34b91b1) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240828/202408281448.DeW129VU-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202408281448.DeW129VU-lkp@intel.com/ All warnings (new ones prefixed by >>): >> drivers/dax/.tmp_bus.o: warning: objtool: __dax_driver_register()+0xd5: unreachable instruction -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-6.6 7193/13757] mm/page_alloc.c:4110:9: error: implicit declaration of function 'dynamic_pool_should_alloc' is invalid in C99
by kernel test robot 28 Aug '24

28 Aug '24

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: e59105d1ac962dacde2b6480857e834f97ca108e commit: fd855715f24e3eeadaa56de5fde21c55a14aeea0 [7193/13757] mm/mem_reliable: Fallback to dpool if reliable memory is not enough config: arm64-randconfig-003-20240827 (https://download.01.org/0day-ci/archive/20240828/202408281316.tzOrTedV-lkp@…) compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240828/202408281316.tzOrTedV-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202408281316.tzOrTedV-lkp@intel.com/ All errors (new ones prefixed by >>): >> mm/page_alloc.c:4110:9: error: implicit declaration of function 'dynamic_pool_should_alloc' is invalid in C99 [-Werror,-Wimplicit-function-declaration] return dynamic_pool_should_alloc(gfp_mask & ~GFP_RELIABLE, order); ^ 1 error generated. vim +/dynamic_pool_should_alloc +4110 mm/page_alloc.c 4101 4102 static inline bool mem_reliable_fallback_dpool(gfp_t gfp_mask, unsigned int order) 4103 { 4104 if (!reliable_allow_fb_enabled()) 4105 return false; 4106 4107 if (!(gfp_mask & GFP_RELIABLE)) 4108 return false; 4109 > 4110 return dynamic_pool_should_alloc(gfp_mask & ~GFP_RELIABLE, order); 4111 } 4112 #else 4113 static inline struct zone *mem_reliable_fallback_zone(gfp_t gfp_mask, 4114 struct alloc_context *ac) 4115 { 4116 return NULL; 4117 } 4118 static inline void mem_reliable_fallback_slowpath(gfp_t gfp_mask, 4119 struct alloc_context *ac) {} 4120 static inline bool mem_reliable_fallback_dpool(gfp_t gfp_mask, unsigned int order) 4121 { 4122 return false; 4123 } 4124 #endif 4125 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-5.10 27370/30000] arch/x86/kvm/x86.c:805:5: warning: no previous prototype for 'kvm_read_guest_page_mmu'
by kernel test robot 28 Aug '24

28 Aug '24

Hi Sean, FYI, the error/warning was bisected to this commit, please ignore it if it's irrelevant. tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: d96e94294726506c2893c3a71305c65168c22526 commit: aeaeb4dcb428b870d4207cc0fae7c125b7522406 [27370/30000] KVM: x86: Subsume nested GPA read helper into load_pdptrs() config: x86_64-buildonly-randconfig-005-20240828 (https://download.01.org/0day-ci/archive/20240828/202408281227.MN7ngvtP-lkp@…) compiler: gcc-11 (Debian 11.3.0-12) 11.3.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240828/202408281227.MN7ngvtP-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202408281227.MN7ngvtP-lkp@intel.com/ All warnings (new ones prefixed by >>): >> arch/x86/kvm/x86.c:805:5: warning: no previous prototype for 'kvm_read_guest_page_mmu' [-Wmissing-prototypes] 805 | int kvm_read_guest_page_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, | ^~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/x86.c:900:6: warning: no previous prototype for 'kvm_post_set_cr0' [-Wmissing-prototypes] 900 | void kvm_post_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0) | ^~~~~~~~~~~~~~~~ arch/x86/kvm/x86.c:1081:6: warning: no previous prototype for 'kvm_post_set_cr4' [-Wmissing-prototypes] 1081 | void kvm_post_set_cr4(struct kvm_vcpu *vcpu, unsigned long old_cr4, unsigned long cr4) | ^~~~~~~~~~~~~~~~ vim +/kvm_read_guest_page_mmu +805 arch/x86/kvm/x86.c 16f8a6f9798ab9 Nadav Amit 2014-10-03 799 ec92fe44e7ff94 Joerg Roedel 2010-09-10 800 /* ec92fe44e7ff94 Joerg Roedel 2010-09-10 801 * This function will be used to read from the physical memory of the currently 54bf36aac52031 Paolo Bonzini 2015-04-08 802 * running guest. The difference to kvm_vcpu_read_guest_page is that this function ec92fe44e7ff94 Joerg Roedel 2010-09-10 803 * can read from guest physical or from the guest's guest physical memory. ec92fe44e7ff94 Joerg Roedel 2010-09-10 804 */ ec92fe44e7ff94 Joerg Roedel 2010-09-10 @805 int kvm_read_guest_page_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, ec92fe44e7ff94 Joerg Roedel 2010-09-10 806 gfn_t ngfn, void *data, int offset, int len, ec92fe44e7ff94 Joerg Roedel 2010-09-10 807 u32 access) ec92fe44e7ff94 Joerg Roedel 2010-09-10 808 { 54987b7afa902e Paolo Bonzini 2014-09-02 809 struct x86_exception exception; ec92fe44e7ff94 Joerg Roedel 2010-09-10 810 gfn_t real_gfn; ec92fe44e7ff94 Joerg Roedel 2010-09-10 811 gpa_t ngpa; ec92fe44e7ff94 Joerg Roedel 2010-09-10 812 ec92fe44e7ff94 Joerg Roedel 2010-09-10 813 ngpa = gfn_to_gpa(ngfn); 54987b7afa902e Paolo Bonzini 2014-09-02 814 real_gfn = mmu->translate_gpa(vcpu, ngpa, access, &exception); ec92fe44e7ff94 Joerg Roedel 2010-09-10 815 if (real_gfn == UNMAPPED_GVA) ec92fe44e7ff94 Joerg Roedel 2010-09-10 816 return -EFAULT; ec92fe44e7ff94 Joerg Roedel 2010-09-10 817 ec92fe44e7ff94 Joerg Roedel 2010-09-10 818 real_gfn = gpa_to_gfn(real_gfn); ec92fe44e7ff94 Joerg Roedel 2010-09-10 819 54bf36aac52031 Paolo Bonzini 2015-04-08 820 return kvm_vcpu_read_guest_page(vcpu, real_gfn, data, offset, len); ec92fe44e7ff94 Joerg Roedel 2010-09-10 821 } ec92fe44e7ff94 Joerg Roedel 2010-09-10 822 EXPORT_SYMBOL_GPL(kvm_read_guest_page_mmu); ec92fe44e7ff94 Joerg Roedel 2010-09-10 823 :::::: The code at line 805 was first introduced by commit :::::: ec92fe44e7ff94d04d8305e49efcffd8773e1cf6 KVM: X86: Add kvm_read_guest_page_mmu function :::::: TO: Joerg Roedel <joerg.roedel(a)amd.com> :::::: CC: Avi Kivity <avi(a)redhat.com> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-5.10] wifi: cfg80211: Avoid Wdiscarded-qualifiers warning
by Yue Haibing 28 Aug '24

28 Aug '24

Commit 591481cccbad trigger a warning: In file included from ./include/net/genetlink.h:6, from net/wireless/nl80211.c:25: net/wireless/nl80211.c:692:69: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 692 | [NL80211_ATTR_TXQ_QUANTUM] = NLA_POLICY_FULL_RANGE(NLA_U32, &q_range), | ^ ./include/net/netlink.h:407:18: note: in definition of macro 'NLA_POLICY_FULL_RANGE' 407 | .range = _range, \ | ^~~~~~ Remove const qualifier to fix this. Fixes: 591481cccbad ("wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values") Signed-off-by: Yue Haibing <yuehaibing(a)huawei.com> --- net/wireless/nl80211.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 89b94d482fcf..674a0d54aff8 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -403,7 +403,7 @@ nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + .len = IEEE80211_MAX_DATA_LEN } }; -static const struct netlink_range_validation q_range = { +static struct netlink_range_validation q_range = { .max = INT_MAX, }; -- 2.34.1

2 1