- Kernel - mailweb.openeuler.org

[PATCH openEuler-1.0-LTS] perf: Optimize perf_pmu_migrate_context()
by Liu Chuang 19 Aug '24

19 Aug '24

From: Peter Zijlstra <peterz(a)infradead.org> mainline inclusion from mainline-v6.3-rc6 commit b168098912926236bbeebaf7795eb7aab76d2b45 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAL27E Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- Thomas reported that offlining CPUs spends a lot of time in synchronize_rcu() as called from perf_pmu_migrate_context() even though he's not actually using uncore events. Turns out, the thing is unconditionally waiting for RCU, even if there's no actual events to migrate. Fixes: 0cda4c023132 ("perf: Introduce perf_pmu_migrate_context()") Reported-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Tested-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Paul E. McKenney <paulmck(a)kernel.org> Link: https://lkml.kernel.org/r/20230403090858.GT4253@hirez.programming.kicks-ass… Conflicts: kernel/events/core.c [Due to not merge previous commit bd27568117664b8b3e259721393df420ed51f57b] Signed-off-by: Liu Chuang <liuchuang40(a)huawei.com> --- kernel/events/core.c | 68 +++++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index be528436a03b..b9667223b050 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -11247,42 +11247,44 @@ void perf_pmu_migrate_context(struct pmu *pmu, int src_cpu, int dst_cpu) list_add(&event->migrate_entry, &events); } - /* - * Wait for the events to quiesce before re-instating them. - */ - synchronize_rcu(); + if (!list_empty(&events)) { + /* + * Wait for the events to quiesce before re-instating them. + */ + synchronize_rcu(); - /* - * Re-instate events in 2 passes. - * - * Skip over group leaders and only install siblings on this first - * pass, siblings will not get enabled without a leader, however a - * leader will enable its siblings, even if those are still on the old - * context. - */ - list_for_each_entry_safe(event, tmp, &events, migrate_entry) { - if (event->group_leader == event) - continue; + /* + * Re-instate events in 2 passes. + * + * Skip over group leaders and only install siblings on this first + * pass, siblings will not get enabled without a leader, however a + * leader will enable its siblings, even if those are still on the old + * context. + */ + list_for_each_entry_safe(event, tmp, &events, migrate_entry) { + if (event->group_leader == event) + continue; - list_del(&event->migrate_entry); - if (event->state >= PERF_EVENT_STATE_OFF) - event->state = PERF_EVENT_STATE_INACTIVE; - account_event_cpu(event, dst_cpu); - perf_install_in_context(dst_ctx, event, dst_cpu); - get_ctx(dst_ctx); - } + list_del(&event->migrate_entry); + if (event->state >= PERF_EVENT_STATE_OFF) + event->state = PERF_EVENT_STATE_INACTIVE; + account_event_cpu(event, dst_cpu); + perf_install_in_context(dst_ctx, event, dst_cpu); + get_ctx(dst_ctx); + } - /* - * Once all the siblings are setup properly, install the group leaders - * to make it go. - */ - list_for_each_entry_safe(event, tmp, &events, migrate_entry) { - list_del(&event->migrate_entry); - if (event->state >= PERF_EVENT_STATE_OFF) - event->state = PERF_EVENT_STATE_INACTIVE; - account_event_cpu(event, dst_cpu); - perf_install_in_context(dst_ctx, event, dst_cpu); - get_ctx(dst_ctx); + /* + * Once all the siblings are setup properly, install the group leaders + * to make it go. + */ + list_for_each_entry_safe(event, tmp, &events, migrate_entry) { + list_del(&event->migrate_entry); + if (event->state >= PERF_EVENT_STATE_OFF) + event->state = PERF_EVENT_STATE_INACTIVE; + account_event_cpu(event, dst_cpu); + perf_install_in_context(dst_ctx, event, dst_cpu); + get_ctx(dst_ctx); + } } mutex_unlock(&dst_ctx->mutex); mutex_unlock(&src_ctx->mutex); -- 2.34.1

2 1

[PATCH OLK-5.10] perf: Optimize perf_pmu_migrate_context()
by Liu Chuang 19 Aug '24

19 Aug '24

From: Peter Zijlstra <peterz(a)infradead.org> mainline inclusion from mainline-v6.3-rc6 commit b168098912926236bbeebaf7795eb7aab76d2b45 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAL27E Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- Thomas reported that offlining CPUs spends a lot of time in synchronize_rcu() as called from perf_pmu_migrate_context() even though he's not actually using uncore events. Turns out, the thing is unconditionally waiting for RCU, even if there's no actual events to migrate. Fixes: 0cda4c023132 ("perf: Introduce perf_pmu_migrate_context()") Reported-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Tested-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Paul E. McKenney <paulmck(a)kernel.org> Link: https://lkml.kernel.org/r/20230403090858.GT4253@hirez.programming.kicks-ass… Conflicts: kernel/events/core.c [Due to not merge previous commit bd27568117664b8b3e259721393df420ed51f57b] Signed-off-by: Liu Chuang <liuchuang40(a)huawei.com> --- kernel/events/core.c | 68 +++++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index b1fabcaeeffd..46b0c7fc2270 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -12424,42 +12424,44 @@ void perf_pmu_migrate_context(struct pmu *pmu, int src_cpu, int dst_cpu) list_add(&event->migrate_entry, &events); } - /* - * Wait for the events to quiesce before re-instating them. - */ - synchronize_rcu(); + if (!list_empty(&events)) { + /* + * Wait for the events to quiesce before re-instating them. + */ + synchronize_rcu(); - /* - * Re-instate events in 2 passes. - * - * Skip over group leaders and only install siblings on this first - * pass, siblings will not get enabled without a leader, however a - * leader will enable its siblings, even if those are still on the old - * context. - */ - list_for_each_entry_safe(event, tmp, &events, migrate_entry) { - if (event->group_leader == event) - continue; + /* + * Re-instate events in 2 passes. + * + * Skip over group leaders and only install siblings on this first + * pass, siblings will not get enabled without a leader, however a + * leader will enable its siblings, even if those are still on the old + * context. + */ + list_for_each_entry_safe(event, tmp, &events, migrate_entry) { + if (event->group_leader == event) + continue; - list_del(&event->migrate_entry); - if (event->state >= PERF_EVENT_STATE_OFF) - event->state = PERF_EVENT_STATE_INACTIVE; - account_event_cpu(event, dst_cpu); - perf_install_in_context(dst_ctx, event, dst_cpu); - get_ctx(dst_ctx); - } + list_del(&event->migrate_entry); + if (event->state >= PERF_EVENT_STATE_OFF) + event->state = PERF_EVENT_STATE_INACTIVE; + account_event_cpu(event, dst_cpu); + perf_install_in_context(dst_ctx, event, dst_cpu); + get_ctx(dst_ctx); + } - /* - * Once all the siblings are setup properly, install the group leaders - * to make it go. - */ - list_for_each_entry_safe(event, tmp, &events, migrate_entry) { - list_del(&event->migrate_entry); - if (event->state >= PERF_EVENT_STATE_OFF) - event->state = PERF_EVENT_STATE_INACTIVE; - account_event_cpu(event, dst_cpu); - perf_install_in_context(dst_ctx, event, dst_cpu); - get_ctx(dst_ctx); + /* + * Once all the siblings are setup properly, install the group leaders + * to make it go. + */ + list_for_each_entry_safe(event, tmp, &events, migrate_entry) { + list_del(&event->migrate_entry); + if (event->state >= PERF_EVENT_STATE_OFF) + event->state = PERF_EVENT_STATE_INACTIVE; + account_event_cpu(event, dst_cpu); + perf_install_in_context(dst_ctx, event, dst_cpu); + get_ctx(dst_ctx); + } } mutex_unlock(&dst_ctx->mutex); mutex_unlock(&src_ctx->mutex); -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] Revert "kbuild: fix false positive warning/error about missing libelf"
by zhaoxuedong 19 Aug '24

19 Aug '24

openEuler inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAD5GG?from=project-issue CVE: NA -------------------- When your development environment does not have the libelf library and you compile an external module with the "M=xxx" compilation option, the external module will not have ORC information and there will be no warning or errors. If a machine insmod this module and it's process is calling a function in this module, typing kaptch will result in an error indicating that the stack of this process is not trustworthy. The worst thing is that if this module is a necessary and will be used for a long time, kpatch will be difficult to type. --------------------- Revert "kbuild: fix false positive warning/error about missing libelf" This reverts commit ef7cfd00b2caf6edeb7f169682b64be2d0a798cf. Fixes: ef7cfd00b2ca Signed-off-by: Zhao Xuedong <zhaoxuedong(a)meituan.com> --- Makefile | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index fbaeeb80a69e..82dcf846d07b 100644 --- a/Makefile +++ b/Makefile @@ -1100,6 +1100,11 @@ ifdef CONFIG_STACK_VALIDATION ifeq ($(has_libelf),1) objtool_target := tools/objtool FORCE else + ifdef CONFIG_UNWINDER_ORC + $(error "Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel") + else + $(warning "Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel") + endif SKIP_STACK_VALIDATION := 1 export SKIP_STACK_VALIDATION endif @@ -1249,14 +1254,6 @@ uapi-asm-generic: PHONY += prepare-objtool prepare-resolve_btfids prepare-objtool: $(objtool_target) -ifeq ($(SKIP_STACK_VALIDATION),1) -ifdef CONFIG_UNWINDER_ORC - @echo "error: Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel" >&2 - @false -else - @echo "warning: Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel" >&2 -endif -endif prepare-resolve_btfids: $(resolve_btfids_target) ifeq ($(ERROR_RESOLVE_BTFIDS),1) -- 2.43.0

2 1

[PATCH OLK-5.10] sched: fix numa_group uninitialized in show_numa_stats()
by Hui Tang 19 Aug '24

19 Aug '24

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAKZJY CVE: NA -------------------------------- Fix ng uninitialized before print_numa_stats(). Fixes: 2ac826b258e9 ("sched: Introduce task relationship by net and memory") Signed-off-by: Hui Tang <tanghui20(a)huawei.com> --- kernel/sched/fair.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 95d1841f8a20..b88d2b7254ef 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -13910,6 +13910,7 @@ void show_numa_stats(struct task_struct *p, struct seq_file *m) rcu_read_lock(); + ng = rcu_dereference(p->numa_group); for_each_online_node(node) { if (p->numa_faults) { tsf = p->numa_faults[task_faults_idx(NUMA_MEM, node, 0)]; -- 2.34.1

2 1

[PATCH OLK-5.10] drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
by Zeng Heng 19 Aug '24

19 Aug '24

From: Ma Ke <make24(a)iscas.ac.cn> mainline inclusion from mainline-v6.11-rc1 commit 2df7aac81070987b0f052985856aa325a38debf6 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKPWK CVE: CVE-2024-42309 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- In psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 89c78134cc54 ("gma500: Add Poulsbo support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Signed-off-by: Patrik Jakobsson <patrik.r.jakobsson(a)gmail.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240709092011.3204970-1-make… Signed-off-by: Zeng Heng <zengheng4(a)huawei.com> --- drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/gma500/psb_intel_lvds.c b/drivers/gpu/drm/gma500/psb_intel_lvds.c index 063c66bb946d..889964efe62d 100644 --- a/drivers/gpu/drm/gma500/psb_intel_lvds.c +++ b/drivers/gpu/drm/gma500/psb_intel_lvds.c @@ -508,6 +508,9 @@ static int psb_intel_lvds_get_modes(struct drm_connector *connector) if (mode_dev->panel_fixed_mode != NULL) { struct drm_display_mode *mode = drm_mode_duplicate(dev, mode_dev->panel_fixed_mode); + if (!mode) + return 0; + drm_mode_probed_add(connector, mode); return 1; } -- 2.25.1

2 1

[PATCH openEuler-22.03-LTS-SP1] drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
by Zeng Heng 19 Aug '24

19 Aug '24

From: Ma Ke <make24(a)iscas.ac.cn> mainline inclusion from mainline-v6.11-rc1 commit 2df7aac81070987b0f052985856aa325a38debf6 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKPWK CVE: CVE-2024-42309 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- In psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 89c78134cc54 ("gma500: Add Poulsbo support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Signed-off-by: Patrik Jakobsson <patrik.r.jakobsson(a)gmail.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240709092011.3204970-1-make… Signed-off-by: Zeng Heng <zengheng4(a)huawei.com> --- drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/gma500/psb_intel_lvds.c b/drivers/gpu/drm/gma500/psb_intel_lvds.c index 063c66bb946d..889964efe62d 100644 --- a/drivers/gpu/drm/gma500/psb_intel_lvds.c +++ b/drivers/gpu/drm/gma500/psb_intel_lvds.c @@ -508,6 +508,9 @@ static int psb_intel_lvds_get_modes(struct drm_connector *connector) if (mode_dev->panel_fixed_mode != NULL) { struct drm_display_mode *mode = drm_mode_duplicate(dev, mode_dev->panel_fixed_mode); + if (!mode) + return 0; + drm_mode_probed_add(connector, mode); return 1; } -- 2.25.1

2 1

[PATCH openEuler-22.03-LTS-SP1] Revert "kbuild: fix false positive warning/error about missing libelf"
by zhaoxuedong 19 Aug '24

19 Aug '24

openEuler inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAD5GG?from=project-issue CVE: NA -------------------- When your development environment does not have the libelf library and you compile an external module with the "M=xxx" compilation option, the external module will not have ORC information and there will be no warning or errors. If a machine insmod this module and it's process is calling a function in this module, typing kaptch will result in an error indicating that the stack of this process is not trustworthy. The worst thing is that if this module is a necessary and will be used for a long time, kpatch will be difficult to type. --------------------- Revert "kbuild: fix false positive warning/error about missing libelf" This reverts commit ef7cfd00b2caf6edeb7f169682b64be2d0a798cf. Fixes: ef7cfd00b2caf6edeb ("kbuild: fix false positive warning/error about missing libelf") Signed-off-by: Zhao Xuedong <zhaoxuedong(a)meituan.com> --- Makefile | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index fbaeeb80a69e..82dcf846d07b 100644 --- a/Makefile +++ b/Makefile @@ -1100,6 +1100,11 @@ ifdef CONFIG_STACK_VALIDATION ifeq ($(has_libelf),1) objtool_target := tools/objtool FORCE else + ifdef CONFIG_UNWINDER_ORC + $(error "Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel") + else + $(warning "Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel") + endif SKIP_STACK_VALIDATION := 1 export SKIP_STACK_VALIDATION endif @@ -1249,14 +1254,6 @@ uapi-asm-generic: PHONY += prepare-objtool prepare-resolve_btfids prepare-objtool: $(objtool_target) -ifeq ($(SKIP_STACK_VALIDATION),1) -ifdef CONFIG_UNWINDER_ORC - @echo "error: Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel" >&2 - @false -else - @echo "warning: Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel" >&2 -endif -endif prepare-resolve_btfids: $(resolve_btfids_target) ifeq ($(ERROR_RESOLVE_BTFIDS),1) -- 2.43.0

2 1

[openEuler-22.03-LTS-SP1] Kbuild: fix compiling external mods without any warning/error when there is no libelf library
by zhaoxuedong 19 Aug '24

19 Aug '24

openEuler inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAD5GG?from=project-issue CVE: NA ----------------------------------------------------------------------------------- When your development environment does not have the libelf library and you compile an external module with the "M=xxx" compilation option, the external module will not have ORC information and there will be no warning or errors. If a machine insmod this module, and if a process is calling a function in this module, typing kaptch will result in an error indicating that the stack of this process is not trustworthy. The worst thing is that if this module is a necessary and will be used for a long time, kpatch will be difficult to type. Revert "kbuild: fix false positive warning/error about missing libelf" This reverts commit ef7cfd00b2caf6edeb7f169682b64be2d0a798cf. Fixes: ef7cfd00b2caf6edeb ("kbuild: fix false positive warning/error about missing libelf") Reported-by: wanglong <wanglong19(a)meituan.com> Reported-by: wufan <wufan19(a)meituan.com> Reported-by: zhaoxuedong <zhaoxuedong(a)meituan.com> --- Makefile | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index fbaeeb80a69e..82dcf846d07b 100644 --- a/Makefile +++ b/Makefile @@ -1100,6 +1100,11 @@ ifdef CONFIG_STACK_VALIDATION ifeq ($(has_libelf),1) objtool_target := tools/objtool FORCE else + ifdef CONFIG_UNWINDER_ORC + $(error "Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel") + else + $(warning "Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel") + endif SKIP_STACK_VALIDATION := 1 export SKIP_STACK_VALIDATION endif @@ -1249,14 +1254,6 @@ uapi-asm-generic: PHONY += prepare-objtool prepare-resolve_btfids prepare-objtool: $(objtool_target) -ifeq ($(SKIP_STACK_VALIDATION),1) -ifdef CONFIG_UNWINDER_ORC - @echo "error: Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel" >&2 - @false -else - @echo "warning: Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel" >&2 -endif -endif prepare-resolve_btfids: $(resolve_btfids_target) ifeq ($(ERROR_RESOLVE_BTFIDS),1) -- 2.43.0

1 0

[PATCH openEuler-22.03-LTS-SP1] bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
by Zhengchao Shao 19 Aug '24

19 Aug '24

From: Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> stable inclusion from stable-v5.10.224 commit 6ce46045f9b90d952602e2c0b8886cfadf860bf1 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKQ5H CVE: CVE-2024-43839 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- [ Upstream commit c9741a03dc8e491e57b95fba0058ab46b7e506da ] To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used there. For '%d' specifiers, assume that they require: * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8 * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX is 16 And replace sprintf with snprintf. Detected using the static analysis tool - Svace. Fixes: 8b230ed8ec96 ("bna: Brocade 10Gb Ethernet device driver") Signed-off-by: Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Zhengchao Shao <shaozhengchao(a)huawei.com> --- drivers/net/ethernet/brocade/bna/bna_types.h | 2 +- drivers/net/ethernet/brocade/bna/bnad.c | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/net/ethernet/brocade/bna/bna_types.h b/drivers/net/ethernet/brocade/bna/bna_types.h index 666b6922e24d..ebf54d74c2bb 100644 --- a/drivers/net/ethernet/brocade/bna/bna_types.h +++ b/drivers/net/ethernet/brocade/bna/bna_types.h @@ -410,7 +410,7 @@ struct bna_ib { /* Tx object */ /* Tx datapath control structure */ -#define BNA_Q_NAME_SIZE 16 +#define BNA_Q_NAME_SIZE (IFNAMSIZ + 6) struct bna_tcb { /* Fast path */ void **sw_qpt; diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c index 7e4e831d720f..9ccfb038ffc7 100644 --- a/drivers/net/ethernet/brocade/bna/bnad.c +++ b/drivers/net/ethernet/brocade/bna/bnad.c @@ -1535,8 +1535,9 @@ bnad_tx_msix_register(struct bnad *bnad, struct bnad_tx_info *tx_info, for (i = 0; i < num_txqs; i++) { vector_num = tx_info->tcb[i]->intr_vector; - sprintf(tx_info->tcb[i]->name, "%s TXQ %d", bnad->netdev->name, - tx_id + tx_info->tcb[i]->id); + snprintf(tx_info->tcb[i]->name, BNA_Q_NAME_SIZE, "%s TXQ %d", + bnad->netdev->name, + tx_id + tx_info->tcb[i]->id); err = request_irq(bnad->msix_table[vector_num].vector, (irq_handler_t)bnad_msix_tx, 0, tx_info->tcb[i]->name, @@ -1586,9 +1587,9 @@ bnad_rx_msix_register(struct bnad *bnad, struct bnad_rx_info *rx_info, for (i = 0; i < num_rxps; i++) { vector_num = rx_info->rx_ctrl[i].ccb->intr_vector; - sprintf(rx_info->rx_ctrl[i].ccb->name, "%s CQ %d", - bnad->netdev->name, - rx_id + rx_info->rx_ctrl[i].ccb->id); + snprintf(rx_info->rx_ctrl[i].ccb->name, BNA_Q_NAME_SIZE, + "%s CQ %d", bnad->netdev->name, + rx_id + rx_info->rx_ctrl[i].ccb->id); err = request_irq(bnad->msix_table[vector_num].vector, (irq_handler_t)bnad_msix_rx, 0, rx_info->rx_ctrl[i].ccb->name, -- 2.34.1

2 1

[PATCH OLK-5.10] bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
by Zhengchao Shao 19 Aug '24

19 Aug '24

From: Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> stable inclusion from stable-v5.10.224 commit 6ce46045f9b90d952602e2c0b8886cfadf860bf1 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKQ5H CVE: CVE-2024-43839 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- [ Upstream commit c9741a03dc8e491e57b95fba0058ab46b7e506da ] To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used there. For '%d' specifiers, assume that they require: * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8 * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX is 16 And replace sprintf with snprintf. Detected using the static analysis tool - Svace. Fixes: 8b230ed8ec96 ("bna: Brocade 10Gb Ethernet device driver") Signed-off-by: Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Zhengchao Shao <shaozhengchao(a)huawei.com> --- drivers/net/ethernet/brocade/bna/bna_types.h | 2 +- drivers/net/ethernet/brocade/bna/bnad.c | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/net/ethernet/brocade/bna/bna_types.h b/drivers/net/ethernet/brocade/bna/bna_types.h index 666b6922e24d..ebf54d74c2bb 100644 --- a/drivers/net/ethernet/brocade/bna/bna_types.h +++ b/drivers/net/ethernet/brocade/bna/bna_types.h @@ -410,7 +410,7 @@ struct bna_ib { /* Tx object */ /* Tx datapath control structure */ -#define BNA_Q_NAME_SIZE 16 +#define BNA_Q_NAME_SIZE (IFNAMSIZ + 6) struct bna_tcb { /* Fast path */ void **sw_qpt; diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c index 7e4e831d720f..9ccfb038ffc7 100644 --- a/drivers/net/ethernet/brocade/bna/bnad.c +++ b/drivers/net/ethernet/brocade/bna/bnad.c @@ -1535,8 +1535,9 @@ bnad_tx_msix_register(struct bnad *bnad, struct bnad_tx_info *tx_info, for (i = 0; i < num_txqs; i++) { vector_num = tx_info->tcb[i]->intr_vector; - sprintf(tx_info->tcb[i]->name, "%s TXQ %d", bnad->netdev->name, - tx_id + tx_info->tcb[i]->id); + snprintf(tx_info->tcb[i]->name, BNA_Q_NAME_SIZE, "%s TXQ %d", + bnad->netdev->name, + tx_id + tx_info->tcb[i]->id); err = request_irq(bnad->msix_table[vector_num].vector, (irq_handler_t)bnad_msix_tx, 0, tx_info->tcb[i]->name, @@ -1586,9 +1587,9 @@ bnad_rx_msix_register(struct bnad *bnad, struct bnad_rx_info *rx_info, for (i = 0; i < num_rxps; i++) { vector_num = rx_info->rx_ctrl[i].ccb->intr_vector; - sprintf(rx_info->rx_ctrl[i].ccb->name, "%s CQ %d", - bnad->netdev->name, - rx_id + rx_info->rx_ctrl[i].ccb->id); + snprintf(rx_info->rx_ctrl[i].ccb->name, BNA_Q_NAME_SIZE, + "%s CQ %d", bnad->netdev->name, + rx_id + rx_info->rx_ctrl[i].ccb->id); err = request_irq(bnad->msix_table[vector_num].vector, (irq_handler_t)bnad_msix_rx, 0, rx_info->rx_ctrl[i].ccb->name, -- 2.34.1

2 1