- Kernel - mailweb.openeuler.org

[PATCH openEuler-1.0-LTS v5 0/6] CVE-2021-47131
by Ziyang Xuan 27 Mar '24

27 Mar '24

Patchset of CVE-2021-47131. v5: - Fix KABI break. v4: - Resend for PR create failed. v3: - Delete "Reference" head comment. v2: - Add bugfix patches for CVE patch. Maxim Mikityanskiy (5): net/tls: Replace TLS_RX_SYNC_RUNNING with RCU net/tls: Fix use-after-free after the TLS device goes down and up tls: Fix context leak on tls_device_down net/tls: Remove the context from the list in tls_device_down net/tls: Use RCU API to access tls_ctx->netdev Ziyang Xuan (1): net/tls: Resolve KABI break when backport bugfix of CVE-2021-47131 include/net/tls.h | 21 +++++++- net/tls/tls_device.c | 91 +++++++++++++++++++++++++++++------ net/tls/tls_device_fallback.c | 9 +++- net/tls/tls_main.c | 7 ++- 4 files changed, 107 insertions(+), 21 deletions(-) -- 2.25.1

2 7

[PATCH openEuler-1.0-LTS] net: dsa: fix a crash if ->get_sset_count() fails
by Ziyang Xuan 27 Mar '24

27 Mar '24

From: Dan Carpenter <dan.carpenter(a)oracle.com> stable inclusion from stable-v4.19.193 commit 0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BHSG CVE: CVE-2021-47159 -------------------------------- commit a269333fa5c0c8e53c92b5a28a6076a28cde3e83 upstream. If ds->ops->get_sset_count() fails then it "count" is a negative error code such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative error code is type promoted to a very high value and the loop will corrupt memory until the system crashes. Fix this by checking for error codes and changing the type of "i" to just int. Fixes: badf3ada60ab ("net: dsa: Provide CPU port statistics to master netdev") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Reviewed-by: Florian Fainelli <f.fainelli(a)gmail.com> Reviewed-by: Vladimir Oltean <olteanv(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Ziyang Xuan <william.xuanziyang(a)huawei.com> --- net/dsa/master.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/dsa/master.c b/net/dsa/master.c index aae478d611018..22e9ce6e51a48 100644 --- a/net/dsa/master.c +++ b/net/dsa/master.c @@ -87,8 +87,7 @@ static void dsa_master_get_strings(struct net_device *dev, uint32_t stringset, struct dsa_switch *ds = cpu_dp->ds; int port = cpu_dp->index; int len = ETH_GSTRING_LEN; - int mcount = 0, count; - unsigned int i; + int mcount = 0, count, i; uint8_t pfx[4]; uint8_t *ndata; @@ -118,6 +117,8 @@ static void dsa_master_get_strings(struct net_device *dev, uint32_t stringset, */ ds->ops->get_strings(ds, port, stringset, ndata); count = ds->ops->get_sset_count(ds, port, stringset); + if (count < 0) + return; for (i = 0; i < count; i++) { memmove(ndata + (i * len + sizeof(pfx)), ndata + i * len, len - sizeof(pfx)); -- 2.25.1

2 1

[PATCH OLK-5.10 v3 0/2] Fix I/O high when memory almost met memcg limit
by Liu Shixin 27 Mar '24

27 Mar '24

Recently, when install package in a docker which almost reached its memory limit, the installer has no respond severely for more than 15 minutes. During this period, I/O stays high(~1G/s) and influence the whole machine. I've constructed a use case as follows: 1. create a docker: $ cat test.sh #!/bin/bash docker rm centos7 --force docker create --name centos7 --memory 4G --memory-swap 6G centos:7 /usr/sbin/init docker start centos7 sleep 1 docker cp ./alloc_page centos7:/ docker cp ./reproduce.sh centos7:/ docker exec -it centos7 /bin/bash 2. try reproduce the problem in docker: $ cat reproduce.sh #!/bin/bash while true; do flag=$(ps -ef | grep -v grep | grep alloc_page| wc -l) if [ "$flag" -eq 0 ]; then /alloc_page & fi sleep 30 start_time=$(date +%s) yum install -y expect > /dev/null 2>&1 end_time=$(date +%s) elapsed_time=$((end_time - start_time)) echo "$elapsed_time seconds" yum remove -y expect > /dev/null 2>&1 done $ cat alloc_page.c: #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #define SIZE 1*1024*1024 //1M int main() { void *addr = NULL; int i; for (i = 0; i < 1024 * 6 - 50;i++) { addr = (void *)malloc(SIZE); if (!addr) return -1; memset(addr, 0, SIZE); } sleep(99999); return 0; } We found that this problem is caused by a lot ot meaningless read-ahead. Since the docker is almost met memory limit, the page will be reclaimed immediately after read-ahead and will read-ahead again immediately. The program is executed slowly and waste a lot of I/O resource. These patches aim to break the read-ahead in above scenario. Liu Shixin (2): mm/readahead: break read-ahead loop if filemap_add_folio return -ENOMEM mm/filemap: don't decrease mmap_miss when page has workingset flag mm/filemap.c | 9 ++++++++- mm/readahead.c | 17 ++++++++++++----- 2 files changed, 20 insertions(+), 6 deletions(-) -- 2.25.1

2 3

[PATCH openEuler-1.0-LTS 0/2] Fix CVE-2021-47160
by GONG, Ruiqi 27 Mar '24

27 Mar '24

DENG Qingfang (2): net: dsa: mt7530: fix VLAN traffic leaks net: dsa: mt7530: fix VLAN traffic leaks again drivers/net/dsa/mt7530.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) -- 2.25.1

2 3

[PATCH openEuler-1.0-LTS] mld: fix panic in mld_newpack()
by Zhengchao Shao 27 Mar '24

27 Mar '24

From: Taehee Yoo <ap420073(a)gmail.com> stable inclusion from stable-v4.19.193 commit 4b77ad9097067b31237eeeee0bf70f80849680a0 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BGV4 CVE: CVE-2021-47146 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 020ef930b826d21c5446fdc9db80fd72a791bc21 ] mld_newpack() doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skb_put(). Test commands: ip netns del A ip netns del B ip netns add A ip netns add B ip link add veth0 type veth peer name veth1 ip link set veth0 netns A ip link set veth1 netns B ip netns exec A ip link set lo up ip netns exec A ip link set veth0 up ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0 ip netns exec B ip link set lo up ip netns exec B ip link set veth1 up ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1 for i in {1..99} do let A=$i-1 ip netns exec A ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100 ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i ip netns exec A ip link set ip6gre$i up ip netns exec B ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100 ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i ip netns exec B ip link set ip6gre$i up done Splat looks like: kernel BUG at net/core/skbuff.c:110! invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:skb_panic+0x15d/0x15f Code: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83 41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff <0f> 0b 48 8b 6c 24 20 89 34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20 RSP: 0018:ffff88810091f820 EFLAGS: 00010282 RAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000 RDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb RBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031 R10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028 R13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0 FS: 0000000000000000(0000) GS:ffff888117c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 skb_put.cold.104+0x22/0x22 ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? rcu_read_lock_sched_held+0x91/0xc0 mld_newpack+0x398/0x8f0 ? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600 ? lock_contended+0xc40/0xc40 add_grhead.isra.33+0x280/0x380 add_grec+0x5ca/0xff0 ? mld_sendpack+0xf40/0xf40 ? lock_downgrade+0x690/0x690 mld_send_initial_cr.part.34+0xb9/0x180 ipv6_mc_dad_complete+0x15d/0x1b0 addrconf_dad_completed+0x8d2/0xbb0 ? lock_downgrade+0x690/0x690 ? addrconf_rs_timer+0x660/0x660 ? addrconf_dad_work+0x73c/0x10e0 addrconf_dad_work+0x73c/0x10e0 Allowing high order page allocation could fix this problem. Fixes: 72e09ad107e7 ("ipv6: avoid high order allocations") Signed-off-by: Taehee Yoo <ap420073(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Zhengchao Shao <shaozhengchao(a)huawei.com> --- net/ipv6/mcast.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c index f2f8551416c3..3d048401141f 100644 --- a/net/ipv6/mcast.c +++ b/net/ipv6/mcast.c @@ -1606,10 +1606,7 @@ static struct sk_buff *mld_newpack(struct inet6_dev *idev, unsigned int mtu) IPV6_TLV_PADN, 0 }; /* we assume size > sizeof(ra) here */ - /* limit our allocations to order-0 page */ - size = min_t(int, size, SKB_MAX_ORDER(0, 0)); skb = sock_alloc_send_skb(sk, size, 1, &err); - if (!skb) return NULL; -- 2.34.1

2 1

[PATCH v2 openEuler-1.0-LTS] mlock return -EINVAL for invalid len
by Wupeng Ma 27 Mar '24

27 Mar '24

From: Ma Wupeng <mawupeng1(a)huawei.com> mlock return -EINVAL for invalid len. changelog since v1: - add fix tag Ma Wupeng (1): mm/mlock: return EINVAL for illegal user memory range in mlock mm/mlock.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) -- 2.25.1

2 2

[PATCH OLK-6.6 0/6] Adding Huawei BMA driver
by Zheng Zengkai 27 Mar '24

27 Mar '24

From: Huajingjing <huajingjing1(a)huawei.com> This patch set contains 5 communication drivers for Huawei BMA software. The BMA software is a system management software. It supports the status monitoring, performance monitoring, and event monitoring of various components, including server CPUs, memory, hard disks, NICs, IB cards, PCIe cards, RAID controller cards, and optical modules. These 5 drivers are used to send/receive message through PCIe channel in different ways by BMA software. Huajingjing (6): Huawei BMA: Adding Huawei BMA driver: host_edma_drv Huawei BMA: Adding Huawei BMA driver: host_cdev_drv Huawei BMA: Adding Huawei BMA driver: host_veth_drv Huawei BMA: Adding Huawei BMA driver: host_kbox_drv Huawei BMA: Adding Huawei BMA driver: cdev_veth_drv configs: add config BMA to config files arch/arm64/configs/openeuler_defconfig | 1 + arch/x86/configs/openeuler_defconfig | 1 + drivers/net/ethernet/huawei/Kconfig | 1 + drivers/net/ethernet/huawei/Makefile | 1 + drivers/net/ethernet/huawei/bma/Kconfig | 10 + drivers/net/ethernet/huawei/bma/Makefile | 9 + .../net/ethernet/huawei/bma/cdev_drv/Makefile | 2 + .../ethernet/huawei/bma/cdev_drv/bma_cdev.c | 369 +++ .../huawei/bma/cdev_veth_drv/Makefile | 2 + .../bma/cdev_veth_drv/virtual_cdev_eth_net.c | 1864 ++++++++++++ .../bma/cdev_veth_drv/virtual_cdev_eth_net.h | 299 ++ .../net/ethernet/huawei/bma/edma_drv/Makefile | 2 + .../huawei/bma/edma_drv/bma_devintf.c | 620 ++++ .../huawei/bma/edma_drv/bma_devintf.h | 40 + .../huawei/bma/edma_drv/bma_include.h | 116 + .../ethernet/huawei/bma/edma_drv/bma_pci.c | 533 ++++ .../ethernet/huawei/bma/edma_drv/bma_pci.h | 98 + .../ethernet/huawei/bma/edma_drv/edma_host.c | 1462 ++++++++++ .../ethernet/huawei/bma/edma_drv/edma_host.h | 348 +++ .../huawei/bma/include/bma_ker_intf.h | 94 + .../net/ethernet/huawei/bma/kbox_drv/Makefile | 5 + .../ethernet/huawei/bma/kbox_drv/kbox_dump.c | 121 + .../ethernet/huawei/bma/kbox_drv/kbox_dump.h | 33 + .../ethernet/huawei/bma/kbox_drv/kbox_hook.c | 102 + .../ethernet/huawei/bma/kbox_drv/kbox_hook.h | 33 + .../huawei/bma/kbox_drv/kbox_include.h | 40 + .../ethernet/huawei/bma/kbox_drv/kbox_main.c | 176 ++ .../ethernet/huawei/bma/kbox_drv/kbox_main.h | 23 + .../ethernet/huawei/bma/kbox_drv/kbox_mce.c | 264 ++ .../ethernet/huawei/bma/kbox_drv/kbox_mce.h | 23 + .../ethernet/huawei/bma/kbox_drv/kbox_panic.c | 187 ++ .../ethernet/huawei/bma/kbox_drv/kbox_panic.h | 25 + .../huawei/bma/kbox_drv/kbox_printk.c | 363 +++ .../huawei/bma/kbox_drv/kbox_printk.h | 33 + .../huawei/bma/kbox_drv/kbox_ram_drive.c | 188 ++ .../huawei/bma/kbox_drv/kbox_ram_drive.h | 31 + .../huawei/bma/kbox_drv/kbox_ram_image.c | 135 + .../huawei/bma/kbox_drv/kbox_ram_image.h | 84 + .../huawei/bma/kbox_drv/kbox_ram_op.c | 986 +++++++ .../huawei/bma/kbox_drv/kbox_ram_op.h | 77 + .../net/ethernet/huawei/bma/veth_drv/Makefile | 2 + .../ethernet/huawei/bma/veth_drv/veth_hb.c | 2504 +++++++++++++++++ .../ethernet/huawei/bma/veth_drv/veth_hb.h | 440 +++ 43 files changed, 11747 insertions(+) create mode 100644 drivers/net/ethernet/huawei/bma/Kconfig create mode 100644 drivers/net/ethernet/huawei/bma/Makefile create mode 100644 drivers/net/ethernet/huawei/bma/cdev_drv/Makefile create mode 100644 drivers/net/ethernet/huawei/bma/cdev_drv/bma_cdev.c create mode 100644 drivers/net/ethernet/huawei/bma/cdev_veth_drv/Makefile create mode 100644 drivers/net/ethernet/huawei/bma/cdev_veth_drv/virtual_cdev_eth_net.c create mode 100644 drivers/net/ethernet/huawei/bma/cdev_veth_drv/virtual_cdev_eth_net.h create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/Makefile create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/bma_devintf.c create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/bma_devintf.h create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/bma_include.h create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/bma_pci.c create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/bma_pci.h create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/edma_host.h create mode 100644 drivers/net/ethernet/huawei/bma/include/bma_ker_intf.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/Makefile create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_dump.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_dump.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_hook.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_hook.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_include.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_main.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_main.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_mce.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_mce.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_panic.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_panic.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_printk.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_printk.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_ram_drive.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_ram_drive.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_ram_image.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_ram_image.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_ram_op.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_ram_op.h create mode 100644 drivers/net/ethernet/huawei/bma/veth_drv/Makefile create mode 100644 drivers/net/ethernet/huawei/bma/veth_drv/veth_hb.c create mode 100644 drivers/net/ethernet/huawei/bma/veth_drv/veth_hb.h -- 2.27.0

2 7

[PATCH OLK-5.10] tracing: Ensure visibility when inserting an element into tracing_map
by Zheng Yejian 27 Mar '24

27 Mar '24

From: Petr Pavlu <petr.pavlu(a)suse.com> mainline inclusion from mainline-v6.8-rc2 commit 2b44760609e9eaafc9d234a6883d042fc21132a7 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BV24 CVE: CVE-2024-26645 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram entries: $ while true; do echo hist:key=id.syscall:val=hitcount > \ /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist sleep 0.001 done $ stress-ng --sysbadaddr $(nproc) The warning looks as follows: [ 2911.172474] ------------[ cut here ]------------ [ 2911.173111] Duplicates detected: 1 [ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408 [ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E) [ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1 [ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01 [ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018 [ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408 [ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408 [ 2911.185310] sp : ffff8000a1513900 [ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001 [ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008 [ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180 [ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff [ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8 [ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731 [ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c [ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8 [ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000 [ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480 [ 2911.194259] Call trace: [ 2911.194626] tracing_map_sort_entries+0x3e0/0x408 [ 2911.195220] hist_show+0x124/0x800 [ 2911.195692] seq_read_iter+0x1d4/0x4e8 [ 2911.196193] seq_read+0xe8/0x138 [ 2911.196638] vfs_read+0xc8/0x300 [ 2911.197078] ksys_read+0x70/0x108 [ 2911.197534] __arm64_sys_read+0x24/0x38 [ 2911.198046] invoke_syscall+0x78/0x108 [ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8 [ 2911.199157] do_el0_svc+0x28/0x40 [ 2911.199613] el0_svc+0x40/0x178 [ 2911.200048] el0t_64_sync_handler+0x13c/0x158 [ 2911.200621] el0t_64_sync+0x1a8/0x1b0 [ 2911.201115] ---[ end trace 0000000000000000 ]--- The problem appears to be caused by CPU reordering of writes issued from __tracing_map_insert(). The check for the presence of an element with a given key in this function is: val = READ_ONCE(entry->val); if (val && keys_match(key, val->key, map->key_size)) ... The write of a new entry is: elt = get_free_elt(map); memcpy(elt->key, key, map->key_size); entry->val = elt; The "memcpy(elt->key, key, map->key_size);" and "entry->val = elt;" stores may become visible in the reversed order on another CPU. This second CPU might then incorrectly determine that a new key doesn't match an already present val->key and subsequently insert a new element, resulting in a duplicate. Fix the problem by adding a write barrier between "memcpy(elt->key, key, map->key_size);" and "entry->val = elt;", and for good measure, also use WRITE_ONCE(entry->val, elt) for publishing the element. The sequence pairs with the mentioned "READ_ONCE(entry->val);" and the "val->key" check which has an address dependency. The barrier is placed on a path executed when adding an element for a new key. Subsequent updates targeting the same key remain unaffected. From the user's perspective, the issue was introduced by commit c193707dde77 ("tracing: Remove code which merges duplicates"), which followed commit cbf4100efb8f ("tracing: Add support to detect and avoid duplicates"). The previous code operated differently; it inherently expected potential races which result in duplicates but merged them later when they occurred. Link: https://lore.kernel.org/linux-trace-kernel/20240122150928.27725-1-petr.pavl… Fixes: c193707dde77 ("tracing: Remove code which merges duplicates") Signed-off-by: Petr Pavlu <petr.pavlu(a)suse.com> Acked-by: Tom Zanussi <tom.zanussi(a)linux.intel.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> --- kernel/trace/tracing_map.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/trace/tracing_map.c b/kernel/trace/tracing_map.c index 51a9d1185033..d47641f9740b 100644 --- a/kernel/trace/tracing_map.c +++ b/kernel/trace/tracing_map.c @@ -574,7 +574,12 @@ __tracing_map_insert(struct tracing_map *map, void *key, bool lookup_only) } memcpy(elt->key, key, map->key_size); - entry->val = elt; + /* + * Ensure the initialization is visible and + * publish the elt. + */ + smp_wmb(); + WRITE_ONCE(entry->val, elt); atomic64_inc(&map->hits); return entry->val; -- 2.25.1

2 1

[PATCH openEuler-1.0-LTS] tracing: Ensure visibility when inserting an element into tracing_map
by Zheng Yejian 27 Mar '24

27 Mar '24

From: Petr Pavlu <petr.pavlu(a)suse.com> mainline inclusion from mainline-v6.8-rc2 commit 2b44760609e9eaafc9d234a6883d042fc21132a7 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BV24 CVE: CVE-2024-26645 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram entries: $ while true; do echo hist:key=id.syscall:val=hitcount > \ /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist sleep 0.001 done $ stress-ng --sysbadaddr $(nproc) The warning looks as follows: [ 2911.172474] ------------[ cut here ]------------ [ 2911.173111] Duplicates detected: 1 [ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408 [ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E) [ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1 [ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01 [ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018 [ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408 [ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408 [ 2911.185310] sp : ffff8000a1513900 [ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001 [ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008 [ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180 [ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff [ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8 [ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731 [ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c [ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8 [ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000 [ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480 [ 2911.194259] Call trace: [ 2911.194626] tracing_map_sort_entries+0x3e0/0x408 [ 2911.195220] hist_show+0x124/0x800 [ 2911.195692] seq_read_iter+0x1d4/0x4e8 [ 2911.196193] seq_read+0xe8/0x138 [ 2911.196638] vfs_read+0xc8/0x300 [ 2911.197078] ksys_read+0x70/0x108 [ 2911.197534] __arm64_sys_read+0x24/0x38 [ 2911.198046] invoke_syscall+0x78/0x108 [ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8 [ 2911.199157] do_el0_svc+0x28/0x40 [ 2911.199613] el0_svc+0x40/0x178 [ 2911.200048] el0t_64_sync_handler+0x13c/0x158 [ 2911.200621] el0t_64_sync+0x1a8/0x1b0 [ 2911.201115] ---[ end trace 0000000000000000 ]--- The problem appears to be caused by CPU reordering of writes issued from __tracing_map_insert(). The check for the presence of an element with a given key in this function is: val = READ_ONCE(entry->val); if (val && keys_match(key, val->key, map->key_size)) ... The write of a new entry is: elt = get_free_elt(map); memcpy(elt->key, key, map->key_size); entry->val = elt; The "memcpy(elt->key, key, map->key_size);" and "entry->val = elt;" stores may become visible in the reversed order on another CPU. This second CPU might then incorrectly determine that a new key doesn't match an already present val->key and subsequently insert a new element, resulting in a duplicate. Fix the problem by adding a write barrier between "memcpy(elt->key, key, map->key_size);" and "entry->val = elt;", and for good measure, also use WRITE_ONCE(entry->val, elt) for publishing the element. The sequence pairs with the mentioned "READ_ONCE(entry->val);" and the "val->key" check which has an address dependency. The barrier is placed on a path executed when adding an element for a new key. Subsequent updates targeting the same key remain unaffected. From the user's perspective, the issue was introduced by commit c193707dde77 ("tracing: Remove code which merges duplicates"), which followed commit cbf4100efb8f ("tracing: Add support to detect and avoid duplicates"). The previous code operated differently; it inherently expected potential races which result in duplicates but merged them later when they occurred. Link: https://lore.kernel.org/linux-trace-kernel/20240122150928.27725-1-petr.pavl… Fixes: c193707dde77 ("tracing: Remove code which merges duplicates") Signed-off-by: Petr Pavlu <petr.pavlu(a)suse.com> Acked-by: Tom Zanussi <tom.zanussi(a)linux.intel.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> --- kernel/trace/tracing_map.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/trace/tracing_map.c b/kernel/trace/tracing_map.c index 9e31bfc818ff..da7337f0c9bc 100644 --- a/kernel/trace/tracing_map.c +++ b/kernel/trace/tracing_map.c @@ -571,7 +571,12 @@ __tracing_map_insert(struct tracing_map *map, void *key, bool lookup_only) } memcpy(elt->key, key, map->key_size); - entry->val = elt; + /* + * Ensure the initialization is visible and + * publish the elt. + */ + smp_wmb(); + WRITE_ONCE(entry->val, elt); atomic64_inc(&map->hits); return entry->val; -- 2.25.1

2 1

[PATCH openEuler-1.0-LTS] serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
by Cai Xinchen 27 Mar '24

27 Mar '24

From: Zheyu Ma <zheyuma97(a)gmail.com> stable inclusion from stable-v4.19.193 commit 35265552c7fe9553c75e324c80f45e28ff14eb6e category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BHLP CVE: CVE-2021-47169 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 016002848c82eeb5d460489ce392d91fe18c475c upstream. In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't exists, function just return without initializing ports of 'rp2_card'. But now the interrupt handler function has been registered, and when an interrupt comes, 'rp2_uart_interrupt' may access those ports then causing NULL pointer dereference or other bugs. Because the driver does some initialization work in 'rp2_fw_cb', in order to make the driver ready to handle interrupts, 'request_firmware' should be used instead of asynchronous 'request_firmware_nowait'. This report reveals it: INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xec/0x156 lib/dump_stack.c:118 assign_lock_key kernel/locking/lockdep.c:727 [inline] register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753 __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303 lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline] rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493 rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504 __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149 handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189 handle_irq_event+0xac/0x140 kernel/irq/handle.c:206 handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 </IRQ> RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61 Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8 8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200 RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840 R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002 R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0x6f/0x360 arch/x86/kernel/process.c:557 arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548 default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263 cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369 start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: 493 Code: df e8 43 5d c2 05 48 8d 83 e8 01 00 00 48 89 85 60 ff ff ff 48 c1 e8 03 42 80 3c 30 00 0f 85 aa 07 00 00 48 8b 83 e8 01 00 00 <8b> 40 10 89 c1 89 85 68 ff ff ff 48 8b 83 e8 01 00 00 89 48 10 83 RSP: 0018:ffff88806c287cd0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff88806ade6820 RCX: ffffffff814300b1 RDX: 1ffff1100d5bcd06 RSI: 0000000000000004 RDI: ffff88806ade6820 RBP: ffff88806c287db8 R08: ffffed100d5bcd05 R09: ffffed100d5bcd05 R10: 0000000000000001 R11: ffffed100d5bcd04 R12: ffffc90001e00000 R13: ffff888069654e10 R14: dffffc0000000000 R15: ffff888069654df0 FS: 0000000000000000(0000) GS:ffff88806c280000(0000) knlGS: 0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 000000006892c000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504 __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149 handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189 handle_irq_event+0xac/0x140 kernel/irq/handle.c:206 handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 </IRQ> RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61 Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8 8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200 RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840 R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002 R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0x6f/0x360 arch/x86/kernel/process.c:557 arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548 default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263 cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369 start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 Modules linked in: Dumping ftrace buffer: (ftrace buffer empty) CR2: 0000000000000010 ---[ end trace 11804dbb55cb1a64 ]--- RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: 493 Code: df e8 43 5d c2 05 48 8d 83 e8 01 00 00 48 89 85 60 ff ff ff 48 c1 e8 03 42 80 3c 30 00 0f 85 aa 07 00 00 48 8b 83 e8 01 00 00 <8b> 40 10 89 c1 89 85 68 ff ff ff 48 8b 83 e8 01 00 00 89 48 10 83 RSP: 0018:ffff88806c287cd0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff88806ade6820 RCX: ffffffff814300b1 RDX: 1ffff1100d5bcd06 RSI: 0000000000000004 RDI: ffff88806ade6820 RBP: ffff88806c287db8 R08: ffffed100d5bcd05 R09: ffffed100d5bcd05 R10: 0000000000000001 R11: ffffed100d5bcd04 R12: ffffc90001e00000 R13: ffff888069654e10 R14: dffffc0000000000 R15: ffff888069654df0 FS: 0000000000000000(0000) GS:ffff88806c280000(0000) knlGS: 0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 000000006892c000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Reported-by: Zheyu Ma <zheyuma97(a)gmail.com> Signed-off-by: Zheyu Ma <zheyuma97(a)gmail.com> Link: https://lore.kernel.org/r/1621577323-1541-1-git-send-email-zheyuma97@gmail.… Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Cai Xinchen <caixinchen1(a)huawei.com> --- drivers/tty/serial/rp2.c | 52 +++++++++++++--------------------------- 1 file changed, 17 insertions(+), 35 deletions(-) diff --git a/drivers/tty/serial/rp2.c b/drivers/tty/serial/rp2.c index 5690c09cc041..944a4c010579 100644 --- a/drivers/tty/serial/rp2.c +++ b/drivers/tty/serial/rp2.c @@ -195,7 +195,6 @@ struct rp2_card { void __iomem *bar0; void __iomem *bar1; spinlock_t card_lock; - struct completion fw_loaded; }; #define RP_ID(prod) PCI_VDEVICE(RP, (prod)) @@ -664,17 +663,10 @@ static void rp2_remove_ports(struct rp2_card *card) card->initialized_ports = 0; } -static void rp2_fw_cb(const struct firmware *fw, void *context) +static int rp2_load_firmware(struct rp2_card *card, const struct firmware *fw) { - struct rp2_card *card = context; resource_size_t phys_base; - int i, rc = -ENOENT; - - if (!fw) { - dev_err(&card->pdev->dev, "cannot find '%s' firmware image\n", - RP2_FW_NAME); - goto no_fw; - } + int i, rc = 0; phys_base = pci_resource_start(card->pdev, 1); @@ -720,23 +712,13 @@ static void rp2_fw_cb(const struct firmware *fw, void *context) card->initialized_ports++; } - release_firmware(fw); -no_fw: - /* - * rp2_fw_cb() is called from a workqueue long after rp2_probe() - * has already returned success. So if something failed here, - * we'll just leave the now-dormant device in place until somebody - * unbinds it. - */ - if (rc) - dev_warn(&card->pdev->dev, "driver initialization failed\n"); - - complete(&card->fw_loaded); + return rc; } static int rp2_probe(struct pci_dev *pdev, const struct pci_device_id *id) { + const struct firmware *fw; struct rp2_card *card; struct rp2_uart_port *ports; void __iomem * const *bars; @@ -747,7 +729,6 @@ static int rp2_probe(struct pci_dev *pdev, return -ENOMEM; pci_set_drvdata(pdev, card); spin_lock_init(&card->card_lock); - init_completion(&card->fw_loaded); rc = pcim_enable_device(pdev); if (rc) @@ -780,21 +761,23 @@ static int rp2_probe(struct pci_dev *pdev, return -ENOMEM; card->ports = ports; - rc = devm_request_irq(&pdev->dev, pdev->irq, rp2_uart_interrupt, - IRQF_SHARED, DRV_NAME, card); - if (rc) + rc = request_firmware(&fw, RP2_FW_NAME, &pdev->dev); + if (rc < 0) { + dev_err(&pdev->dev, "cannot find '%s' firmware image\n", + RP2_FW_NAME); return rc; + } - /* - * Only catastrophic errors (e.g. ENOMEM) are reported here. - * If the FW image is missing, we'll find out in rp2_fw_cb() - * and print an error message. - */ - rc = request_firmware_nowait(THIS_MODULE, 1, RP2_FW_NAME, &pdev->dev, - GFP_KERNEL, card, rp2_fw_cb); + rc = rp2_load_firmware(card, fw); + + release_firmware(fw); + if (rc < 0) + return rc; + + rc = devm_request_irq(&pdev->dev, pdev->irq, rp2_uart_interrupt, + IRQF_SHARED, DRV_NAME, card); if (rc) return rc; - dev_dbg(&pdev->dev, "waiting for firmware blob...\n"); return 0; } @@ -803,7 +786,6 @@ static void rp2_remove(struct pci_dev *pdev) { struct rp2_card *card = pci_get_drvdata(pdev); - wait_for_completion(&card->fw_loaded); rp2_remove_ports(card); } -- 2.34.1

2 1

[PATCH openEuler-1.0-LTS] mlock return -EINVAL for invalid len
by Wupeng Ma 27 Mar '24

27 Mar '24

From: Ma Wupeng <mawupeng1(a)huawei.com> mlock return -EINVAL for invalid len. Ma Wupeng (1): mm/mlock: return EINVAL for illegal user memory range in mlock mm/mlock.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) -- 2.25.1

2 2

[PATCH OLK-5.10 v2 0/2] Fix I/O high when memory almost met memcg limit
by Liu Shixin 27 Mar '24

27 Mar '24

Recently, when install package in a docker which almost reached its memory limit, the installer has no respond severely for more than 15 minutes. During this period, I/O stays high(~1G/s) and influence the whole machine. I've constructed a use case as follows: 1. create a docker: $ cat test.sh #!/bin/bash docker rm centos7 --force docker create --name centos7 --memory 4G --memory-swap 6G centos:7 /usr/sbin/init docker start centos7 sleep 1 docker cp ./alloc_page centos7:/ docker cp ./reproduce.sh centos7:/ docker exec -it centos7 /bin/bash 2. try reproduce the problem in docker: $ cat reproduce.sh #!/bin/bash while true; do flag=$(ps -ef | grep -v grep | grep alloc_page| wc -l) if [ "$flag" -eq 0 ]; then /alloc_page & fi sleep 30 start_time=$(date +%s) yum install -y expect > /dev/null 2>&1 end_time=$(date +%s) elapsed_time=$((end_time - start_time)) echo "$elapsed_time seconds" yum remove -y expect > /dev/null 2>&1 done $ cat alloc_page.c: #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #define SIZE 1*1024*1024 //1M int main() { void *addr = NULL; int i; for (i = 0; i < 1024 * 6 - 50;i++) { addr = (void *)malloc(SIZE); if (!addr) return -1; memset(addr, 0, SIZE); } sleep(99999); return 0; } We found that this problem is caused by a lot ot meaningless read-ahead. Since the docker is almost met memory limit, the page will be reclaimed immediately after read-ahead and will read-ahead again immediately. The program is executed slowly and waste a lot of I/O resource. These patches aim to break the read-ahead in above scenario. Liu Shixin (2): mm/readahead: break read-ahead loop if filemap_add_folio return -ENOMEM mm/filemap: don't decrease mmap_miss when page has workingset flag mm/filemap.c | 9 ++++++++- mm/readahead.c | 17 ++++++++++++----- 2 files changed, 20 insertions(+), 6 deletions(-) -- 2.25.1

2 3

[PATCH openEuler-1.0-LTS] drm/amdgpu: Fix a use-after-free
by GUO Zihua 27 Mar '24

27 Mar '24

From: xinhui pan <xinhui.pan(a)amd.com> stable inclusion from stable-v4.19.193 commit a849e218556f932576c0fb1c5a88714b61709a17 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BGUB CVE: CVE-2021-47142 Reference: https://git.kernel.org/stable/c/a849e218556f932576c0fb1c5a88714b61709a17 -------------------------------- [ Upstream commit 1e5c37385097c35911b0f8a0c67ffd10ee1af9a2 ] looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751] sg_free_table+0x17/0x20 [ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm] [ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm] [ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm] [ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm] [ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu] [ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu] [ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu] [ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu] Signed-off-by: xinhui pan <xinhui.pan(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: GUO Zihua <guozihua(a)huawei.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c index fcf421263fd9..47728a7bd837 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c @@ -1276,6 +1276,7 @@ static void amdgpu_ttm_tt_unpopulate(struct ttm_tt *ttm) if (gtt && gtt->userptr) { amdgpu_ttm_tt_set_user_pages(ttm, NULL); kfree(ttm->sg); + ttm->sg = NULL; ttm->page_flags &= ~TTM_PAGE_FLAG_SG; return; } -- 2.34.1

2 1

[PATCH openEuler-1.0-LTS 0/2] fix CVE-2021-47173
by Wupeng Ma 27 Mar '24

27 Mar '24

From: Ma Wupeng <mawupeng1(a)huawei.com> fix CVE-2021-47173 by release resource correctly. Dongliang Mu (1): misc/uss720: fix memory leak in uss720_probe Hangyu Hua (1): usb: misc: fix improper handling of refcount in uss720_probe() drivers/usb/misc/uss720.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.25.1

2 3

[openeuler:OLK-6.6 2698/6883] drivers/platform/mpam/mpam_devices.c:247:11: error: call to undeclared function '__acpi_get_mem_attribute'; ISO C99 and later do not support implicit function declarations
by kernel test robot 27 Mar '24

27 Mar '24

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: ce3022885cff9ed62573d5866dee9e8f42756b4d commit: 3e9e723f3bf92a19e5e15dda89bbb136ce463294 [2698/6883] arm_mpam: Add probe/remove for mpam msc driver and kbuild boiler plate config: arm64-randconfig-002-20240327 (https://download.01.org/0day-ci/archive/20240327/202403271231.DndRjPnH-lkp@…) compiler: clang version 15.0.7 (https://github.com/llvm/llvm-project.git 8dfdcc7b7bf66834a761bd8de445840ef68e4d1a) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240327/202403271231.DndRjPnH-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202403271231.DndRjPnH-lkp@intel.com/ All errors (new ones prefixed by >>): drivers/platform/mpam/mpam_devices.c:212:24: error: no member named 'mon_sel_lock' in 'struct mpam_msc'; did you mean 'part_sel_lock'? spin_lock_init(&msc->mon_sel_lock); ^~~~~~~~~~~~ part_sel_lock include/linux/spinlock.h:335:38: note: expanded from macro 'spin_lock_init' __raw_spin_lock_init(spinlock_check(lock), \ ^ drivers/platform/mpam/mpam_internal.h:43:14: note: 'part_sel_lock' declared here spinlock_t part_sel_lock; ^ >> drivers/platform/mpam/mpam_devices.c:247:11: error: call to undeclared function '__acpi_get_mem_attribute'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] prot = __acpi_get_mem_attribute(msc->pcc_chan->shmem_base_addr); ^ >> drivers/platform/mpam/mpam_devices.c:247:9: error: assigning to 'pgprot_t' from incompatible type 'int' prot = __acpi_get_mem_attribute(msc->pcc_chan->shmem_base_addr); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3 errors generated. vim +/__acpi_get_mem_attribute +247 drivers/platform/mpam/mpam_devices.c 170 171 static int mpam_msc_drv_probe(struct platform_device *pdev) 172 { 173 int err; 174 pgprot_t prot; 175 void * __iomem io; 176 struct mpam_msc *msc; 177 struct resource *msc_res; 178 void *plat_data = pdev->dev.platform_data; 179 180 mutex_lock(&mpam_list_lock); 181 do { 182 msc = devm_kzalloc(&pdev->dev, sizeof(*msc), GFP_KERNEL); 183 if (!msc) { 184 err = -ENOMEM; 185 break; 186 } 187 188 INIT_LIST_HEAD_RCU(&msc->glbl_list); 189 msc->pdev = pdev; 190 191 err = device_property_read_u32(&pdev->dev, "arm,not-ready-us", 192 &msc->nrdy_usec); 193 if (err) { 194 /* This will prevent CSU monitors being usable */ 195 msc->nrdy_usec = 0; 196 } 197 198 err = get_msc_affinity(msc); 199 if (err) 200 break; 201 if (cpumask_empty(&msc->accessibility)) { 202 pr_err_once("msc:%u is not accessible from any CPU!", 203 msc->id); 204 err = -EINVAL; 205 break; 206 } 207 208 mutex_init(&msc->lock); 209 msc->id = mpam_num_msc++; 210 INIT_LIST_HEAD_RCU(&msc->ris); 211 spin_lock_init(&msc->part_sel_lock); 212 spin_lock_init(&msc->mon_sel_lock); 213 214 if (device_property_read_u32(&pdev->dev, "pcc-channel", 215 &msc->pcc_subspace_id)) 216 msc->iface = MPAM_IFACE_MMIO; 217 else 218 msc->iface = MPAM_IFACE_PCC; 219 220 if (msc->iface == MPAM_IFACE_MMIO) { 221 io = devm_platform_get_and_ioremap_resource(pdev, 0, 222 &msc_res); 223 if (IS_ERR(io)) { 224 pr_err("Failed to map MSC base address\n"); 225 devm_kfree(&pdev->dev, msc); 226 err = PTR_ERR(io); 227 break; 228 } 229 msc->mapped_hwpage_sz = msc_res->end - msc_res->start; 230 msc->mapped_hwpage = io; 231 } else if (msc->iface == MPAM_IFACE_PCC) { 232 msc->pcc_cl.dev = &pdev->dev; 233 msc->pcc_cl.rx_callback = mpam_pcc_rx_callback; 234 msc->pcc_cl.tx_block = false; 235 msc->pcc_cl.tx_tout = 1000; /* 1s */ 236 msc->pcc_cl.knows_txdone = false; 237 238 msc->pcc_chan = pcc_mbox_request_channel(&msc->pcc_cl, 239 msc->pcc_subspace_id); 240 if (IS_ERR(msc->pcc_chan)) { 241 pr_err("Failed to request MSC PCC channel\n"); 242 devm_kfree(&pdev->dev, msc); 243 err = PTR_ERR(msc->pcc_chan); 244 break; 245 } 246 > 247 prot = __acpi_get_mem_attribute(msc->pcc_chan->shmem_base_addr); 248 io = ioremap_prot(msc->pcc_chan->shmem_base_addr, 249 msc->pcc_chan->shmem_size, pgprot_val(prot)); 250 if (IS_ERR(io)) { 251 pr_err("Failed to map MSC base address\n"); 252 pcc_mbox_free_channel(msc->pcc_chan); 253 devm_kfree(&pdev->dev, msc); 254 err = PTR_ERR(io); 255 break; 256 } 257 258 /* TODO: issue a read to update the registers */ 259 260 msc->mapped_hwpage_sz = msc->pcc_chan->shmem_size; 261 msc->mapped_hwpage = io + sizeof(struct acpi_pcct_shared_memory); 262 } 263 264 list_add_rcu(&msc->glbl_list, &mpam_all_msc); 265 platform_set_drvdata(pdev, msc); 266 } while (0); 267 mutex_unlock(&mpam_list_lock); 268 269 if (!err) { 270 /* Create RIS entries described by firmware */ 271 if (!acpi_disabled) 272 err = acpi_mpam_parse_resources(msc, plat_data); 273 else 274 err = mpam_dt_parse_resources(msc, plat_data); 275 } 276 277 if (!err && fw_num_msc == mpam_num_msc) 278 mpam_discovery_complete(); 279 280 return err; 281 } 282 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-1.0-LTS] net: fujitsu: fix potential null-ptr-deref
by Peng Zhang 27 Mar '24

27 Mar '24

From: Anirudh Rayabharam <mail(a)anirudhrb.com> mainline inclusion from mainline-v5.13-rc3 commit 52202be1cd996cde6e8969a128dc27ee45a7cb5e category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BGKK CVE: CVE-2021-47149 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- In fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure. Cc: "David S. Miller" <davem(a)davemloft.net> Acked-by: Dominik Brodowski <linux(a)dominikbrodowski.net> Signed-off-by: Anirudh Rayabharam <mail(a)anirudhrb.com> Link: https://lore.kernel.org/r/20210503115736.2104747-16-gregkh@linuxfoundation.… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: ZhangPeng <zhangpeng362(a)huawei.com> --- drivers/net/ethernet/fujitsu/fmvj18x_cs.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/net/ethernet/fujitsu/fmvj18x_cs.c b/drivers/net/ethernet/fujitsu/fmvj18x_cs.c index a69cd19a55ae..b8fc9bbeca2c 100644 --- a/drivers/net/ethernet/fujitsu/fmvj18x_cs.c +++ b/drivers/net/ethernet/fujitsu/fmvj18x_cs.c @@ -547,6 +547,11 @@ static int fmvj18x_get_hwinfo(struct pcmcia_device *link, u_char *node_id) return -1; base = ioremap(link->resource[2]->start, resource_size(link->resource[2])); + if (!base) { + pcmcia_release_window(link, link->resource[2]); + return -1; + } + pcmcia_map_mem_page(link, link->resource[2], 0); /* -- 2.25.1

2 1

[PATCH openEuler-1.0-LTS] NFC: nci: fix memory leak in nci_allocate_device
by Liu Jian 27 Mar '24

27 Mar '24

From: Dongliang Mu <mudongliangabcd(a)gmail.com> stable inclusion from stable-v4.19.193 commit 0365701bc44e078682ee1224866a71897495c7ef category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BHQ7 CVE: CVE-2021-47180 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- commit e0652f8bb44d6294eeeac06d703185357f25d50b upstream. nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 Reported-by: syzbot+19bcfc64a8df1318d1c3(a)syzkaller.appspotmail.com Fixes: 11f54f228643 ("NFC: nci: Add HCI over NCI protocol support") Signed-off-by: Dongliang Mu <mudongliangabcd(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- include/net/nfc/nci_core.h | 1 + net/nfc/nci/core.c | 1 + net/nfc/nci/hci.c | 5 +++++ 3 files changed, 7 insertions(+) diff --git a/include/net/nfc/nci_core.h b/include/net/nfc/nci_core.h index 5878c0cd8161..1560ce548add 100644 --- a/include/net/nfc/nci_core.h +++ b/include/net/nfc/nci_core.h @@ -311,6 +311,7 @@ int nci_nfcc_loopback(struct nci_dev *ndev, void *data, size_t data_len, struct sk_buff **resp); struct nci_hci_dev *nci_hci_allocate(struct nci_dev *ndev); +void nci_hci_deallocate(struct nci_dev *ndev); int nci_hci_send_event(struct nci_dev *ndev, u8 gate, u8 event, const u8 *param, size_t param_len); int nci_hci_send_cmd(struct nci_dev *ndev, u8 gate, diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c index 6ba0cdbf8c4a..904102dc3d04 100644 --- a/net/nfc/nci/core.c +++ b/net/nfc/nci/core.c @@ -1204,6 +1204,7 @@ EXPORT_SYMBOL(nci_allocate_device); void nci_free_device(struct nci_dev *ndev) { nfc_free_device(ndev->nfc_dev); + nci_hci_deallocate(ndev); kfree(ndev); } EXPORT_SYMBOL(nci_free_device); diff --git a/net/nfc/nci/hci.c b/net/nfc/nci/hci.c index c0d323b58e73..c972c212e7ca 100644 --- a/net/nfc/nci/hci.c +++ b/net/nfc/nci/hci.c @@ -807,3 +807,8 @@ struct nci_hci_dev *nci_hci_allocate(struct nci_dev *ndev) return hdev; } + +void nci_hci_deallocate(struct nci_dev *ndev) +{ + kfree(ndev->hci_dev); +} -- 2.34.1

2 1

[PATCH v2 OLK-6.6 00/22] ACPI/arm64: add support for virtual cpu hotplug
by liwei 27 Mar '24

27 Mar '24

This is this remaining patches for ARM64 virtual cpu hotplug, which follows on from the previous set of 21 patches that GregKH has recently queued up, and "x86: intel_epb: Don't rely on link order" which can be found at: https://lore.kernel.org/r/ZVyz/Ve5pPu8AWoA@shell.armlinux.org.uk James Morse (19): ACPI: Only enumerate enabled (or functional) devices ACPI: processor: Add support for processors described as container packages ACPI: processor: Register CPUs that are online, but not described in the DSDT ACPI: processor: Register all CPUs from acpi_processor_get_info() ACPI: Rename ACPI_HOTPLUG_CPU to include 'present' ACPI: Move acpi_bus_trim_one() before acpi_scan_hot_remove() ACPI: Rename acpi_processor_hotadd_init and remove pre-processor guards ACPI: Add post_eject to struct acpi_scan_handler for cpu hotplug ACPI: Check _STA present bit before making CPUs not present ACPI: Warn when the present bit changes but the feature is not enabled arm64: acpi: Move get_cpu_for_acpi_id() to a header ACPICA: Add new MADT GICC flags fields irqchip/gic-v3: Don't return errors from gic_acpi_match_gicc() irqchip/gic-v3: Add support for ACPI's disabled but 'online capable' CPUs ACPI: add support to register CPUs based on the _STA enabled bit ACPI: processor: Only call arch_unregister_cpu() if HOTPLUG_CPU is selected arm64: document virtual CPU hotplug's expectations ACPI: Add _OSC bits to advertise OS support for toggling CPU present/enabled cpumask: Add enabled cpumask for present CPUs that can be brought online Jean-Philippe Brucker (1): arm64: psci: Ignore DENIED CPUs Russell King (Oracle) (1): ACPI: convert acpi_processor_post_eject() to use IS_ENABLED() liwei (1): arm64/psci: Add undefined error message printing for psci_x_cpu_on Documentation/arch/arm64/cpu-hotplug.rst | 79 +++++++++++++ Documentation/arch/arm64/index.rst | 1 + arch/arm64/include/asm/acpi.h | 11 ++ arch/arm64/kernel/acpi_numa.c | 11 -- arch/arm64/kernel/psci.c | 8 +- arch/arm64/kernel/smp.c | 3 +- arch/loongarch/Kconfig | 2 +- arch/loongarch/kernel/acpi.c | 4 +- arch/x86/Kconfig | 3 +- arch/x86/kernel/acpi/boot.c | 4 +- drivers/acpi/Kconfig | 13 ++- drivers/acpi/acpi_processor.c | 141 ++++++++++++++++++++--- drivers/acpi/bus.c | 16 +++ drivers/acpi/device_pm.c | 2 +- drivers/acpi/device_sysfs.c | 2 +- drivers/acpi/internal.h | 1 - drivers/acpi/property.c | 2 +- drivers/acpi/scan.c | 140 ++++++++++++++-------- drivers/base/cpu.c | 16 ++- drivers/irqchip/irq-gic-v3.c | 32 +++-- include/acpi/acpi_bus.h | 1 + include/acpi/actbl2.h | 1 + include/linux/acpi.h | 10 +- include/linux/cpumask.h | 25 ++++ kernel/cpu.c | 3 + 25 files changed, 425 insertions(+), 106 deletions(-) create mode 100644 Documentation/arch/arm64/cpu-hotplug.rst -- 2.25.1

2 23

[PATCH openEuler-1.0-LTS 1/2] net: usb: fix memory leak in smsc75xx_bind
by Luo Gengkun 27 Mar '24

27 Mar '24

From: Pavel Skripkin <paskripkin(a)gmail.com> mainline inclusion from mainline-v5.13-rc4 commit 46a8b29c6306d8bbfd92b614ef65a47c900d8e70 category: bugfix bugzilla: 189719 CVE: CVE-2021-47171 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728 Fixes: d0cad871703b ("smsc75xx: SMSC LAN75xx USB gigabit ethernet adapter driver") Cc: stable(a)kernel.vger.org Reported-and-tested-by: syzbot+b558506ba8165425fee2(a)syzkaller.appspotmail.com Signed-off-by: Pavel Skripkin <paskripkin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Luo Gengkun <luogengkun2(a)huawei.com> --- drivers/net/usb/smsc75xx.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/net/usb/smsc75xx.c b/drivers/net/usb/smsc75xx.c index ef8589e3a6d1..15cc5e4acaa5 100644 --- a/drivers/net/usb/smsc75xx.c +++ b/drivers/net/usb/smsc75xx.c @@ -1497,7 +1497,7 @@ static int smsc75xx_bind(struct usbnet *dev, struct usb_interface *intf) ret = smsc75xx_wait_ready(dev, 0); if (ret < 0) { netdev_warn(dev->net, "device not ready in smsc75xx_bind\n"); - return ret; + goto err; } smsc75xx_init_mac_address(dev); @@ -1506,7 +1506,7 @@ static int smsc75xx_bind(struct usbnet *dev, struct usb_interface *intf) ret = smsc75xx_reset(dev); if (ret < 0) { netdev_warn(dev->net, "smsc75xx_reset error %d\n", ret); - return ret; + goto err; } dev->net->netdev_ops = &smsc75xx_netdev_ops; @@ -1516,6 +1516,10 @@ static int smsc75xx_bind(struct usbnet *dev, struct usb_interface *intf) dev->hard_mtu = dev->net->mtu + dev->net->hard_header_len; dev->net->max_mtu = MAX_SINGLE_PACKET_SIZE; return 0; + +err: + kfree(pdata); + return ret; } static void smsc75xx_unbind(struct usbnet *dev, struct usb_interface *intf) -- 2.34.1

2 2

[PATCH openEuler-1.0-LTS] mm: ksm: fix use-after-free kasan report in ksm_might_need_to_copy
by Jinjiang Tu 27 Mar '24

27 Mar '24

From: Nanyong Sun <sunnanyong(a)huawei.com> mainline inclusion from mainline-v5.17-rc1 commit e1c63e110f977205ab9dfb38989c54e6e7b52a7b category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9BWEShttps://gitee.com/openeuler… CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- When under the stress of swapping in/out with KSM enabled, there is a low probability that kasan reports the BUG of use-after-free in ksm_might_need_to_copy() when do swap in. The freed object is the anon_vma got from page_anon_vma(page). It is because a swapcache page associated with one anon_vma now needed for another anon_vma, but the page's original vma was unmapped and the anon_vma was freed. In this case the if condition below always return false and then alloc a new page to copy. Swapin process then use the new page and can continue to run well, so this is harmless actually. } else if (anon_vma->root == vma->anon_vma->root && page->index == linear_page_index(vma, address)) { This patch exchange the order of above two judgment statement to avoid the kasan warning. Let cpu run "page->index == linear_page_index(vma, address)" firstly and return false basically to skip the read of anon_vma->root which may trigger the kasan use-after-free warning: ================================================================== BUG: KASAN: use-after-free in ksm_might_need_to_copy+0x12e/0x5b0 Read of size 8 at addr ffff88be9977dbd0 by task khugepaged/694 CPU: 8 PID: 694 Comm: khugepaged Kdump: loaded Tainted: G OE - 4.18.0.x86_64 Hardware name: 1288H V5/BC11SPSC0, BIOS 7.93 01/14/2021 Call Trace: dump_stack+0xf1/0x19b print_address_description+0x70/0x360 kasan_report+0x1b2/0x330 ksm_might_need_to_copy+0x12e/0x5b0 do_swap_page+0x452/0xe70 __collapse_huge_page_swapin+0x24b/0x720 khugepaged_scan_pmd+0xcae/0x1ff0 khugepaged+0x8ee/0xd70 kthread+0x1a2/0x1d0 ret_from_fork+0x1f/0x40 Allocated by task 2306153: kasan_kmalloc+0xa0/0xd0 kmem_cache_alloc+0xc0/0x1c0 anon_vma_clone+0xf7/0x380 anon_vma_fork+0xc0/0x390 copy_process+0x447b/0x4810 _do_fork+0x118/0x620 do_syscall_64+0x112/0x360 entry_SYSCALL_64_after_hwframe+0x65/0xca Freed by task 2306242: __kasan_slab_free+0x130/0x180 kmem_cache_free+0x78/0x1d0 unlink_anon_vmas+0x19c/0x4a0 free_pgtables+0x137/0x1b0 exit_mmap+0x133/0x320 mmput+0x15e/0x390 do_exit+0x8c5/0x1210 do_group_exit+0xb5/0x1b0 __x64_sys_exit_group+0x21/0x30 do_syscall_64+0x112/0x360 entry_SYSCALL_64_after_hwframe+0x65/0xca The buggy address belongs to the object at ffff88be9977dba0 which belongs to the cache anon_vma_chain of size 64 The buggy address is located 48 bytes inside of 64-byte region [ffff88be9977dba0, ffff88be9977dbe0) The buggy address belongs to the page: page:ffffea00fa65df40 count:1 mapcount:0 mapping:ffff888107717800 index:0x0 flags: 0x17ffffc0000100(slab) ================================================================== Link: https://lkml.kernel.org/r/20211202102940.1069634-1-sunnanyong@huawei.com Signed-off-by: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Jinjiang Tu <tujinjiang(a)huawei.com> --- mm/ksm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/ksm.c b/mm/ksm.c index b656fa77f92f..341e09c376e6 100644 --- a/mm/ksm.c +++ b/mm/ksm.c @@ -2596,8 +2596,8 @@ struct page *ksm_might_need_to_copy(struct page *page, return page; /* no need to copy it */ } else if (!anon_vma) { return page; /* no need to copy it */ - } else if (anon_vma->root == vma->anon_vma->root && - page->index == linear_page_index(vma, address)) { + } else if (page->index == linear_page_index(vma, address) && + anon_vma->root == vma->anon_vma->root) { return page; /* still no need to copy it */ } if (!PageUptodate(page)) -- 2.25.1

2 1

[PATCH OLK-5.10] mm: ksm: fix use-after-free kasan report in ksm_might_need_to_copy
by Jinjiang Tu 27 Mar '24

27 Mar '24

From: Nanyong Sun <sunnanyong(a)huawei.com> mainline inclusion from mainline-v5.17-rc1 commit e1c63e110f977205ab9dfb38989c54e6e7b52a7b category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9BWES CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- When under the stress of swapping in/out with KSM enabled, there is a low probability that kasan reports the BUG of use-after-free in ksm_might_need_to_copy() when do swap in. The freed object is the anon_vma got from page_anon_vma(page). It is because a swapcache page associated with one anon_vma now needed for another anon_vma, but the page's original vma was unmapped and the anon_vma was freed. In this case the if condition below always return false and then alloc a new page to copy. Swapin process then use the new page and can continue to run well, so this is harmless actually. } else if (anon_vma->root == vma->anon_vma->root && page->index == linear_page_index(vma, address)) { This patch exchange the order of above two judgment statement to avoid the kasan warning. Let cpu run "page->index == linear_page_index(vma, address)" firstly and return false basically to skip the read of anon_vma->root which may trigger the kasan use-after-free warning: ================================================================== BUG: KASAN: use-after-free in ksm_might_need_to_copy+0x12e/0x5b0 Read of size 8 at addr ffff88be9977dbd0 by task khugepaged/694 CPU: 8 PID: 694 Comm: khugepaged Kdump: loaded Tainted: G OE - 4.18.0.x86_64 Hardware name: 1288H V5/BC11SPSC0, BIOS 7.93 01/14/2021 Call Trace: dump_stack+0xf1/0x19b print_address_description+0x70/0x360 kasan_report+0x1b2/0x330 ksm_might_need_to_copy+0x12e/0x5b0 do_swap_page+0x452/0xe70 __collapse_huge_page_swapin+0x24b/0x720 khugepaged_scan_pmd+0xcae/0x1ff0 khugepaged+0x8ee/0xd70 kthread+0x1a2/0x1d0 ret_from_fork+0x1f/0x40 Allocated by task 2306153: kasan_kmalloc+0xa0/0xd0 kmem_cache_alloc+0xc0/0x1c0 anon_vma_clone+0xf7/0x380 anon_vma_fork+0xc0/0x390 copy_process+0x447b/0x4810 _do_fork+0x118/0x620 do_syscall_64+0x112/0x360 entry_SYSCALL_64_after_hwframe+0x65/0xca Freed by task 2306242: __kasan_slab_free+0x130/0x180 kmem_cache_free+0x78/0x1d0 unlink_anon_vmas+0x19c/0x4a0 free_pgtables+0x137/0x1b0 exit_mmap+0x133/0x320 mmput+0x15e/0x390 do_exit+0x8c5/0x1210 do_group_exit+0xb5/0x1b0 __x64_sys_exit_group+0x21/0x30 do_syscall_64+0x112/0x360 entry_SYSCALL_64_after_hwframe+0x65/0xca The buggy address belongs to the object at ffff88be9977dba0 which belongs to the cache anon_vma_chain of size 64 The buggy address is located 48 bytes inside of 64-byte region [ffff88be9977dba0, ffff88be9977dbe0) The buggy address belongs to the page: page:ffffea00fa65df40 count:1 mapcount:0 mapping:ffff888107717800 index:0x0 flags: 0x17ffffc0000100(slab) ================================================================== Link: https://lkml.kernel.org/r/20211202102940.1069634-1-sunnanyong@huawei.com Signed-off-by: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Jinjiang Tu <tujinjiang(a)huawei.com> --- mm/ksm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/ksm.c b/mm/ksm.c index 62feb478a367..21bb3e7cf3bc 100644 --- a/mm/ksm.c +++ b/mm/ksm.c @@ -2727,8 +2727,8 @@ struct page *ksm_might_need_to_copy(struct page *page, return page; /* no need to copy it */ } else if (!anon_vma) { return page; /* no need to copy it */ - } else if (anon_vma->root == vma->anon_vma->root && - page->index == linear_page_index(vma, address)) { + } else if (page->index == linear_page_index(vma, address) && + anon_vma->root == vma->anon_vma->root) { return page; /* still no need to copy it */ } if (!PageUptodate(page)) -- 2.25.1

2 1

[openeuler:OLK-5.10] BUILD SUCCESS a628172942427320774c480c992747935590446d
by kernel test robot 27 Mar '24

27 Mar '24

tree/branch: https://gitee.com/openeuler/kernel.git OLK-5.10 branch HEAD: a628172942427320774c480c992747935590446d !5445 KVM: x86/mmu: Don't advance iterator after restart due to yielding Warning ids grouped by kconfigs: clang_recent_errors `-- x86_64-allyesconfig |-- drivers-infiniband-hw-xsc-mem.c:warning:no-previous-prototype-for-function-xsc_find_chunk_cont_0 |-- drivers-infiniband-hw-xsc-mr.c:warning:variable-using_peer_mem-set-but-not-used |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:Excess-function-parameter-eecd-description-in-rnpm_lower_eeprom_clk |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:Excess-function-parameter-hash_value-description-in-rnpm_set_mta |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:Excess-function-parameter-hw-description-in-rnpm_mta_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:Excess-function-parameter-pf-description-in-rnpm_set_vlan_anti_spoofing |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:Function-parameter-or-member-count-not-described-in-rnpm_shift_in_eeprom_bits |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:Function-parameter-or-member-eec-not-described-in-rnpm_lower_eeprom_clk |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:Function-parameter-or-member-mc_addr-not-described-in-rnpm_set_mta |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:Function-parameter-or-member-mode-not-described-in-rnpm_mta_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:Function-parameter-or-member-vf-not-described-in-rnpm_set_vlan_anti_spoofing |-- drivers-net-ethernet-mucse-rnpm-rnpm_debugfs.c:warning:Excess-function-parameter-pf-description-in-rnpm_dbg_adapter_exit |-- drivers-net-ethernet-mucse-rnpm-rnpm_debugfs.c:warning:Function-parameter-or-member-adapter-not-described-in-rnpm_dbg_adapter_exit |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Excess-function-parameter-dev-description-in-rnpm_get_priv_flags |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Excess-function-parameter-dev-description-in-rnpm_set_priv_flags |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Excess-function-parameter-ec-description-in-rnpm_get_coalesce |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Excess-function-parameter-ee-description-in-rnpm_get_module_eeprom |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Excess-function-parameter-flags-description-in-rnpm_set_priv_flags |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Excess-function-parameter-kec-description-in-rnpm_get_coalesce |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Excess-function-parameter-kec-description-in-rnpm_set_coalesce |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Excess-function-parameter-netdev-description-in-rnpm_get_module_eeprom |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Excess-function-parameter-netdev-description-in-rnpm_get_module_info |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Excess-function-parameter-netdev-description-in-rnpm_get_rxnfc |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Excess-function-parameter-pf-description-in-rnpm_get_rss_hash_opts |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Function-parameter-or-member-adapter-not-described-in-rnpm_get_rss_hash_opts |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Function-parameter-or-member-coal-not-described-in-rnpm_get_coalesce |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Function-parameter-or-member-dev-not-described-in-rnpm_get_module_eeprom |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Function-parameter-or-member-dev-not-described-in-rnpm_get_module_info |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Function-parameter-or-member-dev-not-described-in-rnpm_get_rxnfc |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Function-parameter-or-member-eeprom-not-described-in-rnpm_get_module_eeprom |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Function-parameter-or-member-kernel_coal-not-described-in-rnpm_get_coalesce |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Function-parameter-or-member-kernel_coal-not-described-in-rnpm_set_coalesce |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Function-parameter-or-member-netdev-not-described-in-rnpm_get_priv_flags |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Function-parameter-or-member-netdev-not-described-in-rnpm_set_priv_flags |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:Function-parameter-or-member-priv_flags-not-described-in-rnpm_set_priv_flags |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:variable-autoneg_changed-set-but-not-used |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:variable-dma_ch-set-but-not-used |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:variable-duplex_changed-set-but-not-used |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Excess-function-parameter-inner_vlan_tag-description-in-rnpm_tx_ctxtdesc |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Excess-function-parameter-l4_hdr_len-description-in-rnpm_tx_ctxtdesc |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Excess-function-parameter-mss_seg_len-description-in-rnpm_tx_ctxtdesc |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Excess-function-parameter-rxr_count-description-in-rnpm_alloc_q_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Excess-function-parameter-rxr_idx-description-in-rnpm_alloc_q_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Excess-function-parameter-tunnel_hdr_len-description-in-rnpm_tx_ctxtdesc |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Excess-function-parameter-txr_count-description-in-rnpm_alloc_q_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Excess-function-parameter-txr_idx-description-in-rnpm_alloc_q_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Excess-function-parameter-v_count-description-in-rnpm_alloc_q_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Function-parameter-or-member-eth_queue_idx-not-described-in-rnpm_alloc_q_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Function-parameter-or-member-inner_vlan_tunnel_len-not-described-in-rnpm_tx_ctxtdesc |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Function-parameter-or-member-mss_len_vf_num-not-described-in-rnpm_tx_ctxtdesc |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Function-parameter-or-member-r_count-not-described-in-rnpm_alloc_q_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Function-parameter-or-member-r_idx-not-described-in-rnpm_alloc_q_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:Function-parameter-or-member-step-not-described-in-rnpm_alloc_q_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:no-previous-prototype-for-function-rnpm_setup_layer2_remapping |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:no-previous-prototype-for-function-rnpm_setup_tuple5_remapping |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:no-previous-prototype-for-function-rnpm_setup_tuple5_remapping_tcam |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-data-description-in-rnpm_pf_service_timer |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-data-description-in-rnpm_service_timer |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-ent-description-in-rnpm_probe |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-hw-description-in-rnpm_wol_supported |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-link_speed-description-in-rnpm_watchdog_update_link |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-maxrate-description-in-rnpm_tx_maxrate_own |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-msix_vector-description-in-rnpm_set_ring_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-netdev-description-in-rnpm_setup_tc |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-netdev-description-in-rnpm_tx_maxrate_own |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-pb-description-in-rnpm_lpbthresh |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-queue-description-in-rnpm_set_ring_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-skb-description-in-rnpm_is_non_eop |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Excess-function-parameter-subdev_id-description-in-rnpm_wol_supported |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-adapter-not-described-in-rnpm_rx_ring_reinit |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-adapter-not-described-in-rnpm_setup_rx_resources |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-adapter-not-described-in-rnpm_setup_tx_resources |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-adapter-not-described-in-rnpm_tx_maxrate_own |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-adapter-not-described-in-rnpm_wol_supported |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-dev-not-described-in-rnpm_setup_tc |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-id-not-described-in-rnpm_probe |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-is_rxframe-not-described-in-rnpm_write_eitr |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-napi_budget-not-described-in-rnpm_clean_tx_irq |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-rnpm_msix_vector-not-described-in-rnpm_set_ring_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-rnpm_queue-not-described-in-rnpm_set_ring_vector |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-subdevice_id-not-described-in-rnpm_wol_supported |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-t-not-described-in-rnpm_pf_service_timer |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-t-not-described-in-rnpm_service_timer |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:Function-parameter-or-member-txqueue-not-described-in-rnpm_tx_timeout |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-clean_all_port_resetting |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-control_mac_rx |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_assign_netdev_ops |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_can_rpu_start |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_check_mc_addr |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_clear_udp_tunnel_port |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_fix_queue_number |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_pf_service_event_schedule |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_pf_service_task |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_pf_service_timer |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_rx_ring_reinit |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_service_timer |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_vlan_stags_flag |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_write_eitr |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_xmit_nop_frame_ring |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-rnpm_xmit_nop_frame_ring_temp |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-update_pf_vlan |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-function-wait_all_port_resetting |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:variable-hw-set-but-not-used |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:variable-packets-is-used-uninitialized-whenever-if-condition-is-false |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:variable-xdp_xmit-set-but-not-used |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx.c:warning:Excess-function-parameter-vf_number-description-in-rnpm_check_for_ack_pf |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx.c:warning:Excess-function-parameter-vf_number-description-in-rnpm_check_for_msg_pf |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx.c:warning:Excess-function-parameter-vf_number-description-in-rnpm_read_mbx_pf |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx.c:warning:Function-parameter-or-member-mbx_id-not-described-in-rnpm_check_for_ack_pf |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx.c:warning:Function-parameter-or-member-mbx_id-not-described-in-rnpm_check_for_msg_pf |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx.c:warning:Function-parameter-or-member-mbx_id-not-described-in-rnpm_read_mbx_pf |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-function-mbx_cookie_zalloc |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-function-rnpm_fw_get_capablity |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-function-rnpm_fw_reg_read |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-function-rnpm_fw_send_cmd_wait |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-function-rnpm_get_port_stats2 |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-function-rnpm_link_stat_mark_disable |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-function-rnpm_mbx_fw_post_req |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-function-rnpm_mbx_lldp_all_ports_enable |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-function-rnpm_mbx_pluginout_evt_en |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-function-rnpm_mbx_write_posted_locked |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:variable-err-is-uninitialized-when-used-here |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:variable-err-set-but-not-used |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:variable-hw-set-but-not-used |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:variable-value-set-but-not-used |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:Excess-function-parameter-atr_input-description-in-rnpm_atr_compute_perfect_hash_n10 |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:Excess-function-parameter-stream-description-in-rnpm_atr_compute_sig_hash_n10 |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:Function-parameter-or-member-common-not-described-in-rnpm_atr_compute_sig_hash_n10 |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:Function-parameter-or-member-input-not-described-in-rnpm_atr_compute_perfect_hash_n10 |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:Function-parameter-or-member-input-not-described-in-rnpm_atr_compute_sig_hash_n10 |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:no-previous-prototype-for-function-rnpm_reset_pipeline_n10 |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:variable-status-set-but-not-used |-- drivers-net-ethernet-mucse-rnpm-rnpm_phy.c:warning:Excess-function-parameter-eeprom_data-description-in-rnpm_read_i2c_sff8472_generic |-- drivers-net-ethernet-mucse-rnpm-rnpm_phy.c:warning:Excess-function-parameter-hw-description-in-rnpm_get_i2c_data |-- drivers-net-ethernet-mucse-rnpm-rnpm_phy.c:warning:Excess-function-parameter-hw-description-in-rnpm_get_phy_type_from_id |-- drivers-net-ethernet-mucse-rnpm-rnpm_phy.c:warning:Function-parameter-or-member-autoneg_wait_to_complete-not-described-in-rnpm_setup_phy_link_speed_generic |-- drivers-net-ethernet-mucse-rnpm-rnpm_phy.c:warning:Function-parameter-or-member-dev_addr-not-described-in-rnpm_read_i2c_byte_generic |-- drivers-net-ethernet-mucse-rnpm-rnpm_phy.c:warning:Function-parameter-or-member-dev_addr-not-described-in-rnpm_write_i2c_byte_generic |-- drivers-net-ethernet-mucse-rnpm-rnpm_phy.c:warning:Function-parameter-or-member-device_type-not-described-in-rnpm_read_phy_reg_generic |-- drivers-net-ethernet-mucse-rnpm-rnpm_phy.c:warning:Function-parameter-or-member-link_up-not-described-in-rnpm_check_phy_link_tnx |-- drivers-net-ethernet-mucse-rnpm-rnpm_phy.c:warning:Function-parameter-or-member-phy_id-not-described-in-rnpm_get_phy_type_from_id |-- drivers-net-ethernet-mucse-rnpm-rnpm_phy.c:warning:Function-parameter-or-member-sff8472_data-not-described-in-rnpm_read_i2c_sff8472_generic |-- drivers-net-ethernet-mucse-rnpm-rnpm_phy.c:warning:Function-parameter-or-member-speed-not-described-in-rnpm_check_phy_link_tnx |-- drivers-net-ethernet-mucse-rnpm-rnpm_ptp.c:warning:no-previous-prototype-for-function-rnpm_ptp_setup_ptp |-- drivers-net-ethernet-mucse-rnpm-rnpm_ptp.c:warning:variable-target-set-but-not-used |-- drivers-net-ethernet-mucse-rnpm-rnpm_sysfs.c:warning:no-previous-prototype-for-function-rnpm_mbx_get_pn_sn |-- drivers-net-ethernet-yunsilicon-xsc-common-xsc_core.h:warning:bitwise-or-with-non-zero-value-always-evaluates-to-true |-- drivers-net-ethernet-yunsilicon-xsc-net-main.c:warning:no-previous-prototype-for-function-xsc_eth_change_link_status |-- drivers-net-ethernet-yunsilicon-xsc-net-main.c:warning:no-previous-prototype-for-function-xsc_get_vf_config |-- drivers-net-ethernet-yunsilicon-xsc-net-main.c:warning:no-previous-prototype-for-function-xsc_rx_get_linear_frag_sz |-- drivers-net-ethernet-yunsilicon-xsc-net-main.c:warning:no-previous-prototype-for-function-xsc_rx_is_linear_skb |-- drivers-net-ethernet-yunsilicon-xsc-net-main.c:warning:no-previous-prototype-for-function-xsc_select_queue |-- drivers-net-ethernet-yunsilicon-xsc-net-main.c:warning:variable-txq_ix-is-uninitialized-when-used-here |-- drivers-net-ethernet-yunsilicon-xsc-net-xsc_dcbnl.c:warning:variable-buffer_size-set-but-not-used |-- drivers-net-ethernet-yunsilicon-xsc-net-xsc_dcbnl.c:warning:variable-curr_pfc_en-is-uninitialized-when-used-here |-- drivers-net-ethernet-yunsilicon-xsc-net-xsc_dcbnl.c:warning:variable-prio2buffer-set-but-not-used |-- drivers-net-ethernet-yunsilicon-xsc-pci-main.c:warning:no-previous-prototype-for-function-xsc_devid_to_pcie_no |-- drivers-net-ethernet-yunsilicon-xsc-pci-xsc_pci_ctrl.c:warning:no-previous-prototype-for-function-find_kallsyms_lookup_name |-- drivers-net-ethernet-yunsilicon-xsc-pci-xsc_pci_ctrl.c:warning:no-previous-prototype-for-function-noop_pre |-- drivers-net-ethernet-yusur-k2-..-platform-ys_intr.c:warning:overlapping-comparisons-always-evaluate-to-false `-- drivers-net-ethernet-yusur-k2-ys_k2_tx.c:warning:variable-clean_tail_ptr-set-but-not-used elapsed time: 753m configs tested: 35 configs skipped: 133 The following configs have been built successfully. More configs may be tested in the coming days. tested configs: arm64 allmodconfig clang arm64 allnoconfig gcc arm64 defconfig gcc arm64 randconfig-001-20240327 clang arm64 randconfig-002-20240327 clang arm64 randconfig-003-20240327 gcc arm64 randconfig-004-20240327 clang x86_64 allnoconfig clang x86_64 allyesconfig clang x86_64 buildonly-randconfig-001-20240326 clang x86_64 buildonly-randconfig-002-20240326 gcc x86_64 buildonly-randconfig-003-20240326 clang x86_64 buildonly-randconfig-004-20240326 gcc x86_64 buildonly-randconfig-005-20240326 gcc x86_64 buildonly-randconfig-006-20240326 gcc x86_64 defconfig gcc x86_64 randconfig-001-20240326 gcc x86_64 randconfig-002-20240326 gcc x86_64 randconfig-003-20240326 gcc x86_64 randconfig-004-20240326 clang x86_64 randconfig-005-20240326 gcc x86_64 randconfig-006-20240326 clang x86_64 randconfig-011-20240326 gcc x86_64 randconfig-012-20240326 clang x86_64 randconfig-013-20240326 gcc x86_64 randconfig-014-20240326 gcc x86_64 randconfig-015-20240326 clang x86_64 randconfig-016-20240326 clang x86_64 randconfig-071-20240326 clang x86_64 randconfig-072-20240326 gcc x86_64 randconfig-073-20240326 gcc x86_64 randconfig-074-20240326 gcc x86_64 randconfig-075-20240326 gcc x86_64 randconfig-076-20240326 gcc x86_64 rhel-8.3-rust clang -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-6.6 2413/6880] mm/mem_reliable.c:345:2: error: call to undeclared function 'mem_reliable_ctrl_bit_disable'; ISO C99 and later do not support implicit function declarations
by kernel test robot 27 Mar '24

27 Mar '24

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: f655b9d050aaaf0405a45888ad590504de2cb090 commit: 425771499c0742a996ab28df143d7a5123102686 [2413/6880] mm: mem_reliable: Introduce proc interface to disable memory reliable features config: arm64-randconfig-002-20240327 (https://download.01.org/0day-ci/archive/20240327/202403270722.6XFnuheL-lkp@…) compiler: clang version 15.0.7 (https://github.com/llvm/llvm-project.git 8dfdcc7b7bf66834a761bd8de445840ef68e4d1a) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240327/202403270722.6XFnuheL-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202403270722.6XFnuheL-lkp@intel.com/ All errors (new ones prefixed by >>): >> mm/mem_reliable.c:345:2: error: call to undeclared function 'mem_reliable_ctrl_bit_disable'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] mem_reliable_ctrl_bit_disable(idx); ^ mm/mem_reliable.c:345:2: note: did you mean 'mem_reliable_ctrl_bit_disabled'? mm/mem_reliable.c:320:13: note: 'mem_reliable_ctrl_bit_disabled' declared here static void mem_reliable_ctrl_bit_disabled(int idx) {} ^ 1 error generated. vim +/mem_reliable_ctrl_bit_disable +345 mm/mem_reliable.c 322 323 static void mem_reliable_feature_disable(int idx) 324 { 325 char *str = NULL; 326 327 switch (idx) { 328 case MEM_RELIABLE_FALLBACK: 329 reliable_allow_fallback = false; 330 str = "fallback"; 331 break; 332 case MEM_RELIABLE_SHMEM: 333 shmem_reliable = false; 334 str = "shmem"; 335 break; 336 case MEM_RELIABLE_PAGECACHE: 337 pagecache_reliable = false; 338 str = "pagecache"; 339 break; 340 default: 341 pr_err("unknown index: %d", idx); 342 return; 343 } 344 > 345 mem_reliable_ctrl_bit_disable(idx); 346 pr_info("%s is disabled\n", str); 347 } 348 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-6.6] BUILD REGRESSION f655b9d050aaaf0405a45888ad590504de2cb090
by kernel test robot 27 Mar '24

27 Mar '24

tree/branch: https://gitee.com/openeuler/kernel.git OLK-6.6 branch HEAD: f655b9d050aaaf0405a45888ad590504de2cb090 !5049 [OLK-6.6]Add pcie acs and no-bus-reset quirk for mucse Nics Error/Warning reports: https://lore.kernel.org/oe-kbuild-all/202403270722.6XFnuheL-lkp@intel.com Error/Warning: (recently discovered and may have been fixed) mm/mem_reliable.c:345:2: error: call to undeclared function 'mem_reliable_ctrl_bit_disable'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] Error/Warning ids grouped by kconfigs: gcc_recent_errors |-- arm64-defconfig | `-- drivers-irqchip-irq-mbigen.c:warning:expecting-prototype-for-Due-to-the-existence-of-hyper().-Prototype-was-for-GICR_LENGTH()-instead |-- loongarch-randconfig-001-20240327 | `-- drivers-i2c-busses-i2c-hisi.c:warning:expecting-prototype-for-i2c_dw_acpi_pin_mux_change().-Prototype-was-for-i2c_hisi_pin_mux_change()-instead `-- x86_64-buildonly-randconfig-002-20240326 `-- drivers-i2c-busses-i2c-hisi.c:warning:expecting-prototype-for-i2c_dw_acpi_pin_mux_change().-Prototype-was-for-i2c_hisi_pin_mux_change()-instead clang_recent_errors |-- arm64-allmodconfig | |-- drivers-i2c-busses-i2c-hisi.c:warning:expecting-prototype-for-i2c_dw_acpi_pin_mux_change().-Prototype-was-for-i2c_hisi_pin_mux_change()-instead | |-- drivers-irqchip-irq-mbigen.c:warning:expecting-prototype-for-Due-to-the-existence-of-hyper().-Prototype-was-for-GICR_LENGTH()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_set_rxfh().-Prototype-was-for-rnp_set_rxnfc()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_tet_rxfh().-Prototype-was-for-rnp_get_rxfh()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_main.c:warning:expecting-prototype-for-rnp_write_eitr().-Prototype-was-for-rnp_write_eitr_rx()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_link_event_eanble().-Prototype-was-for-rnp_mbx_link_event_enable()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_stat_mark().-Prototype-was-for-rnp_link_stat_mark()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:no-previous-prototype-for-function-rnp_mbx_lldp_all_ports_enable | |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_fc_mode_n10().-Prototype-was-for-rnp_mac_fc_mode_n10()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_init_hw_n10().-Prototype-was-for-rnp_init_hw_ops_n10()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_write_uc_addr_list().-Prototype-was-for-rnp_write_uc_addr_list_n10()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnpm_device_supports_autoneg_fc().-Prototype-was-for-rnp_device_supports_autoneg_fc()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_enable_rx_buff().-Prototype-was-for-rnpm_enable_rx_buff_generic()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_update_mc_addr_list_generic().-Prototype-was-for-rnpm_update_mutiport_mc_addr_list_generic()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_debugfs.c:warning:expecting-prototype-for-rnpm_dbg_reg_ops_write().-Prototype-was-for-rnpm_dbg_phy_ops_write()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:no-previous-prototype-for-function-rnpm_get_phy_statistics | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-ixgbe_write_eitr().-Prototype-was-for-rnpm_write_eitr()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_notify().-Prototype-was-for-rnpm_irq_affinity_notify()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_release().-Prototype-was-for-rnpm_irq_affinity_release()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_is_non_eop().-Prototype-was-for-rnpm_is_non_eop()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnpm_set_ivar().-Prototype-was-for-rnpm_set_ring_vector()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:Cannot-understand-speed: | |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:expecting-prototype-for-rnpm_atr_add_signature_filter_n10().-Prototype-was-for-rnpm_fdir_add_signature_filter_n10()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_get_vf_ringnum | |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_setup_ring_maxrate | |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:variable-y-set-but-not-used | `-- mm-mem_reliable.c:warning:arithmetic-between-different-enumeration-types-(-enum-node_stat_item-and-enum-lru_list-) |-- arm64-randconfig-002-20240327 | `-- mm-mem_reliable.c:error:call-to-undeclared-function-mem_reliable_ctrl_bit_disable-ISO-C99-and-later-do-not-support-implicit-function-declarations-Werror-Wimplicit-function-declaration |-- x86_64-allmodconfig | |-- drivers-crypto-montage-tsse-tsse_dev_drv.c:warning:This-comment-starts-with-but-isn-t-a-kernel-doc-comment.-Refer-Documentation-doc-guide-kernel-doc.rst | |-- drivers-crypto-montage-tsse-tsse_fw_service.c:warning:This-comment-starts-with-but-isn-t-a-kernel-doc-comment.-Refer-Documentation-doc-guide-kernel-doc.rst | |-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:This-comment-starts-with-but-isn-t-a-kernel-doc-comment.-Refer-Documentation-doc-guide-kernel-doc.rst | |-- drivers-i2c-busses-i2c-hisi.c:warning:expecting-prototype-for-i2c_dw_acpi_pin_mux_change().-Prototype-was-for-i2c_hisi_pin_mux_change()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_set_rxfh().-Prototype-was-for-rnp_set_rxnfc()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_tet_rxfh().-Prototype-was-for-rnp_get_rxfh()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_main.c:warning:expecting-prototype-for-rnp_write_eitr().-Prototype-was-for-rnp_write_eitr_rx()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_link_event_eanble().-Prototype-was-for-rnp_mbx_link_event_enable()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_stat_mark().-Prototype-was-for-rnp_link_stat_mark()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:no-previous-prototype-for-function-rnp_mbx_lldp_all_ports_enable | |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_fc_mode_n10().-Prototype-was-for-rnp_mac_fc_mode_n10()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_init_hw_n10().-Prototype-was-for-rnp_init_hw_ops_n10()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_write_uc_addr_list().-Prototype-was-for-rnp_write_uc_addr_list_n10()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnpm_device_supports_autoneg_fc().-Prototype-was-for-rnp_device_supports_autoneg_fc()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_enable_rx_buff().-Prototype-was-for-rnpm_enable_rx_buff_generic()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_update_mc_addr_list_generic().-Prototype-was-for-rnpm_update_mutiport_mc_addr_list_generic()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_debugfs.c:warning:expecting-prototype-for-rnpm_dbg_reg_ops_write().-Prototype-was-for-rnpm_dbg_phy_ops_write()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:no-previous-prototype-for-function-rnpm_get_phy_statistics | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-ixgbe_write_eitr().-Prototype-was-for-rnpm_write_eitr()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_notify().-Prototype-was-for-rnpm_irq_affinity_notify()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_release().-Prototype-was-for-rnpm_irq_affinity_release()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_is_non_eop().-Prototype-was-for-rnpm_is_non_eop()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnpm_set_ivar().-Prototype-was-for-rnpm_set_ring_vector()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:Cannot-understand-speed: | |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:expecting-prototype-for-rnpm_atr_add_signature_filter_n10().-Prototype-was-for-rnpm_fdir_add_signature_filter_n10()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_get_vf_ringnum | |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_setup_ring_maxrate | `-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:variable-y-set-but-not-used `-- x86_64-allyesconfig |-- drivers-crypto-montage-tsse-tsse_dev_drv.c:warning:This-comment-starts-with-but-isn-t-a-kernel-doc-comment.-Refer-Documentation-doc-guide-kernel-doc.rst |-- drivers-crypto-montage-tsse-tsse_fw_service.c:warning:This-comment-starts-with-but-isn-t-a-kernel-doc-comment.-Refer-Documentation-doc-guide-kernel-doc.rst |-- drivers-crypto-montage-tsse-tsse_ipc.c:warning:This-comment-starts-with-but-isn-t-a-kernel-doc-comment.-Refer-Documentation-doc-guide-kernel-doc.rst |-- drivers-i2c-busses-i2c-hisi.c:warning:expecting-prototype-for-i2c_dw_acpi_pin_mux_change().-Prototype-was-for-i2c_hisi_pin_mux_change()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_set_rxfh().-Prototype-was-for-rnp_set_rxnfc()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_tet_rxfh().-Prototype-was-for-rnp_get_rxfh()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_main.c:warning:expecting-prototype-for-rnp_write_eitr().-Prototype-was-for-rnp_write_eitr_rx()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_link_event_eanble().-Prototype-was-for-rnp_mbx_link_event_enable()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_stat_mark().-Prototype-was-for-rnp_link_stat_mark()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:no-previous-prototype-for-function-rnp_mbx_lldp_all_ports_enable |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_fc_mode_n10().-Prototype-was-for-rnp_mac_fc_mode_n10()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_init_hw_n10().-Prototype-was-for-rnp_init_hw_ops_n10()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_write_uc_addr_list().-Prototype-was-for-rnp_write_uc_addr_list_n10()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnpm_device_supports_autoneg_fc().-Prototype-was-for-rnp_device_supports_autoneg_fc()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_enable_rx_buff().-Prototype-was-for-rnpm_enable_rx_buff_generic()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_update_mc_addr_list_generic().-Prototype-was-for-rnpm_update_mutiport_mc_addr_list_generic()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_debugfs.c:warning:expecting-prototype-for-rnpm_dbg_reg_ops_write().-Prototype-was-for-rnpm_dbg_phy_ops_write()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:no-previous-prototype-for-function-rnpm_get_phy_statistics |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-ixgbe_write_eitr().-Prototype-was-for-rnpm_write_eitr()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_notify().-Prototype-was-for-rnpm_irq_affinity_notify()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_release().-Prototype-was-for-rnpm_irq_affinity_release()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_is_non_eop().-Prototype-was-for-rnpm_is_non_eop()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnpm_set_ivar().-Prototype-was-for-rnpm_set_ring_vector()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:Cannot-understand-speed: |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:expecting-prototype-for-rnpm_atr_add_signature_filter_n10().-Prototype-was-for-rnpm_fdir_add_signature_filter_n10()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_get_vf_ringnum |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_setup_ring_maxrate |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:variable-y-set-but-not-used |-- ld.lld:error:duplicate-symbol:__cfi_check_ari_mode |-- ld.lld:error:duplicate-symbol:__cfi_mbx_cookie_zalloc |-- ld.lld:error:duplicate-symbol:check_ari_mode |-- ld.lld:error:duplicate-symbol:mbx_cookie_zalloc `-- ld.lld:error:duplicate-symbol:rnp10_netdev_ops elapsed time: 775m configs tested: 35 configs skipped: 126 tested configs: arm64 allmodconfig clang arm64 allnoconfig gcc arm64 defconfig gcc arm64 randconfig-001-20240327 clang arm64 randconfig-002-20240327 clang arm64 randconfig-003-20240327 gcc arm64 randconfig-004-20240327 clang loongarch allmodconfig gcc loongarch allnoconfig gcc loongarch defconfig gcc loongarch randconfig-001-20240327 gcc loongarch randconfig-002-20240327 gcc x86_64 allnoconfig clang x86_64 allyesconfig clang x86_64 buildonly-randconfig-001-20240326 clang x86_64 buildonly-randconfig-002-20240326 gcc x86_64 buildonly-randconfig-003-20240326 clang x86_64 buildonly-randconfig-004-20240326 gcc x86_64 buildonly-randconfig-005-20240326 gcc x86_64 buildonly-randconfig-006-20240326 gcc x86_64 defconfig gcc x86_64 randconfig-001-20240326 gcc x86_64 randconfig-002-20240326 gcc x86_64 randconfig-003-20240326 gcc x86_64 randconfig-004-20240326 clang x86_64 randconfig-005-20240326 gcc x86_64 randconfig-006-20240326 clang x86_64 randconfig-011-20240326 gcc x86_64 randconfig-012-20240326 clang x86_64 randconfig-013-20240326 gcc x86_64 randconfig-014-20240326 gcc x86_64 randconfig-015-20240326 clang x86_64 randconfig-016-20240326 clang x86_64 randconfig-071-20240326 clang x86_64 rhel-8.3-rust clang -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-1.0-LTS] net/smc: remove device from smcd_dev_list after failed device_add()
by Zhengchao Shao 26 Mar '24

26 Mar '24

From: Julian Wiedmann <jwi(a)linux.ibm.com> mainline inclusion from mainline-v5.13-rc4 commit 444d7be9532dcfda8e0385226c862fd7e986f607 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BGMR CVE: CVE-2021-47143 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- If the device_add() for a smcd_dev fails, there's no cleanup step that rolls back the earlier list_add(). The device subsequently gets freed, and we end up with a corrupted list. Add some error handling that removes the device from the list. Fixes: c6ba7c9ba43d ("net/smc: add base infrastructure for SMC-D and ISM") Signed-off-by: Julian Wiedmann <jwi(a)linux.ibm.com> Signed-off-by: Karsten Graul <kgraul(a)linux.ibm.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Conflicts: net/smc/smc_ism.c Signed-off-by: Zhengchao Shao <shaozhengchao(a)huawei.com> --- net/smc/smc_ism.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/net/smc/smc_ism.c b/net/smc/smc_ism.c index e36f21ce7252..05ad14630d12 100644 --- a/net/smc/smc_ism.c +++ b/net/smc/smc_ism.c @@ -274,11 +274,20 @@ EXPORT_SYMBOL_GPL(smcd_alloc_dev); int smcd_register_dev(struct smcd_dev *smcd) { + int rc; + spin_lock(&smcd_dev_list.lock); list_add_tail(&smcd->list, &smcd_dev_list.list); spin_unlock(&smcd_dev_list.lock); - return device_add(&smcd->dev); + rc = device_add(&smcd->dev); + if (rc) { + spin_lock(&smcd_dev_list.lock); + list_del(&smcd->list); + spin_unlock(&smcd_dev_list.lock); + } + + return rc; } EXPORT_SYMBOL_GPL(smcd_register_dev); -- 2.34.1

2 1

[PATCH OLK-6.6 00/22] ACPI/arm64: add support for virtual cpu hotplug
by liwei 26 Mar '24

26 Mar '24

This is this remaining patches for ARM64 virtual cpu hotplug, which follows on from the previous set of 21 patches that GregKH has recently queued up, and "x86: intel_epb: Don't rely on link order" which can be found at: https://lore.kernel.org/r/ZVyz/Ve5pPu8AWoA@shell.armlinux.org.uk James Morse (19): ACPI: Only enumerate enabled (or functional) devices ACPI: processor: Add support for processors described as container packages ACPI: processor: Register CPUs that are online, but not described in the DSDT ACPI: processor: Register all CPUs from acpi_processor_get_info() ACPI: Rename ACPI_HOTPLUG_CPU to include 'present' ACPI: Move acpi_bus_trim_one() before acpi_scan_hot_remove() ACPI: Rename acpi_processor_hotadd_init and remove pre-processor guards ACPI: Add post_eject to struct acpi_scan_handler for cpu hotplug ACPI: Check _STA present bit before making CPUs not present ACPI: Warn when the present bit changes but the feature is not enabled arm64: acpi: Move get_cpu_for_acpi_id() to a header ACPICA: Add new MADT GICC flags fields irqchip/gic-v3: Don't return errors from gic_acpi_match_gicc() irqchip/gic-v3: Add support for ACPI's disabled but 'online capable' CPUs ACPI: add support to register CPUs based on the _STA enabled bit ACPI: processor: Only call arch_unregister_cpu() if HOTPLUG_CPU is selected arm64: document virtual CPU hotplug's expectations ACPI: Add _OSC bits to advertise OS support for toggling CPU present/enabled cpumask: Add enabled cpumask for present CPUs that can be brought online Jean-Philippe Brucker (1): arm64: psci: Ignore DENIED CPUs Russell King (Oracle) (1): ACPI: convert acpi_processor_post_eject() to use IS_ENABLED() liwei (1): arm64/psci: Add undefined error message printing for psci_x_cpu_on Documentation/arch/arm64/cpu-hotplug.rst | 79 +++++++++++++ Documentation/arch/arm64/index.rst | 1 + arch/arm64/include/asm/acpi.h | 11 ++ arch/arm64/kernel/acpi_numa.c | 11 -- arch/arm64/kernel/psci.c | 8 +- arch/arm64/kernel/smp.c | 3 +- arch/loongarch/Kconfig | 2 +- arch/loongarch/kernel/acpi.c | 4 +- arch/x86/Kconfig | 3 +- arch/x86/kernel/acpi/boot.c | 4 +- drivers/acpi/Kconfig | 13 ++- drivers/acpi/acpi_processor.c | 141 ++++++++++++++++++++--- drivers/acpi/bus.c | 16 +++ drivers/acpi/device_pm.c | 2 +- drivers/acpi/device_sysfs.c | 2 +- drivers/acpi/internal.h | 1 - drivers/acpi/property.c | 2 +- drivers/acpi/scan.c | 140 ++++++++++++++-------- drivers/base/cpu.c | 16 ++- drivers/irqchip/irq-gic-v3.c | 32 +++-- include/acpi/acpi_bus.h | 1 + include/acpi/actbl2.h | 1 + include/linux/acpi.h | 10 +- include/linux/cpumask.h | 25 ++++ kernel/cpu.c | 3 + 25 files changed, 425 insertions(+), 106 deletions(-) create mode 100644 Documentation/arch/arm64/cpu-hotplug.rst -- 2.25.1

2 23

[PATCH openEuler-1.0-LTS] pciehp: clear p_slot->work.data after powering off a slot
by Jialin Zhang 26 Mar '24

26 Mar '24

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8Z2JH -------------------------------- Powering off nvme device may cause a Data Link Layer State Changed event. This event results in re-enabling the device. In order to fix this issue, clear out the Presence Detect Changed and Data Link Layer State Changed events in p_slot->work.data. Fixes: 8f7e505394e4 ("pciehp: do not wake up irq_thread for sysfs operation") Signed-off-by: Jialin Zhang <zhangjialin11(a)huawei.com> --- drivers/pci/hotplug/pciehp_ctrl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pci/hotplug/pciehp_ctrl.c b/drivers/pci/hotplug/pciehp_ctrl.c index 2d549c97ac42..29fbda494d4a 100644 --- a/drivers/pci/hotplug/pciehp_ctrl.c +++ b/drivers/pci/hotplug/pciehp_ctrl.c @@ -125,6 +125,8 @@ static void remove_board(struct slot *p_slot, bool safe_removal) /* Ignore link or presence changes caused by power off */ atomic_and(~(PCI_EXP_SLTSTA_DLLSC | PCI_EXP_SLTSTA_PDC), &ctrl->pending_events); + p_slot->work.data = p_slot->work.data & ~(PCI_EXP_SLTSTA_PDC | + PCI_EXP_SLTSTA_DLLSC); } /* turn off Green LED */ -- 2.25.1

2 1

[PATCH OLK-5.10 0/3] Fix I/O high when memory almost met memcg limit
by Liu Shixin 26 Mar '24

26 Mar '24

Recently, when install package in a docker which almost reached its memory limit, the installer has no respond severely for more than 15 minutes. During this period, I/O stays high(~1G/s) and influence the whole machine. I've constructed a use case as follows: 1. create a docker: $ cat test.sh #!/bin/bash docker rm centos7 --force docker create --name centos7 --memory 4G --memory-swap 6G centos:7 /usr/sbin/init docker start centos7 sleep 1 docker cp ./alloc_page centos7:/ docker cp ./reproduce.sh centos7:/ docker exec -it centos7 /bin/bash 2. try reproduce the problem in docker: $ cat reproduce.sh #!/bin/bash while true; do flag=$(ps -ef | grep -v grep | grep alloc_page| wc -l) if [ "$flag" -eq 0 ]; then /alloc_page & fi sleep 30 start_time=$(date +%s) yum install -y expect > /dev/null 2>&1 end_time=$(date +%s) elapsed_time=$((end_time - start_time)) echo "$elapsed_time seconds" yum remove -y expect > /dev/null 2>&1 done $ cat alloc_page.c: #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #define SIZE 1*1024*1024 //1M int main() { void *addr = NULL; int i; for (i = 0; i < 1024 * 6 - 50;i++) { addr = (void *)malloc(SIZE); if (!addr) return -1; memset(addr, 0, SIZE); } sleep(99999); return 0; } We found that this problem is caused by a lot ot meaningless read-ahead. Since the docker is almost met memory limit, the page will be reclaimed immediately after read-ahead and will read-ahead again immediately. The program is executed slowly and waste a lot of I/O resource. These patches aim to break the read-ahead in above scenario. Liu Shixin (3): mm/readahead: break read-ahead loop if filemap_add_folio return -ENOMEM mm/filemap: don't decrease mmap_miss when folio has workingset flag mm/readahead: add sysctl to enable early break readahead Documentation/admin-guide/sysctl/vm.rst | 7 +++++++ include/linux/pagemap.h | 2 ++ kernel/sysctl.c | 9 +++++++++ mm/filemap.c | 14 +++++++++++++- mm/readahead.c | 20 +++++++++++++++----- 5 files changed, 46 insertions(+), 6 deletions(-) -- 2.25.1

2 4

[PATCH OLK-6.6 0/6] Adding Huawei BMA driver
by Zheng Zengkai 26 Mar '24

26 Mar '24

From: Huajingjing <huajingjing1(a)huawei.com> This patch set contains 5 communication drivers for Huawei BMA software. The BMA software is a system management software. It supports the status monitoring, performance monitoring, and event monitoring of various components, including server CPUs, memory, hard disks, NICs, IB cards, PCIe cards, RAID controller cards, and optical modules. These 5 drivers are used to send/receive message through PCIe channel in different ways by BMA software. Huajingjing (6): Huawei BMA: Adding Huawei BMA driver: host_edma_drv Huawei BMA: Adding Huawei BMA driver: host_cdev_drv Huawei BMA: Adding Huawei BMA driver: host_veth_drv Huawei BMA: Adding Huawei BMA driver: host_kbox_drv Huawei BMA: Adding Huawei BMA driver: cdev_veth_drv configs: add config BMA to config files arch/arm64/configs/openeuler_defconfig | 1 + arch/x86/configs/openeuler_defconfig | 1 + drivers/net/ethernet/huawei/Kconfig | 1 + drivers/net/ethernet/huawei/Makefile | 1 + drivers/net/ethernet/huawei/bma/Kconfig | 10 + drivers/net/ethernet/huawei/bma/Makefile | 9 + .../net/ethernet/huawei/bma/cdev_drv/Makefile | 2 + .../ethernet/huawei/bma/cdev_drv/bma_cdev.c | 369 +++ .../huawei/bma/cdev_veth_drv/Makefile | 2 + .../bma/cdev_veth_drv/virtual_cdev_eth_net.c | 1864 ++++++++++++ .../bma/cdev_veth_drv/virtual_cdev_eth_net.h | 300 ++ .../net/ethernet/huawei/bma/edma_drv/Makefile | 2 + .../huawei/bma/edma_drv/bma_devintf.c | 621 ++++ .../huawei/bma/edma_drv/bma_devintf.h | 40 + .../huawei/bma/edma_drv/bma_include.h | 116 + .../ethernet/huawei/bma/edma_drv/bma_pci.c | 533 ++++ .../ethernet/huawei/bma/edma_drv/bma_pci.h | 98 + .../ethernet/huawei/bma/edma_drv/edma_host.c | 1462 ++++++++++ .../ethernet/huawei/bma/edma_drv/edma_host.h | 348 +++ .../huawei/bma/include/bma_ker_intf.h | 94 + .../net/ethernet/huawei/bma/kbox_drv/Makefile | 5 + .../ethernet/huawei/bma/kbox_drv/kbox_dump.c | 121 + .../ethernet/huawei/bma/kbox_drv/kbox_dump.h | 33 + .../ethernet/huawei/bma/kbox_drv/kbox_hook.c | 102 + .../ethernet/huawei/bma/kbox_drv/kbox_hook.h | 33 + .../huawei/bma/kbox_drv/kbox_include.h | 40 + .../ethernet/huawei/bma/kbox_drv/kbox_main.c | 176 ++ .../ethernet/huawei/bma/kbox_drv/kbox_main.h | 23 + .../ethernet/huawei/bma/kbox_drv/kbox_mce.c | 264 ++ .../ethernet/huawei/bma/kbox_drv/kbox_mce.h | 23 + .../ethernet/huawei/bma/kbox_drv/kbox_panic.c | 187 ++ .../ethernet/huawei/bma/kbox_drv/kbox_panic.h | 25 + .../huawei/bma/kbox_drv/kbox_printk.c | 363 +++ .../huawei/bma/kbox_drv/kbox_printk.h | 33 + .../huawei/bma/kbox_drv/kbox_ram_drive.c | 188 ++ .../huawei/bma/kbox_drv/kbox_ram_drive.h | 31 + .../huawei/bma/kbox_drv/kbox_ram_image.c | 135 + .../huawei/bma/kbox_drv/kbox_ram_image.h | 84 + .../huawei/bma/kbox_drv/kbox_ram_op.c | 986 +++++++ .../huawei/bma/kbox_drv/kbox_ram_op.h | 77 + .../net/ethernet/huawei/bma/veth_drv/Makefile | 2 + .../ethernet/huawei/bma/veth_drv/veth_hb.c | 2504 +++++++++++++++++ .../ethernet/huawei/bma/veth_drv/veth_hb.h | 440 +++ 43 files changed, 11749 insertions(+) create mode 100644 drivers/net/ethernet/huawei/bma/Kconfig create mode 100644 drivers/net/ethernet/huawei/bma/Makefile create mode 100644 drivers/net/ethernet/huawei/bma/cdev_drv/Makefile create mode 100644 drivers/net/ethernet/huawei/bma/cdev_drv/bma_cdev.c create mode 100644 drivers/net/ethernet/huawei/bma/cdev_veth_drv/Makefile create mode 100644 drivers/net/ethernet/huawei/bma/cdev_veth_drv/virtual_cdev_eth_net.c create mode 100644 drivers/net/ethernet/huawei/bma/cdev_veth_drv/virtual_cdev_eth_net.h create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/Makefile create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/bma_devintf.c create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/bma_devintf.h create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/bma_include.h create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/bma_pci.c create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/bma_pci.h create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/edma_host.c create mode 100644 drivers/net/ethernet/huawei/bma/edma_drv/edma_host.h create mode 100644 drivers/net/ethernet/huawei/bma/include/bma_ker_intf.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/Makefile create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_dump.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_dump.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_hook.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_hook.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_include.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_main.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_main.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_mce.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_mce.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_panic.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_panic.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_printk.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_printk.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_ram_drive.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_ram_drive.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_ram_image.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_ram_image.h create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_ram_op.c create mode 100644 drivers/net/ethernet/huawei/bma/kbox_drv/kbox_ram_op.h create mode 100644 drivers/net/ethernet/huawei/bma/veth_drv/Makefile create mode 100644 drivers/net/ethernet/huawei/bma/veth_drv/veth_hb.c create mode 100644 drivers/net/ethernet/huawei/bma/veth_drv/veth_hb.h -- 2.27.0

2 7

[PATCH OLK-6.6 v2 0/2] locking/qspinlock: Add CNA support for ARM64
by Wei Li 26 Mar '24

26 Mar '24

Backport CNA support for ARM64 from openEuler-1.0-LTS, with a little cleanup. Wei Li (2): locking/qspinlock: Add CNA support for ARM64 without pvspinlock config/arm64: Enable numa aware qspinlock by default arch/arm64/Kconfig | 15 ++++++++++ arch/arm64/configs/openeuler_defconfig | 1 + arch/arm64/include/asm/Kbuild | 1 - arch/arm64/include/asm/qspinlock.h | 38 ++++++++++++++++++++++++++ arch/x86/kernel/alternative.c | 4 --- init/main.c | 4 ++- kernel/locking/qspinlock.c | 2 +- kernel/locking/qspinlock_cna.h | 12 ++++++-- 8 files changed, 68 insertions(+), 9 deletions(-) create mode 100644 arch/arm64/include/asm/qspinlock.h -- 2.25.1

2 3

[PATCH openEuler-1.0-LTS 0/2] round lts patches
by Zhengchao Shao 26 Mar '24

26 Mar '24

Round lts patches. Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Wang Yufen (1): ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg net/l2tp/l2tp_ip6.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) -- 2.34.1

2 3

[PATCH 1/8] libhns: Support flexible WQE buffer page size
by Chengchang Tang 26 Mar '24

26 Mar '24

driver inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I98HIN -------------------------------------------------------------------------- Currently, driver fixedly allocates 4K pages for user space WQE buffer even in a 64K system. This results in HW reading WQE with a granularity of 4K even in a 64K system. Considering that we support 1024-byte inline, in the scenario of using SQ inline, HW will switch pages every 4 WQEs. This will introduce a delay of about 400ns, which is an average delay of 100ns per packet. In order to improve performance, we allow user-mode drivers to use a larger page size to allocate WQE buffers, thereby reducing the latency introduced by HW page switching. User-mode drivers will be allowed to allocate WQE buffers between 4K to system page size. During ibv_create_qp(), the driver will dynamically select the appropriate page size based on ibv_qp_cap, thus reducing memory consumption while improving performance. This feature needs to be used in conjunction with the kernel-mode driver. In order to ensure forward compatibility, if the kernel-mode driver does not support this feature, the user-mode driver will continue to use a fixed 4K pagesize to allocate WQE buffer. Signed-off-by: Chengchang Tang <tangchengchang(a)huawei.com> --- kernel-headers/rdma/hns-abi.h | 5 +++- providers/hns/hns_roce_u.h | 1 + providers/hns/hns_roce_u_verbs.c | 51 ++++++++++++++++++++++++++++---- 3 files changed, 50 insertions(+), 7 deletions(-) diff --git a/kernel-headers/rdma/hns-abi.h b/kernel-headers/rdma/hns-abi.h index 39ed8a4..f33d876 100644 --- a/kernel-headers/rdma/hns-abi.h +++ b/kernel-headers/rdma/hns-abi.h @@ -90,7 +90,8 @@ struct hns_roce_ib_create_qp { __u8 log_sq_bb_count; __u8 log_sq_stride; __u8 sq_no_prefetch; - __u8 reserved[5]; + __u8 pageshift; + __u8 reserved[4]; __aligned_u64 sdb_addr; __aligned_u64 comp_mask; /* Use enum hns_roce_create_qp_comp_mask */ __aligned_u64 create_flags; @@ -119,12 +120,14 @@ enum { HNS_ROCE_EXSGE_FLAGS = 1 << 0, HNS_ROCE_RQ_INLINE_FLAGS = 1 << 1, HNS_ROCE_CQE_INLINE_FLAGS = 1 << 2, + HNS_ROCE_UCTX_DYN_QP_PGSZ = 1 << 4, }; enum { HNS_ROCE_RSP_EXSGE_FLAGS = 1 << 0, HNS_ROCE_RSP_RQ_INLINE_FLAGS = 1 << 1, HNS_ROCE_RSP_CQE_INLINE_FLAGS = 1 << 2, + HNS_ROCE_UCTX_RSP_DYN_QP_PGSZ = HNS_ROCE_UCTX_DYN_QP_PGSZ, }; struct hns_roce_ib_alloc_ucontext_resp { diff --git a/providers/hns/hns_roce_u.h b/providers/hns/hns_roce_u.h index b02fb22..1440464 100644 --- a/providers/hns/hns_roce_u.h +++ b/providers/hns/hns_roce_u.h @@ -350,6 +350,7 @@ struct hns_roce_qp { uint8_t sl; uint8_t tc_mode; uint8_t priority; + uint8_t pageshift; unsigned int qkey; enum ibv_mtu path_mtu; diff --git a/providers/hns/hns_roce_u_verbs.c b/providers/hns/hns_roce_u_verbs.c index 04201e7..4aa5a3c 100644 --- a/providers/hns/hns_roce_u_verbs.c +++ b/providers/hns/hns_roce_u_verbs.c @@ -1174,31 +1174,69 @@ static void free_recv_rinl_buf(struct hns_roce_rinl_buf *rinl_buf) } } +static void get_best_multi_region_pg_shift(struct hns_roce_device *hr_dev, + struct hns_roce_context *ctx, + struct hns_roce_qp *qp) +{ + uint32_t ext_sge_size; + uint32_t sq_size; + uint32_t rq_size; + uint8_t pg_shift; + + if (!(ctx->config & HNS_ROCE_UCTX_RSP_DYN_QP_PGSZ)) { + qp->pageshift = HNS_HW_PAGE_SHIFT; + return; + } + + /* + * The larger the pagesize used, the better the performance, but it + * may waste more memory. Therefore, we use the least common multiple + * (aligned to power of 2) of sq wqe buffer size, rq wqe buffer size, + * and ext_sge buffer size as the pagesize. Additionally, since the + * kernel cannot guarantee the allocation of contiguous memory larger + * than the system page, the pagesize must be smaller than the system + * page. + */ + sq_size = qp->sq.wqe_cnt << qp->sq.wqe_shift; + ext_sge_size = qp->ex_sge.sge_cnt << qp->ex_sge.sge_shift; + rq_size = qp->rq.wqe_cnt << qp->rq.wqe_shift; + + pg_shift = max_t(uint8_t, sq_size ? hr_ilog32(sq_size) : 0, + ext_sge_size ? hr_ilog32(ext_sge_size) : 0); + pg_shift = max_t(uint8_t, pg_shift, rq_size ? hr_ilog32(rq_size) : 0); + pg_shift = max_t(uint8_t, pg_shift, HNS_HW_PAGE_SHIFT); + qp->pageshift = min_t(uint8_t, pg_shift, hr_ilog32(hr_dev->page_size)); +} + static int calc_qp_buff_size(struct hns_roce_device *hr_dev, + struct hns_roce_context *ctx, struct hns_roce_qp *qp) { struct hns_roce_wq *sq = &qp->sq; struct hns_roce_wq *rq = &qp->rq; + unsigned int page_size; unsigned int size; qp->buf_size = 0; + get_best_multi_region_pg_shift(hr_dev, ctx, qp); + page_size = 1 << qp->pageshift; /* SQ WQE */ sq->offset = 0; - size = to_hr_hem_entries_size(sq->wqe_cnt, sq->wqe_shift); + size = align(sq->wqe_cnt << sq->wqe_shift, page_size); qp->buf_size += size; /* extend SGE WQE in SQ */ qp->ex_sge.offset = qp->buf_size; if (qp->ex_sge.sge_cnt > 0) { - size = to_hr_hem_entries_size(qp->ex_sge.sge_cnt, - qp->ex_sge.sge_shift); + size = align(qp->ex_sge.sge_cnt << qp->ex_sge.sge_shift, + page_size); qp->buf_size += size; } /* RQ WQE */ rq->offset = qp->buf_size; - size = to_hr_hem_entries_size(rq->wqe_cnt, rq->wqe_shift); + size = align(rq->wqe_cnt << rq->wqe_shift, page_size); qp->buf_size += size; if (qp->buf_size < 1) @@ -1223,7 +1261,7 @@ static int qp_alloc_wqe(struct ibv_qp_cap *cap, struct hns_roce_qp *qp, { struct hns_roce_device *hr_dev = to_hr_dev(ctx->ibv_ctx.context.device); - if (calc_qp_buff_size(hr_dev, qp)) + if (calc_qp_buff_size(hr_dev, ctx, qp)) return -EINVAL; qp->sq.wrid = malloc(qp->sq.wqe_cnt * sizeof(uint64_t)); @@ -1241,7 +1279,7 @@ static int qp_alloc_wqe(struct ibv_qp_cap *cap, struct hns_roce_qp *qp, goto err_alloc; } - if (hns_roce_alloc_buf(&qp->buf, qp->buf_size, HNS_HW_PAGE_SIZE)) + if (hns_roce_alloc_buf(&qp->buf, qp->buf_size, 1 << qp->pageshift)) goto err_alloc; return 0; @@ -1478,6 +1516,7 @@ static int qp_exec_create_cmd(struct ibv_qp_init_attr_ex *attr, cmd_ex.buf_addr = (uintptr_t)qp->buf.buf; cmd_ex.log_sq_stride = qp->sq.wqe_shift; cmd_ex.log_sq_bb_count = hr_ilog32(qp->sq.wqe_cnt); + cmd_ex.pageshift = qp->pageshift; if (hns_attr && hns_attr->comp_mask & HNSDV_QP_INIT_ATTR_MASK_QP_CONGEST_TYPE) { -- 2.33.0

1 7

[OLK-6.6 v2 1/4] RDMA/hns: Support flexible wqe buffer page size
by Chengchang Tang 26 Mar '24

26 Mar '24

driver inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I98HIN -------------------------------------------------------------------------- Currently, driver fixedly allocates 4K pages for user space WQE buffer even in a 64K system. This results in HW reading WQE with a granularity of 4K even in a 64K system. Considering that we support 1024-byte inline, in the scenario of using SQ inline, HW will switch pages every 4 WQEs. This will introduce a delay of about 400ns, which is an average delay of 100ns per packet. In order to improve performance, we allow user-mode driver to use more flexible WQE buffer page size allocation strategies, which allowing user-mode driver to configure WQE buffer using pages between 4K to system PAGESIZE. This feature needs to be used in conjunction with the user-mode driver. In order to ensure forward compatibility, if the user-mode driver does not support this feature, the kernel mode will continue to use a fixed 4K pagesize. Signed-off-by: Chengchang Tang <tangchengchang(a)huawei.com> --- drivers/infiniband/hw/hns/hns_roce_main.c | 5 ++++ drivers/infiniband/hw/hns/hns_roce_qp.c | 32 ++++++++++++++--------- include/uapi/rdma/hns-abi.h | 5 +++- 3 files changed, 29 insertions(+), 13 deletions(-) diff --git a/drivers/infiniband/hw/hns/hns_roce_main.c b/drivers/infiniband/hw/hns/hns_roce_main.c index c3d057222..260052fcb 100644 --- a/drivers/infiniband/hw/hns/hns_roce_main.c +++ b/drivers/infiniband/hw/hns/hns_roce_main.c @@ -473,6 +473,11 @@ static int hns_roce_alloc_ucontext(struct ib_ucontext *uctx, if (hr_dev->pci_dev->revision >= PCI_REVISION_ID_HIP09) resp.congest_type = hr_dev->caps.cong_cap; + if (ucmd.config & HNS_ROCE_UCTX_DYN_QP_PGSZ) { + context->config |= HNS_ROCE_UCTX_DYN_QP_PGSZ; + resp.config |= HNS_ROCE_UCTX_RSP_DYN_QP_PGSZ; + } + ret = hns_roce_uar_alloc(hr_dev, &context->uar); if (ret) goto error_out; diff --git a/drivers/infiniband/hw/hns/hns_roce_qp.c b/drivers/infiniband/hw/hns/hns_roce_qp.c index 0b7064b0a..33c1a5cef 100644 --- a/drivers/infiniband/hw/hns/hns_roce_qp.c +++ b/drivers/infiniband/hw/hns/hns_roce_qp.c @@ -641,18 +641,21 @@ static int set_user_sq_size(struct hns_roce_dev *hr_dev, } static int set_wqe_buf_attr(struct hns_roce_dev *hr_dev, - struct hns_roce_qp *hr_qp, + struct hns_roce_qp *hr_qp, u8 page_shift, struct hns_roce_buf_attr *buf_attr) { + unsigned int page_size = BIT(page_shift); int buf_size; int idx = 0; hr_qp->buff_size = 0; + if (page_shift > PAGE_SHIFT || page_shift < HNS_HW_PAGE_SHIFT) + return -EOPNOTSUPP; + /* SQ WQE */ hr_qp->sq.offset = 0; - buf_size = to_hr_hem_entries_size(hr_qp->sq.wqe_cnt, - hr_qp->sq.wqe_shift); + buf_size = ALIGN(hr_qp->sq.wqe_cnt << hr_qp->sq.wqe_shift, page_size); if (buf_size > 0 && idx < ARRAY_SIZE(buf_attr->region)) { buf_attr->region[idx].size = buf_size; buf_attr->region[idx].hopnum = hr_dev->caps.wqe_sq_hop_num; @@ -662,8 +665,7 @@ static int set_wqe_buf_attr(struct hns_roce_dev *hr_dev, /* extend SGE WQE in SQ */ hr_qp->sge.offset = hr_qp->buff_size; - buf_size = to_hr_hem_entries_size(hr_qp->sge.sge_cnt, - hr_qp->sge.sge_shift); + buf_size = ALIGN(hr_qp->sge.sge_cnt << hr_qp->sge.sge_shift, page_size); if (buf_size > 0 && idx < ARRAY_SIZE(buf_attr->region)) { buf_attr->region[idx].size = buf_size; buf_attr->region[idx].hopnum = hr_dev->caps.wqe_sge_hop_num; @@ -673,8 +675,7 @@ static int set_wqe_buf_attr(struct hns_roce_dev *hr_dev, /* RQ WQE */ hr_qp->rq.offset = hr_qp->buff_size; - buf_size = to_hr_hem_entries_size(hr_qp->rq.wqe_cnt, - hr_qp->rq.wqe_shift); + buf_size = ALIGN(hr_qp->rq.wqe_cnt << hr_qp->rq.wqe_shift, page_size); if (buf_size > 0 && idx < ARRAY_SIZE(buf_attr->region)) { buf_attr->region[idx].size = buf_size; buf_attr->region[idx].hopnum = hr_dev->caps.wqe_rq_hop_num; @@ -685,8 +686,8 @@ static int set_wqe_buf_attr(struct hns_roce_dev *hr_dev, if (hr_qp->buff_size < 1) return -EINVAL; - buf_attr->page_shift = HNS_HW_PAGE_SHIFT + hr_dev->caps.mtt_buf_pg_sz; buf_attr->region_count = idx; + buf_attr->page_shift = page_shift; return 0; } @@ -742,20 +743,27 @@ static int hns_roce_qp_has_rq(struct ib_qp_init_attr *attr) static int alloc_qp_buf(struct hns_roce_dev *hr_dev, struct hns_roce_qp *hr_qp, struct ib_qp_init_attr *init_attr, - struct ib_udata *udata, unsigned long addr) + struct ib_udata *udata, + struct hns_roce_ib_create_qp *ucmd) { + struct hns_roce_ucontext *uctx = rdma_udata_to_drv_context(udata, + struct hns_roce_ucontext, ibucontext); struct ib_device *ibdev = &hr_dev->ib_dev; struct hns_roce_buf_attr buf_attr = {}; + u8 page_shift = HNS_HW_PAGE_SHIFT; int ret; - ret = set_wqe_buf_attr(hr_dev, hr_qp, &buf_attr); + if (uctx && (uctx->config & HNS_ROCE_UCTX_DYN_QP_PGSZ)) + page_shift = ucmd->pageshift; + + ret = set_wqe_buf_attr(hr_dev, hr_qp, page_shift, &buf_attr); if (ret) { ibdev_err(ibdev, "failed to split WQE buf, ret = %d.\n", ret); goto err_inline; } ret = hns_roce_mtr_create(hr_dev, &hr_qp->mtr, &buf_attr, PAGE_SHIFT + hr_dev->caps.mtt_ba_pg_sz, - udata, addr); + udata, ucmd->buf_addr); if (ret) { ibdev_err(ibdev, "failed to create WQE mtr, ret = %d.\n", ret); goto err_inline; @@ -1151,7 +1159,7 @@ static int hns_roce_create_qp_common(struct hns_roce_dev *hr_dev, } } - ret = alloc_qp_buf(hr_dev, hr_qp, init_attr, udata, ucmd.buf_addr); + ret = alloc_qp_buf(hr_dev, hr_qp, init_attr, udata, &ucmd); if (ret) { ibdev_err(ibdev, "failed to alloc QP buffer, ret = %d.\n", ret); goto err_buf; diff --git a/include/uapi/rdma/hns-abi.h b/include/uapi/rdma/hns-abi.h index 94e861870..c24af6b68 100644 --- a/include/uapi/rdma/hns-abi.h +++ b/include/uapi/rdma/hns-abi.h @@ -90,7 +90,8 @@ struct hns_roce_ib_create_qp { __u8 log_sq_bb_count; __u8 log_sq_stride; __u8 sq_no_prefetch; - __u8 reserved[5]; + __u8 pageshift; + __u8 reserved[4]; __aligned_u64 sdb_addr; __aligned_u64 comp_mask; /* Use enum hns_roce_create_qp_comp_mask */ __aligned_u64 create_flags; @@ -119,12 +120,14 @@ enum { HNS_ROCE_EXSGE_FLAGS = 1 << 0, HNS_ROCE_RQ_INLINE_FLAGS = 1 << 1, HNS_ROCE_CQE_INLINE_FLAGS = 1 << 2, + HNS_ROCE_UCTX_DYN_QP_PGSZ = 1 << 4, }; enum { HNS_ROCE_RSP_EXSGE_FLAGS = 1 << 0, HNS_ROCE_RSP_RQ_INLINE_FLAGS = 1 << 1, HNS_ROCE_RSP_CQE_INLINE_FLAGS = 1 << 2, + HNS_ROCE_UCTX_RSP_DYN_QP_PGSZ = HNS_ROCE_UCTX_DYN_QP_PGSZ, }; struct hns_roce_ib_alloc_ucontext_resp { -- 2.30.0

1 3

[PATCH openEuler-1.0-LTS] spi: spi-fsl-dspi: Fix a resource leak in an error handling path
by Jinjie Ruan 26 Mar '24

26 Mar '24

From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> stable inclusion from stable-v4.19.199 commit 00450ed03a17143e2433b461a656ef9cd17c2f1d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BHN7 CVE: CVE-2021-47161 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- commit 680ec0549a055eb464dce6ffb4bfb736ef87236e upstream 'dspi_request_dma()' should be undone by a 'dspi_release_dma()' call in the error handling path of the probe function, as already done in the remove function Fixes: 90ba37033cb9 ("spi: spi-fsl-dspi: Add DMA support for Vybrid") Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Reviewed-by: Vladimir Oltean <olteanv(a)gmail.com> Link: https://lore.kernel.org/r/d51caaac747277a1099ba8dea07acd85435b857e.16205874… Signed-off-by: Mark Brown <broonie(a)kernel.org> [sudip: adjust context] Signed-off-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Conflicts: drivers/spi/spi-fsl-dspi.c Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> --- drivers/spi/spi-fsl-dspi.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c index 3082e72e4f6c..7f3fcc3f9b63 100644 --- a/drivers/spi/spi-fsl-dspi.c +++ b/drivers/spi/spi-fsl-dspi.c @@ -1114,11 +1114,13 @@ static int dspi_probe(struct platform_device *pdev) ret = spi_register_master(master); if (ret != 0) { dev_err(&pdev->dev, "Problem registering DSPI master\n"); - goto out_clk_put; + goto out_release_dma; } return ret; +out_release_dma: + dspi_release_dma(dspi); out_clk_put: clk_disable_unprepare(dspi->clk); out_master_put: -- 2.34.1

2 1

[PATCH openEuler-1.0-LTS] netfilter: nf_tables: disallow anonymous set with timeout flag
by Ziyang Xuan 26 Mar '24

26 Mar '24

From: Pablo Neira Ayuso <pablo(a)netfilter.org> mainline inclusion from mainline-v6.8 commit 16603605b667b70da974bea8216c93e7db043bf1 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9AK56 CVE: CVE-2024-26642 -------------------------------- Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. Cc: stable(a)vger.kernel.org Fixes: 761da2935d6e ("netfilter: nf_tables: add set timeout API support") Reported-by: lonial con <kongln9170(a)gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Ziyang Xuan <william.xuanziyang(a)huawei.com> --- net/netfilter/nf_tables_api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 3ee5beb220bda..9cff6d4d4ff67 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -3508,6 +3508,9 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk, if ((flags & (NFT_SET_EVAL | NFT_SET_OBJECT)) == (NFT_SET_EVAL | NFT_SET_OBJECT)) return -EOPNOTSUPP; + if ((flags & (NFT_SET_ANONYMOUS | NFT_SET_TIMEOUT | NFT_SET_EVAL)) == + (NFT_SET_ANONYMOUS | NFT_SET_TIMEOUT)) + return -EOPNOTSUPP; } dtype = 0; -- 2.25.1

2 1

[PATCH OLK-5.10] netfilter: nf_tables: disallow anonymous set with timeout flag
by Ziyang Xuan 26 Mar '24

26 Mar '24

From: Pablo Neira Ayuso <pablo(a)netfilter.org> mainline inclusion from mainline-v6.8 commit 16603605b667b70da974bea8216c93e7db043bf1 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9AK56 CVE: CVE-2024-26642 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. Cc: stable(a)vger.kernel.org Fixes: 761da2935d6e ("netfilter: nf_tables: add set timeout API support") Reported-by: lonial con <kongln9170(a)gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Ziyang Xuan <william.xuanziyang(a)huawei.com> --- net/netfilter/nf_tables_api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index d24e9b7834e4c..75eccfaa6acb5 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -4384,6 +4384,9 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk, if ((flags & (NFT_SET_EVAL | NFT_SET_OBJECT)) == (NFT_SET_EVAL | NFT_SET_OBJECT)) return -EOPNOTSUPP; + if ((flags & (NFT_SET_ANONYMOUS | NFT_SET_TIMEOUT | NFT_SET_EVAL)) == + (NFT_SET_ANONYMOUS | NFT_SET_TIMEOUT)) + return -EOPNOTSUPP; } dtype = 0; -- 2.25.1

2 1

[OLK-6.6 1/4] RDMA/hns: Support flexible wqe buffer page size
by Chengchang Tang 26 Mar '24

26 Mar '24

driver inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I98HIN -------------------------------------------------------------------------- Currently, driver fixedly allocates 4K pages for user space WQE buffer even in a 64K system. This results in HW reading WQE with a granularity of 4K even in a 64K system. Considering that we support 1024-byte inline, in the scenario of using SQ inline, HW will switch pages every 4 WQEs. This will introduce a delay of about 400ns, which is an average delay of 100ns per packet. In order to improve performance, we allow user-mode driver to use more flexible WQE buffer page size allocation strategies, which allowing user-mode driver to configure WQE buffer using pages between 4K to system PAGESIZE. This feature needs to be used in conjunction with the user-mode driver. In order to ensure forward compatibility, if the user-mode driver does not support this feature, the kernel mode will continue to use a fixed 4K pagesize. Signed-off-by: Chengchang Tang <tangchengchang(a)huawei.com> --- drivers/infiniband/hw/hns/hns_roce_main.c | 5 ++++ drivers/infiniband/hw/hns/hns_roce_qp.c | 32 ++++++++++++++--------- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/drivers/infiniband/hw/hns/hns_roce_main.c b/drivers/infiniband/hw/hns/hns_roce_main.c index c3d057222..260052fcb 100644 --- a/drivers/infiniband/hw/hns/hns_roce_main.c +++ b/drivers/infiniband/hw/hns/hns_roce_main.c @@ -473,6 +473,11 @@ static int hns_roce_alloc_ucontext(struct ib_ucontext *uctx, if (hr_dev->pci_dev->revision >= PCI_REVISION_ID_HIP09) resp.congest_type = hr_dev->caps.cong_cap; + if (ucmd.config & HNS_ROCE_UCTX_DYN_QP_PGSZ) { + context->config |= HNS_ROCE_UCTX_DYN_QP_PGSZ; + resp.config |= HNS_ROCE_UCTX_RSP_DYN_QP_PGSZ; + } + ret = hns_roce_uar_alloc(hr_dev, &context->uar); if (ret) goto error_out; diff --git a/drivers/infiniband/hw/hns/hns_roce_qp.c b/drivers/infiniband/hw/hns/hns_roce_qp.c index 0b7064b0a..33c1a5cef 100644 --- a/drivers/infiniband/hw/hns/hns_roce_qp.c +++ b/drivers/infiniband/hw/hns/hns_roce_qp.c @@ -641,18 +641,21 @@ static int set_user_sq_size(struct hns_roce_dev *hr_dev, } static int set_wqe_buf_attr(struct hns_roce_dev *hr_dev, - struct hns_roce_qp *hr_qp, + struct hns_roce_qp *hr_qp, u8 page_shift, struct hns_roce_buf_attr *buf_attr) { + unsigned int page_size = BIT(page_shift); int buf_size; int idx = 0; hr_qp->buff_size = 0; + if (page_shift > PAGE_SHIFT || page_shift < HNS_HW_PAGE_SHIFT) + return -EOPNOTSUPP; + /* SQ WQE */ hr_qp->sq.offset = 0; - buf_size = to_hr_hem_entries_size(hr_qp->sq.wqe_cnt, - hr_qp->sq.wqe_shift); + buf_size = ALIGN(hr_qp->sq.wqe_cnt << hr_qp->sq.wqe_shift, page_size); if (buf_size > 0 && idx < ARRAY_SIZE(buf_attr->region)) { buf_attr->region[idx].size = buf_size; buf_attr->region[idx].hopnum = hr_dev->caps.wqe_sq_hop_num; @@ -662,8 +665,7 @@ static int set_wqe_buf_attr(struct hns_roce_dev *hr_dev, /* extend SGE WQE in SQ */ hr_qp->sge.offset = hr_qp->buff_size; - buf_size = to_hr_hem_entries_size(hr_qp->sge.sge_cnt, - hr_qp->sge.sge_shift); + buf_size = ALIGN(hr_qp->sge.sge_cnt << hr_qp->sge.sge_shift, page_size); if (buf_size > 0 && idx < ARRAY_SIZE(buf_attr->region)) { buf_attr->region[idx].size = buf_size; buf_attr->region[idx].hopnum = hr_dev->caps.wqe_sge_hop_num; @@ -673,8 +675,7 @@ static int set_wqe_buf_attr(struct hns_roce_dev *hr_dev, /* RQ WQE */ hr_qp->rq.offset = hr_qp->buff_size; - buf_size = to_hr_hem_entries_size(hr_qp->rq.wqe_cnt, - hr_qp->rq.wqe_shift); + buf_size = ALIGN(hr_qp->rq.wqe_cnt << hr_qp->rq.wqe_shift, page_size); if (buf_size > 0 && idx < ARRAY_SIZE(buf_attr->region)) { buf_attr->region[idx].size = buf_size; buf_attr->region[idx].hopnum = hr_dev->caps.wqe_rq_hop_num; @@ -685,8 +686,8 @@ static int set_wqe_buf_attr(struct hns_roce_dev *hr_dev, if (hr_qp->buff_size < 1) return -EINVAL; - buf_attr->page_shift = HNS_HW_PAGE_SHIFT + hr_dev->caps.mtt_buf_pg_sz; buf_attr->region_count = idx; + buf_attr->page_shift = page_shift; return 0; } @@ -742,20 +743,27 @@ static int hns_roce_qp_has_rq(struct ib_qp_init_attr *attr) static int alloc_qp_buf(struct hns_roce_dev *hr_dev, struct hns_roce_qp *hr_qp, struct ib_qp_init_attr *init_attr, - struct ib_udata *udata, unsigned long addr) + struct ib_udata *udata, + struct hns_roce_ib_create_qp *ucmd) { + struct hns_roce_ucontext *uctx = rdma_udata_to_drv_context(udata, + struct hns_roce_ucontext, ibucontext); struct ib_device *ibdev = &hr_dev->ib_dev; struct hns_roce_buf_attr buf_attr = {}; + u8 page_shift = HNS_HW_PAGE_SHIFT; int ret; - ret = set_wqe_buf_attr(hr_dev, hr_qp, &buf_attr); + if (uctx && (uctx->config & HNS_ROCE_UCTX_DYN_QP_PGSZ)) + page_shift = ucmd->pageshift; + + ret = set_wqe_buf_attr(hr_dev, hr_qp, page_shift, &buf_attr); if (ret) { ibdev_err(ibdev, "failed to split WQE buf, ret = %d.\n", ret); goto err_inline; } ret = hns_roce_mtr_create(hr_dev, &hr_qp->mtr, &buf_attr, PAGE_SHIFT + hr_dev->caps.mtt_ba_pg_sz, - udata, addr); + udata, ucmd->buf_addr); if (ret) { ibdev_err(ibdev, "failed to create WQE mtr, ret = %d.\n", ret); goto err_inline; @@ -1151,7 +1159,7 @@ static int hns_roce_create_qp_common(struct hns_roce_dev *hr_dev, } } - ret = alloc_qp_buf(hr_dev, hr_qp, init_attr, udata, ucmd.buf_addr); + ret = alloc_qp_buf(hr_dev, hr_qp, init_attr, udata, &ucmd); if (ret) { ibdev_err(ibdev, "failed to alloc QP buffer, ret = %d.\n", ret); goto err_buf; -- 2.30.0

1 3

[PATCH openEuler-1.0-LTS 0/3] net: fix CVE-2024-26641
by Dong Chenchen 26 Mar '24

26 Mar '24

patchset for CVE-2024-26641. Eric Dumazet (2): ip6_tunnel: use dev_sw_netstats_rx_add() ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() Guillaume Nault (1): ip6_tunnel: allow redirecting ip6gre and ipxip6 packets to eth devices net/ipv6/ip6_tunnel.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) -- 2.25.1

2 4

[PATCH openEuler-22.03-LTS-SP2] media: pvrusb2: fix use after free on context disconnection
by Guan Jing 26 Mar '24

26 Mar '24

From: "Ricardo B. Marliere" <ricardo(a)marliere.net> stable inclusion from stable-v5.10.209 commit 3233d8bf7893550045682192cb227af7fa3defeb category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I932VV CVE: CVE-2023-52445 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit ded85b0c0edd8f45fec88783d7555a5b982449c1 ] Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on the context object. However, that might happen before the usb hub_event handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack. Reported-and-tested-by: syzbot+621409285c4156a009b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000a02a4205fff8eb92@google.com/ Fixes: e5be15c63804 ("V4L/DVB (7711): pvrusb2: Fix race on module unload") Signed-off-by: Ricardo B. Marliere <ricardo(a)marliere.net> Acked-by: Mike Isely <isely(a)pobox.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Guan Jing <guanjing6(a)huawei.com> --- drivers/media/usb/pvrusb2/pvrusb2-context.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/media/usb/pvrusb2/pvrusb2-context.c b/drivers/media/usb/pvrusb2/pvrusb2-context.c index 14170a5d72b3..1764674de98b 100644 --- a/drivers/media/usb/pvrusb2/pvrusb2-context.c +++ b/drivers/media/usb/pvrusb2/pvrusb2-context.c @@ -268,7 +268,8 @@ void pvr2_context_disconnect(struct pvr2_context *mp) { pvr2_hdw_disconnect(mp->hdw); mp->disconnect_flag = !0; - pvr2_context_notify(mp); + if (!pvr2_context_shutok()) + pvr2_context_notify(mp); } -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] media: pvrusb2: fix use after free on context disconnection
by Guan Jing 26 Mar '24

26 Mar '24

From: "Ricardo B. Marliere" <ricardo(a)marliere.net> stable inclusion from stable-v5.10.209 commit 3233d8bf7893550045682192cb227af7fa3defeb category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I932VV CVE: CVE-2023-52445 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit ded85b0c0edd8f45fec88783d7555a5b982449c1 ] Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on the context object. However, that might happen before the usb hub_event handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack. Reported-and-tested-by: syzbot+621409285c4156a009b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000a02a4205fff8eb92@google.com/ Fixes: e5be15c63804 ("V4L/DVB (7711): pvrusb2: Fix race on module unload") Signed-off-by: Ricardo B. Marliere <ricardo(a)marliere.net> Acked-by: Mike Isely <isely(a)pobox.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Guan Jing <guanjing6(a)huawei.com> --- drivers/media/usb/pvrusb2/pvrusb2-context.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/media/usb/pvrusb2/pvrusb2-context.c b/drivers/media/usb/pvrusb2/pvrusb2-context.c index 14170a5d72b3..1764674de98b 100644 --- a/drivers/media/usb/pvrusb2/pvrusb2-context.c +++ b/drivers/media/usb/pvrusb2/pvrusb2-context.c @@ -268,7 +268,8 @@ void pvr2_context_disconnect(struct pvr2_context *mp) { pvr2_hdw_disconnect(mp->hdw); mp->disconnect_flag = !0; - pvr2_context_notify(mp); + if (!pvr2_context_shutok()) + pvr2_context_notify(mp); } -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS] media: pvrusb2: fix use after free on context disconnection
by Guan Jing 26 Mar '24

26 Mar '24

From: "Ricardo B. Marliere" <ricardo(a)marliere.net> stable inclusion from stable-v5.10.209 commit 3233d8bf7893550045682192cb227af7fa3defeb category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I932VV CVE: CVE-2023-52445 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit ded85b0c0edd8f45fec88783d7555a5b982449c1 ] Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on the context object. However, that might happen before the usb hub_event handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack. Reported-and-tested-by: syzbot+621409285c4156a009b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000a02a4205fff8eb92@google.com/ Fixes: e5be15c63804 ("V4L/DVB (7711): pvrusb2: Fix race on module unload") Signed-off-by: Ricardo B. Marliere <ricardo(a)marliere.net> Acked-by: Mike Isely <isely(a)pobox.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Guan Jing <guanjing6(a)huawei.com> --- drivers/media/usb/pvrusb2/pvrusb2-context.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/media/usb/pvrusb2/pvrusb2-context.c b/drivers/media/usb/pvrusb2/pvrusb2-context.c index 14170a5d72b3..1764674de98b 100644 --- a/drivers/media/usb/pvrusb2/pvrusb2-context.c +++ b/drivers/media/usb/pvrusb2/pvrusb2-context.c @@ -268,7 +268,8 @@ void pvr2_context_disconnect(struct pvr2_context *mp) { pvr2_hdw_disconnect(mp->hdw); mp->disconnect_flag = !0; - pvr2_context_notify(mp); + if (!pvr2_context_shutok()) + pvr2_context_notify(mp); } -- 2.34.1

2 1

[PATCH OLK-5.10] ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
by Dong Chenchen 26 Mar '24

26 Mar '24

From: Eric Dumazet <edumazet(a)google.com> stable inclusion from stable-v5.10.208 commit da23bd709b46168f7dfc36055801011222b076cd category: bugfix bugzilla: 189704, https://gitee.com/src-openeuler/kernel/issues/I99K08 CVE: CVE-2024-26633 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit d375b98e0248980681e5e56b712026174d617198 ] syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 7345 Comm: syz-executor.3 Not tainted 6.7.0-rc8-syzkaller-00024-gac865f00af29 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Fixes: fbfa743a9d2a ("ipv6: fix ip6_tnl_parse_tlv_enc_lim()") Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Willem de Bruijn <willemb(a)google.com> Reviewed-by: Willem de Bruijn <willemb(a)google.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> --- net/ipv6/ip6_tunnel.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index a03a322e0cc1..edf4a842506f 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -427,7 +427,7 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)raw; unsigned int nhoff = raw - skb->data; unsigned int off = nhoff + sizeof(*ipv6h); - u8 next, nexthdr = ipv6h->nexthdr; + u8 nexthdr = ipv6h->nexthdr; while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) { struct ipv6_opt_hdr *hdr; @@ -438,25 +438,25 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) hdr = (struct ipv6_opt_hdr *)(skb->data + off); if (nexthdr == NEXTHDR_FRAGMENT) { - struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr; - if (frag_hdr->frag_off) - break; optlen = 8; } else if (nexthdr == NEXTHDR_AUTH) { optlen = ipv6_authlen(hdr); } else { optlen = ipv6_optlen(hdr); } - /* cache hdr->nexthdr, since pskb_may_pull() might - * invalidate hdr - */ - next = hdr->nexthdr; - if (nexthdr == NEXTHDR_DEST) { - u16 i = 2; - /* Remember : hdr is no longer valid at this point. */ - if (!pskb_may_pull(skb, off + optlen)) + if (!pskb_may_pull(skb, off + optlen)) + break; + + hdr = (struct ipv6_opt_hdr *)(skb->data + off); + if (nexthdr == NEXTHDR_FRAGMENT) { + struct frag_hdr *frag_hdr = (struct frag_hdr *)hdr; + + if (frag_hdr->frag_off) break; + } + if (nexthdr == NEXTHDR_DEST) { + u16 i = 2; while (1) { struct ipv6_tlv_tnl_enc_lim *tel; @@ -477,7 +477,7 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) i++; } } - nexthdr = next; + nexthdr = hdr->nexthdr; off += optlen; } return 0; -- 2.25.1

2 1

[PATCH openEuler-1.0-LTS] ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
by Dong Chenchen 26 Mar '24

26 Mar '24

From: Eric Dumazet <edumazet(a)google.com> stable inclusion from stable-v4.19.305 commit 135414f300c5db995e2a2f3bf0f455de9d014aee category: bugfix bugzilla: 189704, https://gitee.com/src-openeuler/kernel/issues/I99K08 CVE: CVE-2024-26633 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit d375b98e0248980681e5e56b712026174d617198 ] syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 7345 Comm: syz-executor.3 Not tainted 6.7.0-rc8-syzkaller-00024-gac865f00af29 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Fixes: fbfa743a9d2a ("ipv6: fix ip6_tnl_parse_tlv_enc_lim()") Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Willem de Bruijn <willemb(a)google.com> Reviewed-by: Willem de Bruijn <willemb(a)google.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> --- net/ipv6/ip6_tunnel.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index b647a4037679..5cf3a2e2cd54 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -404,7 +404,7 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)raw; unsigned int nhoff = raw - skb->data; unsigned int off = nhoff + sizeof(*ipv6h); - u8 next, nexthdr = ipv6h->nexthdr; + u8 nexthdr = ipv6h->nexthdr; while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) { struct ipv6_opt_hdr *hdr; @@ -415,25 +415,25 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) hdr = (struct ipv6_opt_hdr *)(skb->data + off); if (nexthdr == NEXTHDR_FRAGMENT) { - struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr; - if (frag_hdr->frag_off) - break; optlen = 8; } else if (nexthdr == NEXTHDR_AUTH) { optlen = (hdr->hdrlen + 2) << 2; } else { optlen = ipv6_optlen(hdr); } - /* cache hdr->nexthdr, since pskb_may_pull() might - * invalidate hdr - */ - next = hdr->nexthdr; - if (nexthdr == NEXTHDR_DEST) { - u16 i = 2; - /* Remember : hdr is no longer valid at this point. */ - if (!pskb_may_pull(skb, off + optlen)) + if (!pskb_may_pull(skb, off + optlen)) + break; + + hdr = (struct ipv6_opt_hdr *)(skb->data + off); + if (nexthdr == NEXTHDR_FRAGMENT) { + struct frag_hdr *frag_hdr = (struct frag_hdr *)hdr; + + if (frag_hdr->frag_off) break; + } + if (nexthdr == NEXTHDR_DEST) { + u16 i = 2; while (1) { struct ipv6_tlv_tnl_enc_lim *tel; @@ -454,7 +454,7 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) i++; } } - nexthdr = next; + nexthdr = hdr->nexthdr; off += optlen; } return 0; -- 2.25.1

2 1

[PATCH openEuler-1.0-LTS 1/1] ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
by Dong Chenchen 26 Mar '24

26 Mar '24

From: Eric Dumazet <edumazet(a)google.com> stable inclusion from stable-v4.19.305 commit 135414f300c5db995e2a2f3bf0f455de9d014aee category: bugfix bugzilla: 189704, https://gitee.com/src-openeuler/kernel/issues/I99K08 CVE: CVE-2024-26633 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit d375b98e0248980681e5e56b712026174d617198 ] syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 7345 Comm: syz-executor.3 Not tainted 6.7.0-rc8-syzkaller-00024-gac865f00af29 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Fixes: fbfa743a9d2a ("ipv6: fix ip6_tnl_parse_tlv_enc_lim()") Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Willem de Bruijn <willemb(a)google.com> Reviewed-by: Willem de Bruijn <willemb(a)google.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> --- net/ipv6/ip6_tunnel.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index b647a4037679..5cf3a2e2cd54 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -404,7 +404,7 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)raw; unsigned int nhoff = raw - skb->data; unsigned int off = nhoff + sizeof(*ipv6h); - u8 next, nexthdr = ipv6h->nexthdr; + u8 nexthdr = ipv6h->nexthdr; while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) { struct ipv6_opt_hdr *hdr; @@ -415,25 +415,25 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) hdr = (struct ipv6_opt_hdr *)(skb->data + off); if (nexthdr == NEXTHDR_FRAGMENT) { - struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr; - if (frag_hdr->frag_off) - break; optlen = 8; } else if (nexthdr == NEXTHDR_AUTH) { optlen = (hdr->hdrlen + 2) << 2; } else { optlen = ipv6_optlen(hdr); } - /* cache hdr->nexthdr, since pskb_may_pull() might - * invalidate hdr - */ - next = hdr->nexthdr; - if (nexthdr == NEXTHDR_DEST) { - u16 i = 2; - /* Remember : hdr is no longer valid at this point. */ - if (!pskb_may_pull(skb, off + optlen)) + if (!pskb_may_pull(skb, off + optlen)) + break; + + hdr = (struct ipv6_opt_hdr *)(skb->data + off); + if (nexthdr == NEXTHDR_FRAGMENT) { + struct frag_hdr *frag_hdr = (struct frag_hdr *)hdr; + + if (frag_hdr->frag_off) break; + } + if (nexthdr == NEXTHDR_DEST) { + u16 i = 2; while (1) { struct ipv6_tlv_tnl_enc_lim *tel; @@ -454,7 +454,7 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) i++; } } - nexthdr = next; + nexthdr = hdr->nexthdr; off += optlen; } return 0; -- 2.25.1

2 1

[PATCH OLK-5.10 1/1] ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
by Dong Chenchen 26 Mar '24

26 Mar '24

From: Eric Dumazet <edumazet(a)google.com> stable inclusion from stable-v5.10.208 commit da23bd709b46168f7dfc36055801011222b076cd category: bugfix bugzilla: 189704, https://gitee.com/src-openeuler/kernel/issues/I99K08 CVE: CVE-2024-26633 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit d375b98e0248980681e5e56b712026174d617198 ] syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 7345 Comm: syz-executor.3 Not tainted 6.7.0-rc8-syzkaller-00024-gac865f00af29 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Fixes: fbfa743a9d2a ("ipv6: fix ip6_tnl_parse_tlv_enc_lim()") Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Willem de Bruijn <willemb(a)google.com> Reviewed-by: Willem de Bruijn <willemb(a)google.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> --- net/ipv6/ip6_tunnel.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index ac3fead5e982..d1f819238414 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -427,7 +427,7 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)raw; unsigned int nhoff = raw - skb->data; unsigned int off = nhoff + sizeof(*ipv6h); - u8 next, nexthdr = ipv6h->nexthdr; + u8 nexthdr = ipv6h->nexthdr; while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) { struct ipv6_opt_hdr *hdr; @@ -438,25 +438,25 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) hdr = (struct ipv6_opt_hdr *)(skb->data + off); if (nexthdr == NEXTHDR_FRAGMENT) { - struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr; - if (frag_hdr->frag_off) - break; optlen = 8; } else if (nexthdr == NEXTHDR_AUTH) { optlen = ipv6_authlen(hdr); } else { optlen = ipv6_optlen(hdr); } - /* cache hdr->nexthdr, since pskb_may_pull() might - * invalidate hdr - */ - next = hdr->nexthdr; - if (nexthdr == NEXTHDR_DEST) { - u16 i = 2; - /* Remember : hdr is no longer valid at this point. */ - if (!pskb_may_pull(skb, off + optlen)) + if (!pskb_may_pull(skb, off + optlen)) + break; + + hdr = (struct ipv6_opt_hdr *)(skb->data + off); + if (nexthdr == NEXTHDR_FRAGMENT) { + struct frag_hdr *frag_hdr = (struct frag_hdr *)hdr; + + if (frag_hdr->frag_off) break; + } + if (nexthdr == NEXTHDR_DEST) { + u16 i = 2; while (1) { struct ipv6_tlv_tnl_enc_lim *tel; @@ -477,7 +477,7 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) i++; } } - nexthdr = next; + nexthdr = hdr->nexthdr; off += optlen; } return 0; -- 2.25.1

2 1

[PATCH OLK-5.10 0/2] net: Fix CVE-2024-26641
by Dong Chenchen 26 Mar '24

26 Mar '24

patchset for CVE-2024-26641 Eric Dumazet (2): ip6_tunnel: use dev_sw_netstats_rx_add() ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() net/ipv6/ip6_tunnel.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) -- 2.25.1

2 3

[PATCH openEuler-1.0-LTS] btrfs: do not BUG_ON in link_to_fixup_dir
by Zhihao Cheng 26 Mar '24

26 Mar '24

From: Josef Bacik <josef(a)toxicpanda.com> stable inclusion from stable-v4.19.310 commit 6eccfb28f8dca70c9b1b3bb3194ca54cbe73a9fa category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BGQL CVE: CVE-2021-47145 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?id=… -------------------------------- commit 91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d upstream. While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 RIP: 0010:link_to_fixup_dir+0xd5/0xe0 RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216 RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0 RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000 RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001 R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800 R13: ffff8f595287faf0 R14: ffff8f5953c77dd0 R15: 0000000000000065 FS: 00007fc5284c8c40(0000) GS:ffff8f59bbd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5287f47c0 CR3: 000000011275e002 CR4: 0000000000370ee0 Call Trace: replay_one_buffer+0x409/0x470 ? btree_read_extent_buffer_pages+0xd0/0x110 walk_up_log_tree+0x157/0x1e0 walk_log_tree+0xa6/0x1d0 btrfs_recover_log_trees+0x1da/0x360 ? replay_one_extent+0x7b0/0x7b0 open_ctree+0x1486/0x1720 btrfs_mount_root.cold+0x12/0xea ? __kmalloc_track_caller+0x12f/0x240 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 vfs_kern_mount.part.0+0x71/0xb0 btrfs_mount+0x10d/0x380 ? vfs_parse_fs_string+0x4d/0x90 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 path_mount+0x433/0xa10 __x64_sys_mount+0xe3/0x120 do_syscall_64+0x3d/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae We can get -EIO or any number of legitimate errors from btrfs_search_slot(), panicing here is not the appropriate response. The error path for this code handles errors properly, simply return the error. Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Zhihao Cheng <chengzhihao1(a)huawei.com> --- fs/btrfs/tree-log.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index fe7165c9d875..39396f60646d 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -1770,8 +1770,6 @@ static noinline int link_to_fixup_dir(struct btrfs_trans_handle *trans, ret = btrfs_update_inode(trans, root, inode); } else if (ret == -EEXIST) { ret = 0; - } else { - BUG(); /* Logic Error */ } iput(inode); -- 2.31.1

2 1

[openeuler:OLK-6.6] BUILD REGRESSION e86cbfc103cdd1bace8dee470c4bff75f2d67c3d
by kernel test robot 26 Mar '24

26 Mar '24

tree/branch: https://gitee.com/openeuler/kernel.git OLK-6.6 branch HEAD: e86cbfc103cdd1bace8dee470c4bff75f2d67c3d !5354 iommu/arm-smmu-v3: Disable ECMDQ before reset Error/Warning ids grouped by kconfigs: gcc_recent_errors |-- arm64-defconfig | `-- drivers-irqchip-irq-mbigen.c:warning:expecting-prototype-for-Due-to-the-existence-of-hyper().-Prototype-was-for-GICR_LENGTH()-instead |-- loongarch-allmodconfig | |-- drivers-i2c-busses-i2c-hisi.c:warning:expecting-prototype-for-i2c_dw_acpi_pin_mux_change().-Prototype-was-for-i2c_hisi_pin_mux_change()-instead | |-- drivers-infiniband-hw-hns-hns_roce_hw_v2.c:warning:no-previous-prototype-for-hns_roce_hw_v2_get_dscp | |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_set_rxfh().-Prototype-was-for-rnp_set_rxnfc()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_tet_rxfh().-Prototype-was-for-rnp_get_rxfh()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_main.c:warning:directive-output-may-be-truncated-writing-byte-into-a-region-of-size-between-and | |-- drivers-net-ethernet-mucse-rnp-rnp_main.c:warning:expecting-prototype-for-rnp_write_eitr().-Prototype-was-for-rnp_write_eitr_rx()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_link_event_eanble().-Prototype-was-for-rnp_mbx_link_event_enable()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_stat_mark().-Prototype-was-for-rnp_link_stat_mark()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:no-previous-prototype-for-rnp_mbx_lldp_all_ports_enable | |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_fc_mode_n10().-Prototype-was-for-rnp_mac_fc_mode_n10()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_init_hw_n10().-Prototype-was-for-rnp_init_hw_ops_n10()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_write_uc_addr_list().-Prototype-was-for-rnp_write_uc_addr_list_n10()-instead | |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnpm_device_supports_autoneg_fc().-Prototype-was-for-rnp_device_supports_autoneg_fc()-instead | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-poll_free_mdio | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnp500_get_link_ksettings | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnp500_get_pauseparam | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnp500_set_link_ksettings | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnp500_set_pauseparam | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_addr_list_itr | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_check_mac_link_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_clean_link_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_driver_status_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clear_rar_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clear_vmdq_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clr_all_layer2_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clr_all_tuple5_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clr_layer2_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clr_mc_addr_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clr_tuple5_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_clr_vfta_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_layer2_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_rar_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_rss_hfunc_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_rx_skip_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_tcp_sync_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_tuple5_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_vfta_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_set_vmdq_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_update_mc_addr_list_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_update_rss_key_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_eth_update_rss_table_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_get_lldp_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_get_lpi_status_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_get_ncsi_mac_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_get_ncsi_vlan_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_get_permtion_mac_addr_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_init_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_layer2_pritologic_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_check_link_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_fc_mode_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_mdio_read_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_mdio_write_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_pmt_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_set_eee_timer_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mac_set_mac_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_mdio_read | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_phy_read_reg_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_phy_write_reg_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_reset_eee_mode_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_reset_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_set_eee_mode_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_set_eee_pls_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_set_eee_timer_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_set_ethtool_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_set_lldp_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_set_vf_vlan_mode_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_setup_eee_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_setup_mac_link_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_setup_wol_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_start_hw_ops_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_chip.c:warning:no-previous-prototype-for-rnpgbe_tuple5_pritologic_n500 | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_common.h:warning:suggest-braces-around-empty-body-in-an-if-statement | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_lib.c:warning:no-previous-prototype-for-rnpgbe_acquire_msix_vectors | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_lib.c:warning:no-previous-prototype-for-update_ring_count | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:directive-output-may-be-truncated-writing-byte-into-a-region-of-size-between-and | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-print_status | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_assign_netdev_ops | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_disable_eee_mode | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_eee_init | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_phy_init_eee | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_reinit_locked | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_rx_ring_reinit | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_vlan_stags_flag | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_write_eitr_rx | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:no-previous-prototype-for-rnpgbe_xmit_nop_frame_ring | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_main.c:warning:suggest-braces-around-empty-body-in-an-if-statement | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:build_writereg_req-accessing-bytes-in-a-region-of-size | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-mbx_cookie_zalloc | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_fw_reg_read | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_fw_send_cmd_wait | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_link_stat_mark_disable | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_link_stat_mark_reset | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_mbx_fw_post_req | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_mbx_get_link | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-rnpgbe_mbx_write_posted_locked | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_mbx_fw.c:warning:no-previous-prototype-for-to_mac_type | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_ptp.c:warning:no-previous-prototype-for-rnpgbe_ptp_setup_ptp | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_sriov.c:warning:no-previous-prototype-for-check_ari_mode | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_sriov.c:warning:no-previous-prototype-for-rnpgbe_msg_post_status_signle_link | |-- drivers-net-ethernet-mucse-rnpgbe-rnpgbe_sysfs.c:warning:no-previous-prototype-for-n500_exchange_share_ram | |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_enable_rx_buff().-Prototype-was-for-rnpm_enable_rx_buff_generic()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_update_mc_addr_list_generic().-Prototype-was-for-rnpm_update_mutiport_mc_addr_list_generic()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_debugfs.c:warning:expecting-prototype-for-rnpm_dbg_reg_ops_write().-Prototype-was-for-rnpm_dbg_phy_ops_write()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:no-previous-prototype-for-rnpm_get_phy_statistics | |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:no-previous-prototype-for-rnpm_setup_layer2_remapping | |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:no-previous-prototype-for-rnpm_setup_tuple5_remapping | |-- drivers-net-ethernet-mucse-rnpm-rnpm_lib.c:warning:no-previous-prototype-for-rnpm_setup_tuple5_remapping_tcam | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:directive-output-may-be-truncated-writing-byte-into-a-region-of-size-between-and | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-ixgbe_write_eitr().-Prototype-was-for-rnpm_write_eitr()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_notify().-Prototype-was-for-rnpm_irq_affinity_notify()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_release().-Prototype-was-for-rnpm_irq_affinity_release()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_is_non_eop().-Prototype-was-for-rnpm_is_non_eop()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnpm_set_ivar().-Prototype-was-for-rnpm_set_ring_vector()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-clean_all_port_resetting | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-control_mac_rx | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_assign_netdev_ops | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_can_rpu_start | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_check_mc_addr | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_clear_udp_tunnel_port | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_fix_queue_number | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_pf_service_event_schedule | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_pf_service_task | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_pf_service_timer | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_rx_ring_reinit | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_service_timer | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_vlan_stags_flag | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_write_eitr | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_xmit_nop_frame_ring | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-rnpm_xmit_nop_frame_ring_temp | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-update_pf_vlan | |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:no-previous-prototype-for-wait_all_port_resetting | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:Cannot-understand-speed: | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:build_writereg_req-accessing-bytes-in-a-region-of-size | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-mbx_cookie_zalloc | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_fw_get_capablity | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_fw_reg_read | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_fw_send_cmd_wait | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_get_port_stats2 | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_link_stat_mark_disable | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_mbx_fw_post_req | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_mbx_lldp_all_ports_enable | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_mbx_pluginout_evt_en | |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:no-previous-prototype-for-rnpm_mbx_write_posted_locked | |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:expecting-prototype-for-rnpm_atr_add_signature_filter_n10().-Prototype-was-for-rnpm_fdir_add_signature_filter_n10()-instead | |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:no-previous-prototype-for-rnpm_reset_pipeline_n10 | |-- drivers-net-ethernet-mucse-rnpm-rnpm_ptp.c:warning:no-previous-prototype-for-rnpm_ptp_setup_ptp | |-- drivers-net-ethernet-mucse-rnpm-rnpm_ptp.c:warning:suggest-braces-around-empty-body-in-an-if-statement | |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-rnpm_get_vf_ringnum | |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-rnpm_setup_ring_maxrate | |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:variable-y-set-but-not-used | |-- drivers-net-ethernet-mucse-rnpm-rnpm_sysfs.c:warning:no-previous-prototype-for-rnpm_mbx_get_pn_sn | |-- drivers-net-ethernet-mucse-rnpm-rnpm_tc_u32_parse.h:warning:rnpm_ipv4_parser-defined-but-not-used | |-- loongson3-acpi-cpufreq.c:(.text):undefined-reference-to-acpi_processor_register_performance | `-- loongson3-acpi-cpufreq.c:(.text):undefined-reference-to-acpi_processor_unregister_performance `-- x86_64-buildonly-randconfig-002-20240326 `-- drivers-i2c-busses-i2c-hisi.c:warning:expecting-prototype-for-i2c_dw_acpi_pin_mux_change().-Prototype-was-for-i2c_hisi_pin_mux_change()-instead clang_recent_errors `-- arm64-allmodconfig |-- drivers-i2c-busses-i2c-hisi.c:warning:expecting-prototype-for-i2c_dw_acpi_pin_mux_change().-Prototype-was-for-i2c_hisi_pin_mux_change()-instead |-- drivers-irqchip-irq-mbigen.c:warning:expecting-prototype-for-Due-to-the-existence-of-hyper().-Prototype-was-for-GICR_LENGTH()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_set_rxfh().-Prototype-was-for-rnp_set_rxnfc()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_ethtool.c:warning:expecting-prototype-for-rnp_tet_rxfh().-Prototype-was-for-rnp_get_rxfh()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_main.c:warning:expecting-prototype-for-rnp_write_eitr().-Prototype-was-for-rnp_write_eitr_rx()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_link_event_eanble().-Prototype-was-for-rnp_mbx_link_event_enable()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:expecting-prototype-for-rnp_mbx_stat_mark().-Prototype-was-for-rnp_link_stat_mark()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_mbx_fw.c:warning:no-previous-prototype-for-function-rnp_mbx_lldp_all_ports_enable |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_fc_mode_n10().-Prototype-was-for-rnp_mac_fc_mode_n10()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_init_hw_n10().-Prototype-was-for-rnp_init_hw_ops_n10()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnp_write_uc_addr_list().-Prototype-was-for-rnp_write_uc_addr_list_n10()-instead |-- drivers-net-ethernet-mucse-rnp-rnp_n10.c:warning:expecting-prototype-for-rnpm_device_supports_autoneg_fc().-Prototype-was-for-rnp_device_supports_autoneg_fc()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_enable_rx_buff().-Prototype-was-for-rnpm_enable_rx_buff_generic()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_common.c:warning:expecting-prototype-for-rnpm_update_mc_addr_list_generic().-Prototype-was-for-rnpm_update_mutiport_mc_addr_list_generic()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_debugfs.c:warning:expecting-prototype-for-rnpm_dbg_reg_ops_write().-Prototype-was-for-rnpm_dbg_phy_ops_write()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_ethtool.c:warning:no-previous-prototype-for-function-rnpm_get_phy_statistics |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-ixgbe_write_eitr().-Prototype-was-for-rnpm_write_eitr()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_notify().-Prototype-was-for-rnpm_irq_affinity_notify()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_irq_affinity_release().-Prototype-was-for-rnpm_irq_affinity_release()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnp_is_non_eop().-Prototype-was-for-rnpm_is_non_eop()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_main.c:warning:expecting-prototype-for-rnpm_set_ivar().-Prototype-was-for-rnpm_set_ring_vector()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_mbx_fw.c:warning:Cannot-understand-speed: |-- drivers-net-ethernet-mucse-rnpm-rnpm_n10.c:warning:expecting-prototype-for-rnpm_atr_add_signature_filter_n10().-Prototype-was-for-rnpm_fdir_add_signature_filter_n10()-instead |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_get_vf_ringnum |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:no-previous-prototype-for-function-rnpm_setup_ring_maxrate |-- drivers-net-ethernet-mucse-rnpm-rnpm_sriov.c:warning:variable-y-set-but-not-used `-- mm-mem_reliable.c:warning:arithmetic-between-different-enumeration-types-(-enum-node_stat_item-and-enum-lru_list-) elapsed time: 941m configs tested: 32 configs skipped: 96 tested configs: arm64 allmodconfig clang arm64 allnoconfig gcc arm64 defconfig gcc loongarch allmodconfig gcc loongarch allnoconfig gcc loongarch defconfig gcc x86_64 buildonly-randconfig-001-20240326 clang x86_64 buildonly-randconfig-002-20240326 gcc x86_64 buildonly-randconfig-003-20240326 clang x86_64 buildonly-randconfig-004-20240326 gcc x86_64 buildonly-randconfig-005-20240326 gcc x86_64 buildonly-randconfig-006-20240326 gcc x86_64 defconfig gcc x86_64 randconfig-001-20240326 gcc x86_64 randconfig-002-20240326 gcc x86_64 randconfig-003-20240326 gcc x86_64 randconfig-004-20240326 clang x86_64 randconfig-005-20240326 gcc x86_64 randconfig-006-20240326 clang x86_64 randconfig-011-20240326 gcc x86_64 randconfig-012-20240326 clang x86_64 randconfig-013-20240326 gcc x86_64 randconfig-014-20240326 gcc x86_64 randconfig-015-20240326 clang x86_64 randconfig-016-20240326 clang x86_64 randconfig-071-20240326 clang x86_64 randconfig-072-20240326 gcc x86_64 randconfig-073-20240326 gcc x86_64 randconfig-074-20240326 gcc x86_64 randconfig-075-20240326 gcc x86_64 randconfig-076-20240326 gcc x86_64 rhel-8.3-rust clang -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-5.10] netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
by Liu Jian 26 Mar '24

26 Mar '24

From: Pablo Neira Ayuso <pablo(a)netfilter.org> mainline inclusion from mainline-v6.8 commit 552705a3650bbf46a22b1adedc1b04181490fc36 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9AK7L CVE: CVE-2024-26643 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… --------------------------- While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on transaction abort"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too. Cc: stable(a)vger.kernel.org Fixes: 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid race with control plane") Reported-by: Mingi Cho <mgcho.minic(a)gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- net/netfilter/nf_tables_api.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index d24e9b7834e4..6e0e9cc771b2 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -4724,6 +4724,7 @@ static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set, if (list_empty(&set->bindings) && nft_set_is_anonymous(set)) { list_del_rcu(&set->list); + set->dead = 1; if (event) nf_tables_set_notify(ctx, set, NFT_MSG_DELSET, GFP_KERNEL); -- 2.34.1

2 1

[PATCH OLK-5.10 0/2] fix CVE-2023-52587
by Yu Liao 26 Mar '24

26 Mar '24

Daniel Vacek (1): IB/ipoib: Fix mcast list locking Jack Wang (1): RDMA/IPoIB: Fix error code return in ipoib_mcast_join drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) -- 2.25.1

2 3