- Kernel - mailweb.openeuler.org

[openeuler:OLK-6.6 3542/3542] arch/x86/kernel/early-quirks.c:727:34: warning: no previous prototype for 'kh40000_get_direct_dma_ops'
by kernel test robot 15 Dec '25

15 Dec '25

Hi leoliu-oc, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 81b22958142c03b02c766c79cd1554ebfa142be4 commit: 11557c1ae4529f133483879b7ee00b7d8c653be7 [3542/3542] x86/cpu/zhaoxin: Encapsulate access to kh40000_dma_direct_ops within function config: x86_64-randconfig-161-20251215 (https://download.01.org/0day-ci/archive/20251215/202512151614.LDi8I6GA-lkp@…) compiler: gcc-14 (Debian 14.2.0-19) 14.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251215/202512151614.LDi8I6GA-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202512151614.LDi8I6GA-lkp@intel.com/ All warnings (new ones prefixed by >>): arch/x86/kernel/early-quirks.c:722:6: warning: no previous prototype for 'is_zhaoxin_kh40000' [-Wmissing-prototypes] 722 | bool is_zhaoxin_kh40000(void) | ^~~~~~~~~~~~~~~~~~ >> arch/x86/kernel/early-quirks.c:727:34: warning: no previous prototype for 'kh40000_get_direct_dma_ops' [-Wmissing-prototypes] 727 | __weak const struct dma_map_ops *kh40000_get_direct_dma_ops(void) | ^~~~~~~~~~~~~~~~~~~~~~~~~~ vim +/kh40000_get_direct_dma_ops +727 arch/x86/kernel/early-quirks.c 721 > 722 bool is_zhaoxin_kh40000(void) 723 { 724 return zhaoxin_kh40000; 725 } 726 > 727 __weak const struct dma_map_ops *kh40000_get_direct_dma_ops(void) 728 { 729 return dma_ops; 730 } 731 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-6.6 3542/3542] lib/test_hexdump.c:116:3: warning: 'strncpy' output truncated copying between 0 and 32 bytes from a string of length 32
by kernel test robot 15 Dec '25

15 Dec '25

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 81b22958142c03b02c766c79cd1554ebfa142be4 commit: f04c0f3eb9b49427c273cd3e4d5a2ff895855b4b [3542/3542] make OPTIMIZE_INLINING config editable config: arm64-randconfig-004-20251215 (https://download.01.org/0day-ci/archive/20251215/202512151641.xBwOsIKs-lkp@…) compiler: aarch64-linux-gcc (GCC) 9.5.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251215/202512151641.xBwOsIKs-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202512151641.xBwOsIKs-lkp@intel.com/ All warnings (new ones prefixed by >>): lib/test_hexdump.c: In function 'test_hexdump_prepare_test.isra.0': >> lib/test_hexdump.c:116:3: warning: 'strncpy' output truncated copying between 0 and 32 bytes from a string of length 32 [-Wstringop-truncation] 116 | strncpy(p, data_a, l); | ^~~~~~~~~~~~~~~~~~~~~ vim +/strncpy +116 lib/test_hexdump.c 7aaf4c3e1235cc lib/test_hexdump.c Andy Shevchenko 2016-01-20 66 87977ca6bcd051 lib/test_hexdump.c Andy Shevchenko 2016-01-20 67 static void __init test_hexdump_prepare_test(size_t len, int rowsize, 87977ca6bcd051 lib/test_hexdump.c Andy Shevchenko 2016-01-20 68 int groupsize, char *test, 87977ca6bcd051 lib/test_hexdump.c Andy Shevchenko 2016-01-20 69 size_t testlen, bool ascii) 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 70 { 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 71 char *p; 17974c054db303 lib/test-hexdump.c Linus Torvalds 2015-04-19 72 const char * const *result; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 73 size_t l = len; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 74 int gs = groupsize, rs = rowsize; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 75 unsigned int i; de9df3993cfffd lib/test_hexdump.c Christophe Leroy 2018-08-21 76 const bool is_be = IS_ENABLED(CONFIG_CPU_BIG_ENDIAN); 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 77 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 78 if (rs != 16 && rs != 32) 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 79 rs = 16; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 80 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 81 if (l > rs) 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 82 l = rs; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 83 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 84 if (!is_power_of_2(gs) || gs > 8 || (len % gs != 0)) 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 85 gs = 1; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 86 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 87 if (gs == 8) de9df3993cfffd lib/test_hexdump.c Christophe Leroy 2018-08-21 88 result = is_be ? test_data_8_be : test_data_8_le; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 89 else if (gs == 4) de9df3993cfffd lib/test_hexdump.c Christophe Leroy 2018-08-21 90 result = is_be ? test_data_4_be : test_data_4_le; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 91 else if (gs == 2) de9df3993cfffd lib/test_hexdump.c Christophe Leroy 2018-08-21 92 result = is_be ? test_data_2_be : test_data_2_le; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 93 else de9df3993cfffd lib/test_hexdump.c Christophe Leroy 2018-08-21 94 result = test_data_1; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 95 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 96 /* hex dump */ 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 97 p = test; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 98 for (i = 0; i < l / gs; i++) { 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 99 const char *q = *result++; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 100 size_t amount = strlen(q); 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 101 b1286ed7158e9b lib/test_hexdump.c Linus Torvalds 2018-11-30 102 memcpy(p, q, amount); 3db4a987180acf lib/test_hexdump.c Andy Shevchenko 2016-01-20 103 p += amount; 3db4a987180acf lib/test_hexdump.c Andy Shevchenko 2016-01-20 104 3db4a987180acf lib/test_hexdump.c Andy Shevchenko 2016-01-20 105 *p++ = ' '; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 106 } 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 107 if (i) 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 108 p--; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 109 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 110 /* ASCII part */ 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 111 if (ascii) { 3db4a987180acf lib/test_hexdump.c Andy Shevchenko 2016-01-20 112 do { 3db4a987180acf lib/test_hexdump.c Andy Shevchenko 2016-01-20 113 *p++ = ' '; 3db4a987180acf lib/test_hexdump.c Andy Shevchenko 2016-01-20 114 } while (p < test + rs * 2 + rs / gs + 1); 3db4a987180acf lib/test_hexdump.c Andy Shevchenko 2016-01-20 115 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 @116 strncpy(p, data_a, l); 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 117 p += l; 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 118 } 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 119 64d1d77a44697a lib/test-hexdump.c Andy Shevchenko 2015-02-12 120 *p = '\0'; 87977ca6bcd051 lib/test_hexdump.c Andy Shevchenko 2016-01-20 121 } 87977ca6bcd051 lib/test_hexdump.c Andy Shevchenko 2016-01-20 122 :::::: The code at line 116 was first introduced by commit :::::: 64d1d77a44697af8e314939ecef30642c68309cb hexdump: introduce test suite :::::: TO: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> :::::: CC: Linus Torvalds <torvalds(a)linux-foundation.org> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-5.10] iommu/arm-smmu-v3-sva: Fix mm use-after-free
by Zhang Yuwei 15 Dec '25

15 Dec '25

From: Jean-Philippe Brucker <jean-philippe(a)linaro.org> mainline inclusion from mainline-v5.19-rc1 commit cbd23144f7662b00bcde32a938c4a4057e476d68 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBP4KI Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- We currently call arm64_mm_context_put() without holding a reference to the mm, which can result in use-after-free. Call mmgrab()/mmdrop() to ensure the mm only gets freed after we unpinned the ASID. Fixes: 32784a9562fb ("iommu/arm-smmu-v3: Implement iommu_sva_bind/unbind()") Signed-off-by: Jean-Philippe Brucker <jean-philippe(a)linaro.org> Tested-by: Zhangfei Gao <zhangfei.gao(a)linaro.org> Link: https://lore.kernel.org/r/20220426130444.300556-1-jean-philippe@linaro.org Signed-off-by: Will Deacon <will(a)kernel.org> Conflicts: drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c [commit 685ace6c824e merged for add trace event] Signed-off-by: Zhang Yuwei <zhangyuwei20(a)huawei.com> --- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c index afdfd10290be..0040294ad62d 100644 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c @@ -6,6 +6,7 @@ #include <linux/mm.h> #include <linux/mmu_context.h> #include <linux/mmu_notifier.h> +#include <linux/sched/mm.h> #include <linux/slab.h> #include <trace/events/smmu.h> @@ -98,9 +99,14 @@ static struct arm_smmu_ctx_desc *arm_smmu_alloc_shared_cd(struct mm_struct *mm) struct arm_smmu_ctx_desc *cd; struct arm_smmu_ctx_desc *ret = NULL; + /* Don't free the mm until we release the ASID */ + mmgrab(mm); + asid = arm64_mm_context_get(mm); - if (!asid) - return ERR_PTR(-ESRCH); + if (!asid) { + err = -ESRCH; + goto out_drop_mm; + } cd = kzalloc(sizeof(*cd), GFP_KERNEL); if (!cd) { @@ -169,6 +175,8 @@ static struct arm_smmu_ctx_desc *arm_smmu_alloc_shared_cd(struct mm_struct *mm) kfree(cd); out_put_context: arm64_mm_context_put(mm); +out_drop_mm: + mmdrop(mm); return err < 0 ? ERR_PTR(err) : ret; } @@ -177,6 +185,7 @@ static void arm_smmu_free_shared_cd(struct arm_smmu_ctx_desc *cd) if (arm_smmu_free_asid(cd)) { /* Unpin ASID */ arm64_mm_context_put(cd->mm); + mmdrop(cd->mm); kfree(cd); } } -- 2.43.0

2 1

[openeuler:OLK-6.6 3542/3542] drivers/infiniband/hw/bnxt_re/ib_verbs.c:1685:24: warning: variable 'nq' set but not used
by kernel test robot 15 Dec '25

15 Dec '25

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 81b22958142c03b02c766c79cd1554ebfa142be4 commit: 978eee07aea817a830a9146bd90f0506ac2f8482 [3542/3542] RDMA/bnxt_re: Fix budget handling of notification queue config: x86_64-buildonly-randconfig-005-20251215 (https://download.01.org/0day-ci/archive/20251215/202512151653.mAEBFOna-lkp@…) compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251215/202512151653.mAEBFOna-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202512151653.mAEBFOna-lkp@intel.com/ All warnings (new ones prefixed by >>): >> drivers/infiniband/hw/bnxt_re/ib_verbs.c:1685:24: warning: variable 'nq' set but not used [-Wunused-but-set-variable] 1685 | struct bnxt_qplib_nq *nq = NULL; | ^ drivers/infiniband/hw/bnxt_re/ib_verbs.c:1732:24: warning: variable 'nq' set but not used [-Wunused-but-set-variable] 1732 | struct bnxt_qplib_nq *nq = NULL; | ^ drivers/infiniband/hw/bnxt_re/ib_verbs.c:2933:24: warning: variable 'nq' set but not used [-Wunused-but-set-variable] 2933 | struct bnxt_qplib_nq *nq; | ^ 3 warnings generated. Kconfig warnings: (for reference only) WARNING: unmet direct dependencies detected for PTP_1588_CLOCK Depends on [n]: NET [=y] && POSIX_TIMERS [=n] Selected by [y]: - SXE [=y] && NETDEVICES [=y] && ETHERNET [=y] && NET_VENDOR_LINKDATA [=y] && (X86 [=y] || ARM64) && PCI [=y] - SXE_VF [=y] && NETDEVICES [=y] && ETHERNET [=y] && NET_VENDOR_LINKDATA [=y] && (X86 [=y] || ARM64) && PCI [=y] vim +/nq +1685 drivers/infiniband/hw/bnxt_re/ib_verbs.c 1ac5a404797523 Selvin Xavier 2017-02-10 1677 37cb11acf1f72a Devesh Sharma 2018-01-11 1678 /* Shared Receive Queues */ 119181d1d4327d Leon Romanovsky 2020-09-07 1679 int bnxt_re_destroy_srq(struct ib_srq *ib_srq, struct ib_udata *udata) 37cb11acf1f72a Devesh Sharma 2018-01-11 1680 { 37cb11acf1f72a Devesh Sharma 2018-01-11 1681 struct bnxt_re_srq *srq = container_of(ib_srq, struct bnxt_re_srq, 37cb11acf1f72a Devesh Sharma 2018-01-11 1682 ib_srq); 37cb11acf1f72a Devesh Sharma 2018-01-11 1683 struct bnxt_re_dev *rdev = srq->rdev; 37cb11acf1f72a Devesh Sharma 2018-01-11 1684 struct bnxt_qplib_srq *qplib_srq = &srq->qplib_srq; 37cb11acf1f72a Devesh Sharma 2018-01-11 @1685 struct bnxt_qplib_nq *nq = NULL; 37cb11acf1f72a Devesh Sharma 2018-01-11 1686 37cb11acf1f72a Devesh Sharma 2018-01-11 1687 if (qplib_srq->cq) 37cb11acf1f72a Devesh Sharma 2018-01-11 1688 nq = qplib_srq->cq->nq; 68e326dea1dba9 Leon Romanovsky 2019-04-03 1689 bnxt_qplib_destroy_srq(&rdev->qplib_res, qplib_srq); 37cb11acf1f72a Devesh Sharma 2018-01-11 1690 ib_umem_release(srq->umem); 063975feedb143 Chandramohan Akula 2023-07-26 1691 atomic_dec(&rdev->stats.res.srq_count); 119181d1d4327d Leon Romanovsky 2020-09-07 1692 return 0; 37cb11acf1f72a Devesh Sharma 2018-01-11 1693 } 37cb11acf1f72a Devesh Sharma 2018-01-11 1694 :::::: The code at line 1685 was first introduced by commit :::::: 37cb11acf1f72a007a85894a6dd2ec93932bde46 RDMA/bnxt_re: Add SRQ support for Broadcom adapters :::::: TO: Devesh Sharma <devesh.sharma(a)broadcom.com> :::::: CC: Doug Ledford <dledford(a)redhat.com> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-5.10] iommu/arm-smmu-v3-sva: Fix mm use-after-free
by Zhang Yuwei 15 Dec '25

15 Dec '25

From: Jean-Philippe Brucker <jean-philippe(a)linaro.org> mainline inclusion from mainline-v5.19-rc1 commit cbd23144f7662b00bcde32a938c4a4057e476d68 category: bugfix bugzilla: 190104 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- We currently call arm64_mm_context_put() without holding a reference to the mm, which can result in use-after-free. Call mmgrab()/mmdrop() to ensure the mm only gets freed after we unpinned the ASID. Fixes: 32784a9562fb ("iommu/arm-smmu-v3: Implement iommu_sva_bind/unbind()") Signed-off-by: Jean-Philippe Brucker <jean-philippe(a)linaro.org> Tested-by: Zhangfei Gao <zhangfei.gao(a)linaro.org> Link: https://lore.kernel.org/r/20220426130444.300556-1-jean-philippe@linaro.org Signed-off-by: Will Deacon <will(a)kernel.org> Conflicts: drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c [commit 685ace6c824e merged for add trace event] Signed-off-by: Zhang Yuwei <zhangyuwei20(a)huawei.com> --- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c index afdfd10290be..0040294ad62d 100644 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c @@ -6,6 +6,7 @@ #include <linux/mm.h> #include <linux/mmu_context.h> #include <linux/mmu_notifier.h> +#include <linux/sched/mm.h> #include <linux/slab.h> #include <trace/events/smmu.h> @@ -98,9 +99,14 @@ static struct arm_smmu_ctx_desc *arm_smmu_alloc_shared_cd(struct mm_struct *mm) struct arm_smmu_ctx_desc *cd; struct arm_smmu_ctx_desc *ret = NULL; + /* Don't free the mm until we release the ASID */ + mmgrab(mm); + asid = arm64_mm_context_get(mm); - if (!asid) - return ERR_PTR(-ESRCH); + if (!asid) { + err = -ESRCH; + goto out_drop_mm; + } cd = kzalloc(sizeof(*cd), GFP_KERNEL); if (!cd) { @@ -169,6 +175,8 @@ static struct arm_smmu_ctx_desc *arm_smmu_alloc_shared_cd(struct mm_struct *mm) kfree(cd); out_put_context: arm64_mm_context_put(mm); +out_drop_mm: + mmdrop(mm); return err < 0 ? ERR_PTR(err) : ret; } @@ -177,6 +185,7 @@ static void arm_smmu_free_shared_cd(struct arm_smmu_ctx_desc *cd) if (arm_smmu_free_asid(cd)) { /* Unpin ASID */ arm64_mm_context_put(cd->mm); + mmdrop(cd->mm); kfree(cd); } } -- 2.43.0

2 1

[PATCH OLK-5.10] Bluetooth: bcsp: receive data only if registered
by Yin Tirui 15 Dec '25

15 Dec '25

From: Ivan Pravdin <ipravdin.official(a)gmail.com> stable inclusion from stable-v5.10.247 commit 164586725b47f9d61912e6bf17dbaffeff11710b category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IDBAE0 CVE: CVE-2025-40308 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit ca94b2b036c22556c3a66f1b80f490882deef7a6 ] Currently, bcsp_recv() can be called even when the BCSP protocol has not been registered. This leads to a NULL pointer dereference, as shown in the following stack trace: KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f] RIP: 0010:bcsp_recv+0x13d/0x1740 drivers/bluetooth/hci_bcsp.c:590 Call Trace: <TASK> hci_uart_tty_receive+0x194/0x220 drivers/bluetooth/hci_ldisc.c:627 tiocsti+0x23c/0x2c0 drivers/tty/tty_io.c:2290 tty_ioctl+0x626/0xde0 drivers/tty/tty_io.c:2706 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f To prevent this, ensure that the HCI_UART_REGISTERED flag is set before processing received data. If the protocol is not registered, return -EUNATCH. Reported-by: syzbot+4ed6852d4da4606c93da(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=4ed6852d4da4606c93da Tested-by: syzbot+4ed6852d4da4606c93da(a)syzkaller.appspotmail.com Signed-off-by: Ivan Pravdin <ipravdin.official(a)gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Yin Tirui <yintirui(a)huawei.com> --- drivers/bluetooth/hci_bcsp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/bluetooth/hci_bcsp.c b/drivers/bluetooth/hci_bcsp.c index 8055f63603f4..8ff69111ceed 100644 --- a/drivers/bluetooth/hci_bcsp.c +++ b/drivers/bluetooth/hci_bcsp.c @@ -582,6 +582,9 @@ static int bcsp_recv(struct hci_uart *hu, const void *data, int count) struct bcsp_struct *bcsp = hu->priv; const unsigned char *ptr; + if (!test_bit(HCI_UART_REGISTERED, &hu->flags)) + return -EUNATCH; + BT_DBG("hu %p count %d rx_state %d rx_count %ld", hu, count, bcsp->rx_state, bcsp->rx_count); -- 2.43.0

2 1

[PATCH OLK-6.6] Bluetooth: bcsp: receive data only if registered
by Yin Tirui 15 Dec '25

15 Dec '25

From: Ivan Pravdin <ipravdin.official(a)gmail.com> stable inclusion from stable-v6.6.117 commit 799cd62cbcc3f12ee04b33ef390ff7d41c37d671 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IDBAE0 CVE: CVE-2025-40308 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit ca94b2b036c22556c3a66f1b80f490882deef7a6 ] Currently, bcsp_recv() can be called even when the BCSP protocol has not been registered. This leads to a NULL pointer dereference, as shown in the following stack trace: KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f] RIP: 0010:bcsp_recv+0x13d/0x1740 drivers/bluetooth/hci_bcsp.c:590 Call Trace: <TASK> hci_uart_tty_receive+0x194/0x220 drivers/bluetooth/hci_ldisc.c:627 tiocsti+0x23c/0x2c0 drivers/tty/tty_io.c:2290 tty_ioctl+0x626/0xde0 drivers/tty/tty_io.c:2706 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f To prevent this, ensure that the HCI_UART_REGISTERED flag is set before processing received data. If the protocol is not registered, return -EUNATCH. Reported-by: syzbot+4ed6852d4da4606c93da(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=4ed6852d4da4606c93da Tested-by: syzbot+4ed6852d4da4606c93da(a)syzkaller.appspotmail.com Signed-off-by: Ivan Pravdin <ipravdin.official(a)gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Yin Tirui <yintirui(a)huawei.com> --- drivers/bluetooth/hci_bcsp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/bluetooth/hci_bcsp.c b/drivers/bluetooth/hci_bcsp.c index 2a5a27d713f8..e991d9e62486 100644 --- a/drivers/bluetooth/hci_bcsp.c +++ b/drivers/bluetooth/hci_bcsp.c @@ -582,6 +582,9 @@ static int bcsp_recv(struct hci_uart *hu, const void *data, int count) struct bcsp_struct *bcsp = hu->priv; const unsigned char *ptr; + if (!test_bit(HCI_UART_REGISTERED, &hu->flags)) + return -EUNATCH; + BT_DBG("hu %p count %d rx_state %d rx_count %ld", hu, count, bcsp->rx_state, bcsp->rx_count); -- 2.43.0

2 1

[openeuler:OLK-6.6 3542/3542] drivers/ata/libahci.c:210:5: warning: no previous prototype for function 'get_ahci_em_messages'
by kernel test robot 15 Dec '25

15 Dec '25

Hi leoliu-oc, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 81b22958142c03b02c766c79cd1554ebfa142be4 commit: fb43492008c11fe89e510dd63383a2d37ea3cf8e [3542/3542] ata: ahci: Add support for AHCI SGPIO Enclosure Management config: x86_64-buildonly-randconfig-002-20251215 (https://download.01.org/0day-ci/archive/20251215/202512151453.z27gHP7d-lkp@…) compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251215/202512151453.z27gHP7d-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202512151453.z27gHP7d-lkp@intel.com/ All warnings (new ones prefixed by >>): In file included from drivers/ata/libahci.c:24: In file included from include/linux/blkdev.h:9: In file included from include/linux/blk_types.h:10: In file included from include/linux/bvec.h:10: In file included from include/linux/highmem.h:8: In file included from include/linux/cacheflush.h:5: In file included from arch/x86/include/asm/cacheflush.h:5: In file included from include/linux/mm.h:2235: include/linux/vmstat.h:522:36: warning: arithmetic between different enumeration types ('enum node_stat_item' and 'enum lru_list') [-Wenum-enum-conversion] 522 | return node_stat_name(NR_LRU_BASE + lru) + 3; // skip "nr_" | ~~~~~~~~~~~ ^ ~~~ >> drivers/ata/libahci.c:210:5: warning: no previous prototype for function 'get_ahci_em_messages' [-Wmissing-prototypes] 210 | int get_ahci_em_messages(void) | ^ drivers/ata/libahci.c:210:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 210 | int get_ahci_em_messages(void) | ^ | static 2 warnings generated. -- In file included from drivers/ata/ahci_zhaoxin_sgpio.c:10: In file included from include/linux/blkdev.h:9: In file included from include/linux/blk_types.h:10: In file included from include/linux/bvec.h:10: In file included from include/linux/highmem.h:8: In file included from include/linux/cacheflush.h:5: In file included from arch/x86/include/asm/cacheflush.h:5: In file included from include/linux/mm.h:2235: include/linux/vmstat.h:522:36: warning: arithmetic between different enumeration types ('enum node_stat_item' and 'enum lru_list') [-Wenum-enum-conversion] 522 | return node_stat_name(NR_LRU_BASE + lru) + 3; // skip "nr_" | ~~~~~~~~~~~ ^ ~~~ >> drivers/ata/ahci_zhaoxin_sgpio.c:31:5: warning: no previous prototype for function 'ahci_wait_em_reset' [-Wmissing-prototypes] 31 | int ahci_wait_em_reset(struct sgpio_zhaoxin *sgpio_zhaoxin, u32 retry) | ^ drivers/ata/ahci_zhaoxin_sgpio.c:31:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 31 | int ahci_wait_em_reset(struct sgpio_zhaoxin *sgpio_zhaoxin, u32 retry) | ^ | static >> drivers/ata/ahci_zhaoxin_sgpio.c:55:6: warning: no previous prototype for function 'ahci_zhaoxin_set_em_sgpio' [-Wmissing-prototypes] 55 | void ahci_zhaoxin_set_em_sgpio(struct sgpio_zhaoxin *sgpio_zhaoxin) | ^ drivers/ata/ahci_zhaoxin_sgpio.c:55:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 55 | void ahci_zhaoxin_set_em_sgpio(struct sgpio_zhaoxin *sgpio_zhaoxin) | ^ | static >> drivers/ata/ahci_zhaoxin_sgpio.c:99:6: warning: no previous prototype for function 'ahci_zhaoxin_set_em_sgpio_gpmode' [-Wmissing-prototypes] 99 | void ahci_zhaoxin_set_em_sgpio_gpmode(struct sgpio_zhaoxin *sgpio_zhaoxin) | ^ drivers/ata/ahci_zhaoxin_sgpio.c:99:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 99 | void ahci_zhaoxin_set_em_sgpio_gpmode(struct sgpio_zhaoxin *sgpio_zhaoxin) | ^ | static >> drivers/ata/ahci_zhaoxin_sgpio.c:601:6: warning: no previous prototype for function 'set_em_messages' [-Wmissing-prototypes] 601 | void set_em_messages(struct sgpio_zhaoxin *sgpio_zhaoxin) | ^ drivers/ata/ahci_zhaoxin_sgpio.c:601:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 601 | void set_em_messages(struct sgpio_zhaoxin *sgpio_zhaoxin) | ^ | static >> drivers/ata/ahci_zhaoxin_sgpio.c:621:5: warning: no previous prototype for function 'add_sgpio_zhaoxin' [-Wmissing-prototypes] 621 | int add_sgpio_zhaoxin(void) | ^ drivers/ata/ahci_zhaoxin_sgpio.c:621:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 621 | int add_sgpio_zhaoxin(void) | ^ | static drivers/ata/ahci_zhaoxin_sgpio.c:673:6: warning: no previous prototype for function 'remove_sgpio_zhaoxin' [-Wmissing-prototypes] 673 | void remove_sgpio_zhaoxin(void) | ^ drivers/ata/ahci_zhaoxin_sgpio.c:673:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 673 | void remove_sgpio_zhaoxin(void) | ^ | static 7 warnings generated. vim +/get_ahci_em_messages +210 drivers/ata/libahci.c 209 > 210 int get_ahci_em_messages(void) 211 { 212 return ahci_em_messages; 213 } 214 EXPORT_SYMBOL_GPL(get_ahci_em_messages); 215 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-6.6 3542/3542] arch/x86/kvm/svm/csv.c:1196: warning: Function parameter or member 'kvm' not described in 'csv3_launch_encrypt_data_alt_1'
by kernel test robot 15 Dec '25

15 Dec '25

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 81b22958142c03b02c766c79cd1554ebfa142be4 commit: ee5362bc5977e41a88aee1c46a6580295baa0285 [3542/3542] KVM: SVM: CSV: Support issue non-4K aligned CSV3_CMD_LAUNCH_ENCRYPT_DATA and more than once config: x86_64-randconfig-016-20251215 (https://download.01.org/0day-ci/archive/20251215/202512151455.kuVXZCXz-lkp@…) compiler: gcc-14 (Debian 14.2.0-19) 14.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251215/202512151455.kuVXZCXz-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202512151455.kuVXZCXz-lkp@intel.com/ All warnings (new ones prefixed by >>): >> arch/x86/kvm/svm/csv.c:1196: warning: Function parameter or member 'kvm' not described in 'csv3_launch_encrypt_data_alt_1' >> arch/x86/kvm/svm/csv.c:1196: warning: Function parameter or member 'argp' not described in 'csv3_launch_encrypt_data_alt_1' >> arch/x86/kvm/svm/csv.c:1319: warning: Function parameter or member 'kvm' not described in '__csv3_launch_encrypt_data' >> arch/x86/kvm/svm/csv.c:1319: warning: Function parameter or member 'argp' not described in '__csv3_launch_encrypt_data' >> arch/x86/kvm/svm/csv.c:1319: warning: Function parameter or member 'params' not described in '__csv3_launch_encrypt_data' >> arch/x86/kvm/svm/csv.c:1319: warning: Function parameter or member 'src_buf' not described in '__csv3_launch_encrypt_data' >> arch/x86/kvm/svm/csv.c:1319: warning: Function parameter or member 'start_pgoff' not described in '__csv3_launch_encrypt_data' >> arch/x86/kvm/svm/csv.c:1319: warning: Function parameter or member 'end_pgoff' not described in '__csv3_launch_encrypt_data' >> arch/x86/kvm/svm/csv.c:1436: warning: Function parameter or member 'kvm' not described in 'csv3_launch_encrypt_data_alt_2' >> arch/x86/kvm/svm/csv.c:1436: warning: Function parameter or member 'argp' not described in 'csv3_launch_encrypt_data_alt_2' arch/x86/kvm/svm/csv.c:2305: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst * Return negative error code on fail, arch/x86/kvm/svm/csv.c:2936: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst * When userspace recognizes these extensions, it is suggested that the userspace arch/x86/kvm/svm/csv.c:2986: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst * Return 0 means KVM accept the negotiation from userspace. Both the vim +1196 arch/x86/kvm/svm/csv.c e23a88d66dd209 Xin Jiang 2023-08-10 1189 ee5362bc5977e4 hanliyang 2024-09-27 1190 /** ee5362bc5977e4 hanliyang 2024-09-27 1191 * csv3_launch_encrypt_data_alt_1 - The legacy handler to encrypt CSV3 ee5362bc5977e4 hanliyang 2024-09-27 1192 * guest's memory before VMRUN. ee5362bc5977e4 hanliyang 2024-09-27 1193 */ ee5362bc5977e4 hanliyang 2024-09-27 1194 static int csv3_launch_encrypt_data_alt_1(struct kvm *kvm, ee5362bc5977e4 hanliyang 2024-09-27 1195 struct kvm_sev_cmd *argp) e23a88d66dd209 Xin Jiang 2023-08-10 @1196 { e23a88d66dd209 Xin Jiang 2023-08-10 1197 struct kvm_csv_info *csv = &to_kvm_svm_csv(kvm)->csv_info; e23a88d66dd209 Xin Jiang 2023-08-10 1198 struct kvm_csv3_launch_encrypt_data params; e23a88d66dd209 Xin Jiang 2023-08-10 1199 struct csv3_data_launch_encrypt_data *encrypt_data = NULL; e23a88d66dd209 Xin Jiang 2023-08-10 1200 struct encrypt_data_block *blocks = NULL; e23a88d66dd209 Xin Jiang 2023-08-10 1201 u8 *data = NULL; e23a88d66dd209 Xin Jiang 2023-08-10 1202 u32 offset; e23a88d66dd209 Xin Jiang 2023-08-10 1203 u32 num_entries, num_entries_in_block; e23a88d66dd209 Xin Jiang 2023-08-10 1204 u32 num_blocks, num_blocks_max; e23a88d66dd209 Xin Jiang 2023-08-10 1205 u32 i, n; e23a88d66dd209 Xin Jiang 2023-08-10 1206 unsigned long pfn, pfn_sme_mask; e23a88d66dd209 Xin Jiang 2023-08-10 1207 int ret = 0; e23a88d66dd209 Xin Jiang 2023-08-10 1208 e23a88d66dd209 Xin Jiang 2023-08-10 1209 if (copy_from_user(&params, (void __user *)(uintptr_t)argp->data, e23a88d66dd209 Xin Jiang 2023-08-10 1210 sizeof(params))) { e23a88d66dd209 Xin Jiang 2023-08-10 1211 ret = -EFAULT; e23a88d66dd209 Xin Jiang 2023-08-10 1212 goto exit; e23a88d66dd209 Xin Jiang 2023-08-10 1213 } e23a88d66dd209 Xin Jiang 2023-08-10 1214 e23a88d66dd209 Xin Jiang 2023-08-10 1215 if ((params.len & ~PAGE_MASK) || !params.len || !params.uaddr) { e23a88d66dd209 Xin Jiang 2023-08-10 1216 ret = -EINVAL; e23a88d66dd209 Xin Jiang 2023-08-10 1217 goto exit; e23a88d66dd209 Xin Jiang 2023-08-10 1218 } e23a88d66dd209 Xin Jiang 2023-08-10 1219 e57b75759a2c62 hanliyang 2024-09-26 1220 /* e57b75759a2c62 hanliyang 2024-09-26 1221 * If userspace request to invoke CSV3_CMD_SET_GUEST_PRIVATE_MEMORY e57b75759a2c62 hanliyang 2024-09-26 1222 * explicitly, we should not calls to csv3_set_guest_private_memory() e57b75759a2c62 hanliyang 2024-09-26 1223 * here. e57b75759a2c62 hanliyang 2024-09-26 1224 */ e57b75759a2c62 hanliyang 2024-09-26 1225 if (!(csv->inuse_ext & KVM_CAP_HYGON_COCO_EXT_CSV3_SET_PRIV_MEM)) { e23a88d66dd209 Xin Jiang 2023-08-10 1226 /* Allocate all the guest memory from CMA */ e57b75759a2c62 hanliyang 2024-09-26 1227 ret = csv3_set_guest_private_memory(kvm, argp); e23a88d66dd209 Xin Jiang 2023-08-10 1228 if (ret) e23a88d66dd209 Xin Jiang 2023-08-10 1229 goto exit; e57b75759a2c62 hanliyang 2024-09-26 1230 } e23a88d66dd209 Xin Jiang 2023-08-10 1231 e23a88d66dd209 Xin Jiang 2023-08-10 1232 num_entries = params.len / PAGE_SIZE; e23a88d66dd209 Xin Jiang 2023-08-10 1233 num_entries_in_block = ARRAY_SIZE(blocks->entry); e23a88d66dd209 Xin Jiang 2023-08-10 1234 num_blocks = (num_entries + num_entries_in_block - 1) / num_entries_in_block; e23a88d66dd209 Xin Jiang 2023-08-10 1235 num_blocks_max = ARRAY_SIZE(encrypt_data->data_blocks); e23a88d66dd209 Xin Jiang 2023-08-10 1236 e23a88d66dd209 Xin Jiang 2023-08-10 1237 if (num_blocks >= num_blocks_max) { e23a88d66dd209 Xin Jiang 2023-08-10 1238 ret = -EINVAL; e23a88d66dd209 Xin Jiang 2023-08-10 1239 goto exit; e23a88d66dd209 Xin Jiang 2023-08-10 1240 } e23a88d66dd209 Xin Jiang 2023-08-10 1241 e23a88d66dd209 Xin Jiang 2023-08-10 1242 data = vzalloc(params.len); e23a88d66dd209 Xin Jiang 2023-08-10 1243 if (!data) { e23a88d66dd209 Xin Jiang 2023-08-10 1244 ret = -ENOMEM; e23a88d66dd209 Xin Jiang 2023-08-10 1245 goto exit; e23a88d66dd209 Xin Jiang 2023-08-10 1246 } e23a88d66dd209 Xin Jiang 2023-08-10 1247 if (copy_from_user(data, (void __user *)params.uaddr, params.len)) { e23a88d66dd209 Xin Jiang 2023-08-10 1248 ret = -EFAULT; e23a88d66dd209 Xin Jiang 2023-08-10 1249 goto data_free; e23a88d66dd209 Xin Jiang 2023-08-10 1250 } e23a88d66dd209 Xin Jiang 2023-08-10 1251 e23a88d66dd209 Xin Jiang 2023-08-10 1252 blocks = vzalloc(num_blocks * sizeof(*blocks)); e23a88d66dd209 Xin Jiang 2023-08-10 1253 if (!blocks) { e23a88d66dd209 Xin Jiang 2023-08-10 1254 ret = -ENOMEM; e23a88d66dd209 Xin Jiang 2023-08-10 1255 goto data_free; e23a88d66dd209 Xin Jiang 2023-08-10 1256 } e23a88d66dd209 Xin Jiang 2023-08-10 1257 e23a88d66dd209 Xin Jiang 2023-08-10 1258 for (offset = 0, i = 0, n = 0; offset < params.len; offset += PAGE_SIZE) { e23a88d66dd209 Xin Jiang 2023-08-10 1259 pfn = vmalloc_to_pfn(offset + data); e23a88d66dd209 Xin Jiang 2023-08-10 1260 pfn_sme_mask = __sme_set(pfn << PAGE_SHIFT) >> PAGE_SHIFT; e23a88d66dd209 Xin Jiang 2023-08-10 1261 if (offset && ((blocks[n].entry[i].pfn + 1) == pfn_sme_mask)) e23a88d66dd209 Xin Jiang 2023-08-10 1262 blocks[n].entry[i].npages += 1; e23a88d66dd209 Xin Jiang 2023-08-10 1263 else { e23a88d66dd209 Xin Jiang 2023-08-10 1264 if (offset) { e23a88d66dd209 Xin Jiang 2023-08-10 1265 i = (i + 1) % num_entries_in_block; e23a88d66dd209 Xin Jiang 2023-08-10 1266 n = (i == 0) ? (n + 1) : n; e23a88d66dd209 Xin Jiang 2023-08-10 1267 } e23a88d66dd209 Xin Jiang 2023-08-10 1268 blocks[n].entry[i].pfn = pfn_sme_mask; e23a88d66dd209 Xin Jiang 2023-08-10 1269 blocks[n].entry[i].npages = 1; e23a88d66dd209 Xin Jiang 2023-08-10 1270 } e23a88d66dd209 Xin Jiang 2023-08-10 1271 } e23a88d66dd209 Xin Jiang 2023-08-10 1272 e23a88d66dd209 Xin Jiang 2023-08-10 1273 encrypt_data = kzalloc(sizeof(*encrypt_data), GFP_KERNEL); e23a88d66dd209 Xin Jiang 2023-08-10 1274 if (!encrypt_data) { e23a88d66dd209 Xin Jiang 2023-08-10 1275 ret = -ENOMEM; e23a88d66dd209 Xin Jiang 2023-08-10 1276 goto block_free; e23a88d66dd209 Xin Jiang 2023-08-10 1277 } e23a88d66dd209 Xin Jiang 2023-08-10 1278 e23a88d66dd209 Xin Jiang 2023-08-10 1279 encrypt_data->handle = csv->sev->handle; e23a88d66dd209 Xin Jiang 2023-08-10 1280 encrypt_data->length = params.len; e23a88d66dd209 Xin Jiang 2023-08-10 1281 encrypt_data->gpa = params.gpa; e23a88d66dd209 Xin Jiang 2023-08-10 1282 for (i = 0; i <= n; i++) { e23a88d66dd209 Xin Jiang 2023-08-10 1283 encrypt_data->data_blocks[i] = e23a88d66dd209 Xin Jiang 2023-08-10 1284 __sme_set(vmalloc_to_pfn((void *)blocks + i * sizeof(*blocks)) << PAGE_SHIFT); e23a88d66dd209 Xin Jiang 2023-08-10 1285 } e23a88d66dd209 Xin Jiang 2023-08-10 1286 e23a88d66dd209 Xin Jiang 2023-08-10 1287 clflush_cache_range(data, params.len); e23a88d66dd209 Xin Jiang 2023-08-10 1288 ret = hygon_kvm_hooks.sev_issue_cmd(kvm, CSV3_CMD_LAUNCH_ENCRYPT_DATA, e23a88d66dd209 Xin Jiang 2023-08-10 1289 encrypt_data, &argp->error); e23a88d66dd209 Xin Jiang 2023-08-10 1290 e23a88d66dd209 Xin Jiang 2023-08-10 1291 kfree(encrypt_data); e23a88d66dd209 Xin Jiang 2023-08-10 1292 block_free: e23a88d66dd209 Xin Jiang 2023-08-10 1293 vfree(blocks); e23a88d66dd209 Xin Jiang 2023-08-10 1294 data_free: e23a88d66dd209 Xin Jiang 2023-08-10 1295 vfree(data); e23a88d66dd209 Xin Jiang 2023-08-10 1296 exit: e23a88d66dd209 Xin Jiang 2023-08-10 1297 return ret; e23a88d66dd209 Xin Jiang 2023-08-10 1298 } e23a88d66dd209 Xin Jiang 2023-08-10 1299 ee5362bc5977e4 hanliyang 2024-09-27 1300 #define MAX_ENTRIES_PER_BLOCK \ ee5362bc5977e4 hanliyang 2024-09-27 1301 (sizeof(((struct encrypt_data_block *)0)->entry) / \ ee5362bc5977e4 hanliyang 2024-09-27 1302 sizeof(((struct encrypt_data_block *)0)->entry[0])) ee5362bc5977e4 hanliyang 2024-09-27 1303 #define MAX_BLOCKS_PER_CSV3_LUP_DATA \ ee5362bc5977e4 hanliyang 2024-09-27 1304 (sizeof(((struct csv3_data_launch_encrypt_data *)0)->data_blocks) / \ ee5362bc5977e4 hanliyang 2024-09-27 1305 sizeof(((struct csv3_data_launch_encrypt_data *)0)->data_blocks[0])) ee5362bc5977e4 hanliyang 2024-09-27 1306 #define MAX_ENTRIES_PER_CSV3_LUP_DATA \ ee5362bc5977e4 hanliyang 2024-09-27 1307 (MAX_BLOCKS_PER_CSV3_LUP_DATA * MAX_ENTRIES_PER_BLOCK) ee5362bc5977e4 hanliyang 2024-09-27 1308 ee5362bc5977e4 hanliyang 2024-09-27 1309 /** ee5362bc5977e4 hanliyang 2024-09-27 1310 * __csv3_launch_encrypt_data - The helper for handler ee5362bc5977e4 hanliyang 2024-09-27 1311 * csv3_launch_encrypt_data_alt_2. ee5362bc5977e4 hanliyang 2024-09-27 1312 */ ee5362bc5977e4 hanliyang 2024-09-27 1313 static int __csv3_launch_encrypt_data(struct kvm *kvm, ee5362bc5977e4 hanliyang 2024-09-27 1314 struct kvm_sev_cmd *argp, ee5362bc5977e4 hanliyang 2024-09-27 1315 struct kvm_csv3_launch_encrypt_data *params, ee5362bc5977e4 hanliyang 2024-09-27 1316 void *src_buf, ee5362bc5977e4 hanliyang 2024-09-27 1317 unsigned int start_pgoff, ee5362bc5977e4 hanliyang 2024-09-27 1318 unsigned int end_pgoff) ee5362bc5977e4 hanliyang 2024-09-27 @1319 { ee5362bc5977e4 hanliyang 2024-09-27 1320 struct kvm_csv_info *csv = &to_kvm_svm_csv(kvm)->csv_info; ee5362bc5977e4 hanliyang 2024-09-27 1321 struct csv3_data_launch_encrypt_data *data = NULL; ee5362bc5977e4 hanliyang 2024-09-27 1322 struct encrypt_data_block *block = NULL; ee5362bc5977e4 hanliyang 2024-09-27 1323 struct page **pages = NULL; ee5362bc5977e4 hanliyang 2024-09-27 1324 unsigned long len, remain_len; ee5362bc5977e4 hanliyang 2024-09-27 1325 unsigned long pfn, pfn_sme_mask, last_pfn; ee5362bc5977e4 hanliyang 2024-09-27 1326 unsigned int pgoff = start_pgoff; ee5362bc5977e4 hanliyang 2024-09-27 1327 int i, j; ee5362bc5977e4 hanliyang 2024-09-27 1328 int ret = -ENOMEM; ee5362bc5977e4 hanliyang 2024-09-27 1329 ee5362bc5977e4 hanliyang 2024-09-27 1330 /* Alloc command buffer for CSV3_CMD_LAUNCH_ENCRYPT_DATA command */ ee5362bc5977e4 hanliyang 2024-09-27 1331 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); ee5362bc5977e4 hanliyang 2024-09-27 1332 if (!data) ee5362bc5977e4 hanliyang 2024-09-27 1333 return -ENOMEM; ee5362bc5977e4 hanliyang 2024-09-27 1334 ee5362bc5977e4 hanliyang 2024-09-27 1335 /* Alloc pages for data_blocks[] in the command buffer */ ee5362bc5977e4 hanliyang 2024-09-27 1336 len = ARRAY_SIZE(data->data_blocks) * sizeof(struct page *); ee5362bc5977e4 hanliyang 2024-09-27 1337 pages = kzalloc(len, GFP_KERNEL_ACCOUNT); ee5362bc5977e4 hanliyang 2024-09-27 1338 if (!pages) ee5362bc5977e4 hanliyang 2024-09-27 1339 goto e_free_data; ee5362bc5977e4 hanliyang 2024-09-27 1340 ee5362bc5977e4 hanliyang 2024-09-27 1341 for (i = 0; i < ARRAY_SIZE(data->data_blocks); i++) { ee5362bc5977e4 hanliyang 2024-09-27 1342 pages[i] = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); ee5362bc5977e4 hanliyang 2024-09-27 1343 if (!pages[i]) ee5362bc5977e4 hanliyang 2024-09-27 1344 goto e_free_pages; ee5362bc5977e4 hanliyang 2024-09-27 1345 } ee5362bc5977e4 hanliyang 2024-09-27 1346 ee5362bc5977e4 hanliyang 2024-09-27 1347 i = 0; ee5362bc5977e4 hanliyang 2024-09-27 1348 while (i < ARRAY_SIZE(data->data_blocks) && pgoff < end_pgoff) { ee5362bc5977e4 hanliyang 2024-09-27 1349 block = (struct encrypt_data_block *)page_to_virt(pages[i]); ee5362bc5977e4 hanliyang 2024-09-27 1350 ee5362bc5977e4 hanliyang 2024-09-27 1351 j = 0; ee5362bc5977e4 hanliyang 2024-09-27 1352 last_pfn = 0; ee5362bc5977e4 hanliyang 2024-09-27 1353 while (j < ARRAY_SIZE(block->entry) && pgoff < end_pgoff) { ee5362bc5977e4 hanliyang 2024-09-27 1354 pfn = vmalloc_to_pfn(src_buf + (pgoff << PAGE_SHIFT)); ee5362bc5977e4 hanliyang 2024-09-27 1355 pfn_sme_mask = __sme_set(pfn << PAGE_SHIFT) >> PAGE_SHIFT; ee5362bc5977e4 hanliyang 2024-09-27 1356 ee5362bc5977e4 hanliyang 2024-09-27 1357 /* ee5362bc5977e4 hanliyang 2024-09-27 1358 * One entry can record a number of contiguous physical ee5362bc5977e4 hanliyang 2024-09-27 1359 * pages. If the current page is not adjacent to the ee5362bc5977e4 hanliyang 2024-09-27 1360 * previous physical page, we should record the page to ee5362bc5977e4 hanliyang 2024-09-27 1361 * the next entry. If entries of current block is used ee5362bc5977e4 hanliyang 2024-09-27 1362 * up, we should try the next block. ee5362bc5977e4 hanliyang 2024-09-27 1363 */ ee5362bc5977e4 hanliyang 2024-09-27 1364 if (last_pfn && (last_pfn + 1 == pfn)) { ee5362bc5977e4 hanliyang 2024-09-27 1365 block->entry[j].npages++; ee5362bc5977e4 hanliyang 2024-09-27 1366 } else if (j < (ARRAY_SIZE(block->entry) - 1)) { ee5362bc5977e4 hanliyang 2024-09-27 1367 /* @last_pfn == 0 means fill in entry[0] */ ee5362bc5977e4 hanliyang 2024-09-27 1368 if (likely(last_pfn != 0)) ee5362bc5977e4 hanliyang 2024-09-27 1369 j++; ee5362bc5977e4 hanliyang 2024-09-27 1370 block->entry[j].pfn = pfn_sme_mask; ee5362bc5977e4 hanliyang 2024-09-27 1371 block->entry[j].npages = 1; ee5362bc5977e4 hanliyang 2024-09-27 1372 } else { ee5362bc5977e4 hanliyang 2024-09-27 1373 break; ee5362bc5977e4 hanliyang 2024-09-27 1374 } ee5362bc5977e4 hanliyang 2024-09-27 1375 ee5362bc5977e4 hanliyang 2024-09-27 1376 /* ee5362bc5977e4 hanliyang 2024-09-27 1377 * Succeed to record one page, increase the page offset. ee5362bc5977e4 hanliyang 2024-09-27 1378 * We also record the pfn of current page so that we can ee5362bc5977e4 hanliyang 2024-09-27 1379 * record the contiguous physical pages into one entry. ee5362bc5977e4 hanliyang 2024-09-27 1380 */ ee5362bc5977e4 hanliyang 2024-09-27 1381 last_pfn = pfn; ee5362bc5977e4 hanliyang 2024-09-27 1382 pgoff++; ee5362bc5977e4 hanliyang 2024-09-27 1383 } ee5362bc5977e4 hanliyang 2024-09-27 1384 ee5362bc5977e4 hanliyang 2024-09-27 1385 i++; ee5362bc5977e4 hanliyang 2024-09-27 1386 } ee5362bc5977e4 hanliyang 2024-09-27 1387 ee5362bc5977e4 hanliyang 2024-09-27 1388 if (pgoff < end_pgoff) { ee5362bc5977e4 hanliyang 2024-09-27 1389 pr_err("CSV3: Fail to fill in LAUNCH_ENCRYPT_DATA command!\n"); ee5362bc5977e4 hanliyang 2024-09-27 1390 goto e_free_pages; ee5362bc5977e4 hanliyang 2024-09-27 1391 } ee5362bc5977e4 hanliyang 2024-09-27 1392 ee5362bc5977e4 hanliyang 2024-09-27 1393 len = (end_pgoff - start_pgoff) << PAGE_SHIFT; ee5362bc5977e4 hanliyang 2024-09-27 1394 clflush_cache_range(src_buf + (start_pgoff << PAGE_SHIFT), len); ee5362bc5977e4 hanliyang 2024-09-27 1395 ee5362bc5977e4 hanliyang 2024-09-27 1396 /* Fill in command buffer */ ee5362bc5977e4 hanliyang 2024-09-27 1397 data->handle = csv->sev->handle; ee5362bc5977e4 hanliyang 2024-09-27 1398 ee5362bc5977e4 hanliyang 2024-09-27 1399 if (start_pgoff == 0) { ee5362bc5977e4 hanliyang 2024-09-27 1400 data->gpa = params->gpa; ee5362bc5977e4 hanliyang 2024-09-27 1401 len -= params->gpa & ~PAGE_MASK; ee5362bc5977e4 hanliyang 2024-09-27 1402 } else { ee5362bc5977e4 hanliyang 2024-09-27 1403 data->gpa = (params->gpa & PAGE_MASK) + (start_pgoff << PAGE_SHIFT); ee5362bc5977e4 hanliyang 2024-09-27 1404 } ee5362bc5977e4 hanliyang 2024-09-27 1405 remain_len = params->len - (data->gpa - params->gpa); ee5362bc5977e4 hanliyang 2024-09-27 1406 ee5362bc5977e4 hanliyang 2024-09-27 1407 data->length = (len <= remain_len) ? len : remain_len; ee5362bc5977e4 hanliyang 2024-09-27 1408 ee5362bc5977e4 hanliyang 2024-09-27 1409 for (j = 0; j < i; j++) ee5362bc5977e4 hanliyang 2024-09-27 1410 data->data_blocks[j] = __sme_set(page_to_phys(pages[j])); ee5362bc5977e4 hanliyang 2024-09-27 1411 ee5362bc5977e4 hanliyang 2024-09-27 1412 /* Issue command */ ee5362bc5977e4 hanliyang 2024-09-27 1413 ret = hygon_kvm_hooks.sev_issue_cmd(kvm, CSV3_CMD_LAUNCH_ENCRYPT_DATA, ee5362bc5977e4 hanliyang 2024-09-27 1414 data, &argp->error); ee5362bc5977e4 hanliyang 2024-09-27 1415 ee5362bc5977e4 hanliyang 2024-09-27 1416 e_free_pages: ee5362bc5977e4 hanliyang 2024-09-27 1417 for (i = 0; i < ARRAY_SIZE(data->data_blocks); i++) { ee5362bc5977e4 hanliyang 2024-09-27 1418 if (pages[i]) ee5362bc5977e4 hanliyang 2024-09-27 1419 __free_page(pages[i]); ee5362bc5977e4 hanliyang 2024-09-27 1420 } ee5362bc5977e4 hanliyang 2024-09-27 1421 kfree(pages); ee5362bc5977e4 hanliyang 2024-09-27 1422 e_free_data: ee5362bc5977e4 hanliyang 2024-09-27 1423 kfree(data); ee5362bc5977e4 hanliyang 2024-09-27 1424 ee5362bc5977e4 hanliyang 2024-09-27 1425 return ret; ee5362bc5977e4 hanliyang 2024-09-27 1426 } ee5362bc5977e4 hanliyang 2024-09-27 1427 :::::: The code at line 1196 was first introduced by commit :::::: e23a88d66dd209d8c87df6b19e15ea8ddd9b7915 KVM: SVM: CSV: Add KVM_CSV3_LAUNCH_ENCRYPT_DATA command :::::: TO: Xin Jiang <jiangxin(a)hygon.cn> :::::: CC: hanliyang <hanliyang(a)hygon.cn> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-6.6 3542/3542] drivers/crypto/ccp/hygon/tdm-kernel-guard.c:151:5: warning: no previous prototype for function 'tdm_service_run'
by kernel test robot 15 Dec '25

15 Dec '25

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 81b22958142c03b02c766c79cd1554ebfa142be4 commit: 3ad98583441f7c8a2553e1e8d6340ed4397033e2 [3542/3542] crypto: tdm: Support dynamic protection for SCT and IDT by HYGON TDM config: x86_64-randconfig-012-20251215 (https://download.01.org/0day-ci/archive/20251215/202512151453.5SnEFp7c-lkp@…) compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251215/202512151453.5SnEFp7c-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202512151453.5SnEFp7c-lkp@intel.com/ All warnings (new ones prefixed by >>): In file included from drivers/crypto/ccp/hygon/tdm-kernel-guard.c:15: In file included from include/linux/kallsyms.h:13: In file included from include/linux/mm.h:2242: include/linux/vmstat.h:522:36: warning: arithmetic between different enumeration types ('enum node_stat_item' and 'enum lru_list') [-Wenum-enum-conversion] 522 | return node_stat_name(NR_LRU_BASE + lru) + 3; // skip "nr_" | ~~~~~~~~~~~ ^ ~~~ >> drivers/crypto/ccp/hygon/tdm-kernel-guard.c:151:5: warning: no previous prototype for function 'tdm_service_run' [-Wmissing-prototypes] 151 | int tdm_service_run(struct tdm_security_enhance *data) | ^ drivers/crypto/ccp/hygon/tdm-kernel-guard.c:151:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 151 | int tdm_service_run(struct tdm_security_enhance *data) | ^ | static >> drivers/crypto/ccp/hygon/tdm-kernel-guard.c:212:5: warning: no previous prototype for function 'tdm_service_exit' [-Wmissing-prototypes] 212 | int tdm_service_exit(struct tdm_security_enhance *data) | ^ drivers/crypto/ccp/hygon/tdm-kernel-guard.c:212:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 212 | int tdm_service_exit(struct tdm_security_enhance *data) | ^ | static drivers/crypto/ccp/hygon/tdm-kernel-guard.c:308:23: error: use of undeclared identifier 'NR_syscalls' 308 | eh_objs[SCT].size = NR_syscalls * sizeof(char *); | ^ 3 warnings and 1 error generated. vim +/tdm_service_run +151 drivers/crypto/ccp/hygon/tdm-kernel-guard.c 150 > 151 int tdm_service_run(struct tdm_security_enhance *data) 152 { 153 int ret = 0; 154 struct addr_range_info *addr_range = NULL; 155 156 // Allocate memory for addr_range 157 addr_range = kzalloc(sizeof(struct addr_range_info) + sizeof(struct addr_info), GFP_KERNEL); 158 if (!addr_range) { 159 ret = -DYN_ERR_MEM; 160 pr_err("addr_range kzalloc memory failed\n"); 161 goto end; 162 } 163 164 // Fill in addr_range 165 addr_range->count = 1; 166 addr_range->addr[0].addr_start = data->vaddr; 167 addr_range->addr[0].length = data->size; 168 data->mem_range = addr_range; 169 170 // Context configuration 171 data->context |= TASK_CREATE_VADDR; 172 173 // Allocate memory for authcode 174 data->authcode = kzalloc(sizeof(struct authcode_2b) + AUTHCODE_MAX, GFP_KERNEL); 175 if (!data->authcode) { 176 ret = -DYN_ERR_MEM; 177 pr_err("authcode_2b kzalloc memory failed\n"); 178 goto free_addr_range_info; 179 } 180 181 data->authcode->len = AUTHCODE_MAX; 182 183 // Measurement data configuration 184 data->mdata.hash_algo = HASH_ALGO_SM3; 185 data->mdata.period_ms = 0; 186 ret = calc_expected_hash((uint8_t *)data->vaddr, data->size, 187 data->mdata.expected_measurement); 188 if (ret) { 189 pr_err("calculate expected hash failed!\n"); 190 goto free_authcode; 191 } 192 193 // Create and start tdm task 194 ret = tdm_task_create_and_run(data); 195 if (ret) { 196 pr_err("tdm_task_create_and_run failed!\n"); 197 goto free_authcode; 198 } 199 200 return ret; 201 202 free_authcode: 203 kfree(data->authcode); 204 data->authcode = NULL; 205 free_addr_range_info: 206 kfree(data->mem_range); 207 data->mem_range = NULL; 208 end: 209 return ret; 210 } 211 > 212 int tdm_service_exit(struct tdm_security_enhance *data) 213 { 214 int ret = 0; 215 int task_status = 0; 216 217 task_status = psp_startstop_measure_task(data->task_id, data->authcode, false); 218 if (task_status < 0) { 219 ret = task_status; 220 pr_err("task_id %d stop failed with 0x%x\n", data->task_id, ret); 221 goto end; 222 } 223 224 // Waiting for the task to end 225 msleep(40); 226 227 psp_destroy_measure_task(data->task_id, data->authcode); 228 229 kfree(data->authcode); 230 data->authcode = NULL; 231 kfree(data->mem_range); 232 data->mem_range = NULL; 233 end: 234 return ret; 235 } 236 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0