- Kernel - mailweb.openeuler.org

[openeuler:OLK-5.10 2516/2516] drivers/ub/urma/ubcore/ubcore_netdev.c:49:5: warning: no previous prototype for 'ubcore_check_port_state'
by kernel test robot 04 Dec '24

04 Dec '24

Hi Yizhen, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: 50144653bfd09743bb9ce60543744e9e8cbb6489 commit: 84e122368ec3a37e074c9657bc09422b62f6ccd0 [2516/2516] ub: add new feature for urma config: arm64-randconfig-003-20241203 (https://download.01.org/0day-ci/archive/20241204/202412041258.OQhOgdm4-lkp@…) compiler: aarch64-linux-gcc (GCC) 14.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241204/202412041258.OQhOgdm4-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412041258.OQhOgdm4-lkp@intel.com/ All warnings (new ones prefixed by >>): drivers/ub/urma/ubcore/ubcore_uvs_cmd.c: In function 'ubcore_uvs_cmd_channel_init': >> drivers/ub/urma/ubcore/ubcore_uvs_cmd.c:47:15: warning: 'strncpy' output truncated before terminating nul copying 10 bytes from a string of the same length [-Wstringop-truncation] 47 | (void)strncpy(arg.out.kernel_out, "Hello uvs!", strlen("Hello uvs!")); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- >> drivers/ub/urma/ubcore/ubcore_netdev.c:49:5: warning: no previous prototype for 'ubcore_check_port_state' [-Wmissing-prototypes] 49 | int ubcore_check_port_state(struct ubcore_device *dev, uint8_t port_idx) | ^~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:73:5: warning: no previous prototype for 'ubcore_find_port_netdev' [-Wmissing-prototypes] 73 | int ubcore_find_port_netdev(struct ubcore_device *dev, struct net_device *ndev) | ^~~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:90:5: warning: no previous prototype for 'ubcore_find_port_with_dev_name' [-Wmissing-prototypes] 90 | int ubcore_find_port_with_dev_name(struct ubcore_device *dev, char *dev_name) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:113:5: warning: no previous prototype for 'ubcore_set_port_netdev' [-Wmissing-prototypes] 113 | int ubcore_set_port_netdev(struct ubcore_device *dev, struct net_device *ndev, | ^~~~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:149:6: warning: no previous prototype for 'ubcore_put_port_netdev' [-Wmissing-prototypes] 149 | void ubcore_put_port_netdev(struct ubcore_device *dev) | ^~~~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:169:10: warning: no previous prototype for 'ubcore_sip_idx_alloc' [-Wmissing-prototypes] 169 | uint32_t ubcore_sip_idx_alloc(uint32_t idx) | ^~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:197:5: warning: no previous prototype for 'ubcore_sip_idx_free' [-Wmissing-prototypes] 197 | int ubcore_sip_idx_free(uint32_t idx) | ^~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:210:6: warning: no previous prototype for 'ubcore_sip_table_init' [-Wmissing-prototypes] 210 | void ubcore_sip_table_init(void) | ^~~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:216:6: warning: no previous prototype for 'ubcore_sip_table_uninit' [-Wmissing-prototypes] 216 | void ubcore_sip_table_uninit(void) | ^~~~~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:230:5: warning: no previous prototype for 'ubcore_add_sip_entry' [-Wmissing-prototypes] 230 | int ubcore_add_sip_entry(const struct ubcore_sip_info *sip, uint32_t idx) | ^~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:250:5: warning: no previous prototype for 'ubcore_del_sip_entry' [-Wmissing-prototypes] 250 | int ubcore_del_sip_entry(uint32_t idx) | ^~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:264:5: warning: no previous prototype for 'ubcore_lookup_sip_idx' [-Wmissing-prototypes] 264 | int ubcore_lookup_sip_idx(struct ubcore_sip_info *sip, uint32_t *idx) | ^~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:285:10: warning: no previous prototype for 'ubcore_get_sip_max_cnt' [-Wmissing-prototypes] 285 | uint32_t ubcore_get_sip_max_cnt(void) | ^~~~~~~~~~~~~~~~~~~~~~ drivers/ub/urma/ubcore/ubcore_netdev.c:290:25: warning: no previous prototype for 'ubcore_lookup_sip_info' [-Wmissing-prototypes] 290 | struct ubcore_sip_info *ubcore_lookup_sip_info(uint32_t idx) | ^~~~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:301:5: warning: no previous prototype for 'ubcore_notify_uvs_del_sip' [-Wmissing-prototypes] 301 | int ubcore_notify_uvs_del_sip(struct ubcore_device *dev, | ^~~~~~~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/ubcore/ubcore_netdev.c:343:5: warning: no previous prototype for 'ubcore_notify_uvs_add_sip' [-Wmissing-prototypes] 343 | int ubcore_notify_uvs_add_sip(struct ubcore_device *dev, | ^~~~~~~~~~~~~~~~~~~~~~~~~ -- >> drivers/ub/urma/ubcore/ubcore_device.c:344:6: warning: no previous prototype for 'ubcore_destroy_upi_list' [-Wmissing-prototypes] 344 | void ubcore_destroy_upi_list(void) | ^~~~~~~~~~~~~~~~~~~~~~~ -- drivers/ub/urma/uburma/uburma_cmd.c:315:6: warning: no previous prototype for 'uburma_jfc_event_cb' [-Wmissing-prototypes] 315 | void uburma_jfc_event_cb(struct ubcore_event *event, struct ubcore_ucontext *ctx) | ^~~~~~~~~~~~~~~~~~~ drivers/ub/urma/uburma/uburma_cmd.c:327:6: warning: no previous prototype for 'uburma_jfs_event_cb' [-Wmissing-prototypes] 327 | void uburma_jfs_event_cb(struct ubcore_event *event, struct ubcore_ucontext *ctx) | ^~~~~~~~~~~~~~~~~~~ drivers/ub/urma/uburma/uburma_cmd.c:339:6: warning: no previous prototype for 'uburma_jfr_event_cb' [-Wmissing-prototypes] 339 | void uburma_jfr_event_cb(struct ubcore_event *event, struct ubcore_ucontext *ctx) | ^~~~~~~~~~~~~~~~~~~ drivers/ub/urma/uburma/uburma_cmd.c:351:6: warning: no previous prototype for 'uburma_jetty_event_cb' [-Wmissing-prototypes] 351 | void uburma_jetty_event_cb(struct ubcore_event *event, struct ubcore_ucontext *ctx) | ^~~~~~~~~~~~~~~~~~~~~ >> drivers/ub/urma/uburma/uburma_cmd.c:363:6: warning: no previous prototype for 'uburma_jetty_grp_event_cb' [-Wmissing-prototypes] 363 | void uburma_jetty_grp_event_cb(struct ubcore_event *event, struct ubcore_ucontext *ctx) | ^~~~~~~~~~~~~~~~~~~~~~~~~ vim +/ubcore_check_port_state +49 drivers/ub/urma/ubcore/ubcore_netdev.c 48 > 49 int ubcore_check_port_state(struct ubcore_device *dev, uint8_t port_idx) 50 { 51 struct ubcore_device_status status; 52 53 if (dev == NULL || port_idx >= UBCORE_MAX_PORT_CNT) { 54 ubcore_log_err("Invalid parameter.\n"); 55 return -EINVAL; 56 } 57 58 if (ubcore_query_device_status(dev, &status) != 0) { 59 ubcore_log_err("query device status for state failed with dev name %s\n", 60 dev->dev_name); 61 return -EPERM; 62 } 63 64 if (status.port_status[port_idx].state != UBCORE_PORT_ACTIVE) { 65 ubcore_log_err("port state is not active with dev name: %s and port_idx: %hhu\n", 66 dev->dev_name, port_idx); 67 return -EPERM; 68 } 69 ubcore_log_info("Success to query dev %s port state and it's active.\n", dev->dev_name); 70 return 0; 71 } 72 > 73 int ubcore_find_port_netdev(struct ubcore_device *dev, struct net_device *ndev) 74 { 75 struct ubcore_ndev_port *port_info; 76 77 down_write(&g_port_list_lock); 78 list_for_each_entry(port_info, &dev->port_list, node) { 79 if (port_info->ndev == ndev) { 80 up_write(&g_port_list_lock); 81 return (int)port_info->port_id; 82 } 83 } 84 up_write(&g_port_list_lock); 85 ubcore_log_warn("ndev:%s no available port found.\n", netdev_name(ndev)); 86 /* Currently assigned port0 by default */ 87 return 0; 88 } 89 > 90 int ubcore_find_port_with_dev_name(struct ubcore_device *dev, char *dev_name) 91 { 92 struct ubcore_ndev_port *port_info; 93 94 if (dev == NULL || dev_name == NULL) { 95 ubcore_log_err("Invalid input parameter\n"); 96 return 0; 97 } 98 99 down_write(&g_port_list_lock); 100 list_for_each_entry(port_info, &dev->port_list, node) { 101 if (strcmp(port_info->dev_name, dev_name) == 0) { 102 up_write(&g_port_list_lock); 103 ubcore_log_info("ndev:%s dev name:%s with port id %u found.\n", 104 netdev_name(port_info->ndev), dev_name, port_info->port_id); 105 return (int)port_info->port_id; 106 } 107 } 108 up_write(&g_port_list_lock); 109 ubcore_log_warn("dev name:%s no available port found.\n", dev_name); 110 return 0; 111 } 112 > 113 int ubcore_set_port_netdev(struct ubcore_device *dev, struct net_device *ndev, 114 unsigned int port_id) 115 { 116 struct ubcore_ndev_port *port_info, *new_node; 117 118 if (dev == NULL || ndev == NULL) { 119 ubcore_log_err("invalid input parameter.\n"); 120 return -1; 121 } 122 down_write(&g_port_list_lock); 123 list_for_each_entry(port_info, &dev->port_list, node) { 124 if (port_info->ndev == ndev) { 125 up_write(&g_port_list_lock); 126 ubcore_log_warn("ndev:%s is already bound port: %d\n", 127 netdev_name(ndev), port_info->port_id); 128 return 0; 129 } 130 } 131 up_write(&g_port_list_lock); 132 133 new_node = kzalloc(sizeof(struct ubcore_ndev_port), GFP_ATOMIC); 134 if (new_node == NULL) 135 return -ENOMEM; 136 137 new_node->ndev = ndev; 138 new_node->port_id = port_id; 139 (void)strcpy(new_node->dev_name, dev->dev_name); 140 down_write(&g_port_list_lock); 141 list_add_tail(&new_node->node, &dev->port_list); 142 up_write(&g_port_list_lock); 143 ubcore_log_info("ndev:%s dev_name: %s bound port: %d\n", netdev_name(ndev), 144 dev->dev_name, new_node->port_id); 145 return 0; 146 } 147 EXPORT_SYMBOL(ubcore_set_port_netdev); 148 > 149 void ubcore_put_port_netdev(struct ubcore_device *dev) 150 { 151 struct ubcore_ndev_port *port_info, *next; 152 153 down_write(&g_port_list_lock); 154 list_for_each_entry_safe(port_info, next, &dev->port_list, node) { 155 if (port_info != NULL) { 156 list_del(&port_info->node); 157 kfree(port_info); 158 } 159 } 160 up_write(&g_port_list_lock); 161 } 162 EXPORT_SYMBOL(ubcore_put_port_netdev); 163 164 static void ubcore_sip_bitmap_init(void) 165 { 166 bitmap_zero(g_sip_bitmap, UBCORE_MAX_SIP); 167 } 168 > 169 uint32_t ubcore_sip_idx_alloc(uint32_t idx) 170 { 171 uint32_t ret_idx = idx; 172 int ret; 173 174 spin_lock(&g_sip_spinlock); 175 if (ret_idx > 0) { 176 ret = test_bit(ret_idx, g_sip_bitmap); 177 if (ret == 0) { 178 set_bit(ret_idx, g_sip_bitmap); 179 spin_unlock(&g_sip_spinlock); 180 return ret_idx; 181 } 182 spin_unlock(&g_sip_spinlock); 183 ubcore_log_err("ret_idx allocation failed.\n"); 184 return 0; 185 } 186 ret_idx = (uint32_t)find_first_zero_bit(g_sip_bitmap, UBCORE_MAX_SIP); 187 if (ret_idx >= UBCORE_MAX_SIP) { 188 ubcore_log_err("ret_idx allocation failed.\n"); 189 spin_unlock(&g_sip_spinlock); 190 return 0; 191 } 192 set_bit(ret_idx, g_sip_bitmap); 193 spin_unlock(&g_sip_spinlock); 194 return ret_idx; 195 } 196 > 197 int ubcore_sip_idx_free(uint32_t idx) 198 { 199 spin_lock(&g_sip_spinlock); 200 if (test_bit(idx, g_sip_bitmap) == false) { 201 spin_unlock(&g_sip_spinlock); 202 ubcore_log_err("idx is used.\n"); 203 return -EINVAL; 204 } 205 clear_bit(idx, g_sip_bitmap); 206 spin_unlock(&g_sip_spinlock); 207 return 0; 208 } 209 > 210 void ubcore_sip_table_init(void) 211 { 212 ubcore_sip_bitmap_init(); 213 mutex_init(&g_sip_table.lock); 214 } 215 > 216 void ubcore_sip_table_uninit(void) 217 { 218 uint32_t i; 219 220 mutex_lock(&g_sip_table.lock); 221 for (i = 0; i < UBCORE_SIP_TABLE_SIZE; i++) { 222 if (g_sip_table.entry[i] != NULL) { 223 kfree(g_sip_table.entry[i]); 224 g_sip_table.entry[i] = NULL; 225 } 226 } 227 mutex_unlock(&g_sip_table.lock); 228 } 229 > 230 int ubcore_add_sip_entry(const struct ubcore_sip_info *sip, uint32_t idx) 231 { 232 struct ubcore_sip_info *new_sip; 233 234 if (idx >= UBCORE_SIP_TABLE_SIZE || g_sip_table.entry[idx] != NULL) { 235 ubcore_log_err("add sip failed.\n"); 236 return -1; 237 } 238 new_sip = kzalloc(sizeof(struct ubcore_sip_info), GFP_ATOMIC); 239 if (new_sip == NULL) 240 return -ENOMEM; 241 242 (void)memcpy(new_sip, sip, sizeof(struct ubcore_sip_info)); 243 mutex_lock(&g_sip_table.lock); 244 g_sip_table.entry[idx] = new_sip; 245 mutex_unlock(&g_sip_table.lock); 246 ubcore_log_info("sip table add netdev: %s, entry idx: %d.\n", new_sip->dev_name, idx); 247 return 0; 248 } 249 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-6.6 1582/1582] drivers/irqchip/irq-loongson-eiointc.c:378:58: error: 'NODES_PER_FLATMODE_NODE' undeclared
by kernel test robot 04 Dec '24

04 Dec '24

Hi Hongchen, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 7881f070137e71175735e75416f5c5adb5990a0e commit: 30affb08c584efdc07b3c68015b5902ea02ec86a [1582/1582] irqchip/loongson-eiointc: fix gsi register error config: loongarch-allnoconfig (https://download.01.org/0day-ci/archive/20241204/202412041220.VRxlk3d1-lkp@…) compiler: loongarch64-linux-gcc (GCC) 14.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241204/202412041220.VRxlk3d1-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412041220.VRxlk3d1-lkp@intel.com/ All errors (new ones prefixed by >>): drivers/irqchip/irq-loongson-eiointc.c:357:12: warning: no previous prototype for 'pch_pic_parse_madt' [-Wmissing-prototypes] 357 | int __init pch_pic_parse_madt(union acpi_subtable_headers *header, | ^~~~~~~~~~~~~~~~~~ drivers/irqchip/irq-loongson-eiointc.c:370:12: warning: no previous prototype for 'pch_msi_parse_madt' [-Wmissing-prototypes] 370 | int __init pch_msi_parse_madt(union acpi_subtable_headers *header, | ^~~~~~~~~~~~~~~~~~ drivers/irqchip/irq-loongson-eiointc.c: In function 'pch_msi_parse_madt': >> drivers/irqchip/irq-loongson-eiointc.c:378:58: error: 'NODES_PER_FLATMODE_NODE' undeclared (first use in this function) 378 | node = eiointc_priv[nr_pics - 1]->node / NODES_PER_FLATMODE_NODE; | ^~~~~~~~~~~~~~~~~~~~~~~ drivers/irqchip/irq-loongson-eiointc.c:378:58: note: each undeclared identifier is reported only once for each function it appears in drivers/irqchip/irq-loongson-eiointc.c: In function 'eiointc_acpi_init': drivers/irqchip/irq-loongson-eiointc.c:481:45: error: 'NODES_PER_FLATMODE_NODE' undeclared (first use in this function) 481 | node = acpi_eiointc->node / NODES_PER_FLATMODE_NODE; | ^~~~~~~~~~~~~~~~~~~~~~~ vim +/NODES_PER_FLATMODE_NODE +378 drivers/irqchip/irq-loongson-eiointc.c 369 370 int __init pch_msi_parse_madt(union acpi_subtable_headers *header, 371 const unsigned long end) 372 { 373 struct irq_domain *parent; 374 struct acpi_madt_msi_pic *pchmsi_entry = (struct acpi_madt_msi_pic *)header; 375 int node; 376 377 if (cpu_has_flatmode) > 378 node = eiointc_priv[nr_pics - 1]->node / NODES_PER_FLATMODE_NODE; 379 else 380 node = eiointc_priv[nr_pics - 1]->node; 381 382 parent = acpi_get_vec_parent(node, msi_group); 383 384 if (parent) 385 return pch_msi_acpi_init(parent, pchmsi_entry); 386 387 return 0; 388 } 389 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

openEuler Kernel SIG双周例会
by openEuler conference 04 Dec '24

04 Dec '24

您好！ Kernel 邀请您参加 2024-12-06 14:00 召开的WeLink会议(自动录制) 会议主题：openEuler Kernel SIG双周例会会议内容： 1. 进展update 2. 议题征集中（可回复此邮件申报，也可直接填写至会议纪要看板。）会议链接：https://meeting.huaweicloud.com:36443/#/j/962386363 会议纪要：https://etherpad.openeuler.org/p/Kernel-meetings 更多资讯尽在：https://www.openeuler.org/zh/ Hello! Kernel invites you to attend the WeLink conference(auto recording) will be held at 2024-12-06 14:00, The subject of the conference is openEuler Kernel SIG双周例会, Summary: 1. 进展update 2. 议题征集中（可回复此邮件申报，也可直接填写至会议纪要看板。） You can join the meeting at https://meeting.huaweicloud.com:36443/#/j/962386363. Add topics at https://etherpad.openeuler.org/p/Kernel-meetings. More information: https://www.openeuler.org/en/

1 0

[PATCH OLK-5.10 0/2] ACPI: Fix Generic Initiator Affinity _OSC bit
by Xiongfeng Wang 04 Dec '24

04 Dec '24

Armin Wolf (2): ACPI: Fix Generic Initiator Affinity _OSC bit ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC drivers/acpi/bus.c | 1 + include/linux/acpi.h | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) -- 2.20.1

2 3

[openeuler:OLK-5.10 2516/2516] drivers/net/ub/dev/ubl.c:92:1: warning: 'static' is not at beginning of declaration
by kernel test robot 04 Dec '24

04 Dec '24

Hi Junxin, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: 50144653bfd09743bb9ce60543744e9e8cbb6489 commit: eb44201ee79cffdcf1b16759a54940dca047aae5 [2516/2516] ubl: add CONFIG_UBL definition and UBL interface config: arm64-randconfig-003-20241203 (https://download.01.org/0day-ci/archive/20241204/202412041042.sDm6Qcib-lkp@…) compiler: aarch64-linux-gcc (GCC) 14.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241204/202412041042.sDm6Qcib-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412041042.sDm6Qcib-lkp@intel.com/ All warnings (new ones prefixed by >>): >> drivers/net/ub/dev/ubl.c:92:1: warning: 'static' is not at beginning of declaration [-Wold-style-declaration] 92 | const static struct header_ops ubl_header_ops ____cacheline_aligned = { | ^~~~~ vim +/static +92 drivers/net/ub/dev/ubl.c 91 > 92 const static struct header_ops ubl_header_ops ____cacheline_aligned = { 93 .create = ubl_create_header, 94 .parse_protocol = ubl_header_parse_protocol, 95 }; 96 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-5.10] wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
by Wang Liang 04 Dec '24

04 Dec '24

From: Dmitry Antipov <dmantipov(a)yandex.ru> stable inclusion from stable-v5.10.227 commit f232916fab67ca1c3425926df4a866e59ff26908 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYPKT CVE: CVE-2024-47713 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 9d301de12da6e1bb069a9835c38359b8e8135121 ] Since '__dev_queue_xmit()' should be called with interrupts enabled, the following backtrace: ieee80211_do_stop() ... spin_lock_irqsave(&local->queue_stop_reason_lock, flags) ... ieee80211_free_txskb() ieee80211_report_used_skb() ieee80211_report_ack_skb() cfg80211_mgmt_tx_status_ext() nl80211_frame_tx_status() genlmsg_multicast_netns() genlmsg_multicast_netns_filtered() nlmsg_multicast_filtered() netlink_broadcast_filtered() do_one_broadcast() netlink_broadcast_deliver() __netlink_sendskb() netlink_deliver_tap() __netlink_deliver_tap_skb() dev_queue_xmit() __dev_queue_xmit() ; with IRQS disabled ... spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags) issues the warning (as reported by syzbot reproducer): WARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120 Fix this by implementing a two-phase skb reclamation in 'ieee80211_do_stop()', where actual work is performed outside of a section with interrupts disabled. Fixes: 5061b0c2b906 ("mac80211: cooperate more with network namespaces") Reported-by: syzbot+1a3986bbd3169c307819(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=1a3986bbd3169c307819 Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Link: https://patch.msgid.link/20240906123151.351647-1-dmantipov@yandex.ru Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Wang Liang <wangliang74(a)huawei.com> --- net/mac80211/iface.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index 06ce138eedf1..55e3dfa7505d 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -370,6 +370,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, { struct ieee80211_local *local = sdata->local; unsigned long flags; + struct sk_buff_head freeq; struct sk_buff *skb, *tmp; u32 hw_reconf_flags = 0; int i, flushed; @@ -565,18 +566,32 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, skb_queue_purge(&sdata->skb_queue); } + /* + * Since ieee80211_free_txskb() may issue __dev_queue_xmit() + * which should be called with interrupts enabled, reclamation + * is done in two phases: + */ + __skb_queue_head_init(&freeq); + + /* unlink from local queues... */ spin_lock_irqsave(&local->queue_stop_reason_lock, flags); for (i = 0; i < IEEE80211_MAX_QUEUES; i++) { skb_queue_walk_safe(&local->pending[i], skb, tmp) { struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); if (info->control.vif == &sdata->vif) { __skb_unlink(skb, &local->pending[i]); - ieee80211_free_txskb(&local->hw, skb); + __skb_queue_tail(&freeq, skb); } } } spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); + /* ... and perform actual reclamation with interrupts enabled. */ + skb_queue_walk_safe(&freeq, skb, tmp) { + __skb_unlink(skb, &freeq); + ieee80211_free_txskb(&local->hw, skb); + } + if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) ieee80211_txq_remove_vlan(local, sdata); -- 2.34.1

2 1

[PATCH OLK-5.10] net: sched: fix use-after-free in taprio_change()
by Wang Liang 04 Dec '24

04 Dec '24

From: Dmitry Antipov <dmantipov(a)yandex.ru> stable inclusion from stable-v5.10.229 commit 8a283a19026aaae8a773fd8061263cfa315b127f category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2BWJ CVE: CVE-2024-50127 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit f504465970aebb2467da548f7c1efbbf36d0f44b ] In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->current_entry_lock' is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). Fix this by prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update 'admin' immediately before an attempt to schedule freeing. Fixes: a3d43c0d56f1 ("taprio: Add support adding an admin schedule") Reported-by: syzbot+b65e0af58423fc8a73aa(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa Acked-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Link: https://patch.msgid.link/20241018051339.418890-1-dmantipov@yandex.ru Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Wang Liang <wangliang74(a)huawei.com> --- net/sched/sch_taprio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c index df2a372445a6..102b62af1487 100644 --- a/net/sched/sch_taprio.c +++ b/net/sched/sch_taprio.c @@ -1599,7 +1599,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt, taprio_start_sched(sch, start, new_admin); - rcu_assign_pointer(q->admin_sched, new_admin); + admin = rcu_replace_pointer(q->admin_sched, new_admin, + lockdep_rtnl_is_held()); if (admin) call_rcu(&admin->rcu, taprio_free_sched_cb); -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] can: bcm: Fix UAF in bcm_proc_show()
by Wang Liang 04 Dec '24

04 Dec '24

From: YueHaibing <yuehaibing(a)huawei.com> stable inclusion from stable-v5.10.188 commit cf254b4f68e480e73dab055014e002b77aed30ed category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB7S5M CVE: CVE-2023-52922 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 55c3b96074f3f9b0aee19bf93cd71af7516582bb upstream. BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0xd5/0x150 print_report+0xc1/0x5e0 kasan_report+0xba/0xf0 bcm_proc_show+0x969/0xa80 seq_read_iter+0x4f6/0x1260 seq_read+0x165/0x210 proc_reg_read+0x227/0x300 vfs_read+0x1d5/0x8d0 ksys_read+0x11e/0x240 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Allocated by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x9e/0xa0 bcm_sendmsg+0x264b/0x44e0 sock_sendmsg+0xda/0x180 ____sys_sendmsg+0x735/0x920 ___sys_sendmsg+0x11d/0x1b0 __sys_sendmsg+0xfa/0x1d0 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 ____kasan_slab_free+0x161/0x1c0 slab_free_freelist_hook+0x119/0x220 __kmem_cache_free+0xb4/0x2e0 rcu_core+0x809/0x1bd0 bcm_op is freed before procfs entry be removed in bcm_release(), this lead to bcm_proc_show() may read the freed bcm_op. Fixes: ffd980f976e7 ("[CAN]: Add broadcast manager (bcm) protocol") Signed-off-by: YueHaibing <yuehaibing(a)huawei.com> Reviewed-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Acked-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Link: https://lore.kernel.org/all/20230715092543.15548-1-yuehaibing@huawei.com Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Wang Liang <wangliang74(a)huawei.com> --- net/can/bcm.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/net/can/bcm.c b/net/can/bcm.c index 32c8c5ce1b4d..ed2d40c73c65 100644 --- a/net/can/bcm.c +++ b/net/can/bcm.c @@ -1523,6 +1523,12 @@ static int bcm_release(struct socket *sock) lock_sock(sk); +#if IS_ENABLED(CONFIG_PROC_FS) + /* remove procfs entry */ + if (net->can.bcmproc_dir && bo->bcm_proc_read) + remove_proc_entry(bo->procname, net->can.bcmproc_dir); +#endif /* CONFIG_PROC_FS */ + list_for_each_entry_safe(op, next, &bo->tx_ops, list) bcm_remove_op(op); @@ -1558,12 +1564,6 @@ static int bcm_release(struct socket *sock) list_for_each_entry_safe(op, next, &bo->rx_ops, list) bcm_remove_op(op); -#if IS_ENABLED(CONFIG_PROC_FS) - /* remove procfs entry */ - if (net->can.bcmproc_dir && bo->bcm_proc_read) - remove_proc_entry(bo->procname, net->can.bcmproc_dir); -#endif /* CONFIG_PROC_FS */ - /* remove device reference */ if (bo->bound) { bo->bound = 0; -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] net: sched: fix use-after-free in taprio_change()
by Wang Liang 04 Dec '24

04 Dec '24

From: Dmitry Antipov <dmantipov(a)yandex.ru> stable inclusion from stable-v5.10.229 commit 8a283a19026aaae8a773fd8061263cfa315b127f category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2BWJ CVE: CVE-2024-50127 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit f504465970aebb2467da548f7c1efbbf36d0f44b ] In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->current_entry_lock' is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). Fix this by prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update 'admin' immediately before an attempt to schedule freeing. Fixes: a3d43c0d56f1 ("taprio: Add support adding an admin schedule") Reported-by: syzbot+b65e0af58423fc8a73aa(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa Acked-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Link: https://patch.msgid.link/20241018051339.418890-1-dmantipov@yandex.ru Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Wang Liang <wangliang74(a)huawei.com> --- net/sched/sch_taprio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c index b6b01e85d623..a1163a07e951 100644 --- a/net/sched/sch_taprio.c +++ b/net/sched/sch_taprio.c @@ -1599,7 +1599,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt, taprio_start_sched(sch, start, new_admin); - rcu_assign_pointer(q->admin_sched, new_admin); + admin = rcu_replace_pointer(q->admin_sched, new_admin, + lockdep_rtnl_is_held()); if (admin) call_rcu(&admin->rcu, taprio_free_sched_cb); -- 2.34.1

2 1

[PATCH openEuler-1.0-LTS 0/3] fix CVE-2024-50278
by Zheng Qixing 04 Dec '24

04 Dec '24

Fix CVE-2024-50278. Ming-Hung Tsai (3): dm cache: fix out-of-bounds access to the dirty bitset when resizing dm cache: optimize dirty bit checking with find_next_bit when resizing dm cache: fix potential out-of-bounds access on the first resume drivers/md/dm-cache-target.c | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) -- 2.39.2

2 4

2025

2024

2023

2022

2021

2020

2019

Kernel