- Kernel - mailweb.openeuler.org

[openeuler:OLK-6.6 1455/1455] arch/loongarch/kernel/legacy_boot.c:439:25-27: WARNING !A || A && B is equivalent to !A || B
by kernel test robot 03 Dec '24

03 Dec '24

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 4672b15ea0310686f657dc38c95b8c90663590c0 commit: db5bb24abc8dd120fd81b7ce21819e96578d011e [1455/1455] LoongArch: Old BPI compatibility config: loongarch-randconfig-r053-20241112 (https://download.01.org/0day-ci/archive/20241203/202412031534.dakPdx99-lkp@…) compiler: loongarch64-linux-gcc (GCC) 14.2.0 If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412031534.dakPdx99-lkp@intel.com/ cocci warnings: (new ones prefixed by >>) >> arch/loongarch/kernel/legacy_boot.c:439:25-27: WARNING !A || A && B is equivalent to !A || B vim +439 arch/loongarch/kernel/legacy_boot.c 423 424 static struct fwnode_handle * __init parse_isa_base(u64 *cpu_addr) 425 { 426 struct device_node *np; 427 const __be32 *ranges = NULL; 428 int len; 429 struct device_node *node; 430 431 for_each_node_by_name(np, "isa") { 432 node = of_node_get(np); 433 434 if (!node) 435 break; 436 437 ranges = of_get_property(node, "ranges", &len); 438 > 439 if (!ranges || (ranges && len > 0)) 440 break; 441 } 442 if (ranges) { 443 ranges += 2; 444 *cpu_addr = of_translate_address(np, ranges); 445 return &np->fwnode; 446 } 447 448 return NULL; 449 } 450 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-6.6 1572/1572] arch/x86/kernel/csv-shared.c:130:13: warning: no previous prototype for function 'csv3_scan_secure_call_pages'
by kernel test robot 03 Dec '24

03 Dec '24

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 4672b15ea0310686f657dc38c95b8c90663590c0 commit: ce19f23605e1ab1ab99b4caefdcd1d07dd3dc329 [1572/1572] x86/kernel: Add CSV3 early update(enc/dec)/reset memory helpers config: x86_64-buildonly-randconfig-006-20241203 (https://download.01.org/0day-ci/archive/20241203/202412031441.jesCKpSg-lkp@…) compiler: clang version 19.1.3 (https://github.com/llvm/llvm-project ab51eccf88f5321e7c60591c5546b254b6afab99) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241203/202412031441.jesCKpSg-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412031441.jesCKpSg-lkp@intel.com/ All warnings (new ones prefixed by >>): In file included from arch/x86/kernel/csv.c:10: In file included from include/linux/memblock.h:12: In file included from include/linux/mm.h:2243: include/linux/vmstat.h:522:36: warning: arithmetic between different enumeration types ('enum node_stat_item' and 'enum lru_list') [-Wenum-enum-conversion] 522 | return node_stat_name(NR_LRU_BASE + lru) + 3; // skip "nr_" | ~~~~~~~~~~~ ^ ~~~ In file included from arch/x86/kernel/csv.c:15: >> arch/x86/kernel/csv-shared.c:130:13: warning: no previous prototype for function 'csv3_scan_secure_call_pages' [-Wmissing-prototypes] 130 | void __init csv3_scan_secure_call_pages(struct boot_params *boot_params) | ^ arch/x86/kernel/csv-shared.c:130:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 130 | void __init csv3_scan_secure_call_pages(struct boot_params *boot_params) | ^ | static >> arch/x86/kernel/csv-shared.c:177:13: warning: no previous prototype for function 'csv3_early_secure_call_ident_map' [-Wmissing-prototypes] 177 | void __init csv3_early_secure_call_ident_map(u64 base_address, u64 num_pages, | ^ arch/x86/kernel/csv-shared.c:177:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 177 | void __init csv3_early_secure_call_ident_map(u64 base_address, u64 num_pages, | ^ | static 3 warnings generated. vim +/csv3_scan_secure_call_pages +130 arch/x86/kernel/csv-shared.c d2600299dc44d38 Xin Jiang 2024-03-11 122 d2600299dc44d38 Xin Jiang 2024-03-11 123 /** d2600299dc44d38 Xin Jiang 2024-03-11 124 * csv3_scan_secure_call_pages - try to find the secure call pages. d2600299dc44d38 Xin Jiang 2024-03-11 125 * @boot_params: boot parameters where e820_table resides. d2600299dc44d38 Xin Jiang 2024-03-11 126 * d2600299dc44d38 Xin Jiang 2024-03-11 127 * The secure call pages are reserved by BIOS. We scan all the reserved pages d2600299dc44d38 Xin Jiang 2024-03-11 128 * to check the CSV3 secure call guid bytes. d2600299dc44d38 Xin Jiang 2024-03-11 129 */ d2600299dc44d38 Xin Jiang 2024-03-11 @130 void __init csv3_scan_secure_call_pages(struct boot_params *boot_params) d2600299dc44d38 Xin Jiang 2024-03-11 131 { d2600299dc44d38 Xin Jiang 2024-03-11 132 struct boot_e820_entry *entry; d2600299dc44d38 Xin Jiang 2024-03-11 133 struct csv3_secure_call_cmd *sc_page; d2600299dc44d38 Xin Jiang 2024-03-11 134 u64 offset; d2600299dc44d38 Xin Jiang 2024-03-11 135 u64 addr; d2600299dc44d38 Xin Jiang 2024-03-11 136 u8 i; d2600299dc44d38 Xin Jiang 2024-03-11 137 u8 table_num; d2600299dc44d38 Xin Jiang 2024-03-11 138 int count = 0; d2600299dc44d38 Xin Jiang 2024-03-11 139 d2600299dc44d38 Xin Jiang 2024-03-11 140 if (!boot_params) d2600299dc44d38 Xin Jiang 2024-03-11 141 return; d2600299dc44d38 Xin Jiang 2024-03-11 142 d2600299dc44d38 Xin Jiang 2024-03-11 143 if (csv3_boot_sc_page_a != -1ul && csv3_boot_sc_page_b != -1ul) d2600299dc44d38 Xin Jiang 2024-03-11 144 return; d2600299dc44d38 Xin Jiang 2024-03-11 145 d2600299dc44d38 Xin Jiang 2024-03-11 146 table_num = min_t(u8, boot_params->e820_entries, d2600299dc44d38 Xin Jiang 2024-03-11 147 E820_MAX_ENTRIES_ZEROPAGE); d2600299dc44d38 Xin Jiang 2024-03-11 148 entry = &boot_params->e820_table[0]; d2600299dc44d38 Xin Jiang 2024-03-11 149 for (i = 0; i < table_num; i++) { d2600299dc44d38 Xin Jiang 2024-03-11 150 if (entry[i].type != E820_TYPE_RESERVED) d2600299dc44d38 Xin Jiang 2024-03-11 151 continue; d2600299dc44d38 Xin Jiang 2024-03-11 152 d2600299dc44d38 Xin Jiang 2024-03-11 153 addr = entry[i].addr & PAGE_MASK; d2600299dc44d38 Xin Jiang 2024-03-11 154 for (offset = 0; offset < entry[i].size; offset += PAGE_SIZE) { d2600299dc44d38 Xin Jiang 2024-03-11 155 sc_page = (void *)(addr + offset); d2600299dc44d38 Xin Jiang 2024-03-11 156 if (sc_page->guid_64[0] == CSV3_SECURE_CALL_GUID_LOW && d2600299dc44d38 Xin Jiang 2024-03-11 157 sc_page->guid_64[1] == CSV3_SECURE_CALL_GUID_HIGH) { d2600299dc44d38 Xin Jiang 2024-03-11 158 if (count == 0) d2600299dc44d38 Xin Jiang 2024-03-11 159 csv3_boot_sc_page_a = addr + offset; d2600299dc44d38 Xin Jiang 2024-03-11 160 else if (count == 1) d2600299dc44d38 Xin Jiang 2024-03-11 161 csv3_boot_sc_page_b = addr + offset; d2600299dc44d38 Xin Jiang 2024-03-11 162 count++; d2600299dc44d38 Xin Jiang 2024-03-11 163 } d2600299dc44d38 Xin Jiang 2024-03-11 164 if (count >= 2) d2600299dc44d38 Xin Jiang 2024-03-11 165 return; d2600299dc44d38 Xin Jiang 2024-03-11 166 } d2600299dc44d38 Xin Jiang 2024-03-11 167 } d2600299dc44d38 Xin Jiang 2024-03-11 168 } d2600299dc44d38 Xin Jiang 2024-03-11 169 d2600299dc44d38 Xin Jiang 2024-03-11 170 /** d2600299dc44d38 Xin Jiang 2024-03-11 171 * csv3_early_secure_call_ident_map - issue early secure call command at the d2600299dc44d38 Xin Jiang 2024-03-11 172 * stage where identity page table is created. d2600299dc44d38 Xin Jiang 2024-03-11 173 * @base_address: Start address of the specified memory range. d2600299dc44d38 Xin Jiang 2024-03-11 174 * @num_pages: number of the specific pages. d2600299dc44d38 Xin Jiang 2024-03-11 175 * @cmd_type: Secure call cmd type. d2600299dc44d38 Xin Jiang 2024-03-11 176 */ d2600299dc44d38 Xin Jiang 2024-03-11 @177 void __init csv3_early_secure_call_ident_map(u64 base_address, u64 num_pages, :::::: The code at line 130 was first introduced by commit :::::: d2600299dc44d38ae1c69b2c0d5a0259c577290f x86/boot/compressed/64: Init CSV3 secure call pages :::::: TO: Xin Jiang <jiangxin(a)hygon.cn> :::::: CC: hanliyang <hanliyang(a)hygon.cn> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-5.10 2516/2516] security/integrity/ima/ima_template_lib.c:102:44: sparse: sparse: cast to restricted __le16
by kernel test robot 03 Dec '24

03 Dec '24

tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: 020e0507954f21291b7b3a0a280128270a0d8959 commit: 2c0768b2f0838b4a365d958abd751773e795e987 [2516/2516] ima: Add ima_show_template_uint() template library function config: x86_64-randconfig-121-20241203 (https://download.01.org/0day-ci/archive/20241203/202412031310.oFwEBFj9-lkp@…) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241203/202412031310.oFwEBFj9-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412031310.oFwEBFj9-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) >> security/integrity/ima/ima_template_lib.c:102:44: sparse: sparse: cast to restricted __le16 security/integrity/ima/ima_template_lib.c:109:44: sparse: sparse: cast to restricted __le32 >> security/integrity/ima/ima_template_lib.c:116:44: sparse: sparse: cast to restricted __le64 security/integrity/ima/ima_template_lib.c:137:60: sparse: sparse: restricted __le32 degrades to integer security/integrity/ima/ima_template_lib.c:232:49: sparse: sparse: cast to restricted __le32 vim +102 security/integrity/ima/ima_template_lib.c 66 67 static void ima_show_template_data_ascii(struct seq_file *m, 68 enum ima_show_type show, 69 enum data_formats datafmt, 70 struct ima_field_data *field_data) 71 { 72 u8 *buf_ptr = field_data->data; 73 u32 buflen = field_data->len; 74 75 switch (datafmt) { 76 case DATA_FMT_DIGEST_WITH_ALGO: 77 buf_ptr = strnchr(field_data->data, buflen, ':'); 78 if (buf_ptr != field_data->data) 79 seq_printf(m, "%s", field_data->data); 80 81 /* skip ':' and '\0' */ 82 buf_ptr += 2; 83 buflen -= buf_ptr - field_data->data; 84 fallthrough; 85 case DATA_FMT_DIGEST: 86 case DATA_FMT_HEX: 87 if (!buflen) 88 break; 89 ima_print_digest(m, buf_ptr, buflen); 90 break; 91 case DATA_FMT_STRING: 92 seq_printf(m, "%s", buf_ptr); 93 break; 94 case DATA_FMT_UINT: 95 switch (field_data->len) { 96 case sizeof(u8): 97 seq_printf(m, "%u", *(u8 *)buf_ptr); 98 break; 99 case sizeof(u16): 100 if (ima_canonical_fmt) 101 seq_printf(m, "%u", > 102 le16_to_cpu(*(u16 *)buf_ptr)); 103 else 104 seq_printf(m, "%u", *(u16 *)buf_ptr); 105 break; 106 case sizeof(u32): 107 if (ima_canonical_fmt) 108 seq_printf(m, "%u", 109 le32_to_cpu(*(u32 *)buf_ptr)); 110 else 111 seq_printf(m, "%u", *(u32 *)buf_ptr); 112 break; 113 case sizeof(u64): 114 if (ima_canonical_fmt) 115 seq_printf(m, "%llu", > 116 le64_to_cpu(*(u64 *)buf_ptr)); 117 else 118 seq_printf(m, "%llu", *(u64 *)buf_ptr); 119 break; 120 default: 121 break; 122 } 123 default: 124 break; 125 } 126 } 127 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-5.10 2516/2516] drivers/ub/urma/uburma/uburma_cmd.c:144:6: warning: no previous prototype for 'uburma_jfs_event_cb'
by kernel test robot 03 Dec '24

03 Dec '24

Hi Yizhen, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: 020e0507954f21291b7b3a0a280128270a0d8959 commit: dd9641804ad19402838975c28003465d0b42042a [2516/2516] ub: uburma add cmd create/delete jfs implementation. config: arm64-randconfig-003-20241203 (https://download.01.org/0day-ci/archive/20241203/202412031343.msPaVrnc-lkp@…) compiler: aarch64-linux-gcc (GCC) 14.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241203/202412031343.msPaVrnc-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412031343.msPaVrnc-lkp@intel.com/ All warnings (new ones prefixed by >>): >> drivers/ub/urma/uburma/uburma_cmd.c:144:6: warning: no previous prototype for 'uburma_jfs_event_cb' [-Wmissing-prototypes] 144 | void uburma_jfs_event_cb(struct ubcore_event *event, struct ubcore_ucontext *ctx) | ^~~~~~~~~~~~~~~~~~~ vim +/uburma_jfs_event_cb +144 drivers/ub/urma/uburma/uburma_cmd.c 143 > 144 void uburma_jfs_event_cb(struct ubcore_event *event, struct ubcore_ucontext *ctx) 145 { 146 struct uburma_jfs_uobj *jfs_uobj; 147 148 if (event->element.jfs == NULL) 149 return; 150 151 jfs_uobj = (struct uburma_jfs_uobj *)event->element.jfs->jfs_cfg.jfs_context; 152 uburma_write_async_event(ctx, event->element.jfs->urma_jfs, event->event_type, 153 &jfs_uobj->async_event_list, &jfs_uobj->async_events_reported); 154 } 155 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-5.10] drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA
by Tirui Yin 03 Dec '24

03 Dec '24

From: Hans de Goede <hdegoede(a)redhat.com> mainline inclusion from mainline-v6.12-rc2 commit d92b90f9a54d9300a6e883258e79f36dab53bfae category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2BX4 CVE: CVE-2024-50134 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- Replace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a "memcpy: detected field-spanning write error" warning: [ 13.319813] memcpy: detected field-spanning write (size 16896) of single field "p->data" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4) [ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo] [ 13.320038] Call Trace: [ 13.320173] hgsmi_update_pointer_shape [vboxvideo] [ 13.320184] vbox_cursor_atomic_update [vboxvideo] Note as mentioned in the added comment it seems the original length calculation for the allocated and send hgsmi buffer is 4 bytes too large. Changing this is not the goal of this patch, so this behavior is kept. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240827104523.17442-1-hdegoe… Signed-off-by: Tirui Yin <yintirui(a)huawei.com> Reviewed-by: Chen Jun <chenjun102(a)huawei.com> --- drivers/gpu/drm/vboxvideo/hgsmi_base.c | 10 +++++++++- drivers/gpu/drm/vboxvideo/vboxvideo.h | 4 +--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/vboxvideo/hgsmi_base.c b/drivers/gpu/drm/vboxvideo/hgsmi_base.c index 361d3193258e..7edc9cf6a606 100644 --- a/drivers/gpu/drm/vboxvideo/hgsmi_base.c +++ b/drivers/gpu/drm/vboxvideo/hgsmi_base.c @@ -135,7 +135,15 @@ int hgsmi_update_pointer_shape(struct gen_pool *ctx, u32 flags, flags |= VBOX_MOUSE_POINTER_VISIBLE; } - p = hgsmi_buffer_alloc(ctx, sizeof(*p) + pixel_len, HGSMI_CH_VBVA, + /* + * The 4 extra bytes come from switching struct vbva_mouse_pointer_shape + * from having a 4 bytes fixed array at the end to using a proper VLA + * at the end. These 4 extra bytes were not subtracted from sizeof(*p) + * before the switch to the VLA, so this way the behavior is unchanged. + * Chances are these 4 extra bytes are not necessary but they are kept + * to avoid regressions. + */ + p = hgsmi_buffer_alloc(ctx, sizeof(*p) + pixel_len + 4, HGSMI_CH_VBVA, VBVA_MOUSE_POINTER_SHAPE); if (!p) return -ENOMEM; diff --git a/drivers/gpu/drm/vboxvideo/vboxvideo.h b/drivers/gpu/drm/vboxvideo/vboxvideo.h index a5de40fe1a76..bed285fe083c 100644 --- a/drivers/gpu/drm/vboxvideo/vboxvideo.h +++ b/drivers/gpu/drm/vboxvideo/vboxvideo.h @@ -351,10 +351,8 @@ struct vbva_mouse_pointer_shape { * Bytes in the gap between the AND and the XOR mask are undefined. * XOR mask scanlines have no gap between them and size of XOR mask is: * xor_len = width * 4 * height. - * - * Preallocate 4 bytes for accessing actual data as p->data. */ - u8 data[4]; + u8 data[]; } __packed; /* pointer is visible */ -- 2.17.1

2 1

[PATCH openEuler-22.03-LTS-SP1] drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA
by Tirui Yin 03 Dec '24

03 Dec '24

From: Hans de Goede <hdegoede(a)redhat.com> mainline inclusion from mainline-v6.12-rc2 commit d92b90f9a54d9300a6e883258e79f36dab53bfae category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2BX4 CVE: CVE-2024-50134 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- Replace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a "memcpy: detected field-spanning write error" warning: [ 13.319813] memcpy: detected field-spanning write (size 16896) of single field "p->data" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4) [ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo] [ 13.320038] Call Trace: [ 13.320173] hgsmi_update_pointer_shape [vboxvideo] [ 13.320184] vbox_cursor_atomic_update [vboxvideo] Note as mentioned in the added comment it seems the original length calculation for the allocated and send hgsmi buffer is 4 bytes too large. Changing this is not the goal of this patch, so this behavior is kept. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240827104523.17442-1-hdegoe… Signed-off-by: Tirui Yin <yintirui(a)huawei.com> Reviewed-by: Chen Jun <chenjun102(a)huawei.com> --- drivers/gpu/drm/vboxvideo/hgsmi_base.c | 10 +++++++++- drivers/gpu/drm/vboxvideo/vboxvideo.h | 4 +--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/vboxvideo/hgsmi_base.c b/drivers/gpu/drm/vboxvideo/hgsmi_base.c index 361d3193258e..7edc9cf6a606 100644 --- a/drivers/gpu/drm/vboxvideo/hgsmi_base.c +++ b/drivers/gpu/drm/vboxvideo/hgsmi_base.c @@ -135,7 +135,15 @@ int hgsmi_update_pointer_shape(struct gen_pool *ctx, u32 flags, flags |= VBOX_MOUSE_POINTER_VISIBLE; } - p = hgsmi_buffer_alloc(ctx, sizeof(*p) + pixel_len, HGSMI_CH_VBVA, + /* + * The 4 extra bytes come from switching struct vbva_mouse_pointer_shape + * from having a 4 bytes fixed array at the end to using a proper VLA + * at the end. These 4 extra bytes were not subtracted from sizeof(*p) + * before the switch to the VLA, so this way the behavior is unchanged. + * Chances are these 4 extra bytes are not necessary but they are kept + * to avoid regressions. + */ + p = hgsmi_buffer_alloc(ctx, sizeof(*p) + pixel_len + 4, HGSMI_CH_VBVA, VBVA_MOUSE_POINTER_SHAPE); if (!p) return -ENOMEM; diff --git a/drivers/gpu/drm/vboxvideo/vboxvideo.h b/drivers/gpu/drm/vboxvideo/vboxvideo.h index a5de40fe1a76..bed285fe083c 100644 --- a/drivers/gpu/drm/vboxvideo/vboxvideo.h +++ b/drivers/gpu/drm/vboxvideo/vboxvideo.h @@ -351,10 +351,8 @@ struct vbva_mouse_pointer_shape { * Bytes in the gap between the AND and the XOR mask are undefined. * XOR mask scanlines have no gap between them and size of XOR mask is: * xor_len = width * 4 * height. - * - * Preallocate 4 bytes for accessing actual data as p->data. */ - u8 data[4]; + u8 data[]; } __packed; /* pointer is visible */ -- 2.17.1

2 1

[openeuler:OLK-5.10 2516/2516] drivers/ub/urma/ubcore/ubcore_dp.c:26:5: warning: no previous prototype for 'ubcore_rearm_jfc'
by kernel test robot 03 Dec '24

03 Dec '24

Hi Yizhen, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: 020e0507954f21291b7b3a0a280128270a0d8959 commit: ad84f0a92e3fe282d8280d8c45f8d5b8aab1a2b4 [2516/2516] ub: ubcore add event api and add jetty and event api impls to compile config: arm64-randconfig-003-20241203 (https://download.01.org/0day-ci/archive/20241203/202412031140.FvR8Uwop-lkp@…) compiler: aarch64-linux-gcc (GCC) 14.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241203/202412031140.FvR8Uwop-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412031140.FvR8Uwop-lkp@intel.com/ All warnings (new ones prefixed by >>): >> drivers/ub/urma/ubcore/ubcore_dp.c:26:5: warning: no previous prototype for 'ubcore_rearm_jfc' [-Wmissing-prototypes] 26 | int ubcore_rearm_jfc(struct ubcore_jfc *jfc, bool solicited_only) | ^~~~~~~~~~~~~~~~ vim +/ubcore_rearm_jfc +26 drivers/ub/urma/ubcore/ubcore_dp.c 25 > 26 int ubcore_rearm_jfc(struct ubcore_jfc *jfc, bool solicited_only) -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-22.03-LTS-SP1] drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags
by Tirui Yin 03 Dec '24

03 Dec '24

From: Alex Hung <alex.hung(a)amd.com> mainline inclusion from mainline-v6.12-rc1 commit 5559598742fb4538e4c51c48ef70563c49c2af23 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRD1 CVE: CVE-2024-49923 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [WHAT & HOW] "dcn20_validate_apply_pipe_split_flags" dereferences merge, and thus it cannot be a null pointer. Let's pass a valid pointer to avoid null dereference. This fixes 2 FORWARD_NULL issues reported by Coverity. Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Jerry Zuo <jerry.zuo(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Conflicts: drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c [Path changed and there is no logical conflict.] Signed-off-by: Tirui Yin <yintirui(a)huawei.com> Reviewed-by: Chen Jun <chenjun102(a)huawei.com> --- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c index 2990793e86a2..559602336f67 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c @@ -2845,6 +2845,7 @@ bool dcn20_fast_validate_bw( { bool out = false; int split[MAX_PIPES] = { 0 }; + bool merge[MAX_PIPES] = { false }; int pipe_cnt, i, pipe_idx, vlevel; ASSERT(pipes); @@ -2867,7 +2868,7 @@ bool dcn20_fast_validate_bw( if (vlevel > context->bw_ctx.dml.soc.num_states) goto validate_fail; - vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, NULL); + vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, merge); /*initialize pipe_just_split_from to invalid idx*/ for (i = 0; i < MAX_PIPES; i++) -- 2.17.1

2 1

[PATCH OLK-5.10] drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags
by Tirui Yin 03 Dec '24

03 Dec '24

From: Alex Hung <alex.hung(a)amd.com> mainline inclusion from mainline-v6.12-rc1 commit 5559598742fb4538e4c51c48ef70563c49c2af23 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRD1 CVE: CVE-2024-49923 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [WHAT & HOW] "dcn20_validate_apply_pipe_split_flags" dereferences merge, and thus it cannot be a null pointer. Let's pass a valid pointer to avoid null dereference. This fixes 2 FORWARD_NULL issues reported by Coverity. Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Jerry Zuo <jerry.zuo(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Conflicts: drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c [Path changed and there is no logical conflict.] Signed-off-by: Tirui Yin <yintirui(a)huawei.com> Reviewed-by: Chen Jun <chenjun102(a)huawei.com> --- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c index 2990793e86a2..559602336f67 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c @@ -2845,6 +2845,7 @@ bool dcn20_fast_validate_bw( { bool out = false; int split[MAX_PIPES] = { 0 }; + bool merge[MAX_PIPES] = { false }; int pipe_cnt, i, pipe_idx, vlevel; ASSERT(pipes); @@ -2867,7 +2868,7 @@ bool dcn20_fast_validate_bw( if (vlevel > context->bw_ctx.dml.soc.num_states) goto validate_fail; - vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, NULL); + vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, merge); /*initialize pipe_just_split_from to invalid idx*/ for (i = 0; i < MAX_PIPES; i++) -- 2.17.1

2 1

[PATCH OLK-6.6] drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags
by Tirui Yin 03 Dec '24

03 Dec '24

From: Alex Hung <alex.hung(a)amd.com> mainline inclusion from mainline-v6.12-rc1 commit 5559598742fb4538e4c51c48ef70563c49c2af23 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRD1 CVE: CVE-2024-49923 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [WHAT & HOW] "dcn20_validate_apply_pipe_split_flags" dereferences merge, and thus it cannot be a null pointer. Let's pass a valid pointer to avoid null dereference. This fixes 2 FORWARD_NULL issues reported by Coverity. Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Jerry Zuo <jerry.zuo(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Conflicts: drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c [Path changed and there is no logical conflict.] Signed-off-by: Tirui Yin <yintirui(a)huawei.com> Reviewed-by: Chen Jun <chenjun102(a)huawei.com> --- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 3 ++- drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c index 94bf438c7310..e0daa4e051ac 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c @@ -2026,6 +2026,7 @@ bool dcn20_fast_validate_bw( { bool out = false; int split[MAX_PIPES] = { 0 }; + bool merge[MAX_PIPES] = { false }; int pipe_cnt, i, pipe_idx, vlevel; ASSERT(pipes); @@ -2050,7 +2051,7 @@ bool dcn20_fast_validate_bw( if (vlevel > context->bw_ctx.dml.soc.num_states) goto validate_fail; - vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, NULL); + vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, merge); /*initialize pipe_just_split_from to invalid idx*/ for (i = 0; i < MAX_PIPES; i++) diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c index d1a25fe6c44f..c1a1ca755f26 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c @@ -800,6 +800,7 @@ bool dcn21_fast_validate_bw(struct dc *dc, { bool out = false; int split[MAX_PIPES] = { 0 }; + bool merge[MAX_PIPES] = { false }; int pipe_cnt, i, pipe_idx, vlevel; ASSERT(pipes); @@ -842,7 +843,7 @@ bool dcn21_fast_validate_bw(struct dc *dc, goto validate_fail; } - vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, NULL); + vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, merge); for (i = 0, pipe_idx = 0; i < dc->res_pool->pipe_count; i++) { struct pipe_ctx *pipe = &context->res_ctx.pipe_ctx[i]; -- 2.17.1

2 1

2025

2024

2023

2022

2021

2020

2019

Kernel