- Kernel - mailweb.openeuler.org

[openeuler:OLK-6.6 10553/15325] arch/x86/kvm/svm/sev.c:2200:24: error: 'struct hygon_kvm_hooks_table' has no member named 'false'
by kernel test robot 26 Oct '24

26 Oct '24

Hi fangbaoshun, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 86591467ffc7fadfd84e3f8769e8ba303cf7d2de commit: 1c3b1095a26ed8bc1aa7ac3d4e8dd3e65964a74b [10553/15325] KVM: SVM: Add KVM_CSV_COMMAND_BATCH command for applying CSV RING_BUFFER mode config: x86_64-randconfig-003-20241026 (https://download.01.org/0day-ci/archive/20241026/202410261641.KwxLXwTB-lkp@…) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241026/202410261641.KwxLXwTB-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202410261641.KwxLXwTB-lkp@intel.com/ All errors (new ones prefixed by >>): arch/x86/kvm/svm/sev.c:2198:6: warning: no previous prototype for 'sev_install_hooks' [-Wmissing-prototypes] 2198 | void sev_install_hooks(void) | ^~~~~~~~~~~~~~~~~ arch/x86/kvm/svm/sev.c: In function 'sev_install_hooks': >> arch/x86/kvm/svm/sev.c:2200:24: error: 'struct hygon_kvm_hooks_table' has no member named 'false' 2200 | hygon_kvm_hooks.sev_enabled = &sev_enabled; | ^ >> arch/x86/kvm/svm/sev.c:2200:39: error: lvalue required as unary '&' operand 2200 | hygon_kvm_hooks.sev_enabled = &sev_enabled; | ^ vim +2200 arch/x86/kvm/svm/sev.c 2195 2196 #ifdef CONFIG_HYGON_CSV 2197 /* Code to set all of the function and vaiable pointers */ > 2198 void sev_install_hooks(void) 2199 { > 2200 hygon_kvm_hooks.sev_enabled = &sev_enabled; 2201 hygon_kvm_hooks.sev_issue_cmd = sev_issue_cmd; 2202 hygon_kvm_hooks.get_num_contig_pages = get_num_contig_pages; 2203 hygon_kvm_hooks.sev_pin_memory = sev_pin_memory; 2204 hygon_kvm_hooks.sev_unpin_memory = sev_unpin_memory; 2205 2206 hygon_kvm_hooks.sev_hooks_installed = true; 2207 } 2208 #endif 2209 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-1.0-LTS 0/1] fix CVE-2024-47742
by Lin Yujun 26 Oct '24

26 Oct '24

Jann Horn (1): firmware_loader: Block path traversal drivers/base/firmware_loader/main.c | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) -- 2.34.1

2 2

[PATCH openEuler-22.03-LTS-SP1 0/1] fix CVE-2024-47742
by Lin Yujun 26 Oct '24

26 Oct '24

Jann Horn (1): firmware_loader: Block path traversal drivers/base/firmware_loader/main.c | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) -- 2.34.1

2 2

[PATCH OLK-5.10 0/1] fix CVE-2024-47742
by Lin Yujun 26 Oct '24

26 Oct '24

Jann Horn (1): firmware_loader: Block path traversal drivers/base/firmware_loader/main.c | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) -- 2.34.1

2 2

[PATCH OLK-6.6 0/1] fix CVE-2024-47742
by Lin Yujun 26 Oct '24

26 Oct '24

Jann Horn (1): firmware_loader: Block path traversal drivers/base/firmware_loader/main.c | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) -- 2.34.1

2 2

[PATCH OLK-6.6] drm/amd/display: Validate function returns
by Heyuan Wang 26 Oct '24

26 Oct '24

From: Alex Hung <alex.hung(a)amd.com> mainline inclusion from mainline-v6.11 commit 673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IARYEW CVE: CVE-2024-46775 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- [WHAT & HOW] Function return values must be checked before data can be used in subsequent functions. This fixes 4 CHECKED_RETURN issues reported by Coverity. Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Conflicts: drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c drivers/gpu/drm/amd/display/dc/hubbub/dcn20/dcn20_hubbub.c [Conflict due to not merge mainline commit 8b09656b22c0 and f9c7818c9d65] Signed-off-by: Yu Liao <liaoyu15(a)huawei.com> --- drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 7 +++++-- .../drm/amd/display/dc/link/protocols/link_dp_training.c | 3 +-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c b/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c index 4c5ef3ef8dbd..8344957d7449 100644 --- a/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c +++ b/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c @@ -144,7 +144,9 @@ bool dc_dmub_srv_cmd_run_list(struct dc_dmub_srv *dc_dmub_srv, unsigned int coun if (status == DMUB_STATUS_QUEUE_FULL) { /* Execute and wait for queue to become empty again. */ dmub_srv_cmd_execute(dmub); - dmub_srv_wait_for_idle(dmub, 100000); + status = dmub_srv_wait_for_idle(dmub, 100000); + if (status != DMUB_STATUS_OK) + return false; /* Requeue the command. */ status = dmub_srv_cmd_queue(dmub, &cmd_list[i]); @@ -407,7 +409,8 @@ void dc_dmub_srv_get_visual_confirm_color_cmd(struct dc *dc, struct pipe_ctx *pi union dmub_rb_cmd cmd = { 0 }; unsigned int panel_inst = 0; - dc_get_edp_link_panel_inst(dc, pipe_ctx->stream->link, &panel_inst); + if (!dc_get_edp_link_panel_inst(dc, pipe_ctx->stream->link, &panel_inst)) + return; memset(&cmd, 0, sizeof(cmd)); diff --git a/drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c b/drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c index 9d1adfc09fb2..11d42ad0bc18 100644 --- a/drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c +++ b/drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c @@ -1676,8 +1676,7 @@ bool perform_link_training_with_retries( if (status == LINK_TRAINING_ABORT) { enum dc_connection_type type = dc_connection_none; - link_detect_connection_type(link, &type); - if (type == dc_connection_none) { + if (link_detect_connection_type(link, &type) && type == dc_connection_none) { DC_LOG_HW_LINK_TRAINING("%s: Aborting training because sink unplugged\n", __func__); break; } -- 2.25.1

2 1

[PATCH openEuler-22.03-LTS-SP1] devres: Fix memory leakage caused by driver API devm_free_percpu()
by Zhang Zekun 26 Oct '24

26 Oct '24

From: Zijun Hu <quic_zijuhu(a)quicinc.com> stable inclusion from stable-v5.10.224 commit ef56dcdca8f2a53abc3a83d388b8336447533d85 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IALERD CVE: CVE-2024-43871 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… ------------------------------------------------- [ Upstream commit bd50a974097bb82d52a458bd3ee39fb723129a0c ] It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu(). Fixes: ff86aae3b411 ("devres: add devm_alloc_percpu()") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> Link: https://lore.kernel.org/r/1719931914-19035-3-git-send-email-quic_zijuhu@qui… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: drivers/base/devres.c [There is a context difference, no functional change] Signed-off-by: Zhang Zekun <zhangzekun11(a)huawei.com> --- drivers/base/devres.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/base/devres.c b/drivers/base/devres.c index 586e9a75c840..ef3014194049 100644 --- a/drivers/base/devres.c +++ b/drivers/base/devres.c @@ -1227,7 +1227,11 @@ EXPORT_SYMBOL_GPL(__devm_alloc_percpu); */ void devm_free_percpu(struct device *dev, void __percpu *pdata) { - WARN_ON(devres_destroy(dev, devm_percpu_release, devm_percpu_match, + /* + * Use devres_release() to prevent memory leakage as + * devm_free_pages() does. + */ + WARN_ON(devres_release(dev, devm_percpu_release, devm_percpu_match, (void *)pdata)); } EXPORT_SYMBOL_GPL(devm_free_percpu); -- 2.17.1

2 1

[PATCH openEuler-22.03-LTS-SP1] jfs: Fix array-index-out-of-bounds in diFree
by Zhang Zekun 26 Oct '24

26 Oct '24

From: Jeongjun Park <aha310510(a)gmail.com> stable inclusion from stable-v5.10.224 commit 538a27c8048f081a5ddd286f886eb986fbbc7f80 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKQ4Y CVE: CVE-2024-43858 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------------------------------------- [ Upstream commit f73f969b2eb39ad8056f6c7f3a295fa2f85e313a ] Reported-by: syzbot+241c815bda521982cb49(a)syzkaller.appspotmail.com Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Zhang Zekun <zhangzekun11(a)huawei.com> --- fs/jfs/jfs_imap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c index b0965f3ef186..36ed75682064 100644 --- a/fs/jfs/jfs_imap.c +++ b/fs/jfs/jfs_imap.c @@ -292,7 +292,7 @@ int diSync(struct inode *ipimap) int diRead(struct inode *ip) { struct jfs_sb_info *sbi = JFS_SBI(ip->i_sb); - int iagno, ino, extno, rc; + int iagno, ino, extno, rc, agno; struct inode *ipimap; struct dinode *dp; struct iag *iagp; @@ -341,8 +341,11 @@ int diRead(struct inode *ip) /* get the ag for the iag */ agstart = le64_to_cpu(iagp->agstart); + agno = BLKTOAG(agstart, JFS_SBI(ip->i_sb)); release_metapage(mp); + if (agno >= MAXAG || agno < 0) + return -EIO; rel_inode = (ino & (INOSPERPAGE - 1)); pageno = blkno >> sbi->l2nbperpage; -- 2.17.1

2 1

[PATCH OLK-5.10] soundwire: cadence: fix invalid PDI offset
by Zhang Zekun 26 Oct '24

26 Oct '24

From: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> mainline inclusion from mainline-v6.10-rc1 commit 8ee1b439b1540ae543149b15a2a61b9dff937d91 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA7D3E CVE: CVE-2024-38635 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------------------------------- For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 which are reserved for BPT. This code is however completely wrong and leads to an out-of-bounds access. We were just lucky so far since we used only a couple of PDIs and remained within the PDI array bounds. A Fixes: tag is not provided since there are no known platforms where the out-of-bounds would be accessed, and the initial code had problems as well. A follow-up patch completely removes this useless offset. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Reviewed-by: Rander Wang <rander.wang(a)intel.com> Signed-off-by: Bard Liao <yung-chuan.liao(a)linux.intel.com> Link: https://lore.kernel.org/r/20240326090122.1051806-2-yung-chuan.liao@linux.in… Signed-off-by: Vinod Koul <vkoul(a)kernel.org> Signed-off-by: Zhang Zekun <zhangzekun11(a)huawei.com> --- drivers/soundwire/cadence_master.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soundwire/cadence_master.c b/drivers/soundwire/cadence_master.c index 18e7d158fcca..d3e9cd3faadf 100644 --- a/drivers/soundwire/cadence_master.c +++ b/drivers/soundwire/cadence_master.c @@ -1698,7 +1698,7 @@ struct sdw_cdns_pdi *sdw_cdns_alloc_pdi(struct sdw_cdns *cdns, /* check if we found a PDI, else find in bi-directional */ if (!pdi) - pdi = cdns_find_pdi(cdns, 2, stream->num_bd, stream->bd, + pdi = cdns_find_pdi(cdns, 0, stream->num_bd, stream->bd, dai_id); if (pdi) { -- 2.17.1

2 1

[PATCH OLK-5.10] jfs: Fix array-index-out-of-bounds in diFree
by Zhang Zekun 26 Oct '24

26 Oct '24

From: Jeongjun Park <aha310510(a)gmail.com> stable inclusion from stable-v5.10.224 commit 538a27c8048f081a5ddd286f886eb986fbbc7f80 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKQ4Y CVE: CVE-2024-43858 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------------------------------------- [ Upstream commit f73f969b2eb39ad8056f6c7f3a295fa2f85e313a ] Reported-by: syzbot+241c815bda521982cb49(a)syzkaller.appspotmail.com Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Zhang Zekun <zhangzekun11(a)huawei.com> --- fs/jfs/jfs_imap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c index b0965f3ef186..36ed75682064 100644 --- a/fs/jfs/jfs_imap.c +++ b/fs/jfs/jfs_imap.c @@ -292,7 +292,7 @@ int diSync(struct inode *ipimap) int diRead(struct inode *ip) { struct jfs_sb_info *sbi = JFS_SBI(ip->i_sb); - int iagno, ino, extno, rc; + int iagno, ino, extno, rc, agno; struct inode *ipimap; struct dinode *dp; struct iag *iagp; @@ -341,8 +341,11 @@ int diRead(struct inode *ip) /* get the ag for the iag */ agstart = le64_to_cpu(iagp->agstart); + agno = BLKTOAG(agstart, JFS_SBI(ip->i_sb)); release_metapage(mp); + if (agno >= MAXAG || agno < 0) + return -EIO; rel_inode = (ino & (INOSPERPAGE - 1)); pageno = blkno >> sbi->l2nbperpage; -- 2.17.1

2 1

2025

2024

2023

2022

2021

2020

2019

Kernel