- Kernel - mailweb.openeuler.org

[openeuler:openEuler-1.0-LTS 1270/1270] drivers/net/ethernet/stmicro/stmmac/dwmac-phytium.c:159:10: error: incompatible pointer to integer conversion returning 'void *' from a function with result type 'int'
by kernel test robot 04 Nov '24

04 Nov '24

Hi wangzhimin, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: 22dcf78e532857efd97dab81b5edf3aa6f4b2f1c commit: af48889301db8235deab66a8822e3e00195ca14b [1270/1270] dwmac:add phytium dwmac driver config: x86_64-allyesconfig (https://download.01.org/0day-ci/archive/20241104/202411041653.GP4Kzp6V-lkp@…) compiler: clang version 19.1.3 (https://github.com/llvm/llvm-project ab51eccf88f5321e7c60591c5546b254b6afab99) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241104/202411041653.GP4Kzp6V-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202411041653.GP4Kzp6V-lkp@intel.com/ All errors (new ones prefixed by >>): >> drivers/net/ethernet/stmicro/stmmac/dwmac-phytium.c:159:10: error: incompatible pointer to integer conversion returning 'void *' from a function with result type 'int' [-Wint-conversion] 159 | return stmmac_res.addr; | ^~~~~~~~~~~~~~~ drivers/net/ethernet/stmicro/stmmac/dwmac-phytium.c:172:5: warning: no previous prototype for function 'phytium_dwmac_remove' [-Wmissing-prototypes] 172 | int phytium_dwmac_remove(struct platform_device *pdev) | ^ drivers/net/ethernet/stmicro/stmmac/dwmac-phytium.c:172:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 172 | int phytium_dwmac_remove(struct platform_device *pdev) | ^ | static 1 warning and 1 error generated. vim +159 drivers/net/ethernet/stmicro/stmmac/dwmac-phytium.c 32 33 static int phytium_dwmac_probe(struct platform_device *pdev) 34 { 35 struct fwnode_handle *fwnode = dev_fwnode(&pdev->dev); 36 struct plat_stmmacenet_data *plat; 37 struct stmmac_resources stmmac_res; 38 struct device_node *np = pdev->dev.of_node; 39 struct resource *res; 40 u64 clk_freq; 41 char clk_name[20]; 42 int ret; 43 44 plat = devm_kzalloc(&pdev->dev, sizeof(*plat), GFP_KERNEL); 45 if (!plat) 46 return -ENOMEM; 47 48 plat->dma_cfg = devm_kzalloc(&pdev->dev, sizeof(*plat->dma_cfg), 49 GFP_KERNEL); 50 if (!plat->dma_cfg) 51 return -ENOMEM; 52 53 plat->axi = devm_kzalloc(&pdev->dev, sizeof(*plat->axi), GFP_KERNEL); 54 if (!plat->axi) 55 return -ENOMEM; 56 57 plat->interface = device_get_phy_mode(&pdev->dev); 58 if (plat->interface < 0) 59 return plat->interface; 60 61 /* Configure PHY if using device-tree */ 62 if (pdev->dev.of_node) 63 plat->phy_node = of_parse_phandle(np, "phy-handle", 0); 64 65 if (pdev->dev.of_node) { 66 plat->bus_id = of_alias_get_id(np, "ethernet"); 67 if (plat->bus_id < 0) 68 plat->bus_id = 0; 69 } else if (fwnode_property_read_u32(fwnode, "bus_id", &plat->bus_id)) { 70 plat->bus_id = 2; 71 } 72 73 plat->phy_addr = -1; 74 plat->clk_csr = -1; 75 plat->has_gmac = 1; 76 plat->enh_desc = 1; 77 plat->bugged_jumbo = 1; 78 plat->pmt = 1; 79 plat->force_sf_dma_mode = 1; 80 81 if (fwnode_property_read_u32(fwnode, "max-speed", &plat->max_speed)) 82 plat->max_speed = -1; 83 84 if (fwnode_property_read_u32(fwnode, "max-frame-size", &plat->maxmtu)) 85 plat->maxmtu = JUMBO_LEN; 86 87 if (fwnode_property_read_u32(fwnode, "snps,multicast-filter-bins", 88 &plat->multicast_filter_bins)) 89 plat->multicast_filter_bins = HASH_TABLE_SIZE; 90 91 if (fwnode_property_read_u32(fwnode, "snps,perfect-filter-entries", 92 &plat->unicast_filter_entries)) 93 plat->unicast_filter_entries = 1; 94 95 if (fwnode_property_read_u32(fwnode, "tx-fifo-depth", 96 &plat->tx_fifo_size)) 97 plat->tx_fifo_size = 0x1000; 98 99 if (fwnode_property_read_u32(fwnode, "rx-fifo-depth", 100 &plat->rx_fifo_size)) 101 plat->rx_fifo_size = 0x1000; 102 103 if (phytium_dwmac_acpi_phy(plat, fwnode, &pdev->dev)) 104 return -ENODEV; 105 106 plat->rx_queues_to_use = 1; 107 plat->tx_queues_to_use = 1; 108 plat->rx_queues_cfg[0].mode_to_use = MTL_QUEUE_DCB; 109 plat->tx_queues_cfg[0].mode_to_use = MTL_QUEUE_DCB; 110 111 if (fwnode_property_read_u64(fwnode, "clock-frequency", &clk_freq)) 112 clk_freq = 125000000; 113 114 /* Set system clock */ 115 snprintf(clk_name, sizeof(clk_name), "%s-%d", "stmmaceth", 116 plat->bus_id); 117 118 plat->stmmac_clk = clk_register_fixed_rate(&pdev->dev, clk_name, 119 NULL, 0, clk_freq); 120 if (IS_ERR(plat->stmmac_clk)) { 121 dev_warn(&pdev->dev, "Fail to register stmmac-clk\n"); 122 plat->stmmac_clk = NULL; 123 } 124 125 ret = clk_prepare_enable(plat->stmmac_clk); 126 if (ret) { 127 clk_unregister_fixed_rate(plat->stmmac_clk); 128 return ret; 129 } 130 131 plat->clk_ptp_rate = clk_get_rate(plat->stmmac_clk); 132 plat->clk_ptp_ref = NULL; 133 134 if (fwnode_property_read_u32(fwnode, "snps,pbl", &plat->dma_cfg->pbl)) 135 plat->dma_cfg->pbl = 16; 136 137 fwnode_property_read_u32(fwnode, "snps,txpbl", &plat->dma_cfg->txpbl); 138 fwnode_property_read_u32(fwnode, "snps,rxpbl", &plat->dma_cfg->rxpbl); 139 140 plat->dma_cfg->pblx8 = !fwnode_property_read_bool(fwnode, 141 "snps,no-pbl-x8"); 142 plat->dma_cfg->aal = fwnode_property_read_bool(fwnode, "snps,aal"); 143 plat->dma_cfg->fixed_burst = fwnode_property_read_bool(fwnode, 144 "snps,fixed-burst"); 145 plat->dma_cfg->mixed_burst = fwnode_property_read_bool(fwnode, 146 "snps,mixed-burst"); 147 148 plat->axi->axi_lpi_en = false; 149 plat->axi->axi_xit_frm = false; 150 plat->axi->axi_wr_osr_lmt = 7; 151 plat->axi->axi_rd_osr_lmt = 7; 152 plat->axi->axi_blen[0] = 16; 153 154 memset(&stmmac_res, 0, sizeof(stmmac_res)); 155 res = platform_get_resource(pdev, IORESOURCE_MEM, 0); 156 stmmac_res.addr = devm_ioremap_resource(&pdev->dev, res); 157 if (stmmac_res.addr < 0) { 158 dev_err(&pdev->dev, "resource map failed.\n"); > 159 return stmmac_res.addr; 160 } 161 stmmac_res.irq = platform_get_irq(pdev, 0); 162 if (stmmac_res.irq < 0) { 163 dev_err(&pdev->dev, "IRQ not found.\n"); 164 return -ENXIO; 165 } 166 stmmac_res.wol_irq = stmmac_res.irq; 167 stmmac_res.lpi_irq = -1; 168 169 return stmmac_dvr_probe(&pdev->dev, plat, &stmmac_res); 170 } 171 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-6.6] bpftool: Fix undefined behavior in qsort(NULL, 0, ...)
by Xiaomeng Zhang 04 Nov '24

04 Nov '24

From: Kuan-Wei Chiu <visitorckw(a)gmail.com> stable inclusion from stable-v6.6.55 commit c2d9f9a7837ab29ccae0c42252f17d436bf0a501 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IB0R30 CVE: CVE-2024-49987 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit f04e2ad394e2755d0bb2d858ecb5598718bf00d5 ] When netfilter has no entry to display, qsort is called with qsort(NULL, 0, ...). This results in undefined behavior, as UBSan reports: net.c:827:2: runtime error: null pointer passed as argument 1, which is declared to never be null Although the C standard does not explicitly state whether calling qsort with a NULL pointer when the size is 0 constitutes undefined behavior, Section 7.1.4 of the C standard (Use of library functions) mentions: "Each of the following statements applies unless explicitly stated otherwise in the detailed descriptions that follow: If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined." To avoid this, add an early return when nf_link_info is NULL to prevent calling qsort with a NULL pointer. Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Reviewed-by: Quentin Monnet <qmo(a)kernel.org> Link: https://lore.kernel.org/bpf/20240910150207.3179306-1-visitorckw@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Xiaomeng Zhang <zhangxiaomeng13(a)huawei.com> --- tools/bpf/bpftool/net.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/bpf/bpftool/net.c b/tools/bpf/bpftool/net.c index 66a8ce8ae012..bd4e66d514f1 100644 --- a/tools/bpf/bpftool/net.c +++ b/tools/bpf/bpftool/net.c @@ -819,6 +819,9 @@ static void show_link_netfilter(void) nf_link_count++; } + if (!nf_link_info) + return; + qsort(nf_link_info, nf_link_count, sizeof(*nf_link_info), netfilter_link_compar); for (id = 0; id < nf_link_count; id++) { -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] f2fs: get rid of online repaire on corrupted directory
by Long Li 04 Nov '24

04 Nov '24

From: Chao Yu <chao(a)kernel.org> stable inclusion from stable-v5.15.167 commit e8d64f598eeb079c42a52deaa3a91312c736a49d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYPKA CVE: CVE-2024-47690 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… -------------------------------- [ Upstream commit 884ee6dc85b959bc152f15bca80c30f06069e6c4 ] syzbot reports a f2fs bug as below: kernel BUG at fs/f2fs/inode.c:896! RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Call Trace: evict+0x532/0x950 fs/inode.c:704 dispose_list fs/inode.c:747 [inline] evict_inodes+0x5f9/0x690 fs/inode.c:797 generic_shutdown_super+0x9d/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1696 kill_f2fs_super+0x344/0x690 fs/f2fs/super.c:4898 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373 task_work_run+0x24f/0x310 kernel/task_work.c:228 ptrace_notify+0x2d2/0x380 kernel/signal.c:2402 ptrace_report_syscall include/linux/ptrace.h:415 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline] syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173 syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline] syscall_exit_to_user_mode+0x279/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Online repaire on corrupted directory in f2fs_lookup() can generate dirty data/meta while racing w/ readonly remount, it may leave dirty inode after filesystem becomes readonly, however, checkpoint() will skips flushing dirty inode in a state of readonly mode, result in above panic. Let's get rid of online repaire in f2fs_lookup(), and leave the work to fsck.f2fs. Fixes: 510022a85839 ("f2fs: add F2FS_INLINE_DOTS to recover missing dot dentries") Reported-by: syzbot+ebea2790904673d7c618(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000a7b20f061ff2d56a@google.com Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: fs/f2fs/f2fs.h fs/f2fs/namei.c include/linux/f2fs_fs.h [0cab715836db ("f2fs: introduce F2FS_IPU_HONOR_OPU_WRITE ipu policy")] Signed-off-by: Long Li <leo.lilong(a)huawei.com> --- fs/f2fs/f2fs.h | 11 -------- fs/f2fs/namei.c | 62 ----------------------------------------- include/linux/f2fs_fs.h | 2 +- 3 files changed, 1 insertion(+), 74 deletions(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 92365c41d959..3e3aada804dc 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -672,7 +672,6 @@ enum { FI_FIRST_BLOCK_WRITTEN, /* indicate #0 data block was written */ FI_DROP_CACHE, /* drop dirty page cache */ FI_DATA_EXIST, /* indicate data exists */ - FI_INLINE_DOTS, /* indicate inline dot dentries */ FI_DO_DEFRAG, /* indicate defragment is running */ FI_DIRTY_FILE, /* indicate regular/symlink has dirty pages */ FI_NO_PREALLOC, /* indicate skipped preallocated blocks */ @@ -2630,7 +2629,6 @@ static inline void __mark_inode_dirty_flag(struct inode *inode, return; fallthrough; case FI_DATA_EXIST: - case FI_INLINE_DOTS: case FI_PIN_FILE: f2fs_mark_inode_dirty_sync(inode, true); } @@ -2747,8 +2745,6 @@ static inline void get_inline_info(struct inode *inode, struct f2fs_inode *ri) set_bit(FI_INLINE_DENTRY, fi->flags); if (ri->i_inline & F2FS_DATA_EXIST) set_bit(FI_DATA_EXIST, fi->flags); - if (ri->i_inline & F2FS_INLINE_DOTS) - set_bit(FI_INLINE_DOTS, fi->flags); if (ri->i_inline & F2FS_EXTRA_ATTR) set_bit(FI_EXTRA_ATTR, fi->flags); if (ri->i_inline & F2FS_PIN_FILE) @@ -2767,8 +2763,6 @@ static inline void set_raw_inline(struct inode *inode, struct f2fs_inode *ri) ri->i_inline |= F2FS_INLINE_DENTRY; if (is_inode_flag_set(inode, FI_DATA_EXIST)) ri->i_inline |= F2FS_DATA_EXIST; - if (is_inode_flag_set(inode, FI_INLINE_DOTS)) - ri->i_inline |= F2FS_INLINE_DOTS; if (is_inode_flag_set(inode, FI_EXTRA_ATTR)) ri->i_inline |= F2FS_EXTRA_ATTR; if (is_inode_flag_set(inode, FI_PIN_FILE)) @@ -2833,11 +2827,6 @@ static inline int f2fs_exist_data(struct inode *inode) return is_inode_flag_set(inode, FI_DATA_EXIST); } -static inline int f2fs_has_inline_dots(struct inode *inode) -{ - return is_inode_flag_set(inode, FI_INLINE_DOTS); -} - static inline int f2fs_is_mmap_file(struct inode *inode) { return is_inode_flag_set(inode, FI_MMAP_FILE); diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c index 72b109685db4..d02d0bd99d46 100644 --- a/fs/f2fs/namei.c +++ b/fs/f2fs/namei.c @@ -440,56 +440,6 @@ struct dentry *f2fs_get_parent(struct dentry *child) return d_obtain_alias(f2fs_iget(child->d_sb, ino)); } -static int __recover_dot_dentries(struct inode *dir, nid_t pino) -{ - struct f2fs_sb_info *sbi = F2FS_I_SB(dir); - struct qstr dot = QSTR_INIT(".", 1); - struct qstr dotdot = QSTR_INIT("..", 2); - struct f2fs_dir_entry *de; - struct page *page; - int err = 0; - - if (f2fs_readonly(sbi->sb)) { - f2fs_info(sbi, "skip recovering inline_dots inode (ino:%lu, pino:%u) in readonly mountpoint", - dir->i_ino, pino); - return 0; - } - - err = dquot_initialize(dir); - if (err) - return err; - - f2fs_balance_fs(sbi, true); - - f2fs_lock_op(sbi); - - de = f2fs_find_entry(dir, &dot, &page); - if (de) { - f2fs_put_page(page, 0); - } else if (IS_ERR(page)) { - err = PTR_ERR(page); - goto out; - } else { - err = f2fs_do_add_link(dir, &dot, NULL, dir->i_ino, S_IFDIR); - if (err) - goto out; - } - - de = f2fs_find_entry(dir, &dotdot, &page); - if (de) - f2fs_put_page(page, 0); - else if (IS_ERR(page)) - err = PTR_ERR(page); - else - err = f2fs_do_add_link(dir, &dotdot, NULL, pino, S_IFDIR); -out: - if (!err) - clear_inode_flag(dir, FI_INLINE_DOTS); - - f2fs_unlock_op(sbi); - return err; -} - static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags) { @@ -499,7 +449,6 @@ static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry, struct dentry *new; nid_t ino = -1; int err = 0; - unsigned int root_ino = F2FS_ROOT_INO(F2FS_I_SB(dir)); struct f2fs_filename fname; trace_f2fs_lookup_start(dir, dentry, flags); @@ -535,17 +484,6 @@ static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry, goto out; } - if ((dir->i_ino == root_ino) && f2fs_has_inline_dots(dir)) { - err = __recover_dot_dentries(dir, root_ino); - if (err) - goto out_iput; - } - - if (f2fs_has_inline_dots(inode)) { - err = __recover_dot_dentries(inode, dir->i_ino); - if (err) - goto out_iput; - } if (IS_ENCRYPTED(dir) && (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) && !fscrypt_has_permitted_context(dir, inode)) { diff --git a/include/linux/f2fs_fs.h b/include/linux/f2fs_fs.h index a5dbb57a687f..d2e4ace2fe64 100644 --- a/include/linux/f2fs_fs.h +++ b/include/linux/f2fs_fs.h @@ -226,7 +226,7 @@ struct f2fs_extent { #define F2FS_INLINE_DATA 0x02 /* file inline data flag */ #define F2FS_INLINE_DENTRY 0x04 /* file inline dentry flag */ #define F2FS_DATA_EXIST 0x08 /* file inline data exist flag */ -#define F2FS_INLINE_DOTS 0x10 /* file having implicit dot dentries */ +#define F2FS_INLINE_DOTS 0x10 /* file having implicit dot dentries (obsolete) */ #define F2FS_EXTRA_ATTR 0x20 /* file having extra attribute */ #define F2FS_PIN_FILE 0x40 /* file should not be gced */ -- 2.39.2

2 1

[PATCH OLK-5.10] f2fs: get rid of online repaire on corrupted directory
by Long Li 04 Nov '24

04 Nov '24

From: Chao Yu <chao(a)kernel.org> stable inclusion from stable-v5.15.167 commit e8d64f598eeb079c42a52deaa3a91312c736a49d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYPKA CVE: CVE-2024-47690 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… -------------------------------- [ Upstream commit 884ee6dc85b959bc152f15bca80c30f06069e6c4 ] syzbot reports a f2fs bug as below: kernel BUG at fs/f2fs/inode.c:896! RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Call Trace: evict+0x532/0x950 fs/inode.c:704 dispose_list fs/inode.c:747 [inline] evict_inodes+0x5f9/0x690 fs/inode.c:797 generic_shutdown_super+0x9d/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1696 kill_f2fs_super+0x344/0x690 fs/f2fs/super.c:4898 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373 task_work_run+0x24f/0x310 kernel/task_work.c:228 ptrace_notify+0x2d2/0x380 kernel/signal.c:2402 ptrace_report_syscall include/linux/ptrace.h:415 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline] syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173 syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline] syscall_exit_to_user_mode+0x279/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Online repaire on corrupted directory in f2fs_lookup() can generate dirty data/meta while racing w/ readonly remount, it may leave dirty inode after filesystem becomes readonly, however, checkpoint() will skips flushing dirty inode in a state of readonly mode, result in above panic. Let's get rid of online repaire in f2fs_lookup(), and leave the work to fsck.f2fs. Fixes: 510022a85839 ("f2fs: add F2FS_INLINE_DOTS to recover missing dot dentries") Reported-by: syzbot+ebea2790904673d7c618(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000a7b20f061ff2d56a@google.com Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: fs/f2fs/f2fs.h fs/f2fs/namei.c include/linux/f2fs_fs.h [0cab715836db ("f2fs: introduce F2FS_IPU_HONOR_OPU_WRITE ipu policy")] Signed-off-by: Long Li <leo.lilong(a)huawei.com> --- fs/f2fs/f2fs.h | 11 -------- fs/f2fs/namei.c | 62 ----------------------------------------- include/linux/f2fs_fs.h | 2 +- 3 files changed, 1 insertion(+), 74 deletions(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 6bcd3f875207..49e74f45a5cd 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -672,7 +672,6 @@ enum { FI_FIRST_BLOCK_WRITTEN, /* indicate #0 data block was written */ FI_DROP_CACHE, /* drop dirty page cache */ FI_DATA_EXIST, /* indicate data exists */ - FI_INLINE_DOTS, /* indicate inline dot dentries */ FI_DO_DEFRAG, /* indicate defragment is running */ FI_DIRTY_FILE, /* indicate regular/symlink has dirty pages */ FI_NO_PREALLOC, /* indicate skipped preallocated blocks */ @@ -2632,7 +2631,6 @@ static inline void __mark_inode_dirty_flag(struct inode *inode, return; fallthrough; case FI_DATA_EXIST: - case FI_INLINE_DOTS: case FI_PIN_FILE: f2fs_mark_inode_dirty_sync(inode, true); } @@ -2749,8 +2747,6 @@ static inline void get_inline_info(struct inode *inode, struct f2fs_inode *ri) set_bit(FI_INLINE_DENTRY, fi->flags); if (ri->i_inline & F2FS_DATA_EXIST) set_bit(FI_DATA_EXIST, fi->flags); - if (ri->i_inline & F2FS_INLINE_DOTS) - set_bit(FI_INLINE_DOTS, fi->flags); if (ri->i_inline & F2FS_EXTRA_ATTR) set_bit(FI_EXTRA_ATTR, fi->flags); if (ri->i_inline & F2FS_PIN_FILE) @@ -2769,8 +2765,6 @@ static inline void set_raw_inline(struct inode *inode, struct f2fs_inode *ri) ri->i_inline |= F2FS_INLINE_DENTRY; if (is_inode_flag_set(inode, FI_DATA_EXIST)) ri->i_inline |= F2FS_DATA_EXIST; - if (is_inode_flag_set(inode, FI_INLINE_DOTS)) - ri->i_inline |= F2FS_INLINE_DOTS; if (is_inode_flag_set(inode, FI_EXTRA_ATTR)) ri->i_inline |= F2FS_EXTRA_ATTR; if (is_inode_flag_set(inode, FI_PIN_FILE)) @@ -2835,11 +2829,6 @@ static inline int f2fs_exist_data(struct inode *inode) return is_inode_flag_set(inode, FI_DATA_EXIST); } -static inline int f2fs_has_inline_dots(struct inode *inode) -{ - return is_inode_flag_set(inode, FI_INLINE_DOTS); -} - static inline int f2fs_is_mmap_file(struct inode *inode) { return is_inode_flag_set(inode, FI_MMAP_FILE); diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c index 99e4ec48d2a4..4c5a39a5d6be 100644 --- a/fs/f2fs/namei.c +++ b/fs/f2fs/namei.c @@ -440,56 +440,6 @@ struct dentry *f2fs_get_parent(struct dentry *child) return d_obtain_alias(f2fs_iget(child->d_sb, ino)); } -static int __recover_dot_dentries(struct inode *dir, nid_t pino) -{ - struct f2fs_sb_info *sbi = F2FS_I_SB(dir); - struct qstr dot = QSTR_INIT(".", 1); - struct qstr dotdot = QSTR_INIT("..", 2); - struct f2fs_dir_entry *de; - struct page *page; - int err = 0; - - if (f2fs_readonly(sbi->sb)) { - f2fs_info(sbi, "skip recovering inline_dots inode (ino:%lu, pino:%u) in readonly mountpoint", - dir->i_ino, pino); - return 0; - } - - err = dquot_initialize(dir); - if (err) - return err; - - f2fs_balance_fs(sbi, true); - - f2fs_lock_op(sbi); - - de = f2fs_find_entry(dir, &dot, &page); - if (de) { - f2fs_put_page(page, 0); - } else if (IS_ERR(page)) { - err = PTR_ERR(page); - goto out; - } else { - err = f2fs_do_add_link(dir, &dot, NULL, dir->i_ino, S_IFDIR); - if (err) - goto out; - } - - de = f2fs_find_entry(dir, &dotdot, &page); - if (de) - f2fs_put_page(page, 0); - else if (IS_ERR(page)) - err = PTR_ERR(page); - else - err = f2fs_do_add_link(dir, &dotdot, NULL, pino, S_IFDIR); -out: - if (!err) - clear_inode_flag(dir, FI_INLINE_DOTS); - - f2fs_unlock_op(sbi); - return err; -} - static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags) { @@ -499,7 +449,6 @@ static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry, struct dentry *new; nid_t ino = -1; int err = 0; - unsigned int root_ino = F2FS_ROOT_INO(F2FS_I_SB(dir)); struct f2fs_filename fname; trace_f2fs_lookup_start(dir, dentry, flags); @@ -535,17 +484,6 @@ static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry, goto out; } - if ((dir->i_ino == root_ino) && f2fs_has_inline_dots(dir)) { - err = __recover_dot_dentries(dir, root_ino); - if (err) - goto out_iput; - } - - if (f2fs_has_inline_dots(inode)) { - err = __recover_dot_dentries(inode, dir->i_ino); - if (err) - goto out_iput; - } if (IS_ENCRYPTED(dir) && (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) && !fscrypt_has_permitted_context(dir, inode)) { diff --git a/include/linux/f2fs_fs.h b/include/linux/f2fs_fs.h index 7fd4bea6be64..9e377f158e6c 100644 --- a/include/linux/f2fs_fs.h +++ b/include/linux/f2fs_fs.h @@ -227,7 +227,7 @@ struct f2fs_extent { #define F2FS_INLINE_DATA 0x02 /* file inline data flag */ #define F2FS_INLINE_DENTRY 0x04 /* file inline dentry flag */ #define F2FS_DATA_EXIST 0x08 /* file inline data exist flag */ -#define F2FS_INLINE_DOTS 0x10 /* file having implicit dot dentries */ +#define F2FS_INLINE_DOTS 0x10 /* file having implicit dot dentries (obsolete) */ #define F2FS_EXTRA_ATTR 0x20 /* file having extra attribute */ #define F2FS_PIN_FILE 0x40 /* file should not be gced */ -- 2.39.2

2 1

[openeuler:openEuler-1.0-LTS 1231/1231] arch/arm64/kernel/mpam/mpam_ctrlmon.c:300: warning: Function parameter or member 's' not described in 'show_doms'
by kernel test robot 04 Nov '24

04 Nov '24

tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: d9cf86e2fe8e5c014fd3e46c31f3415549ab813f commit: 7243df9bf3ab4130b2c8f5dfa9a620afc964cc72 [1231/1231] arm64/mpam: resctrl: Write and read schemata by schema_list config: arm64-randconfig-001-20241029 (https://download.01.org/0day-ci/archive/20241104/202411041549.sgcRhuo9-lkp@…) compiler: aarch64-linux-gcc (GCC) 14.1.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241104/202411041549.sgcRhuo9-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202411041549.sgcRhuo9-lkp@intel.com/ All warnings (new ones prefixed by >>): >> arch/arm64/kernel/mpam/mpam_ctrlmon.c:300: warning: Function parameter or member 's' not described in 'show_doms' >> arch/arm64/kernel/mpam/mpam_ctrlmon.c:300: warning: Function parameter or member 'r' not described in 'show_doms' >> arch/arm64/kernel/mpam/mpam_ctrlmon.c:300: warning: Function parameter or member 'schema_name' not described in 'show_doms' arch/arm64/kernel/mpam/mpam_ctrlmon.c:300: warning: Function parameter or member 'partid' not described in 'show_doms' vim +300 arch/arm64/kernel/mpam/mpam_ctrlmon.c 1abcabe9dab59ec arch/arm64/kernel/mpam_ctrlmon.c Yang Yingliang 2019-01-30 287 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 288 /** 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 289 * MPAM resources such as L2 may have too many domains for arm64, 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 290 * at this time we should rearrange this display for brevity and 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 291 * harmonious interaction. 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 292 * 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 293 * Before rearrangement: L2:0=ff;1=ff;2=fc;3=ff;4=f;....;255=ff 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 294 * After rearrangement: L2:S;2=fc;S;4=f;S 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 295 * Those continuous fully sharable domains will be combined into 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 296 * a single "S" simply. 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 297 */ 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 298 static void show_doms(struct seq_file *s, struct resctrl_resource *r, 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 299 char *schema_name, int partid) be2167d2a188dc2 arch/arm64/kernel/mpam_ctrlmon.c Xie XiuQi 2019-01-29 @300 { 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 301 struct raw_resctrl_resource *rr = r->res; be2167d2a188dc2 arch/arm64/kernel/mpam_ctrlmon.c Xie XiuQi 2019-01-29 302 struct rdt_domain *dom; be2167d2a188dc2 arch/arm64/kernel/mpam_ctrlmon.c Xie XiuQi 2019-01-29 303 bool sep = false; 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 304 bool rg = false; 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 305 bool prev_auto_fill = false; 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 306 u32 reg_val; 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 307 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 308 if (r->dom_num > RESCTRL_SHOW_DOM_MAX_NUM) 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 309 rg = true; be2167d2a188dc2 arch/arm64/kernel/mpam_ctrlmon.c Xie XiuQi 2019-01-29 310 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 311 seq_printf(s, "%*s:", max_name_width, schema_name); be2167d2a188dc2 arch/arm64/kernel/mpam_ctrlmon.c Xie XiuQi 2019-01-29 312 list_for_each_entry(dom, &r->domains, list) { 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 313 reg_val = rr->msr_read(dom, partid); 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 314 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 315 if (rg && reg_val == r->default_ctrl && 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 316 prev_auto_fill == true) 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 317 continue; 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 318 be2167d2a188dc2 arch/arm64/kernel/mpam_ctrlmon.c Xie XiuQi 2019-01-29 319 if (sep) be2167d2a188dc2 arch/arm64/kernel/mpam_ctrlmon.c Xie XiuQi 2019-01-29 320 seq_puts(s, ";"); 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 321 if (rg && reg_val == r->default_ctrl) { 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 322 prev_auto_fill = true; 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 323 seq_puts(s, "S"); 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 324 } else { 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 325 seq_printf(s, rr->format_str, dom->id, 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 326 max_data_width, reg_val); 7243df9bf3ab413 arch/arm64/kernel/mpam/mpam_ctrlmon.c Wang ShaoBo 2021-02-24 327 } be2167d2a188dc2 arch/arm64/kernel/mpam_ctrlmon.c Xie XiuQi 2019-01-29 328 sep = true; be2167d2a188dc2 arch/arm64/kernel/mpam_ctrlmon.c Xie XiuQi 2019-01-29 329 } be2167d2a188dc2 arch/arm64/kernel/mpam_ctrlmon.c Xie XiuQi 2019-01-29 330 seq_puts(s, "\n"); be2167d2a188dc2 arch/arm64/kernel/mpam_ctrlmon.c Xie XiuQi 2019-01-29 331 } be2167d2a188dc2 arch/arm64/kernel/mpam_ctrlmon.c Xie XiuQi 2019-01-29 332 :::::: The code at line 300 was first introduced by commit :::::: be2167d2a188dc20648fa10c2c5ccd56ba579533 arm64/mpam: support resctrl_group_schemata_show :::::: TO: Xie XiuQi <xiexiuqi(a)huawei.com> :::::: CC: Xie XiuQi <xiexiuqi(a)huawei.com> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-1.0-LTS] net: fix crash when config small gso_max_size/gso_ipv4_max_size
by Wang Liang 04 Nov '24

04 Nov '24

mainline inclusion from mainline-v6.12-rc6 commit 9ab5cf19fb0e4680f95e506d6c544259bf1111c4 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAY2B4 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk_gso_max_size would be much bigger than device limits. Call Trace: tcp_write_xmit tso_segs = tcp_init_tso_segs(skb, mss_now); tcp_set_skb_tso_segs tcp_skb_pcount_set // skb->len = 524288, mss_now = 8 // u16 tso_segs = 524288/8 = 65535 -> 0 tso_segs = DIV_ROUND_UP(skb->len, mss_now) BUG_ON(!tso_segs) Add check for the minimum value of gso_max_size and gso_ipv4_max_size. Fixes: 46e6b992c250 ("rtnetlink: allow GSO maximums to be set on device creation") Conflicts: net/core/rtnetlink.c [conflicts due to not mergered 3e48be05f3c7 ("netlink: add attribute range validation to policy"), conflicts due to not mergered 9eefedd58ae1 ("net: add gso_ipv4_max_size and gro_ipv4_max_size per device")] Signed-off-by: Wang Liang <wangliang74(a)huawei.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Link: https://patch.msgid.link/20241023035213.517386-1-wangliang74@huawei.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- net/core/rtnetlink.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 9209623ab644..c66f60941e5b 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -2072,6 +2072,11 @@ static int validate_linkmsg(struct net_device *dev, struct nlattr *tb[]) if (tb[IFLA_BROADCAST] && nla_len(tb[IFLA_BROADCAST]) < dev->addr_len) return -EINVAL; + + if (tb[IFLA_GSO_MAX_SIZE] && + (nla_get_u32(tb[IFLA_GSO_MAX_SIZE]) < MAX_TCP_HEADER + 1)) { + return -EINVAL; + } } if (tb[IFLA_AF_SPEC]) { -- 2.34.1

2 1

[PATCH OLK-5.10] drm/amd/display: Check BIOS images before it is used
by Kaixiong Yu 04 Nov '24

04 Nov '24

From: Alex Hung <alex.hung(a)amd.com> stable inclusion from stable-v6.6.50 commit e50bec62acaeec03afc6fa5dfb2426e52d049cf5 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAU9OU CVE: CVE-2024-46809 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c ] BIOS images may fail to load and null checks are added before they are used. This fixes 6 NULL_RETURNS issues reported by Coverity. Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Conflicts: drivers/gpu/drm/amd/display/dc/bios/bios_parser.c [Because OLK-5.10 did not merge the mainline commit bd3fe587f898 ("drm/amdgpu: Replace one-elements array with flex-array members")] Signed-off-by: Kaixiong Yu <yukaixiong(a)huawei.com> --- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c index ad394aefa5d9..cd485b1350eb 100644 --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c @@ -664,6 +664,9 @@ static enum bp_result get_ss_info_v3_1( ss_table_header_include = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V3, DATA_TABLES(ASIC_InternalSS_Info)); + if (!ss_table_header_include) + return BP_RESULT_UNSUPPORTED; + table_size = (le16_to_cpu(ss_table_header_include->sHeader.usStructureSize) - sizeof(ATOM_COMMON_TABLE_HEADER)) @@ -1030,6 +1033,8 @@ static enum bp_result get_ss_info_from_internal_ss_info_tbl_V2_1( header = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V2, DATA_TABLES(ASIC_InternalSS_Info)); + if (!header) + return result; memset(info, 0, sizeof(struct spread_spectrum_info)); @@ -1102,6 +1107,8 @@ static enum bp_result get_ss_info_from_ss_info_table( get_atom_data_table_revision(header, &revision); tbl = GET_IMAGE(ATOM_SPREAD_SPECTRUM_INFO, DATA_TABLES(SS_Info)); + if (!tbl) + return result; if (1 != revision.major || 2 > revision.minor) return result; @@ -1634,6 +1641,8 @@ static uint32_t get_ss_entry_number_from_ss_info_tbl( tbl = GET_IMAGE(ATOM_SPREAD_SPECTRUM_INFO, DATA_TABLES(SS_Info)); + if (!tbl) + return number; if (1 != revision.major || 2 > revision.minor) return number; @@ -1712,6 +1721,8 @@ static uint32_t get_ss_entry_number_from_internal_ss_info_tbl_v2_1( header_include = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V2, DATA_TABLES(ASIC_InternalSS_Info)); + if (!header_include) + return 0; size = (le16_to_cpu(header_include->sHeader.usStructureSize) - sizeof(ATOM_COMMON_TABLE_HEADER)) @@ -1748,6 +1759,9 @@ static uint32_t get_ss_entry_number_from_internal_ss_info_tbl_V3_1( header_include = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V3, DATA_TABLES(ASIC_InternalSS_Info)); + if (!header_include) + return number; + size = (le16_to_cpu(header_include->sHeader.usStructureSize) - sizeof(ATOM_COMMON_TABLE_HEADER)) / sizeof(ATOM_ASIC_SS_ASSIGNMENT_V3); -- 2.34.1

2 3

[PATCH OLK-6.6] igb: Do not bring the device up after non-fatal error
by Kaixiong Yu 04 Nov '24

04 Nov '24

From: Mohamed Khalfella <mkhalfella(a)purestorage.com> stable inclusion from stable-v6.6.57 commit 57c5053eaa5f9a8a99e34732e37a86615318e464 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRF1 CVE: CVE-2024-50040 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 330a699ecbfc9c26ec92c6310686da1230b4e7eb ] Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal") changed igb_io_error_detected() to ignore non-fatal pcie errors in order to avoid hung task that can happen when igb_down() is called multiple times. This caused an issue when processing transient non-fatal errors. igb_io_resume(), which is called after igb_io_error_detected(), assumes that device is brought down by igb_io_error_detected() if the interface is up. This resulted in panic with stacktrace below. [ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down [ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0 [ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID) [ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000 [ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000 [ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message [ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported. [ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message [ T292] pcieport 0000:00:1c.5: AER: broadcast resume message [ T292] ------------[ cut here ]------------ [ T292] kernel BUG at net/core/dev.c:6539! [ T292] invalid opcode: 0000 [#1] PREEMPT SMP [ T292] RIP: 0010:napi_enable+0x37/0x40 [ T292] Call Trace: [ T292] <TASK> [ T292] ? die+0x33/0x90 [ T292] ? do_trap+0xdc/0x110 [ T292] ? napi_enable+0x37/0x40 [ T292] ? do_error_trap+0x70/0xb0 [ T292] ? napi_enable+0x37/0x40 [ T292] ? napi_enable+0x37/0x40 [ T292] ? exc_invalid_op+0x4e/0x70 [ T292] ? napi_enable+0x37/0x40 [ T292] ? asm_exc_invalid_op+0x16/0x20 [ T292] ? napi_enable+0x37/0x40 [ T292] igb_up+0x41/0x150 [ T292] igb_io_resume+0x25/0x70 [ T292] report_resume+0x54/0x70 [ T292] ? report_frozen_detected+0x20/0x20 [ T292] pci_walk_bus+0x6c/0x90 [ T292] ? aer_print_port_info+0xa0/0xa0 [ T292] pcie_do_recovery+0x22f/0x380 [ T292] aer_process_err_devices+0x110/0x160 [ T292] aer_isr+0x1c1/0x1e0 [ T292] ? disable_irq_nosync+0x10/0x10 [ T292] irq_thread_fn+0x1a/0x60 [ T292] irq_thread+0xe3/0x1a0 [ T292] ? irq_set_affinity_notifier+0x120/0x120 [ T292] ? irq_affinity_notify+0x100/0x100 [ T292] kthread+0xe2/0x110 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork+0x2d/0x50 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork_asm+0x11/0x20 [ T292] </TASK> To fix this issue igb_io_resume() checks if the interface is running and the device is not down this means igb_io_error_detected() did not bring the device down and there is no need to bring it up. Signed-off-by: Mohamed Khalfella <mkhalfella(a)purestorage.com> Reviewed-by: Yuanyuan Zhong <yzhong(a)purestorage.com> Fixes: 004d25060c78 ("igb: Fix igb_down hung on surprise removal") Reviewed-by: Simon Horman <horms(a)kernel.org> Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha(a)intel.com> (A Contingent worker at Intel) Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Kaixiong Yu <yukaixiong(a)huawei.com> --- drivers/net/ethernet/intel/igb/igb_main.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c index 986bcbf0a6ab..49b349fa2254 100644 --- a/drivers/net/ethernet/intel/igb/igb_main.c +++ b/drivers/net/ethernet/intel/igb/igb_main.c @@ -9672,6 +9672,10 @@ static void igb_io_resume(struct pci_dev *pdev) struct igb_adapter *adapter = netdev_priv(netdev); if (netif_running(netdev)) { + if (!test_bit(__IGB_DOWN, &adapter->state)) { + dev_dbg(&pdev->dev, "Resuming from non-fatal error, do nothing.\n"); + return; + } if (igb_up(adapter)) { dev_err(&pdev->dev, "igb_up failed after reset\n"); return; -- 2.34.1

2 1

[PATCH OLK-5.10] igb: Do not bring the device up after non-fatal error
by Kaixiong Yu 04 Nov '24

04 Nov '24

From: Mohamed Khalfella <mkhalfella(a)purestorage.com> stable inclusion from stable-v5.10.227 commit d79af3af2f49c6aae9add3d492c04d60c1b85ce4 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRF1 CVE: CVE-2024-50040 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 330a699ecbfc9c26ec92c6310686da1230b4e7eb ] Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal") changed igb_io_error_detected() to ignore non-fatal pcie errors in order to avoid hung task that can happen when igb_down() is called multiple times. This caused an issue when processing transient non-fatal errors. igb_io_resume(), which is called after igb_io_error_detected(), assumes that device is brought down by igb_io_error_detected() if the interface is up. This resulted in panic with stacktrace below. [ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down [ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0 [ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID) [ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000 [ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000 [ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message [ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported. [ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message [ T292] pcieport 0000:00:1c.5: AER: broadcast resume message [ T292] ------------[ cut here ]------------ [ T292] kernel BUG at net/core/dev.c:6539! [ T292] invalid opcode: 0000 [#1] PREEMPT SMP [ T292] RIP: 0010:napi_enable+0x37/0x40 [ T292] Call Trace: [ T292] <TASK> [ T292] ? die+0x33/0x90 [ T292] ? do_trap+0xdc/0x110 [ T292] ? napi_enable+0x37/0x40 [ T292] ? do_error_trap+0x70/0xb0 [ T292] ? napi_enable+0x37/0x40 [ T292] ? napi_enable+0x37/0x40 [ T292] ? exc_invalid_op+0x4e/0x70 [ T292] ? napi_enable+0x37/0x40 [ T292] ? asm_exc_invalid_op+0x16/0x20 [ T292] ? napi_enable+0x37/0x40 [ T292] igb_up+0x41/0x150 [ T292] igb_io_resume+0x25/0x70 [ T292] report_resume+0x54/0x70 [ T292] ? report_frozen_detected+0x20/0x20 [ T292] pci_walk_bus+0x6c/0x90 [ T292] ? aer_print_port_info+0xa0/0xa0 [ T292] pcie_do_recovery+0x22f/0x380 [ T292] aer_process_err_devices+0x110/0x160 [ T292] aer_isr+0x1c1/0x1e0 [ T292] ? disable_irq_nosync+0x10/0x10 [ T292] irq_thread_fn+0x1a/0x60 [ T292] irq_thread+0xe3/0x1a0 [ T292] ? irq_set_affinity_notifier+0x120/0x120 [ T292] ? irq_affinity_notify+0x100/0x100 [ T292] kthread+0xe2/0x110 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork+0x2d/0x50 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork_asm+0x11/0x20 [ T292] </TASK> To fix this issue igb_io_resume() checks if the interface is running and the device is not down this means igb_io_error_detected() did not bring the device down and there is no need to bring it up. Signed-off-by: Mohamed Khalfella <mkhalfella(a)purestorage.com> Reviewed-by: Yuanyuan Zhong <yzhong(a)purestorage.com> Fixes: 004d25060c78 ("igb: Fix igb_down hung on surprise removal") Reviewed-by: Simon Horman <horms(a)kernel.org> Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha(a)intel.com> (A Contingent worker at Intel) Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Kaixiong Yu <yukaixiong(a)huawei.com> --- drivers/net/ethernet/intel/igb/igb_main.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c index 1a3e07cf9162..16eaf3220f8b 100644 --- a/drivers/net/ethernet/intel/igb/igb_main.c +++ b/drivers/net/ethernet/intel/igb/igb_main.c @@ -9511,6 +9511,10 @@ static void igb_io_resume(struct pci_dev *pdev) struct igb_adapter *adapter = netdev_priv(netdev); if (netif_running(netdev)) { + if (!test_bit(__IGB_DOWN, &adapter->state)) { + dev_dbg(&pdev->dev, "Resuming from non-fatal error, do nothing.\n"); + return; + } if (igb_up(adapter)) { dev_err(&pdev->dev, "igb_up failed after reset\n"); return; -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
by Kaixiong Yu 04 Nov '24

04 Nov '24

From: Mark Brown <broonie(a)kernel.org> stable inclusion from stable-v5.10.160 commit 50b5f6d4d9d2d69a7498c44fd8b26e13d73d3d98 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6AVM6 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… CVE: CVE-2022-48951 -------------------------------- [ Upstream commit 97eea946b93961fffd29448dcda7398d0d51c4b2 ] The bounds checks in snd_soc_put_volsw_sx() are only being applied to the first channel, meaning it is possible to write out of bounds values to the second channel in stereo controls. Add appropriate checks. Signed-off-by: Mark Brown <broonie(a)kernel.org> Link: https://lore.kernel.org/r/20220511134137.169575-2-broonie@kernel.org Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Kaixiong Yu <yukaixiong(a)huawei.com> --- sound/soc/soc-ops.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c index 0f26d6c31ce5..49d22233d391 100644 --- a/sound/soc/soc-ops.c +++ b/sound/soc/soc-ops.c @@ -447,6 +447,12 @@ int snd_soc_put_volsw_sx(struct snd_kcontrol *kcontrol, if (snd_soc_volsw_is_stereo(mc)) { val_mask = mask << rshift; val2 = (ucontrol->value.integer.value[1] + min) & mask; + + if (mc->platform_max && val2 > mc->platform_max) + return -EINVAL; + if (val2 > max) + return -EINVAL; + val2 = val2 << rshift; err = snd_soc_component_update_bits(component, reg2, val_mask, -- 2.34.1

2 1