- Kernel - mailweb.openeuler.org

[PATCH openEuler-22.03-LTS-SP1] igb: Initialize mailbox message for VF reset
by Wang Liang 24 Dec '24

24 Dec '24

From: Tony Nguyen <anthony.l.nguyen(a)intel.com> stable inclusion from stable-v5.10.161 commit f2479c3daaabccbac6c343a737615d0c595c6dc4 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRIW CVE: CVE-2022-48949 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit de5dc44370fbd6b46bd7f1a1e00369be54a041c8 upstream. When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that information may be leaked to the VM. Initialize the message buffer to 0 so that no information is passed to the VM in this case. Fixes: 6ddbc4cf1f4d ("igb: Indicate failure on vf reset for empty mac address") Reported-by: Akihiko Odaki <akihiko.odaki(a)daynix.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> Reviewed-by: Akihiko Odaki <akihiko.odaki(a)daynix.com> Reviewed-by: Leon Romanovsky <leonro(a)nvidia.com> Link: https://lore.kernel.org/r/20221212190031.3983342-1-anthony.l.nguyen@intel.c… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Wang Liang <wangliang74(a)huawei.com> --- drivers/net/ethernet/intel/igb/igb_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c index 7edbad2558e0..f5521d5304c0 100644 --- a/drivers/net/ethernet/intel/igb/igb_main.c +++ b/drivers/net/ethernet/intel/igb/igb_main.c @@ -7407,7 +7407,7 @@ static void igb_vf_reset_msg(struct igb_adapter *adapter, u32 vf) { struct e1000_hw *hw = &adapter->hw; unsigned char *vf_mac = adapter->vf_data[vf].vf_mac_addresses; - u32 reg, msgbuf[3]; + u32 reg, msgbuf[3] = {}; u8 *addr = (u8 *)(&msgbuf[1]); /* process all the same items cleared in a function level reset */ -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] Bluetooth: Fix not cleanup led when bt_init fails
by Wang Liang 24 Dec '24

24 Dec '24

From: Chen Zhongjin <chenzhongjin(a)huawei.com> stable inclusion from stable-v5.10.159 commit e7b950458156d410509a08c41930b75e72985938 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRIP CVE: CVE-2022-48971 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 2f3957c7eb4e07df944169a3e50a4d6790e1c744 ] bt_init() calls bt_leds_init() to register led, but if it fails later, bt_leds_cleanup() is not called to unregister it. This can cause panic if the argument "bluetooth-power" in text is freed and then another led_trigger_register() tries to access it: BUG: unable to handle page fault for address: ffffffffc06d3bc0 RIP: 0010:strcmp+0xc/0x30 Call Trace: <TASK> led_trigger_register+0x10d/0x4f0 led_trigger_register_simple+0x7d/0x100 bt_init+0x39/0xf7 [bluetooth] do_one_initcall+0xd0/0x4e0 Fixes: e64c97b53bc6 ("Bluetooth: Add combined LED trigger for controller power") Signed-off-by: Chen Zhongjin <chenzhongjin(a)huawei.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Wang Liang <wangliang74(a)huawei.com> --- net/bluetooth/af_bluetooth.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c index b577e65a0c3e..14a917e70f3e 100644 --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c @@ -741,7 +741,7 @@ static int __init bt_init(void) err = bt_sysfs_init(); if (err < 0) - return err; + goto cleanup_led; err = sock_register(&bt_sock_family_ops); if (err) @@ -777,6 +777,8 @@ static int __init bt_init(void) sock_unregister(PF_BLUETOOTH); cleanup_sysfs: bt_sysfs_cleanup(); +cleanup_led: + bt_leds_cleanup(); return err; } -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] net: tun: Fix use-after-free in tun_detach()
by Wang Liang 24 Dec '24

24 Dec '24

From: Shigeru Yoshida <syoshida(a)redhat.com> stable inclusion from stable-v5.10.158 commit 5f442e1d403e0496bacb74a58e2be7f500695e6f category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRER CVE: CVE-2022-49014 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 5daadc86f27ea4d691e2131c04310d0418c6cd12 ] syzbot reported use-after-free in tun_detach() [1]. This causes call trace like below: ================================================================== BUG: KASAN: use-after-free in notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75 Read of size 8 at addr ffff88807324e2a8 by task syz-executor.0/3673 CPU: 0 PID: 3673 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller-00044-gcc675d22e422 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x15e/0x461 mm/kasan/report.c:395 kasan_report+0xbf/0x1f0 mm/kasan/report.c:495 notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75 call_netdevice_notifiers_info+0x86/0x130 net/core/dev.c:1942 call_netdevice_notifiers_extack net/core/dev.c:1983 [inline] call_netdevice_notifiers net/core/dev.c:1997 [inline] netdev_wait_allrefs_any net/core/dev.c:10237 [inline] netdev_run_todo+0xbc6/0x1100 net/core/dev.c:10351 tun_detach drivers/net/tun.c:704 [inline] tun_chr_close+0xe4/0x190 drivers/net/tun.c:3467 __fput+0x27c/0xa90 fs/file_table.c:320 task_work_run+0x16f/0x270 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xb3d/0x2a30 kernel/exit.c:820 do_group_exit+0xd4/0x2a0 kernel/exit.c:950 get_signal+0x21b1/0x2440 kernel/signal.c:2858 arch_do_signal_or_restart+0x86/0x2300 arch/x86/kernel/signal.c:869 exit_to_user_mode_loop kernel/entry/common.c:168 [inline] exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd The cause of the issue is that sock_put() from __tun_detach() drops last reference count for struct net, and then notifier_call_chain() from netdev_state_change() accesses that struct net. This patch fixes the issue by calling sock_put() from tun_detach() after all necessary accesses for the struct net has done. Fixes: 83c1f36f9880 ("tun: send netlink notification when the device is modified") Reported-by: syzbot+106f9b687cd64ee70cd1(a)syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?id=96eb7f1ce75ef933697f24eeab928c4a716ede… [1] Signed-off-by: Shigeru Yoshida <syoshida(a)redhat.com> Link: https://lore.kernel.org/r/20221124175134.1589053-1-syoshida@redhat.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Wang Liang <wangliang74(a)huawei.com> --- drivers/net/tun.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/tun.c b/drivers/net/tun.c index 98df0b4a3542..d8bb9f1fd916 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -698,7 +698,6 @@ static void __tun_detach(struct tun_file *tfile, bool clean) if (tun) xdp_rxq_info_unreg(&tfile->xdp_rxq); ptr_ring_cleanup(&tfile->tx_ring, tun_ptr_free); - sock_put(&tfile->sk); } } @@ -714,6 +713,9 @@ static void tun_detach(struct tun_file *tfile, bool clean) if (dev) netdev_state_change(dev); rtnl_unlock(); + + if (clean) + sock_put(&tfile->sk); } static void tun_detach_all(struct net_device *dev) -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] net: hsr: Fix potential use-after-free
by Wang Liang 24 Dec '24

24 Dec '24

From: YueHaibing <yuehaibing(a)huawei.com> stable inclusion from stable-v5.10.158 commit 7ca81a161e406834a1fdc405fc83a572bd14b8d9 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRJ1 CVE: CVE-2022-49015 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 7e177d32442b7ed08a9fa61b61724abc548cb248 ] The skb is delivered to netif_rx() which may free it, after calling this, dereferencing skb may trigger use-after-free. Fixes: f421436a591d ("net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0)") Signed-off-by: YueHaibing <yuehaibing(a)huawei.com> Link: https://lore.kernel.org/r/20221125075724.27912-1-yuehaibing@huawei.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Wang Liang <wangliang74(a)huawei.com> --- net/hsr/hsr_forward.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/hsr/hsr_forward.c b/net/hsr/hsr_forward.c index 4d1a2a48cf3f..860364e5df41 100644 --- a/net/hsr/hsr_forward.c +++ b/net/hsr/hsr_forward.c @@ -301,17 +301,18 @@ static void hsr_deliver_master(struct sk_buff *skb, struct net_device *dev, struct hsr_node *node_src) { bool was_multicast_frame; - int res; + int res, recv_len; was_multicast_frame = (skb->pkt_type == PACKET_MULTICAST); hsr_addr_subst_source(node_src, skb); skb_pull(skb, ETH_HLEN); + recv_len = skb->len; res = netif_rx(skb); if (res == NET_RX_DROP) { dev->stats.rx_dropped++; } else { dev->stats.rx_packets++; - dev->stats.rx_bytes += skb->len; + dev->stats.rx_bytes += recv_len; if (was_multicast_frame) dev->stats.multicast++; } -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
by Wang Liang 24 Dec '24

24 Dec '24

From: Lorenzo Bianconi <lorenzo(a)kernel.org> stable inclusion from stable-v5.10.158 commit 0184ede0ec61b9cd075babfaa45081b1bf322234 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRDN CVE: CVE-2022-49022 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 3e8f7abcc3473bc9603323803aeaed4ffcc3a2ab ] Fix possible out-of-bound access in ieee80211_get_rate_duration routine as reported by the following UBSAN report: UBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47 index 15 is out of range for type 'u16 [12]' CPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic Hardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017 Workqueue: mt76 mt76u_tx_status_data [mt76_usb] Call Trace: <TASK> show_stack+0x4e/0x61 dump_stack_lvl+0x4a/0x6f dump_stack+0x10/0x18 ubsan_epilogue+0x9/0x43 __ubsan_handle_out_of_bounds.cold+0x42/0x47 ieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211] ? ieee80211_tx_status_ext+0x32e/0x640 [mac80211] ieee80211_calc_rx_airtime+0xda/0x120 [mac80211] ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211] mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib] mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib] mt76u_tx_status_data+0x67/0xd0 [mt76_usb] process_one_work+0x225/0x400 worker_thread+0x50/0x3e0 ? process_one_work+0x400/0x400 kthread+0xe9/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 Fixes: db3e1c40cf2f ("mac80211: Import airtime calculation code from mt76") Signed-off-by: Lorenzo Bianconi <lorenzo(a)kernel.org> Acked-by: Toke Høiland-Jørgensen <toke(a)toke.dk> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Wang Liang <wangliang74(a)huawei.com> --- net/mac80211/airtime.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/mac80211/airtime.c b/net/mac80211/airtime.c index 26d2f8ba7029..758ef63669e7 100644 --- a/net/mac80211/airtime.c +++ b/net/mac80211/airtime.c @@ -457,6 +457,9 @@ static u32 ieee80211_get_rate_duration(struct ieee80211_hw *hw, (status->encoding == RX_ENC_HE && streams > 8))) return 0; + if (idx >= MCS_GROUP_RATES) + return 0; + duration = airtime_mcs_groups[group].duration[idx]; duration <<= airtime_mcs_groups[group].shift; *overhead = 36 + (streams << 2); -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] ixgbevf: Fix resource leak in ixgbevf_init_module()
by Wang Liang 24 Dec '24

24 Dec '24

From: Shang XiaoJing <shangxiaojing(a)huawei.com> stable inclusion from stable-v5.10.158 commit f166c62cad798c53300b4b327e44300c73ec492d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRDQ CVE: CVE-2022-49028 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 8cfa238a48f34038464b99d0b4825238c2687181 ] ixgbevf_init_module() won't destroy the workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Add destroy_workqueue() in fail path to prevent the resource leak. Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak") Fixes: 40a13e2493c9 ("ixgbevf: Use a private workqueue to avoid certain possible hangs") Signed-off-by: Shang XiaoJing <shangxiaojing(a)huawei.com> Reviewed-by: Saeed Mahameed <saeed(a)kernel.org> Tested-by: Konrad Jankowski <konrad0.jankowski(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Wang Liang <wangliang74(a)huawei.com> --- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c index 01acfa4244c7..e2631c1ae272 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c +++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c @@ -4870,6 +4870,8 @@ static struct pci_driver ixgbevf_driver = { **/ static int __init ixgbevf_init_module(void) { + int err; + pr_info("%s\n", ixgbevf_driver_string); pr_info("%s\n", ixgbevf_copyright); ixgbevf_wq = create_singlethread_workqueue(ixgbevf_driver_name); @@ -4878,7 +4880,13 @@ static int __init ixgbevf_init_module(void) return -ENOMEM; } - return pci_register_driver(&ixgbevf_driver); + err = pci_register_driver(&ixgbevf_driver); + if (err) { + destroy_workqueue(ixgbevf_wq); + return err; + } + + return 0; } module_init(ixgbevf_init_module); -- 2.34.1

2 1

[openeuler:openEuler-1.0-LTS 1343/1343] fs/ext4/mballoc.o: warning: objtool: ext4_mb_complex_scan_group()+0x11a4: unreachable instruction
by kernel test robot 24 Dec '24

24 Dec '24

tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: 765b132216f73bb52fced28360c98a386ee20152 commit: 41298197ead9e85ee2ec1d52122f03fd1863cff2 [1343/1343] ext4: convert BUG_ON's to WARN_ON's in mballoc.c config: x86_64-randconfig-101-20241223 (https://download.01.org/0day-ci/archive/20241224/202412240236.czAsLPLH-lkp@…) compiler: clang version 19.1.3 (https://github.com/llvm/llvm-project ab51eccf88f5321e7c60591c5546b254b6afab99) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241224/202412240236.czAsLPLH-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412240236.czAsLPLH-lkp@intel.com/ All warnings (new ones prefixed by >>): In file included from fs/ext4/mballoc.c:12: In file included from fs/ext4/ext4_jbd2.h:16: In file included from include/linux/jbd2.h:26: In file included from include/linux/buffer_head.h:14: include/linux/pagemap.h:425:21: warning: cast from 'int (*)(struct file *, struct page *)' to 'filler_t *' (aka 'int (*)(void *, struct page *)') converts to incompatible function type [-Wcast-function-type-strict] 425 | filler_t *filler = (filler_t *)mapping->a_ops->readpage; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. fs/ext4/mballoc.c:4734: warning: Function parameter or member 'bh' not described in 'ext4_free_blocks' >> fs/ext4/mballoc.o: warning: objtool: ext4_mb_complex_scan_group()+0x11a4: unreachable instruction -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:openEuler-1.0-LTS] BUILD REGRESSION 765b132216f73bb52fced28360c98a386ee20152
by kernel test robot 23 Dec '24

23 Dec '24

tree/branch: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS branch HEAD: 765b132216f73bb52fced28360c98a386ee20152 !14261 io_uring/io-wq: Use set_bit() and test_bit() at worker->flags Error/Warning (recently discovered and may have been fixed): https://lore.kernel.org/oe-kbuild-all/202412231501.bSKogE49-lkp@intel.com drivers/pci/pcie/dpc.o: warning: objtool: missing symbol for section .init.text Error/Warning ids grouped by kconfigs: recent_errors |-- arm64-allnoconfig | |-- kernel-sched-core.c:error:implicit-declaration-of-function-init_auto_affinity | |-- kernel-sched-core.c:error:implicit-declaration-of-function-tg_update_affinity_domains | |-- mm-memory.c:error:implicit-declaration-of-function-hugetlb_insert_hugepage_pte_by_pa | `-- mm-vmscan.c:error:implicit-declaration-of-function-kernel_swap_enabled |-- arm64-defconfig | `-- net-ipv4-route.c:warning:array-subscript-is-outside-array-bounds-of-struct-fib_nh |-- arm64-randconfig-001-20241223 | |-- drivers-iommu-arm-smmu-v3.c:error:CONFIG_CMA_ALIGNMENT-undeclared-(first-use-in-this-function) | |-- drivers-nvme-host-core.c:error:compat_uptr_t-undeclared-(first-use-in-this-function) | |-- drivers-nvme-host-core.c:error:expected-before-ptrval | |-- include-linux-kernel.h:error:first-argument-to-__builtin_choose_expr-not-a-constant | `-- mm-vmscan.c:error:implicit-declaration-of-function-kernel_swap_enabled |-- arm64-randconfig-002-20241223 | |-- mm-memory.c:error:implicit-declaration-of-function-hugetlb_insert_hugepage_pte_by_pa | |-- mm-vmscan.c:error:implicit-declaration-of-function-kernel_swap_enabled | |-- sound-soc-codecs-88pm86-codec.c:warning:aif1_mux-defined-but-not-used | `-- sound-soc-codecs-88pm86-codec.c:warning:pcm_switch_controls-defined-but-not-used |-- arm64-randconfig-003-20241223 | |-- drivers-clocksource-arm_arch_timer.c:error:hisi_161010101_read_cntvct_el0-undeclared-(first-use-in-this-function) | |-- kernel-sched-core.c:error:implicit-declaration-of-function-init_auto_affinity | |-- kernel-sched-core.c:error:implicit-declaration-of-function-tg_update_affinity_domains | |-- mm-memory.c:error:implicit-declaration-of-function-hugetlb_insert_hugepage_pte_by_pa | |-- mm-vmscan.c:error:implicit-declaration-of-function-kernel_swap_enabled | `-- net-ipv4-route.c:warning:array-subscript-is-outside-array-bounds-of-struct-fib_nh |-- arm64-randconfig-004-20241223 | |-- drivers-iommu-arm-smmu-v3.c:error:CONFIG_CMA_ALIGNMENT-undeclared-(first-use-in-this-function) | `-- include-linux-kernel.h:error:first-argument-to-__builtin_choose_expr-not-a-constant |-- arm64-randconfig-r113-20241223 | |-- block-blk-wbt.c:sparse:sparse:symbol-wbt_issue-was-not-declared.-Should-it-be-static | |-- block-blk-wbt.c:sparse:sparse:symbol-wbt_requeue-was-not-declared.-Should-it-be-static | |-- drivers-clocksource-arm_arch_timer.c:error:hisi_161010101_read_cntvct_el0-undeclared-(first-use-in-this-function) | |-- drivers-nvme-host-core.c:error:compat_uptr_t-undeclared-(first-use-in-this-function) | |-- drivers-nvme-host-core.c:error:expected-before-ptrval | |-- kernel-time-time.c:sparse:sparse:symbol-__compat_get_timespec64-was-not-declared.-Should-it-be-static | |-- kernel-time-time.c:sparse:sparse:symbol-__compat_put_timespec64-was-not-declared.-Should-it-be-static | |-- lib-kobject.c:sparse:sparse:symbol-kset_get_ownership-was-not-declared.-Should-it-be-static | `-- net-core-sock.c:sparse:sparse:incorrect-type-in-assignment-(different-address-spaces)-expected-struct-socket_wq-noderef-__rcu-sk_wq-got-struct-socket_wq-wq |-- x86_64-allnoconfig | |-- mm-memory.c:error:implicit-declaration-of-function-hugetlb_insert_hugepage_pte_by_pa-Werror-Wimplicit-function-declaration | `-- mm-vmscan.c:error:implicit-declaration-of-function-kernel_swap_enabled-Werror-Wimplicit-function-declaration |-- x86_64-allyesconfig | |-- drivers-net-ethernet-hisilicon-hns3-hns3_extension-hns3_enet_it.c:warning:no-previous-prototype-for-function-hns3_nic_select_queue_it | `-- samples-vfio-mdev-.tmp_mdpy-fb.o:warning:objtool:missing-symbol-for-section-.init.text |-- x86_64-buildonly-randconfig-001-20241223 | |-- arch-x86-kernel-cpu-mce-therm_throt.o:warning:objtool:missing-symbol-for-section-.irqentry.text | |-- arch-x86-kernel-cpu-mce-threshold.o:warning:objtool:missing-symbol-for-section-.irqentry.text | |-- arch-x86-xen-setup.o:warning:objtool:missing-symbol-for-section-.ref.text | |-- block-blk-mq-debugfs-zoned.o:warning:objtool:missing-symbol-for-section-.text | |-- drivers-input-rmi4-rmi_2d_sensor.o:warning:objtool:missing-symbol-for-section-.text | |-- drivers-md-dm-verity-verify-sig.o:warning:objtool:missing-symbol-for-section-.text | |-- drivers-media-usb-as102-as1_cmd.o:warning:objtool:missing-symbol-for-section-.text | |-- drivers-media-usb-as102-as1_cmd_cfg.o:warning:objtool:missing-symbol-for-section-.text | |-- drivers-media-usb-as102-as1_cmd_stream.o:warning:objtool:missing-symbol-for-section-.text | |-- drivers-misc-uacce-uacce.c:error:implicit-declaration-of-function-module_refcount | |-- drivers-pci-controller-dwc-pcie-designware.o:warning:objtool:missing-symbol-for-section-.text | |-- drivers-pnp-isapnp-compat.o:warning:objtool:missing-symbol-for-section-.text | |-- fs-f2fs-recovery.o:warning:objtool:missing-symbol-for-section-.init.text | |-- fs-gfs2-bmap.c:warning:height-may-be-used-uninitialized | |-- fs-gfs2-bmap.c:warning:lblock-may-be-used-uninitialized | |-- fs-gfs2-bmap.c:warning:len-may-be-used-uninitialized | |-- kernel-gcov-base.o:warning:objtool:missing-symbol-for-section-.text | `-- kernel-hung_task.c:error:sysctl_hung_task_all_cpu_backtrace-undeclared-(first-use-in-this-function) |-- x86_64-buildonly-randconfig-002-20241223 | |-- drivers-gpu-drm-nouveau-nvif-fifo.o:warning:objtool:missing-symbol-for-section-.text | |-- drivers-gpu-drm-nouveau-nvif-user.o:warning:objtool:missing-symbol-for-section-.text | |-- drivers-gpu-drm-nouveau-nvkm-engine-disp-hdmigv100.o:warning:objtool:missing-symbol-for-section-.text | |-- drivers-pci-ats.o:warning:objtool:missing-symbol-for-section-.text | |-- drivers-pci-pcie-dpc.o:warning:objtool:missing-symbol-for-section-.init.text | |-- drivers-xen-mem-reservation.o:warning:objtool:missing-symbol-for-section-.text | |-- kernel-context_tracking.o:warning:objtool:missing-symbol-for-section-.init.text | |-- kernel-hung_task.c:error:use-of-undeclared-identifier-sysctl_hung_task_all_cpu_backtrace | |-- mm-vmscan.c:error:implicit-declaration-of-function-kernel_swap_enabled-Werror-Wimplicit-function-declaration | `-- net-9p-client.o:warning:objtool:missing-symbol-for-section-.init.text |-- x86_64-buildonly-randconfig-003-20241223 | |-- mm-memory.c:error:implicit-declaration-of-function-hugetlb_insert_hugepage_pte_by_pa-Werror-Wimplicit-function-declaration | |-- mm-slab_common.o:warning:objtool:kmem_cache_create_usercopy:unreachable-instruction | `-- mm-vmscan.c:error:implicit-declaration-of-function-kernel_swap_enabled-Werror-Wimplicit-function-declaration |-- x86_64-buildonly-randconfig-004-20241223 | |-- kernel-sched-core.c:error:implicit-declaration-of-function-init_auto_affinity | `-- kernel-sched-core.c:error:implicit-declaration-of-function-tg_update_affinity_domains |-- x86_64-buildonly-randconfig-005-20241223 | |-- drivers-misc-uacce-uacce.c:error:implicit-declaration-of-function-module_refcount | |-- fs-gfs2-bmap.c:warning:height-may-be-used-uninitialized | |-- fs-gfs2-bmap.c:warning:lblock-may-be-used-uninitialized | |-- fs-gfs2-bmap.c:warning:len-may-be-used-uninitialized | `-- kernel-hung_task.c:error:sysctl_hung_task_all_cpu_backtrace-undeclared-(first-use-in-this-function) |-- x86_64-defconfig | |-- kernel-sched-pelt.o:warning:objtool:missing-symbol-for-section-.text | |-- net-ipv4-metrics.o:warning:objtool:missing-symbol-for-section-.text | `-- net-ipv4-netlink.o:warning:objtool:missing-symbol-for-section-.text |-- x86_64-randconfig-101-20241223 | `-- kernel-hung_task.c:error:use-of-undeclared-identifier-sysctl_hung_task_all_cpu_backtrace |-- x86_64-randconfig-102-20241223 | |-- kernel-hung_task.c:error:sysctl_hung_task_all_cpu_backtrace-undeclared-(first-use-in-this-function) | `-- mm-vmscan.c:error:implicit-declaration-of-function-kernel_swap_enabled |-- x86_64-randconfig-103-20241223 | |-- arch-x86-events-zhaoxin-core.c:error:redefinition-of-zhaoxin_pmu_init | |-- kernel-hung_task.c:error:sysctl_hung_task_all_cpu_backtrace-undeclared-(first-use-in-this-function) | `-- mm-vmscan.c:error:implicit-declaration-of-function-kernel_swap_enabled |-- x86_64-randconfig-104-20241223 | |-- kernel-hung_task.c:error:sysctl_hung_task_all_cpu_backtrace-undeclared-(first-use-in-this-function) | `-- mm-vmscan.c:error:implicit-declaration-of-function-kernel_swap_enabled `-- x86_64-randconfig-161-20241223 `-- kernel-hung_task.c:error:use-of-undeclared-identifier-sysctl_hung_task_all_cpu_backtrace elapsed time: 721m configs tested: 16 configs skipped: 129 tested configs: arm64 allmodconfig gcc-14.2.0 arm64 allnoconfig gcc-14.2.0 arm64 defconfig gcc-14.2.0 arm64 randconfig-001-20241223 gcc-14.2.0 arm64 randconfig-002-20241223 gcc-14.2.0 arm64 randconfig-003-20241223 gcc-14.2.0 arm64 randconfig-004-20241223 gcc-14.2.0 x86_64 allnoconfig clang-19 x86_64 allyesconfig clang-19 x86_64 buildonly-randconfig-001-20241223 gcc-12 x86_64 buildonly-randconfig-002-20241223 clang-19 x86_64 buildonly-randconfig-003-20241223 clang-19 x86_64 buildonly-randconfig-004-20241223 gcc-12 x86_64 buildonly-randconfig-005-20241223 gcc-12 x86_64 buildonly-randconfig-006-20241223 clang-19 x86_64 defconfig gcc-11 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-6.6] pmdomain: imx93-blk-ctrl: correct remove path
by Yongqiang Liu 23 Dec '24

23 Dec '24

From: Peng Fan <peng.fan(a)nxp.com> mainline inclusion from mainline-v6.6.63 commit 8fc228ab5d38a026eae7183a5f74a4fac43d9b6a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB956J CVE: CVE-2024-53134 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit f7c7c5aa556378a2c8da72c1f7f238b6648f95fb upstream. The check condition should be 'i < bc->onecell_data.num_domains', not 'bc->onecell_data.num_domains' which will make the look never finish and cause kernel panic. Also disable runtime to address "imx93-blk-ctrl 4ac10000.system-controller: Unbalanced pm_runtime_enable!" Fixes: e9aa77d413c9 ("soc: imx: add i.MX93 media blk ctrl driver") Signed-off-by: Peng Fan <peng.fan(a)nxp.com> Reviewed-by: Stefan Wahren <wahrenst(a)gmx.net> Cc: stable(a)vger.kernel.org Message-ID: <20241101101252.1448466-1-peng.fan(a)oss.nxp.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Rui Xiang <rui.xiang(a)huawei.com> Reviewed-by: Weilong Chen <chenweilong(a)huawei.com> Signed-off-by: Yongqiang Liu <liuyongqiang13(a)huawei.com> --- drivers/pmdomain/imx/imx93-blk-ctrl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/pmdomain/imx/imx93-blk-ctrl.c b/drivers/pmdomain/imx/imx93-blk-ctrl.c index 40bd90f8b977..ec6198e35eb7 100644 --- a/drivers/pmdomain/imx/imx93-blk-ctrl.c +++ b/drivers/pmdomain/imx/imx93-blk-ctrl.c @@ -313,7 +313,9 @@ static int imx93_blk_ctrl_remove(struct platform_device *pdev) of_genpd_del_provider(pdev->dev.of_node); - for (i = 0; bc->onecell_data.num_domains; i++) { + pm_runtime_disable(&pdev->dev); + + for (i = 0; i < bc->onecell_data.num_domains; i++) { struct imx93_blk_ctrl_domain *domain = &bc->domains[i]; pm_genpd_remove(&domain->genpd); -- 2.34.1

2 1

[PATCH OLK-6.6] vdpa: solidrun: Fix UB bug with devres
by Yongqiang Liu 23 Dec '24

23 Dec '24

From: Philipp Stanner <pstanner(a)redhat.com> mainline inclusion from mainline-v6.6.63 commit d372dd09cfbf1324f54cbffd81fcaf6cdf3e608e category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB956Q CVE: CVE-2024-53126 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 0b364cf53b20204e92bac7c6ebd1ee7d3ec62931 upstream. In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. Neither pcim_iomap_regions() nor the functions it calls copy that string. Should the string later ever be used, this, consequently, causes undefined behavior since the stack frame will by then have disappeared. Fix the bug by allocating the strings on the heap through devm_kasprintf(). Cc: stable(a)vger.kernel.org # v6.3 Fixes: 51a8f9d7f587 ("virtio: vdpa: new SolidNET DPU driver.") Reported-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Closes: https://lore.kernel.org/all/74e9109a-ac59-49e2-9b1d-d825c9c9f891@wanadoo.fr/ Suggested-by: Andy Shevchenko <andy(a)kernel.org> Signed-off-by: Philipp Stanner <pstanner(a)redhat.com> Reviewed-by: Stefano Garzarella <sgarzare(a)redhat.com> Message-Id: <20241028074357.9104-3-pstanner(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Rui Xiang <rui.xiang(a)huawei.com> Reviewed-by: Weilong Chen <chenweilong(a)huawei.com> Signed-off-by: Yongqiang Liu <liuyongqiang13(a)huawei.com> --- drivers/vdpa/solidrun/snet_main.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/vdpa/solidrun/snet_main.c b/drivers/vdpa/solidrun/snet_main.c index c0ddeb9ded11..6acf09461689 100644 --- a/drivers/vdpa/solidrun/snet_main.c +++ b/drivers/vdpa/solidrun/snet_main.c @@ -555,7 +555,7 @@ static const struct vdpa_config_ops snet_config_ops = { static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) { - char name[50]; + char *name; int ret, i, mask = 0; /* We don't know which BAR will be used to communicate.. * We will map every bar with len > 0. @@ -573,7 +573,10 @@ static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) return -ENODEV; } - snprintf(name, sizeof(name), "psnet[%s]-bars", pci_name(pdev)); + name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "psnet[%s]-bars", pci_name(pdev)); + if (!name) + return -ENOMEM; + ret = pcim_iomap_regions(pdev, mask, name); if (ret) { SNET_ERR(pdev, "Failed to request and map PCI BARs\n"); @@ -590,10 +593,13 @@ static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) static int snet_open_vf_bar(struct pci_dev *pdev, struct snet *snet) { - char name[50]; + char *name; int ret; - snprintf(name, sizeof(name), "snet[%s]-bar", pci_name(pdev)); + name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "snet[%s]-bars", pci_name(pdev)); + if (!name) + return -ENOMEM; + /* Request and map BAR */ ret = pcim_iomap_regions(pdev, BIT(snet->psnet->cfg.vf_bar), name); if (ret) { -- 2.34.1

2 1

2025

2024

2023

2022

2021

2020

2019

Kernel