- Kernel - mailweb.openeuler.org

[openeuler:OLK-5.10] BUILD SUCCESS 3486fdb9082a474750f2067f80fb835c2f480a18
by kernel test robot 06 Jul '24

06 Jul '24

tree/branch: https://gitee.com/openeuler/kernel.git OLK-5.10 branch HEAD: 3486fdb9082a474750f2067f80fb835c2f480a18 !9373 ALSA: core: Fix NULL module pointer assignment at card init Warning ids grouped by kconfigs: recent_errors `-- x86_64-allnoconfig `-- drivers-arm-spe-spe.c:linux-perf-arm_pmu.h-is-included-more-than-once. elapsed time: 729m configs tested: 34 configs skipped: 127 The following configs have been built successfully. More configs may be tested in the coming days. tested configs: arm64 allmodconfig clang-19 arm64 allnoconfig gcc-13.2.0 arm64 randconfig-001-20240705 clang-19 arm64 randconfig-002-20240705 clang-19 arm64 randconfig-003-20240705 clang-19 arm64 randconfig-004-20240705 clang-19 x86_64 allnoconfig clang-18 x86_64 allyesconfig clang-18 x86_64 buildonly-randconfig-001-20240705 gcc-7 x86_64 buildonly-randconfig-002-20240705 gcc-13 x86_64 buildonly-randconfig-003-20240705 clang-18 x86_64 buildonly-randconfig-004-20240705 clang-18 x86_64 buildonly-randconfig-005-20240705 clang-18 x86_64 buildonly-randconfig-006-20240705 clang-18 x86_64 defconfig gcc-13 x86_64 randconfig-001-20240705 clang-18 x86_64 randconfig-002-20240705 gcc-13 x86_64 randconfig-003-20240705 clang-18 x86_64 randconfig-004-20240705 gcc-13 x86_64 randconfig-005-20240705 gcc-13 x86_64 randconfig-006-20240705 gcc-13 x86_64 randconfig-011-20240705 clang-18 x86_64 randconfig-012-20240705 gcc-9 x86_64 randconfig-013-20240705 clang-18 x86_64 randconfig-014-20240705 gcc-13 x86_64 randconfig-015-20240705 clang-18 x86_64 randconfig-016-20240705 gcc-9 x86_64 randconfig-071-20240705 gcc-13 x86_64 randconfig-072-20240705 gcc-13 x86_64 randconfig-073-20240705 clang-18 x86_64 randconfig-074-20240705 gcc-13 x86_64 randconfig-075-20240705 clang-18 x86_64 randconfig-076-20240705 clang-18 x86_64 rhel-8.3-rust clang-18 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH openEuler-22.03-LTS-SP1 0/3] CVE-2024-27017
by Wang Hai 05 Jul '24

05 Jul '24

CVE-2024-27017 Pablo Neira Ayuso (3): netfilter: nft_set_pipapo: .walk does not deal with generations netfilter: nft_set_pipapo: walk over current view on netlink dump netfilter: nf_tables: missing iterator type in lookup walk include/net/netfilter/nf_tables.h | 13 +++++++++++++ net/netfilter/nf_tables_api.c | 6 ++++++ net/netfilter/nft_lookup.c | 1 + net/netfilter/nft_set_pipapo.c | 8 +++++++- 4 files changed, 27 insertions(+), 1 deletion(-) -- 2.17.1

2 4

[PATCH openEuler-22.03-LTS-SP1] clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
by Wang Hai 05 Jul '24

05 Jul '24

From: Jiasheng Jiang <jiasheng(a)iscas.ac.cn> stable inclusion from stable-v5.10.201 commit 3994387ba3564976731179c4d4a6d7850ddda71a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RFZV CVE: CVE-2023-52873 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 1f57f78fbacf630430bf954e5a84caafdfea30c0 ] Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. Fixes: 710774e04861 ("clk: mediatek: Add MT6779 clock support") Signed-off-by: Jiasheng Jiang <jiasheng(a)iscas.ac.cn> Link: https://lore.kernel.org/r/20230912093407.21505-2-jiasheng@iscas.ac.cn Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Signed-off-by: Stephen Boyd <sboyd(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Wang Hai <wanghai38(a)huawei.com> --- drivers/clk/mediatek/clk-mt6779.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/clk/mediatek/clk-mt6779.c b/drivers/clk/mediatek/clk-mt6779.c index 6e0d3a166729..cf720651fc53 100644 --- a/drivers/clk/mediatek/clk-mt6779.c +++ b/drivers/clk/mediatek/clk-mt6779.c @@ -1216,6 +1216,8 @@ static int clk_mt6779_apmixed_probe(struct platform_device *pdev) struct device_node *node = pdev->dev.of_node; clk_data = mtk_alloc_clk_data(CLK_APMIXED_NR_CLK); + if (!clk_data) + return -ENOMEM; mtk_clk_register_plls(node, plls, ARRAY_SIZE(plls), clk_data); @@ -1236,6 +1238,8 @@ static int clk_mt6779_top_probe(struct platform_device *pdev) return PTR_ERR(base); clk_data = mtk_alloc_clk_data(CLK_TOP_NR_CLK); + if (!clk_data) + return -ENOMEM; mtk_clk_register_fixed_clks(top_fixed_clks, ARRAY_SIZE(top_fixed_clks), clk_data); -- 2.17.1

2 1

[PATCH OLK-5.10 v2] net: fix one NULL pointer dereference bug in net_rship module
by Liu Jian 05 Jul '24

05 Jul '24

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAAZJ8 -------------------------------- The call trace as below: Call trace: __netdev_alloc_skb+0x8c/0x1e0 ad_lacpdu_send+0x34/0x18c [bonding] ad_tx_machine+0xcc/0x174 [bonding] bond_3ad_state_machine_handler+0x120/0x470 [bonding] process_one_work+0x1d8/0x4e0 worker_thread+0x154/0x420 kthread+0x108/0x150 ret_from_fork+0x10/0x18 Fixes: 64ba5634c4c6 ("net: add some bpf hooks in tcp stack for network numa relationship") Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- include/net/net_rship.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/net/net_rship.h b/include/net/net_rship.h index ad8af5a5cb9b..dda4dd732bd0 100644 --- a/include/net/net_rship.h +++ b/include/net/net_rship.h @@ -222,6 +222,9 @@ static inline void net_rship_skb_record_dev_rxinfo(struct sk_buff *skb, struct n if (gnet_bpf_enabled(GNET_RCV_NIC_NODE)) { struct sched_net_rship_skb *ext = __get_skb_net_rship(skb); + if (!dev) + return; + ext->rx_dev_idx = dev->ifindex; ext->rx_dev_net_cookie = dev_net(dev)->net_cookie; } -- 2.34.1

2 1

[openeuler:OLK-6.6 3342/10589] crypto/asymmetric_keys/pgp_public_key.c:359:undefined reference to `public_key_subtype'
by kernel test robot 05 Jul '24

05 Jul '24

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 17b5ba51d6bc20767e5e5c03df0acf15609b6d11 commit: 43d4042e06d2bf96adf67d25e8d91653507a4cf9 [3342/10589] KEYS: Provide a function to load keys from a PGP keyring blob config: x86_64-randconfig-014-20240705 (https://download.01.org/0day-ci/archive/20240705/202407051911.Va4emssv-lkp@…) compiler: gcc-13 (Ubuntu 13.2.0-4ubuntu3) 13.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240705/202407051911.Va4emssv-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202407051911.Va4emssv-lkp@intel.com/ All errors (new ones prefixed by >>): ld: vmlinux.o: in function `pgp_key_parse': >> crypto/asymmetric_keys/pgp_public_key.c:359:(.text+0x1b11e1c): undefined reference to `public_key_subtype' >> ld: crypto/asymmetric_keys/pgp_public_key.c:359:(.text+0x1b11e3b): undefined reference to `public_key_subtype' ld: crypto/asymmetric_keys/pgp_public_key.c:360:(.text+0x1b11e67): undefined reference to `public_key_subtype' >> ld: crypto/asymmetric_keys/pgp_public_key.c:369:(.text+0x1b11f38): undefined reference to `public_key_free' ld: crypto/asymmetric_keys/pgp_public_key.c:359:(.text+0x1b11fbf): undefined reference to `public_key_subtype' Kconfig warnings: (for reference only) WARNING: unmet direct dependencies detected for PGP_KEY_PARSER Depends on [n]: CRYPTO [=y] && ASYMMETRIC_KEY_TYPE [=y] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n] Selected by [y]: - PGP_PRELOAD [=y] && CRYPTO [=y] && ASYMMETRIC_KEY_TYPE [=y] vim +359 crypto/asymmetric_keys/pgp_public_key.c 4e59d757dc3f7f Roberto Sassu 2023-09-12 300 4e59d757dc3f7f Roberto Sassu 2023-09-12 301 /* 4e59d757dc3f7f Roberto Sassu 2023-09-12 302 * Attempt to parse the instantiation data blob for a key as a PGP packet 4e59d757dc3f7f Roberto Sassu 2023-09-12 303 * message holding a key. 4e59d757dc3f7f Roberto Sassu 2023-09-12 304 */ 4e59d757dc3f7f Roberto Sassu 2023-09-12 305 static int pgp_key_parse(struct key_preparsed_payload *prep) 4e59d757dc3f7f Roberto Sassu 2023-09-12 306 { 4e59d757dc3f7f Roberto Sassu 2023-09-12 307 struct pgp_key_data_parse_context ctx; 4e59d757dc3f7f Roberto Sassu 2023-09-12 308 int ret; 4e59d757dc3f7f Roberto Sassu 2023-09-12 309 4e59d757dc3f7f Roberto Sassu 2023-09-12 310 kenter(""); 4e59d757dc3f7f Roberto Sassu 2023-09-12 311 4e59d757dc3f7f Roberto Sassu 2023-09-12 312 memset(&ctx, 0, sizeof(ctx)); e8c01f299ab793 David Howells 2023-09-12 313 ctx.pgp.types_of_interest = (1 << PGP_PKT_PUBLIC_KEY) | e8c01f299ab793 David Howells 2023-09-12 314 (1 << PGP_PKT_USER_ID); 4e59d757dc3f7f Roberto Sassu 2023-09-12 315 ctx.pgp.process_packet = pgp_process_public_key; 4e59d757dc3f7f Roberto Sassu 2023-09-12 316 4e59d757dc3f7f Roberto Sassu 2023-09-12 317 ret = pgp_parse_packets(prep->data, prep->datalen, &ctx.pgp); 4e59d757dc3f7f Roberto Sassu 2023-09-12 318 if (ret < 0) 4e59d757dc3f7f Roberto Sassu 2023-09-12 319 goto error; 4e59d757dc3f7f Roberto Sassu 2023-09-12 320 e8c01f299ab793 David Howells 2023-09-12 321 if (!ctx.fingerprint) { e8c01f299ab793 David Howells 2023-09-12 322 ret = -EINVAL; e8c01f299ab793 David Howells 2023-09-12 323 goto error; e8c01f299ab793 David Howells 2023-09-12 324 } e8c01f299ab793 David Howells 2023-09-12 325 e8c01f299ab793 David Howells 2023-09-12 326 if (ctx.user_id && ctx.user_id_len > 0) { e8c01f299ab793 David Howells 2023-09-12 327 /* Propose a description for the key e8c01f299ab793 David Howells 2023-09-12 328 * (user ID without the comment) e8c01f299ab793 David Howells 2023-09-12 329 */ e8c01f299ab793 David Howells 2023-09-12 330 size_t ulen = ctx.user_id_len, flen = ctx.fingerprint_len; e8c01f299ab793 David Howells 2023-09-12 331 const char *p; e8c01f299ab793 David Howells 2023-09-12 332 e8c01f299ab793 David Howells 2023-09-12 333 p = memchr(ctx.user_id, '(', ulen); e8c01f299ab793 David Howells 2023-09-12 334 if (p) { e8c01f299ab793 David Howells 2023-09-12 335 /* Remove the comment */ e8c01f299ab793 David Howells 2023-09-12 336 do { e8c01f299ab793 David Howells 2023-09-12 337 p--; e8c01f299ab793 David Howells 2023-09-12 338 } while (*p == ' ' && p > ctx.user_id); e8c01f299ab793 David Howells 2023-09-12 339 if (*p != ' ') e8c01f299ab793 David Howells 2023-09-12 340 p++; e8c01f299ab793 David Howells 2023-09-12 341 ulen = p - ctx.user_id; e8c01f299ab793 David Howells 2023-09-12 342 } e8c01f299ab793 David Howells 2023-09-12 343 e8c01f299ab793 David Howells 2023-09-12 344 if (ulen > 255 - 9) e8c01f299ab793 David Howells 2023-09-12 345 ulen = 255 - 9; e8c01f299ab793 David Howells 2023-09-12 346 prep->description = kmalloc(ulen + 1 + 8 + 1, GFP_KERNEL); e8c01f299ab793 David Howells 2023-09-12 347 ret = -ENOMEM; e8c01f299ab793 David Howells 2023-09-12 348 if (!prep->description) e8c01f299ab793 David Howells 2023-09-12 349 goto error; e8c01f299ab793 David Howells 2023-09-12 350 memcpy(prep->description, ctx.user_id, ulen); e8c01f299ab793 David Howells 2023-09-12 351 prep->description[ulen] = ' '; e8c01f299ab793 David Howells 2023-09-12 352 memcpy(prep->description + ulen + 1, e8c01f299ab793 David Howells 2023-09-12 353 ctx.fingerprint + flen - 8, 8); e8c01f299ab793 David Howells 2023-09-12 354 prep->description[ulen + 9] = 0; e8c01f299ab793 David Howells 2023-09-12 355 pr_debug("desc '%s'\n", prep->description); e8c01f299ab793 David Howells 2023-09-12 356 } e8c01f299ab793 David Howells 2023-09-12 357 4e59d757dc3f7f Roberto Sassu 2023-09-12 358 /* We're pinning the module by being linked against it */ 4e59d757dc3f7f Roberto Sassu 2023-09-12 @359 __module_get(public_key_subtype.owner); 4e59d757dc3f7f Roberto Sassu 2023-09-12 360 prep->payload.data[asym_subtype] = &public_key_subtype; 4e59d757dc3f7f Roberto Sassu 2023-09-12 361 prep->payload.data[asym_key_ids] = pgp_key_generate_id(&ctx); 4e59d757dc3f7f Roberto Sassu 2023-09-12 362 prep->payload.data[asym_crypto] = ctx.pub; 4e59d757dc3f7f Roberto Sassu 2023-09-12 363 prep->quotalen = 100; 4e59d757dc3f7f Roberto Sassu 2023-09-12 364 kfree(ctx.fingerprint); 4e59d757dc3f7f Roberto Sassu 2023-09-12 365 kfree(ctx.raw_fingerprint); 4e59d757dc3f7f Roberto Sassu 2023-09-12 366 return 0; 4e59d757dc3f7f Roberto Sassu 2023-09-12 367 4e59d757dc3f7f Roberto Sassu 2023-09-12 368 error: 4e59d757dc3f7f Roberto Sassu 2023-09-12 @369 public_key_free(ctx.pub); 4e59d757dc3f7f Roberto Sassu 2023-09-12 370 kfree(ctx.fingerprint); 4e59d757dc3f7f Roberto Sassu 2023-09-12 371 kfree(ctx.raw_fingerprint); 4e59d757dc3f7f Roberto Sassu 2023-09-12 372 return ret; 4e59d757dc3f7f Roberto Sassu 2023-09-12 373 } 4e59d757dc3f7f Roberto Sassu 2023-09-12 374 :::::: The code at line 359 was first introduced by commit :::::: 4e59d757dc3f7f2e2a646a2e3f0f271ae4599eeb KEYS: PGP data parser :::::: TO: Roberto Sassu <roberto.sassu(a)huawei.com> :::::: CC: zgzxx <zhangguangzhi3(a)huawei.com> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-6.6] net: fix wrong return value in bpf_sock_ops_get_uid_gid
by Liu Jian 05 Jul '24

05 Jul '24

hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I8KU3B CVE: NA -------------------------------- We should return 0 on success. Fixes: e62b4a1c5593 ("bpf: Add bpf_get_sockops_uid_gid helper function") Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- net/core/filter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/filter.c b/net/core/filter.c index 6ec353bf36f3..c88f51f7d3f9 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -5675,7 +5675,7 @@ static int bpf_sock_ops_get_uid_gid(struct bpf_sock_ops_kern *bpf_sock, *(u32 *)optval = from_kgid_munged(sock_net(sk)->user_ns, gid); *((u32 *)optval + 1) = from_kuid_munged(sock_net(sk)->user_ns, uid); - return sizeof(u64); + return 0; } static int bpf_sk_original_addr(struct bpf_sock_ops_kern *bpf_sock, -- 2.34.1

2 1

[PATCH OLK-5.10] net: fix one NULL pointer dereference bug in net_rship module
by Liu Jian 05 Jul '24

05 Jul '24

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAAZJ8 -------------------------------- The call trace as below: Call trace: __netdev_alloc_skb+0x8c/0x1e0 ad_lacpdu_send+0x34/0x18c [bonding] ad_tx_machine+0xcc/0x174 [bonding] bond_3ad_state_machine_handler+0x120/0x470 [bonding] process_one_work+0x1d8/0x4e0 worker_thread+0x154/0x420 kthread+0x108/0x150 ret_from_fork+0x10/0x18 Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- include/net/net_rship.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/net/net_rship.h b/include/net/net_rship.h index ad8af5a5cb9b..dda4dd732bd0 100644 --- a/include/net/net_rship.h +++ b/include/net/net_rship.h @@ -222,6 +222,9 @@ static inline void net_rship_skb_record_dev_rxinfo(struct sk_buff *skb, struct n if (gnet_bpf_enabled(GNET_RCV_NIC_NODE)) { struct sched_net_rship_skb *ext = __get_skb_net_rship(skb); + if (!dev) + return; + ext->rx_dev_idx = dev->ifindex; ext->rx_dev_net_cookie = dev_net(dev)->net_cookie; } -- 2.34.1

2 1

[PATCH openEuler-1.0-LTS] drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()
by Hui Tang 05 Jul '24

05 Jul '24

From: Tuo Li <islituo(a)gmail.com> mainline inclusion from mainline-v6.6-rc1 commit 2e63972a2de14482d0eae1a03a73e379f1c3f44c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I917IV CVE: CVE-2024-22386 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… ----------------------------------- The variable crtc->state->event is often protected by the lock crtc->dev->event_lock when is accessed. However, it is accessed as a condition of an if statement in exynos_drm_crtc_atomic_disable() without holding the lock: if (crtc->state->event && !crtc->state->active) However, if crtc->state->event is changed to NULL by another thread right after the conditions of the if statement is checked to be true, a null-pointer dereference can occur in drm_crtc_send_vblank_event(): e->pipe = pipe; To fix this possible null-pointer dereference caused by data race, the spin lock coverage is extended to protect the if statement as well as the function call to drm_crtc_send_vblank_event(). Reported-by: BassCheck <bass(a)buaa.edu.cn> Link: https://sites.google.com/view/basscheck/home Signed-off-by: Tuo Li <islituo(a)gmail.com> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Added relevant link. Signed-off-by: Inki Dae <inki.dae(a)samsung.com> Signed-off-by: Hui Tang <tanghui20(a)huawei.com> --- drivers/gpu/drm/exynos/exynos_drm_crtc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/exynos/exynos_drm_crtc.c b/drivers/gpu/drm/exynos/exynos_drm_crtc.c index 2696289ecc78..b3e23ace5869 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_crtc.c +++ b/drivers/gpu/drm/exynos/exynos_drm_crtc.c @@ -43,13 +43,12 @@ static void exynos_drm_crtc_atomic_disable(struct drm_crtc *crtc, if (exynos_crtc->ops->disable) exynos_crtc->ops->disable(exynos_crtc); + spin_lock_irq(&crtc->dev->event_lock); if (crtc->state->event && !crtc->state->active) { - spin_lock_irq(&crtc->dev->event_lock); drm_crtc_send_vblank_event(crtc, crtc->state->event); - spin_unlock_irq(&crtc->dev->event_lock); - crtc->state->event = NULL; } + spin_unlock_irq(&crtc->dev->event_lock); } static int exynos_crtc_atomic_check(struct drm_crtc *crtc, -- 2.34.1

2 1

[PATCH openEuler-1.0-LTS] drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()
by Hui Tang 05 Jul '24

05 Jul '24

From: Tuo Li <islituo(a)gmail.com> stable inclusion from stable-v6.6-rc1 commit 2e63972a2de14482d0eae1a03a73e379f1c3f44c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I917IV CVE: CVE-2024-22386 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- The variable crtc->state->event is often protected by the lock crtc->dev->event_lock when is accessed. However, it is accessed as a condition of an if statement in exynos_drm_crtc_atomic_disable() without holding the lock: if (crtc->state->event && !crtc->state->active) However, if crtc->state->event is changed to NULL by another thread right after the conditions of the if statement is checked to be true, a null-pointer dereference can occur in drm_crtc_send_vblank_event(): e->pipe = pipe; To fix this possible null-pointer dereference caused by data race, the spin lock coverage is extended to protect the if statement as well as the function call to drm_crtc_send_vblank_event(). Reported-by: BassCheck <bass(a)buaa.edu.cn> Link: https://sites.google.com/view/basscheck/home Signed-off-by: Tuo Li <islituo(a)gmail.com> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Added relevant link. Signed-off-by: Inki Dae <inki.dae(a)samsung.com> Signed-off-by: Hui Tang <tanghui20(a)huawei.com> --- drivers/gpu/drm/exynos/exynos_drm_crtc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/exynos/exynos_drm_crtc.c b/drivers/gpu/drm/exynos/exynos_drm_crtc.c index 2696289ecc78..b3e23ace5869 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_crtc.c +++ b/drivers/gpu/drm/exynos/exynos_drm_crtc.c @@ -43,13 +43,12 @@ static void exynos_drm_crtc_atomic_disable(struct drm_crtc *crtc, if (exynos_crtc->ops->disable) exynos_crtc->ops->disable(exynos_crtc); + spin_lock_irq(&crtc->dev->event_lock); if (crtc->state->event && !crtc->state->active) { - spin_lock_irq(&crtc->dev->event_lock); drm_crtc_send_vblank_event(crtc, crtc->state->event); - spin_unlock_irq(&crtc->dev->event_lock); - crtc->state->event = NULL; } + spin_unlock_irq(&crtc->dev->event_lock); } static int exynos_crtc_atomic_check(struct drm_crtc *crtc, -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1 0/3] CVE-2024-38598
by Li Nan 05 Jul '24

05 Jul '24

Li Nan (2): Revert "md/raid10: fix slab-out-of-bounds in md_bitmap_get_counter" md/raid10: check slab-out-of-bounds in md_bitmap_get_counter Yu Kuai (1): md: fix resync softlockup when bitmap size is less than array size drivers/md/md-bitmap.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) -- 2.39.2

2 4