github actions: Use reusable workflow for upstream commit checking #7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions bot
pushed a commit
that referenced
this pull request
Oct 21, 2025
[ Upstream commit 48918ca ] The test starts a workload and then opens events. If the events fail to open, for example because of perf_event_paranoid, the gopipe of the workload is leaked and the file descriptor leak check fails when the test exits. To avoid this cancel the workload when opening the events fails. Before: ``` $ perf test -vv 7 7: PERF_RECORD_* events & perf_sample fields: --- start --- test child forked, pid 1189568 Using CPUID GenuineIntel-6-B7-1 ------------------------------------------------------------ perf_event_attr: type 0 (PERF_TYPE_HARDWARE) config 0xa00000000 (cpu_atom/PERF_COUNT_HW_CPU_CYCLES/) disabled 1 ------------------------------------------------------------ sys_perf_event_open: pid 0 cpu -1 group_fd -1 flags 0x8 sys_perf_event_open failed, error -13 ------------------------------------------------------------ perf_event_attr: type 0 (PERF_TYPE_HARDWARE) config 0xa00000000 (cpu_atom/PERF_COUNT_HW_CPU_CYCLES/) disabled 1 exclude_kernel 1 ------------------------------------------------------------ sys_perf_event_open: pid 0 cpu -1 group_fd -1 flags 0x8 = 3 ------------------------------------------------------------ perf_event_attr: type 0 (PERF_TYPE_HARDWARE) config 0x400000000 (cpu_core/PERF_COUNT_HW_CPU_CYCLES/) disabled 1 ------------------------------------------------------------ sys_perf_event_open: pid 0 cpu -1 group_fd -1 flags 0x8 sys_perf_event_open failed, error -13 ------------------------------------------------------------ perf_event_attr: type 0 (PERF_TYPE_HARDWARE) config 0x400000000 (cpu_core/PERF_COUNT_HW_CPU_CYCLES/) disabled 1 exclude_kernel 1 ------------------------------------------------------------ sys_perf_event_open: pid 0 cpu -1 group_fd -1 flags 0x8 = 3 Attempt to add: software/cpu-clock/ ..after resolving event: software/config=0/ cpu-clock -> software/cpu-clock/ ------------------------------------------------------------ perf_event_attr: type 1 (PERF_TYPE_SOFTWARE) size 136 config 0x9 (PERF_COUNT_SW_DUMMY) sample_type IP|TID|TIME|CPU read_format ID|LOST disabled 1 inherit 1 mmap 1 comm 1 enable_on_exec 1 task 1 sample_id_all 1 mmap2 1 comm_exec 1 ksymbol 1 bpf_event 1 { wakeup_events, wakeup_watermark } 1 ------------------------------------------------------------ sys_perf_event_open: pid 1189569 cpu 0 group_fd -1 flags 0x8 sys_perf_event_open failed, error -13 perf_evlist__open: Permission denied ---- end(-2) ---- Leak of file descriptor 6 that opened: 'pipe:[14200347]' ---- unexpected signal (6) ---- iFailed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon #0 0x565358f6666e in child_test_sig_handler builtin-test.c:311 #1 0x7f29ce849df0 in __restore_rt libc_sigaction.c:0 #2 0x7f29ce89e95c in __pthread_kill_implementation pthread_kill.c:44 #3 0x7f29ce849cc2 in raise raise.c:27 #4 0x7f29ce8324ac in abort abort.c:81 #5 0x565358f662d4 in check_leaks builtin-test.c:226 #6 0x565358f6682e in run_test_child builtin-test.c:344 #7 0x565358ef7121 in start_command run-command.c:128 ctrliq#8 0x565358f67273 in start_test builtin-test.c:545 ctrliq#9 0x565358f6771d in __cmd_test builtin-test.c:647 ctrliq#10 0x565358f682bd in cmd_test builtin-test.c:849 ctrliq#11 0x565358ee5ded in run_builtin perf.c:349 ctrliq#12 0x565358ee6085 in handle_internal_command perf.c:401 ctrliq#13 0x565358ee61de in run_argv perf.c:448 ctrliq#14 0x565358ee6527 in main perf.c:555 ctrliq#15 0x7f29ce833ca8 in __libc_start_call_main libc_start_call_main.h:74 ctrliq#16 0x7f29ce833d65 in __libc_start_main@@GLIBC_2.34 libc-start.c:128 ctrliq#17 0x565358e391c1 in _start perf[851c1] 7: PERF_RECORD_* events & perf_sample fields : FAILED! ``` After: ``` $ perf test 7 7: PERF_RECORD_* events & perf_sample fields : Skip (permissions) ``` Fixes: 16d00fe ("perf tests: Move test__PERF_RECORD into separate object") Signed-off-by: Ian Rogers <irogers@google.com> Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Athira Rajeev <atrajeev@linux.ibm.com> Cc: Chun-Tse Shao <ctshao@google.com> Cc: Howard Chu <howardchu95@gmail.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: James Clark <james.clark@linaro.org> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Kan Liang <kan.liang@linux.intel.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
github-actions bot
pushed a commit
that referenced
this pull request
Oct 21, 2025
commit 0570327 upstream. Before disabling SR-IOV via config space accesses to the parent PF, sriov_disable() first removes the PCI devices representing the VFs. Since commit 9d16947 ("PCI: Add global pci_lock_rescan_remove()") such removal operations are serialized against concurrent remove and rescan using the pci_rescan_remove_lock. No such locking was ever added in sriov_disable() however. In particular when commit 18f9e9d ("PCI/IOV: Factor out sriov_add_vfs()") factored out the PCI device removal into sriov_del_vfs() there was still no locking around the pci_iov_remove_virtfn() calls. On s390 the lack of serialization in sriov_disable() may cause double remove and list corruption with the below (amended) trace being observed: PSW: 0704c00180000000 0000000c914e4b38 (klist_put+56) GPRS: 000003800313fb48 0000000000000000 0000000100000001 0000000000000001 00000000f9b520a8 0000000000000000 0000000000002fbd 00000000f4cc9480 0000000000000001 0000000000000000 0000000000000000 0000000180692828 00000000818e8000 000003800313fe2c 000003800313fb20 000003800313fad8 #0 [3800313fb20] device_del at c9158ad5c #1 [3800313fb88] pci_remove_bus_device at c915105ba #2 [3800313fbd0] pci_iov_remove_virtfn at c9152f198 #3 [3800313fc28] zpci_iov_remove_virtfn at c90fb67c0 #4 [3800313fc60] zpci_bus_remove_device at c90fb6104 #5 [3800313fca0] __zpci_event_availability at c90fb3dca #6 [3800313fd08] chsc_process_sei_nt0 at c918fe4a2 #7 [3800313fd60] crw_collect_info at c91905822 ctrliq#8 [3800313fe10] kthread at c90feb390 ctrliq#9 [3800313fe68] __ret_from_fork at c90f6aa64 ctrliq#10 [3800313fe98] ret_from_fork at c9194f3f2. This is because in addition to sriov_disable() removing the VFs, the platform also generates hot-unplug events for the VFs. This being the reverse operation to the hotplug events generated by sriov_enable() and handled via pdev->no_vf_scan. And while the event processing takes pci_rescan_remove_lock and checks whether the struct pci_dev still exists, the lack of synchronization makes this checking racy. Other races may also be possible of course though given that this lack of locking persisted so long observable races seem very rare. Even on s390 the list corruption was only observed with certain devices since the platform events are only triggered by config accesses after the removal, so as long as the removal finished synchronously they would not race. Either way the locking is missing so fix this by adding it to the sriov_del_vfs() helper. Just like PCI rescan-remove, locking is also missing in sriov_add_vfs() including for the error case where pci_stop_and_remove_bus_device() is called without the PCI rescan-remove lock being held. Even in the non-error case, adding new PCI devices and buses should be serialized via the PCI rescan-remove lock. Add the necessary locking. Fixes: 18f9e9d ("PCI/IOV: Factor out sriov_add_vfs()") Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Reviewed-by: Benjamin Block <bblock@linux.ibm.com> Reviewed-by: Farhan Ali <alifm@linux.ibm.com> Reviewed-by: Julian Ruess <julianr@linux.ibm.com> Cc: stable@vger.kernel.org Link: https://patch.msgid.link/20250826-pci_fix_sriov_disable-v1-1-2d0bc938f2a3@linux.ibm.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
2 times, most recently
from
d2c041a to
3c985a1
Compare
github-actions bot
pushed a commit
that referenced
this pull request
Oct 24, 2025
JIRA: https://issues.redhat.com/browse/RHEL-112997 commit ffa1e7a Author: Thomas Hellström <thomas.hellstrom@linux.intel.com> Date: Tue Mar 18 10:55:48 2025 +0100 block: Make request_queue lockdep splats show up earlier In recent kernels, there are lockdep splats around the struct request_queue::io_lockdep_map, similar to [1], but they typically don't show up until reclaim with writeback happens. Having multiple kernel versions released with a known risc of kernel deadlock during reclaim writeback should IMHO be addressed and backported to -stable with the highest priority. In order to have these lockdep splats show up earlier, preferrably during system initialization, prime the struct request_queue::io_lockdep_map as GFP_KERNEL reclaim- tainted. This will instead lead to lockdep splats looking similar to [2], but without the need for reclaim + writeback happening. [1]: [ 189.762244] ====================================================== [ 189.762432] WARNING: possible circular locking dependency detected [ 189.762441] 6.14.0-rc6-xe+ #6 Tainted: G U [ 189.762450] ------------------------------------------------------ [ 189.762459] kswapd0/119 is trying to acquire lock: [ 189.762467] ffff888110ceb710 (&q->q_usage_counter(io)ctrliq#26){++++}-{0:0}, at: __submit_bio+0x76/0x230 [ 189.762485] but task is already holding lock: [ 189.762494] ffffffff834c97c0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0xbe/0xb00 [ 189.762507] which lock already depends on the new lock. [ 189.762519] the existing dependency chain (in reverse order) is: [ 189.762529] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 189.762540] fs_reclaim_acquire+0xc5/0x100 [ 189.762548] kmem_cache_alloc_lru_noprof+0x4a/0x480 [ 189.762558] alloc_inode+0xaa/0xe0 [ 189.762566] iget_locked+0x157/0x330 [ 189.762573] kernfs_get_inode+0x1b/0x110 [ 189.762582] kernfs_get_tree+0x1b0/0x2e0 [ 189.762590] sysfs_get_tree+0x1f/0x60 [ 189.762597] vfs_get_tree+0x2a/0xf0 [ 189.762605] path_mount+0x4cd/0xc00 [ 189.762613] __x64_sys_mount+0x119/0x150 [ 189.762621] x64_sys_call+0x14f2/0x2310 [ 189.762630] do_syscall_64+0x91/0x180 [ 189.762637] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 189.762647] -> #1 (&root->kernfs_rwsem){++++}-{3:3}: [ 189.762659] down_write+0x3e/0xf0 [ 189.762667] kernfs_remove+0x32/0x60 [ 189.762676] sysfs_remove_dir+0x4f/0x60 [ 189.762685] __kobject_del+0x33/0xa0 [ 189.762709] kobject_del+0x13/0x30 [ 189.762716] elv_unregister_queue+0x52/0x80 [ 189.762725] elevator_switch+0x68/0x360 [ 189.762733] elv_iosched_store+0x14b/0x1b0 [ 189.762756] queue_attr_store+0x181/0x1e0 [ 189.762765] sysfs_kf_write+0x49/0x80 [ 189.762773] kernfs_fop_write_iter+0x17d/0x250 [ 189.762781] vfs_write+0x281/0x540 [ 189.762790] ksys_write+0x72/0xf0 [ 189.762798] __x64_sys_write+0x19/0x30 [ 189.762807] x64_sys_call+0x2a3/0x2310 [ 189.762815] do_syscall_64+0x91/0x180 [ 189.762823] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 189.762833] -> #0 (&q->q_usage_counter(io)ctrliq#26){++++}-{0:0}: [ 189.762845] __lock_acquire+0x1525/0x2760 [ 189.762854] lock_acquire+0xca/0x310 [ 189.762861] blk_mq_submit_bio+0x8a2/0xba0 [ 189.762870] __submit_bio+0x76/0x230 [ 189.762878] submit_bio_noacct_nocheck+0x323/0x430 [ 189.762888] submit_bio_noacct+0x2cc/0x620 [ 189.762896] submit_bio+0x38/0x110 [ 189.762904] __swap_writepage+0xf5/0x380 [ 189.762912] swap_writepage+0x3c7/0x600 [ 189.762920] shmem_writepage+0x3da/0x4f0 [ 189.762929] pageout+0x13f/0x310 [ 189.762937] shrink_folio_list+0x61c/0xf60 [ 189.763261] evict_folios+0x378/0xcd0 [ 189.763584] try_to_shrink_lruvec+0x1b0/0x360 [ 189.763946] shrink_one+0x10e/0x200 [ 189.764266] shrink_node+0xc02/0x1490 [ 189.764586] balance_pgdat+0x563/0xb00 [ 189.764934] kswapd+0x1e8/0x430 [ 189.765249] kthread+0x10b/0x260 [ 189.765559] ret_from_fork+0x44/0x70 [ 189.765889] ret_from_fork_asm+0x1a/0x30 [ 189.766198] other info that might help us debug this: [ 189.767089] Chain exists of: &q->q_usage_counter(io)ctrliq#26 --> &root->kernfs_rwsem --> fs_reclaim [ 189.767971] Possible unsafe locking scenario: [ 189.768555] CPU0 CPU1 [ 189.768849] ---- ---- [ 189.769136] lock(fs_reclaim); [ 189.769421] lock(&root->kernfs_rwsem); [ 189.769714] lock(fs_reclaim); [ 189.770016] rlock(&q->q_usage_counter(io)ctrliq#26); [ 189.770305] *** DEADLOCK *** [ 189.771167] 1 lock held by kswapd0/119: [ 189.771453] #0: ffffffff834c97c0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0xbe/0xb00 [ 189.771770] stack backtrace: [ 189.772351] CPU: 4 UID: 0 PID: 119 Comm: kswapd0 Tainted: G U 6.14.0-rc6-xe+ #6 [ 189.772353] Tainted: [U]=USER [ 189.772354] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 2001 02/01/2023 [ 189.772354] Call Trace: [ 189.772355] <TASK> [ 189.772356] dump_stack_lvl+0x6e/0xa0 [ 189.772359] dump_stack+0x10/0x18 [ 189.772360] print_circular_bug.cold+0x17a/0x1b7 [ 189.772363] check_noncircular+0x13a/0x150 [ 189.772365] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 189.772368] __lock_acquire+0x1525/0x2760 [ 189.772368] ? ret_from_fork_asm+0x1a/0x30 [ 189.772371] lock_acquire+0xca/0x310 [ 189.772372] ? __submit_bio+0x76/0x230 [ 189.772375] ? lock_release+0xd5/0x2c0 [ 189.772376] blk_mq_submit_bio+0x8a2/0xba0 [ 189.772378] ? __submit_bio+0x76/0x230 [ 189.772380] __submit_bio+0x76/0x230 [ 189.772382] ? trace_hardirqs_on+0x1e/0xe0 [ 189.772384] submit_bio_noacct_nocheck+0x323/0x430 [ 189.772386] ? submit_bio_noacct_nocheck+0x323/0x430 [ 189.772387] ? __might_sleep+0x58/0xa0 [ 189.772390] submit_bio_noacct+0x2cc/0x620 [ 189.772391] ? count_memcg_events+0x68/0x90 [ 189.772393] submit_bio+0x38/0x110 [ 189.772395] __swap_writepage+0xf5/0x380 [ 189.772396] swap_writepage+0x3c7/0x600 [ 189.772397] shmem_writepage+0x3da/0x4f0 [ 189.772401] pageout+0x13f/0x310 [ 189.772406] shrink_folio_list+0x61c/0xf60 [ 189.772409] ? isolate_folios+0xe80/0x16b0 [ 189.772410] ? mark_held_locks+0x46/0x90 [ 189.772412] evict_folios+0x378/0xcd0 [ 189.772414] ? evict_folios+0x34a/0xcd0 [ 189.772415] ? lock_is_held_type+0xa3/0x130 [ 189.772417] try_to_shrink_lruvec+0x1b0/0x360 [ 189.772420] shrink_one+0x10e/0x200 [ 189.772421] shrink_node+0xc02/0x1490 [ 189.772423] ? shrink_node+0xa08/0x1490 [ 189.772424] ? shrink_node+0xbd8/0x1490 [ 189.772425] ? mem_cgroup_iter+0x366/0x480 [ 189.772427] balance_pgdat+0x563/0xb00 [ 189.772428] ? balance_pgdat+0x563/0xb00 [ 189.772430] ? trace_hardirqs_on+0x1e/0xe0 [ 189.772431] ? finish_task_switch.isra.0+0xcb/0x330 [ 189.772433] ? __switch_to_asm+0x33/0x70 [ 189.772437] kswapd+0x1e8/0x430 [ 189.772438] ? __pfx_autoremove_wake_function+0x10/0x10 [ 189.772440] ? __pfx_kswapd+0x10/0x10 [ 189.772441] kthread+0x10b/0x260 [ 189.772443] ? __pfx_kthread+0x10/0x10 [ 189.772444] ret_from_fork+0x44/0x70 [ 189.772446] ? __pfx_kthread+0x10/0x10 [ 189.772447] ret_from_fork_asm+0x1a/0x30 [ 189.772450] </TASK> [2]: [ 8.760253] ====================================================== [ 8.760254] WARNING: possible circular locking dependency detected [ 8.760255] 6.14.0-rc6-xe+ #7 Tainted: G U [ 8.760256] ------------------------------------------------------ [ 8.760257] (udev-worker)/674 is trying to acquire lock: [ 8.760259] ffff888100e39148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_remove+0x32/0x60 [ 8.760265] but task is already holding lock: [ 8.760266] ffff888110dc7680 (&q->q_usage_counter(io)ctrliq#27){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x12/0x30 [ 8.760272] which lock already depends on the new lock. [ 8.760272] the existing dependency chain (in reverse order) is: [ 8.760273] -> #2 (&q->q_usage_counter(io)ctrliq#27){++++}-{0:0}: [ 8.760276] blk_alloc_queue+0x30a/0x350 [ 8.760279] blk_mq_alloc_queue+0x6b/0xe0 [ 8.760281] scsi_alloc_sdev+0x276/0x3c0 [ 8.760284] scsi_probe_and_add_lun+0x22a/0x440 [ 8.760286] __scsi_scan_target+0x109/0x230 [ 8.760288] scsi_scan_channel+0x65/0xc0 [ 8.760290] scsi_scan_host_selected+0xff/0x140 [ 8.760292] do_scsi_scan_host+0xa7/0xc0 [ 8.760293] do_scan_async+0x1c/0x160 [ 8.760295] async_run_entry_fn+0x32/0x150 [ 8.760299] process_one_work+0x224/0x5f0 [ 8.760302] worker_thread+0x1d4/0x3e0 [ 8.760304] kthread+0x10b/0x260 [ 8.760306] ret_from_fork+0x44/0x70 [ 8.760309] ret_from_fork_asm+0x1a/0x30 [ 8.760312] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 8.760315] fs_reclaim_acquire+0xc5/0x100 [ 8.760317] kmem_cache_alloc_lru_noprof+0x4a/0x480 [ 8.760319] alloc_inode+0xaa/0xe0 [ 8.760322] iget_locked+0x157/0x330 [ 8.760323] kernfs_get_inode+0x1b/0x110 [ 8.760325] kernfs_get_tree+0x1b0/0x2e0 [ 8.760327] sysfs_get_tree+0x1f/0x60 [ 8.760329] vfs_get_tree+0x2a/0xf0 [ 8.760332] path_mount+0x4cd/0xc00 [ 8.760334] __x64_sys_mount+0x119/0x150 [ 8.760336] x64_sys_call+0x14f2/0x2310 [ 8.760338] do_syscall_64+0x91/0x180 [ 8.760340] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 8.760342] -> #0 (&root->kernfs_rwsem){++++}-{3:3}: [ 8.760345] __lock_acquire+0x1525/0x2760 [ 8.760347] lock_acquire+0xca/0x310 [ 8.760348] down_write+0x3e/0xf0 [ 8.760350] kernfs_remove+0x32/0x60 [ 8.760351] sysfs_remove_dir+0x4f/0x60 [ 8.760353] __kobject_del+0x33/0xa0 [ 8.760355] kobject_del+0x13/0x30 [ 8.760356] elv_unregister_queue+0x52/0x80 [ 8.760358] elevator_switch+0x68/0x360 [ 8.760360] elv_iosched_store+0x14b/0x1b0 [ 8.760362] queue_attr_store+0x181/0x1e0 [ 8.760364] sysfs_kf_write+0x49/0x80 [ 8.760366] kernfs_fop_write_iter+0x17d/0x250 [ 8.760367] vfs_write+0x281/0x540 [ 8.760370] ksys_write+0x72/0xf0 [ 8.760372] __x64_sys_write+0x19/0x30 [ 8.760374] x64_sys_call+0x2a3/0x2310 [ 8.760376] do_syscall_64+0x91/0x180 [ 8.760377] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 8.760380] other info that might help us debug this: [ 8.760380] Chain exists of: &root->kernfs_rwsem --> fs_reclaim --> &q->q_usage_counter(io)ctrliq#27 [ 8.760384] Possible unsafe locking scenario: [ 8.760384] CPU0 CPU1 [ 8.760385] ---- ---- [ 8.760385] lock(&q->q_usage_counter(io)ctrliq#27); [ 8.760387] lock(fs_reclaim); [ 8.760388] lock(&q->q_usage_counter(io)ctrliq#27); [ 8.760390] lock(&root->kernfs_rwsem); [ 8.760391] *** DEADLOCK *** [ 8.760391] 6 locks held by (udev-worker)/674: [ 8.760392] #0: ffff8881209ac420 (sb_writers#4){.+.+}-{0:0}, at: ksys_write+0x72/0xf0 [ 8.760398] #1: ffff88810c80f488 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x136/0x250 [ 8.760402] #2: ffff888125d1d330 (kn->active#101){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x13f/0x250 [ 8.760406] #3: ffff888110dc7bb0 (&q->sysfs_lock){+.+.}-{3:3}, at: queue_attr_store+0x148/0x1e0 [ 8.760411] #4: ffff888110dc7680 (&q->q_usage_counter(io)ctrliq#27){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x12/0x30 [ 8.760416] #5: ffff888110dc76b8 (&q->q_usage_counter(queue)ctrliq#27){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x12/0x30 [ 8.760421] stack backtrace: [ 8.760422] CPU: 7 UID: 0 PID: 674 Comm: (udev-worker) Tainted: G U 6.14.0-rc6-xe+ #7 [ 8.760424] Tainted: [U]=USER [ 8.760425] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 2001 02/01/2023 [ 8.760426] Call Trace: [ 8.760427] <TASK> [ 8.760428] dump_stack_lvl+0x6e/0xa0 [ 8.760431] dump_stack+0x10/0x18 [ 8.760433] print_circular_bug.cold+0x17a/0x1b7 [ 8.760437] check_noncircular+0x13a/0x150 [ 8.760441] ? save_trace+0x54/0x360 [ 8.760445] __lock_acquire+0x1525/0x2760 [ 8.760446] ? irqentry_exit+0x3a/0xb0 [ 8.760448] ? sysvec_apic_timer_interrupt+0x57/0xc0 [ 8.760452] lock_acquire+0xca/0x310 [ 8.760453] ? kernfs_remove+0x32/0x60 [ 8.760457] down_write+0x3e/0xf0 [ 8.760459] ? kernfs_remove+0x32/0x60 [ 8.760460] kernfs_remove+0x32/0x60 [ 8.760462] sysfs_remove_dir+0x4f/0x60 [ 8.760464] __kobject_del+0x33/0xa0 [ 8.760466] kobject_del+0x13/0x30 [ 8.760467] elv_unregister_queue+0x52/0x80 [ 8.760470] elevator_switch+0x68/0x360 [ 8.760472] elv_iosched_store+0x14b/0x1b0 [ 8.760475] queue_attr_store+0x181/0x1e0 [ 8.760479] ? lock_acquire+0xca/0x310 [ 8.760480] ? kernfs_fop_write_iter+0x13f/0x250 [ 8.760482] ? lock_is_held_type+0xa3/0x130 [ 8.760485] sysfs_kf_write+0x49/0x80 [ 8.760487] kernfs_fop_write_iter+0x17d/0x250 [ 8.760489] vfs_write+0x281/0x540 [ 8.760494] ksys_write+0x72/0xf0 [ 8.760497] __x64_sys_write+0x19/0x30 [ 8.760499] x64_sys_call+0x2a3/0x2310 [ 8.760502] do_syscall_64+0x91/0x180 [ 8.760504] ? trace_hardirqs_off+0x5d/0xe0 [ 8.760506] ? handle_softirqs+0x479/0x4d0 [ 8.760508] ? hrtimer_interrupt+0x13f/0x280 [ 8.760511] ? irqentry_exit_to_user_mode+0x8b/0x260 [ 8.760513] ? clear_bhb_loop+0x15/0x70 [ 8.760515] ? clear_bhb_loop+0x15/0x70 [ 8.760516] ? clear_bhb_loop+0x15/0x70 [ 8.760518] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 8.760520] RIP: 0033:0x7aa3bf2f5504 [ 8.760522] Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d c5 8b 10 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 [ 8.760523] RSP: 002b:00007ffc1e3697d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 8.760526] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007aa3bf2f5504 [ 8.760527] RDX: 0000000000000003 RSI: 00007ffc1e369ae0 RDI: 000000000000001c [ 8.760528] RBP: 00007ffc1e369800 R08: 00007aa3bf3f51c8 R09: 00007ffc1e3698b0 [ 8.760528] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 8.760529] R13: 00007ffc1e369ae0 R14: 0000613ccf21f2f0 R15: 00007aa3bf3f4e80 [ 8.760533] </TASK> v2: - Update a code comment to increase readability (Ming Lei). Cc: Jens Axboe <axboe@kernel.dk> Cc: linux-block@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: Ming Lei <ming.lei@redhat.com> Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com> Reviewed-by: Ming Lei <ming.lei@redhat.com> Link: https://lore.kernel.org/r/20250318095548.5187-1-thomas.hellstrom@linux.intel.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Ming Lei <ming.lei@redhat.com>
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
3c985a1 to
be3d5a3
Compare
|
ERROR: Failed to clone vulns repo: Cloning into '../vulns'... |
jira VULN-131259 cve CVE-2025-38556 commit-author Alan Stern <stern@rowland.harvard.edu> commit a6b87bf Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-by: syzbot+b63d677d63bcac06cf90@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-usb/68753a08.050a0220.33d347.0008.GAE@google.com/ Tested-by: syzbot+b63d677d63bcac06cf90@syzkaller.appspotmail.com Fixes: dde5845 ("[PATCH] Generic HID layer - code split") Cc: stable@vger.kernel.org Link: https://patch.msgid.link/613a66cd-4309-4bce-a4f7-2905f9bce0c9@rowland.harvard.edu Signed-off-by: Benjamin Tissoires <bentiss@kernel.org> (cherry picked from commit a6b87bf) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-131360 cve CVE-2024-58239 commit-author Sabrina Dubroca <sd@queasysnail.net> commit fdfbaec If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging them: - process_rx_list copies the non-DATA record - we start the loop and process the first available record since it's of the same type - we break out of the loop since the record was not DATA Just check the record type and jump to the end in case process_rx_list did some work. Fixes: 692d7b5 ("tls: Fix recvmsg() to be able to peek across multiple records") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/bd31449e43bd4b6ff546f5c51cf958c31c511deb.1708007371.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit fdfbaec) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-136507 cve-pre CVE-2025-39682 commit-author Jakub Kicinski <kuba@kernel.org> commit 4d42cd6 Gaurav reports that TLS Rx is broken with async crypto accelerators. The commit under fixes missed updating the retval byte counting logic when updating how records are stored. Even tho both before and after the change 'decrypted' was updated inside the main loop, it was completely overwritten when processing the async completions. Now that the rx_list only holds non-zero-copy records we need to add, not overwrite. Reported-and-bisected-by: Gaurav Jain <gaurav.jain@nxp.com> Fixes: cbbdee9 ("tls: rx: async: don't put async zc on the list") Link: https://bugzilla.kernel.org/show_bug.cgi?id=217064 Tested-by: Gaurav Jain <gaurav.jain@nxp.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Link: https://lore.kernel.org/r/20230227181201.1793772-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit 4d42cd6) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-136507 cve-pre CVE-2025-39682 commit-author Jakub Kicinski <kuba@kernel.org> commit ac437a5 We double count async, non-zc rx data. The previous fix was lucky because if we fully zc async_copy_bytes is 0 so we add 0. Decrypted already has all the bytes we handled, in all cases. We don't have to adjust anything, delete the erroneous line. Fixes: 4d42cd6 ("tls: rx: fix return value for async crypto") Co-developed-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit ac437a5) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-136507 cve-pre CVE-2025-39682 commit-author Sabrina Dubroca <sd@queasysnail.net> commit ec823bf If we queue 3 records: - record 1, type DATA - record 2, some other type - record 3, type DATA and do a recv(PEEK), the rx_list will contain the first two records. The next large recv will walk through the rx_list and copy data from record 1, then stop because record 2 is a different type. Since we haven't filled up our buffer, we will process the next available record. It's also DATA, so we can merge it with the current read. We shouldn't do that, since there was a record in between that we ignored. Add a flag to let process_rx_list inform tls_sw_recvmsg that it had more data available. Fixes: 692d7b5 ("tls: Fix recvmsg() to be able to peek across multiple records") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/f00c0c0afa080c60f016df1471158c1caf983c34.1708007371.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit ec823bf) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-136507 cve-pre CVE-2025-39682 commit-author Sabrina Dubroca <sd@queasysnail.net> commit 85eef9a process_rx_list may not copy as many bytes as we want to the userspace buffer, for example in case we hit an EFAULT during the copy. If this happens, we should only count the bytes that were actually copied, which may be 0. Subtracting async_copy_bytes is correct in both peek and !peek cases, because decrypted == async_copy_bytes + peeked for the peek case: peek is always !ZC, and we can go through either the sync or async path. In the async case, we add chunk to both decrypted and async_copy_bytes. In the sync case, we add chunk to both decrypted and peeked. I missed that in commit 6caaf10 ("tls: fix peeking with sync+async decryption"). Fixes: 4d42cd6 ("tls: rx: fix return value for async crypto") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://lore.kernel.org/r/1b5a1eaab3c088a9dd5d9f1059ceecd7afe888d1.1711120964.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit 85eef9a) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-136507 cve CVE-2025-39682 commit-author Jakub Kicinski <kuba@kernel.org> commit 62708b9 Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type than what has already been processed we break out of the main processing loop. If the record has already been decrypted (which may be the case for TLS 1.3 where we don't know type until decryption) we queue the pending record to the rx_list. Next recvmsg() will pick it up from there. Queuing the skb to rx_list after zero-copy decrypt is not possible, since in that case we decrypted directly to the user space buffer, and we don't have an skb to queue (darg.skb points to the ciphertext skb for access to metadata like length). Only data records are allowed zero-copy, and we break the processing loop after each non-data record. So we should never zero-copy and then find out that the record type has changed. The corner case we missed is when the initial record comes from rx_list, and it's zero length. Reported-by: Muhammad Alifa Ramdhan <ramdhan@starlabs.sg> Reported-by: Billy Jheng Bing-Jhong <billy@starlabs.sg> Fixes: 84c61fe ("tls: rx: do not use the standard strparser") Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://patch.msgid.link/20250820021952.143068-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit 62708b9) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-154755 cve CVE-2022-50341 commit-author Paulo Alcantara <pc@cjr.nz> commit f7f291e When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR = 0x9600004f EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x0f: level 3 permission fault Data abort info: ISV = 0, ISS = 0x0000004f CM = 0, WnR = 1 swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000294f3000 [ffff0001221cf000] pgd=18000001ffff8003, p4d=18000001ffff8003, pud=18000001ff82e003, pmd=18000001ff71d003, pte=00600001221cf787 Internal error: Oops: 9600004f [#1] PREEMPT SMP ... pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--) pc : __memcpy+0x40/0x230 lr : scatterwalk_copychunks+0xe0/0x200 sp : ffff800014e92de0 x29: ffff800014e92de0 x28: ffff000114f9de80 x27: 0000000000000008 x26: 0000000000000008 x25: ffff800014e92e78 x24: 0000000000000008 x23: 0000000000000001 x22: 0000040000000000 x21: ffff000000000000 x20: 0000000000000001 x19: ffff0001037c4488 x18: 0000000000000014 x17: 235e1c0d6efa9661 x16: a435f9576b6edd6c x15: 0000000000000058 x14: 0000000000000001 x13: 0000000000000008 x12: ffff000114f2e590 x11: ffffffffffffffff x10: 0000040000000000 x9 : ffff8000105c3580 x8 : 2e9413b10000001a x7 : 534b4410fb86b005 x6 : 534b4410fb86b005 x5 : ffff0001221cf008 x4 : ffff0001037c4490 x3 : 0000000000000001 x2 : 0000000000000008 x1 : ffff0001037c4488 x0 : ffff0001221cf000 Call trace: __memcpy+0x40/0x230 scatterwalk_map_and_copy+0x98/0x100 crypto_ccm_encrypt+0x150/0x180 crypto_aead_encrypt+0x2c/0x40 crypt_message+0x750/0x880 smb3_init_transform_rq+0x298/0x340 smb_send_rqst.part.11+0xd8/0x180 smb_send_rqst+0x3c/0x100 compound_send_recv+0x534/0xbc0 smb2_query_info_compound+0x32c/0x440 smb2_set_ea+0x438/0x4c0 cifs_xattr_set+0x5d4/0x7c0 This is because in scatterwalk_copychunks(), we attempted to write to a buffer (@sign) that was allocated in the stack (vmalloc area) by crypt_message() and thus accessing its remaining 8 (x2) bytes ended up crossing a page boundary. To simply fix it, we could just pass @sign kmalloc'd from crypt_message() and then we're done. Luckily, we don't seem to pass any other vmalloc'd buffers in smb_rqst::rq_iov... Instead, let's map the correct pages and offsets from vmalloc buffers as well in cifs_sg_set_buf() and then avoiding such oopses. Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz> Cc: stable@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com> (cherry picked from commit f7f291e) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com> # Conflicts: # fs/cifs/cifsglob.h
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
be3d5a3 to
f94396f
Compare
🔍 Upstream Linux Kernel Commit Check
This is an automated message from the kernel commit checker workflow. |
🔍 Interdiff Analysis
diff -u b/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
--- b/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -204,12 +204,10 @@
{
struct drm_device *dev = obj->dev;
- mutex_lock(&dev->object_name_lock);
+ guard(mutex)(&dev->object_name_lock);
drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
drm_gem_object_handle_get(obj);
-
- mutex_unlock(&dev->object_name_lock);
}
EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
diff -u b/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
--- b/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -193,37 +193,25 @@
}
/**
- * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any
+ * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles
* @obj: GEM object
*
- * Acquires a reference on the GEM buffer object's handle. Required to keep
- * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked()
- * to release the reference. Does nothing if the buffer object has no handle.
- *
- * Returns:
- * True if a handle exists, or false otherwise
+ * Acquires a reference on the GEM buffer object's handle. Required
+ * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked()
+ * to release the reference.
*/
-bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj)
+void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj)
{
struct drm_device *dev = obj->dev;
mutex_lock(&dev->object_name_lock);
- /*
- * First ref taken during GEM object creation, if any. Some
- * drivers set up internal framebuffers with GEM objects that
- * do not have a GEM handle. Hence, this counter can be zero.
- */
- if (!obj->handle_count) {
- mutex_unlock(&dev->object_name_lock);
- return false;
- }
-
+ drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
drm_gem_object_handle_get(obj);
mutex_unlock(&dev->object_name_lock);
- return true;
}
+EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
/**
* drm_gem_object_handle_free - release resources bound to userspace handles
@@ -223,23 +223,34 @@
}
/**
- * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles
+ * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any
* @obj: GEM object
*
- * Acquires a reference on the GEM buffer object's handle. Required
- * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked()
- * to release the reference.
+ * Acquires a reference on the GEM buffer object's handle. Required to keep
+ * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked()
+ * to release the reference. Does nothing if the buffer object has no handle.
+ *
+ * Returns:
+ * True if a handle exists, or false otherwise
*/
-void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj)
+bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj)
{
struct drm_device *dev = obj->dev;
guard(mutex)(&dev->object_name_lock);
- drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
+ /*
+ * First ref taken during GEM object creation, if any. Some
+ * drivers set up internal framebuffers with GEM objects that
+ * do not have a GEM handle. Hence, this counter can be zero.
+ */
+ if (!obj->handle_count)
+ return false;
+
drm_gem_object_handle_get(obj);
+
+ return true;
}
-EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
/**
* drm_gem_object_handle_free - release resources bound to userspace handles
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
🔍 Upstream Linux Kernel Commit Check
This is an automated message from the kernel commit checker workflow. |
🔍 Interdiff Analysis
diff -u b/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
--- b/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -204,12 +204,10 @@
{
struct drm_device *dev = obj->dev;
- mutex_lock(&dev->object_name_lock);
+ guard(mutex)(&dev->object_name_lock);
drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
drm_gem_object_handle_get(obj);
-
- mutex_unlock(&dev->object_name_lock);
}
EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
diff -u b/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
--- b/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -193,37 +193,25 @@
}
/**
- * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any
+ * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles
* @obj: GEM object
*
- * Acquires a reference on the GEM buffer object's handle. Required to keep
- * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked()
- * to release the reference. Does nothing if the buffer object has no handle.
- *
- * Returns:
- * True if a handle exists, or false otherwise
+ * Acquires a reference on the GEM buffer object's handle. Required
+ * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked()
+ * to release the reference.
*/
-bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj)
+void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj)
{
struct drm_device *dev = obj->dev;
mutex_lock(&dev->object_name_lock);
- /*
- * First ref taken during GEM object creation, if any. Some
- * drivers set up internal framebuffers with GEM objects that
- * do not have a GEM handle. Hence, this counter can be zero.
- */
- if (!obj->handle_count) {
- mutex_unlock(&dev->object_name_lock);
- return false;
- }
-
+ drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
drm_gem_object_handle_get(obj);
mutex_unlock(&dev->object_name_lock);
- return true;
}
+EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
/**
* drm_gem_object_handle_free - release resources bound to userspace handles
@@ -223,23 +223,34 @@
}
/**
- * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles
+ * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any
* @obj: GEM object
*
- * Acquires a reference on the GEM buffer object's handle. Required
- * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked()
- * to release the reference.
+ * Acquires a reference on the GEM buffer object's handle. Required to keep
+ * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked()
+ * to release the reference. Does nothing if the buffer object has no handle.
+ *
+ * Returns:
+ * True if a handle exists, or false otherwise
*/
-void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj)
+bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj)
{
struct drm_device *dev = obj->dev;
guard(mutex)(&dev->object_name_lock);
- drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
+ /*
+ * First ref taken during GEM object creation, if any. Some
+ * drivers set up internal framebuffers with GEM objects that
+ * do not have a GEM handle. Hence, this counter can be zero.
+ */
+ if (!obj->handle_count)
+ return false;
+
drm_gem_object_handle_get(obj);
+
+ return true;
}
-EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
/**
* drm_gem_object_handle_free - release resources bound to userspace handles
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
🔍 Upstream Linux Kernel Commit Check
This is an automated message from the kernel commit checker workflow. |
🔍 Interdiff Analysis
diff -u b/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
--- b/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -204,12 +204,10 @@
{
struct drm_device *dev = obj->dev;
- mutex_lock(&dev->object_name_lock);
+ guard(mutex)(&dev->object_name_lock);
drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
drm_gem_object_handle_get(obj);
-
- mutex_unlock(&dev->object_name_lock);
}
EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
diff -u b/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
--- b/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -193,37 +193,25 @@
}
/**
- * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any
+ * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles
* @obj: GEM object
*
- * Acquires a reference on the GEM buffer object's handle. Required to keep
- * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked()
- * to release the reference. Does nothing if the buffer object has no handle.
- *
- * Returns:
- * True if a handle exists, or false otherwise
+ * Acquires a reference on the GEM buffer object's handle. Required
+ * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked()
+ * to release the reference.
*/
-bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj)
+void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj)
{
struct drm_device *dev = obj->dev;
mutex_lock(&dev->object_name_lock);
- /*
- * First ref taken during GEM object creation, if any. Some
- * drivers set up internal framebuffers with GEM objects that
- * do not have a GEM handle. Hence, this counter can be zero.
- */
- if (!obj->handle_count) {
- mutex_unlock(&dev->object_name_lock);
- return false;
- }
-
+ drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
drm_gem_object_handle_get(obj);
mutex_unlock(&dev->object_name_lock);
- return true;
}
+EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
/**
* drm_gem_object_handle_free - release resources bound to userspace handles
@@ -223,23 +223,34 @@
}
/**
- * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles
+ * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any
* @obj: GEM object
*
- * Acquires a reference on the GEM buffer object's handle. Required
- * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked()
- * to release the reference.
+ * Acquires a reference on the GEM buffer object's handle. Required to keep
+ * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked()
+ * to release the reference. Does nothing if the buffer object has no handle.
+ *
+ * Returns:
+ * True if a handle exists, or false otherwise
*/
-void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj)
+bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj)
{
struct drm_device *dev = obj->dev;
guard(mutex)(&dev->object_name_lock);
- drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
+ /*
+ * First ref taken during GEM object creation, if any. Some
+ * drivers set up internal framebuffers with GEM objects that
+ * do not have a GEM handle. Hence, this counter can be zero.
+ */
+ if (!obj->handle_count)
+ return false;
+
drm_gem_object_handle_get(obj);
+
+ return true;
}
-EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
/**
* drm_gem_object_handle_free - release resources bound to userspace handles
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
497d023 to
5b69b1e
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
1 similar comment
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
5b69b1e to
a10e773
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
a10e773 to
daece05
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
1 similar comment
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
daece05 to
19caec1
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
19caec1 to
c265402
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
c265402 to
5f681e3
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
jira VULN-154755 cve-bf CVE-2022-50341 commit-author Yang Li <yang.lee@linux.alibaba.com> commit d74f4a3 ./fs/cifs/cifsglob.h: linux/scatterlist.h is included more than once. Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=3459 Fixes: f7f291e ("cifs: fix oops during encryption") Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: Steve French <stfrench@microsoft.com> (cherry picked from commit d74f4a3) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
5f681e3 to
4e55a01
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
github-actions bot
pushed a commit
that referenced
this pull request
Nov 11, 2025
Replace the hack added by commit f958bd2 ("KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform") with a more robust approach of unloading+reloading guest FPU state based on whether or not the vCPU's FPU is currently in-use, i.e. currently loaded. This fixes a bug on hosts that support CET but not MPX, where kvm_arch_vcpu_ioctl_get_mpstate() neglects to load FPU state (it only checks for MPX support) and leads to KVM attempting to put FPU state due to kvm_apic_accept_events() triggering INIT emulation. E.g. on a host with CET but not MPX, syzkaller+KASAN generates: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] CPU: 211 UID: 0 PID: 20451 Comm: syz.9.26 Tainted: G S 6.18.0-smp-DEV #7 NONE Tainted: [S]=CPU_OUT_OF_SPEC Hardware name: Google Izumi/izumi, BIOS 0.20250729.1-0 07/29/2025 RIP: 0010:fpu_swap_kvm_fpstate+0x3ce/0x610 ../arch/x86/kernel/fpu/core.c:377 RSP: 0018:ff1100410c167cc0 EFLAGS: 00010202 RAX: 0000000000000004 RBX: 0000000000000020 RCX: 00000000000001aa RDX: 00000000000001ab RSI: ffffffff817bb960 RDI: 0000000022600000 RBP: dffffc0000000000 R08: ff110040d23c8007 R09: 1fe220081a479000 R10: dffffc0000000000 R11: ffe21c081a479001 R12: ff110040d23c8d98 R13: 00000000fffdc578 R14: 0000000000000000 R15: ff110040d23c8d90 FS: 00007f86dd1876c0(0000) GS:ff11007fc969b000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f86dd186fa8 CR3: 00000040d1dfa003 CR4: 0000000000f73ef0 PKRU: 80000000 Call Trace: <TASK> kvm_vcpu_reset+0x80d/0x12c0 ../arch/x86/kvm/x86.c:11818 kvm_apic_accept_events+0x1cb/0x500 ../arch/x86/kvm/lapic.c:3489 kvm_arch_vcpu_ioctl_get_mpstate+0xd0/0x4e0 ../arch/x86/kvm/x86.c:12145 kvm_vcpu_ioctl+0x5e2/0xed0 ../virt/kvm/kvm_main.c:4539 __se_sys_ioctl+0x11d/0x1b0 ../fs/ioctl.c:51 do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x6e/0x940 ../arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f86de71d9c9 </TASK> with a very simple reproducer: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, ...) ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f00000000c0)) Alternatively, the MPX hack in GET_MP_STATE could be extended to cover CET, but from a "don't break existing functionality" perspective, that isn't any less risky than peeking at the state of in_use, and it's far less robust for a long term solution (as evidenced by this bug). Reported-by: Alexander Potapenko <glider@google.com> Fixes: 69cc3e8 ("KVM: x86: Add XSS support for CET_KERNEL and CET_USER") Reviewed-by: Yao Yuan <yaoyuan@linux.alibaba.com> Reviewed-by: Chao Gao <chao.gao@intel.com> Link: https://patch.msgid.link/20251030185802.3375059-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc@google.com>
github-actions bot
pushed a commit
that referenced
this pull request
Nov 14, 2025
JIRA: https://issues.redhat.com/browse/RHEL-110274 commit ee684de Author: Viktor Malik <vmalik@redhat.com> Date: Tue Apr 15 17:50:14 2025 +0200 libbpf: Fix buffer overflow in bpf_object__init_prog As shown in [1], it is possible to corrupt a BPF ELF file such that arbitrary BPF instructions are loaded by libbpf. This can be done by setting a symbol (BPF program) section offset to a large (unsigned) number such that <section start + symbol offset> overflows and points before the section data in the memory. Consider the situation below where: - prog_start = sec_start + symbol_offset <-- size_t overflow here - prog_end = prog_start + prog_size prog_start sec_start prog_end sec_end | | | | v v v v .....................|################################|............ The report in [1] also provides a corrupted BPF ELF which can be used as a reproducer: $ readelf -S crash Section Headers: [Nr] Name Type Address Offset Size EntSize Flags Link Info Align ... [ 2] uretprobe.mu[...] PROGBITS 0000000000000000 00000040 0000000000000068 0000000000000000 AX 0 0 8 $ readelf -s crash Symbol table '.symtab' contains 8 entries: Num: Value Size Type Bind Vis Ndx Name ... 6: ffffffffffffffb8 104 FUNC GLOBAL DEFAULT 2 handle_tp Here, the handle_tp prog has section offset ffffffffffffffb8, i.e. will point before the actual memory where section 2 is allocated. This is also reported by AddressSanitizer: ================================================================= ==1232==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7c7302fe0000 at pc 0x7fc3046e4b77 bp 0x7ffe64677cd0 sp 0x7ffe64677490 READ of size 104 at 0x7c7302fe0000 thread T0 #0 0x7fc3046e4b76 in memcpy (/lib64/libasan.so.8+0xe4b76) #1 0x00000040df3e in bpf_object__init_prog /src/libbpf/src/libbpf.c:856 #2 0x00000040df3e in bpf_object__add_programs /src/libbpf/src/libbpf.c:928 #3 0x00000040df3e in bpf_object__elf_collect /src/libbpf/src/libbpf.c:3930 #4 0x00000040df3e in bpf_object_open /src/libbpf/src/libbpf.c:8067 #5 0x00000040f176 in bpf_object__open_file /src/libbpf/src/libbpf.c:8090 #6 0x000000400c16 in main /poc/poc.c:8 #7 0x7fc3043d25b4 in __libc_start_call_main (/lib64/libc.so.6+0x35b4) ctrliq#8 0x7fc3043d2667 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x3667) ctrliq#9 0x000000400b34 in _start (/poc/poc+0x400b34) 0x7c7302fe0000 is located 64 bytes before 104-byte region [0x7c7302fe0040,0x7c7302fe00a8) allocated by thread T0 here: #0 0x7fc3046e716b in malloc (/lib64/libasan.so.8+0xe716b) #1 0x7fc3045ee600 in __libelf_set_rawdata_wrlock (/lib64/libelf.so.1+0xb600) #2 0x7fc3045ef018 in __elf_getdata_rdlock (/lib64/libelf.so.1+0xc018) #3 0x00000040642f in elf_sec_data /src/libbpf/src/libbpf.c:3740 The problem here is that currently, libbpf only checks that the program end is within the section bounds. There used to be a check `while (sec_off < sec_sz)` in bpf_object__add_programs, however, it was removed by commit 6245947 ("libbpf: Allow gaps in BPF program sections to support overriden weak functions"). Add a check for detecting the overflow of `sec_off + prog_sz` to bpf_object__init_prog to fix this issue. [1] https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md Fixes: 6245947 ("libbpf: Allow gaps in BPF program sections to support overriden weak functions") Reported-by: lmarch2 <2524158037@qq.com> Signed-off-by: Viktor Malik <vmalik@redhat.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Reviewed-by: Shung-Hsi Yu <shung-hsi.yu@suse.com> Link: https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md Link: https://lore.kernel.org/bpf/20250415155014.397603-1-vmalik@redhat.com Signed-off-by: Viktor Malik <vmalik@redhat.com>
github-actions bot
pushed a commit
that referenced
this pull request
Dec 7, 2025
While testing rpmsg-char interface it was noticed that duplicate sysfs entries are getting created and below warning is noticed. Reason for this is that we are leaking rpmsg device pointer, setting it null without actually unregistering device. Any further attempts to unregister fail because rpdev is NULL, resulting in a leak. Fix this by unregistering rpmsg device before removing its reference from rpmsg channel. sysfs: cannot create duplicate filename '/devices/platform/soc@0/3700000.remot eproc/remoteproc/remoteproc1/3700000.remoteproc:glink-edge/3700000.remoteproc: glink-edge.adsp_apps.-1.-1' [ 114.115347] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.16.0-rc4 #7 PREEMPT [ 114.115355] Hardware name: Qualcomm Technologies, Inc. Robotics RB3gen2 (DT) [ 114.115358] Workqueue: events qcom_glink_work [ 114.115371] Call trace:8 [ 114.115374] show_stack+0x18/0x24 (C) [ 114.115382] dump_stack_lvl+0x60/0x80 [ 114.115388] dump_stack+0x18/0x24 [ 114.115393] sysfs_warn_dup+0x64/0x80 [ 114.115402] sysfs_create_dir_ns+0xf4/0x120 [ 114.115409] kobject_add_internal+0x98/0x260 [ 114.115416] kobject_add+0x9c/0x108 [ 114.115421] device_add+0xc4/0x7a0 [ 114.115429] rpmsg_register_device+0x5c/0xb0 [ 114.115434] qcom_glink_work+0x4bc/0x820 [ 114.115438] process_one_work+0x148/0x284 [ 114.115446] worker_thread+0x2c4/0x3e0 [ 114.115452] kthread+0x12c/0x204 [ 114.115457] ret_from_fork+0x10/0x20 [ 114.115464] kobject: kobject_add_internal failed for 3700000.remoteproc: glink-edge.adsp_apps.-1.-1 with -EEXIST, don't try to register things with the same name in the same directory. [ 114.250045] rpmsg 3700000.remoteproc:glink-edge.adsp_apps.-1.-1: device_add failed: -17 Fixes: 835764d ("rpmsg: glink: Move the common glink protocol implementation to glink_native.c") Cc: Stable@vger.kernel.org Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@oss.qualcomm.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Link: https://lore.kernel.org/r/20250822100043.2604794-2-srinivas.kandagatla@oss.qualcomm.com Signed-off-by: Bjorn Andersson <andersson@kernel.org>
github-actions bot
pushed a commit
that referenced
this pull request
Dec 8, 2025
… 'T'
When perf report with annotation for a symbol, press 's' and 'T', then exit
the annotate browser. Once annotate the same symbol, the annotate browser
will crash.
The browser.arch was required to be correctly updated when data type
feature was enabled by 'T'. Usually it was initialized by symbol__annotate2
function. If a symbol has already been correctly annotated at the first
time, it should not call the symbol__annotate2 function again, thus the
browser.arch will not get initialized. Then at the second time to show the
annotate browser, the data type needs to be displayed but the browser.arch
is empty.
Stack trace as below:
Perf: Segmentation fault
-------- backtrace --------
#0 0x55d365 in ui__signal_backtrace setup.c:0
#1 0x7f5ff1a3e930 in __restore_rt libc.so.6[3e930]
#2 0x570f08 in arch__is perf[570f08]
#3 0x562186 in annotate_get_insn_location perf[562186]
#4 0x562626 in __hist_entry__get_data_type annotate.c:0
#5 0x56476d in annotation_line__write perf[56476d]
#6 0x54e2db in annotate_browser__write annotate.c:0
#7 0x54d061 in ui_browser__list_head_refresh perf[54d061]
ctrliq#8 0x54dc9e in annotate_browser__refresh annotate.c:0
ctrliq#9 0x54c03d in __ui_browser__refresh browser.c:0
ctrliq#10 0x54ccf8 in ui_browser__run perf[54ccf8]
ctrliq#11 0x54eb92 in __hist_entry__tui_annotate perf[54eb92]
ctrliq#12 0x552293 in do_annotate hists.c:0
ctrliq#13 0x55941c in evsel__hists_browse hists.c:0
ctrliq#14 0x55b00f in evlist__tui_browse_hists perf[55b00f]
ctrliq#15 0x42ff02 in cmd_report perf[42ff02]
ctrliq#16 0x494008 in run_builtin perf.c:0
ctrliq#17 0x494305 in handle_internal_command perf.c:0
ctrliq#18 0x410547 in main perf[410547]
ctrliq#19 0x7f5ff1a295d0 in __libc_start_call_main libc.so.6[295d0]
ctrliq#20 0x7f5ff1a29680 in __libc_start_main@@GLIBC_2.34 libc.so.6[29680]
ctrliq#21 0x410b75 in _start perf[410b75]
Fixes: 1d4374a ("perf annotate: Add 'T' hot key to toggle data type display")
Reviewed-by: James Clark <james.clark@linaro.org>
Tested-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Tianyou Li <tianyou.li@intel.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
github-actions bot
pushed a commit
that referenced
this pull request
Dec 8, 2025
When using perf record with the `--overwrite` option, a segmentation fault
occurs if an event fails to open. For example:
perf record -e cycles-ct -F 1000 -a --overwrite
Error:
cycles-ct:H: PMU Hardware doesn't support sampling/overflow-interrupts. Try 'perf stat'
perf: Segmentation fault
#0 0x6466b6 in dump_stack debug.c:366
#1 0x646729 in sighandler_dump_stack debug.c:378
#2 0x453fd1 in sigsegv_handler builtin-record.c:722
#3 0x7f8454e65090 in __restore_rt libc-2.32.so[54090]
#4 0x6c5671 in __perf_event__synthesize_id_index synthetic-events.c:1862
#5 0x6c5ac0 in perf_event__synthesize_id_index synthetic-events.c:1943
#6 0x458090 in record__synthesize builtin-record.c:2075
#7 0x45a85a in __cmd_record builtin-record.c:2888
ctrliq#8 0x45deb6 in cmd_record builtin-record.c:4374
ctrliq#9 0x4e5e33 in run_builtin perf.c:349
ctrliq#10 0x4e60bf in handle_internal_command perf.c:401
ctrliq#11 0x4e6215 in run_argv perf.c:448
ctrliq#12 0x4e653a in main perf.c:555
ctrliq#13 0x7f8454e4fa72 in __libc_start_main libc-2.32.so[3ea72]
ctrliq#14 0x43a3ee in _start ??:0
The --overwrite option implies --tail-synthesize, which collects non-sample
events reflecting the system status when recording finishes. However, when
evsel opening fails (e.g., unsupported event 'cycles-ct'), session->evlist
is not initialized and remains NULL. The code unconditionally calls
record__synthesize() in the error path, which iterates through the NULL
evlist pointer and causes a segfault.
To fix it, move the record__synthesize() call inside the error check block, so
it's only called when there was no error during recording, ensuring that evlist
is properly initialized.
Fixes: 4ea648a ("perf record: Add --tail-synthesize option")
Signed-off-by: Shuai Xue <xueshuai@linux.alibaba.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
github-actions bot
pushed a commit
that referenced
this pull request
Dec 8, 2025
When interrupting perf stat in repeat mode with a signal the signal is passed to the child process but the repeat doesn't terminate: ``` $ perf stat -v --null --repeat 10 sleep 1 Control descriptor is not initialized [ perf stat: executing run #1 ... ] [ perf stat: executing run #2 ... ] ^Csleep: Interrupt [ perf stat: executing run #3 ... ] [ perf stat: executing run #4 ... ] [ perf stat: executing run #5 ... ] [ perf stat: executing run #6 ... ] [ perf stat: executing run #7 ... ] [ perf stat: executing run ctrliq#8 ... ] [ perf stat: executing run ctrliq#9 ... ] [ perf stat: executing run ctrliq#10 ... ] Performance counter stats for 'sleep 1' (10 runs): 0.9500 +- 0.0512 seconds time elapsed ( +- 5.39% ) 0.01user 0.02system 0:09.53elapsed 0%CPU (0avgtext+0avgdata 18940maxresident)k 29944inputs+0outputs (0major+2629minor)pagefaults 0swaps ``` Terminate the repeated run and give a reasonable exit value: ``` $ perf stat -v --null --repeat 10 sleep 1 Control descriptor is not initialized [ perf stat: executing run #1 ... ] [ perf stat: executing run #2 ... ] [ perf stat: executing run #3 ... ] ^Csleep: Interrupt Performance counter stats for 'sleep 1' (10 runs): 0.680 +- 0.321 seconds time elapsed ( +- 47.16% ) Command exited with non-zero status 130 0.00user 0.01system 0:02.05elapsed 0%CPU (0avgtext+0avgdata 70688maxresident)k 0inputs+0outputs (0major+5002minor)pagefaults 0swaps ``` Note, this also changes the exit value for non-repeat runs when interrupted by a signal. Reported-by: Ingo Molnar <mingo@kernel.org> Closes: https://lore.kernel.org/lkml/aS5wjmbAM9ka3M2g@gmail.com/ Signed-off-by: Ian Rogers <irogers@google.com> Tested-by: Thomas Richter <tmricht@linux.ibm.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
github-actions bot
pushed a commit
that referenced
this pull request
Dec 13, 2025
Since commit a735831 ("drm/nouveau: vendor in drm_encoder_slave API") nouveau appears to be broken for all dispnv04 GPUs (before NV50). Depending on the kernel version, either having no display output and hanging in kernel for a long time, or even oopsing in the cleanup path like: Hardware name: PowerMac11,2 PPC970MP 0x440101 PowerMac ... nouveau 0000:0a:00.0: drm: 0x14C5: Parsing digital output script table BUG: Unable to handle kernel data access on read at 0x00041520 Faulting instruction address: 0xc0003d0001be0844 Oops: Kernel access of bad area, sig: 11 [#1] BE PAGE_SIZE=4K MMU=Hash SMP NR_CPUS=8 NUMA PowerMac Modules linked in: windfarm_cpufreq_clamp windfarm_smu_sensors windfarm_smu_controls windfarm_pm112 snd_aoa_codec_onyx snd_aoa_fabric_layout snd_aoa windfarm_pid jo apple_mfi_fastcharge rndis_host cdc_ether usbnet mii snd_aoa_i2sbus snd_aoa_soundbus snd_pcm snd_timer snd soundcore rack_meter windfarm_smu_sat windfarm_max6690_s m75_sensor windfarm_core gpu_sched drm_gpuvm drm_exec drm_client_lib drm_ttm_helper ttm drm_display_helper drm_kms_helper drm drm_panel_orientation_quirks syscopyar _sys_fops i2c_algo_bit backlight uio_pdrv_genirq uio uninorth_agp agpgart zram dm_mod dax ipv6 nfsv4 dns_resolver nfs lockd grace sunrpc offb cfbfillrect cfbimgblt ont input_leds sr_mod cdrom sd_mod uas ata_generic hid_apple hid_generic usbhid hid usb_storage pata_macio sata_svw libata firewire_ohci scsi_mod firewire_core ohci ehci_pci ehci_hcd tg3 ohci_hcd libphy usbcore usb_common nls_base led_class CPU: 0 UID: 0 PID: 245 Comm: (udev-worker) Not tainted 6.14.0-09584-g7d06015d936c #7 PREEMPTLAZY Hardware name: PowerMac11,2 PPC970MP 0x440101 PowerMac NIP: c0003d0001be0844 LR: c0003d0001be0830 CTR: 0000000000000000 REGS: c0000000053f70e0 TRAP: 0300 Not tainted (6.14.0-09584-g7d06015d936c) MSR: 9000000000009032 <SF,HV,EE,ME,IR,DR,RI> CR: 24222220 XER: 00000000 DAR: 0000000000041520 DSISR: 40000000 IRQMASK: 0 \x0aGPR00: c0003d0001be0830 c0000000053f7380 c0003d0000911900 c000000007bc6800 \x0aGPR04: 0000000000000000 0000000000000000 c000000007bc6e70 0000000000000001 \x0aGPR08: 01f3040000000000 0000000000041520 0000000000000000 c0003d0000813958 \x0aGPR12: c000000000071a48 c000000000e28000 0000000000000020 0000000000000000 \x0aGPR16: 0000000000000000 0000000000f52630 0000000000000000 0000000000000000 \x0aGPR20: 0000000000000000 0000000000000000 0000000000000001 c0003d0000928528 \x0aGPR24: c0003d0000928598 0000000000000000 c000000007025480 c000000007025480 \x0aGPR28: c0000000010b4000 0000000000000000 c000000007bc1800 c000000007bc6800 NIP [c0003d0001be0844] nv_crtc_destroy+0x44/0xd4 [nouveau] LR [c0003d0001be0830] nv_crtc_destroy+0x30/0xd4 [nouveau] Call Trace: [c0000000053f7380] [c0003d0001be0830] nv_crtc_destroy+0x30/0xd4 [nouveau] (unreliable) [c0000000053f73c0] [c0003d00007f7bf4] drm_mode_config_cleanup+0x27c/0x30c [drm] [c0000000053f7490] [c0003d0001bdea50] nouveau_display_create+0x1cc/0x550 [nouveau] [c0000000053f7500] [c0003d0001bcc29c] nouveau_drm_device_init+0x1c8/0x844 [nouveau] [c0000000053f75e0] [c0003d0001bcc9ec] nouveau_drm_probe+0xd4/0x1e0 [nouveau] [c0000000053f7670] [c000000000557d24] local_pci_probe+0x50/0xa8 [c0000000053f76f0] [c000000000557fa8] pci_device_probe+0x22c/0x240 [c0000000053f7760] [c0000000005fff3c] really_probe+0x188/0x31c [c0000000053f77e0] [c000000000600204] __driver_probe_device+0x134/0x13c [c0000000053f7860] [c0000000006002c0] driver_probe_device+0x3c/0xb4 [c0000000053f78a0] [c000000000600534] __driver_attach+0x118/0x128 [c0000000053f78e0] [c0000000005fe038] bus_for_each_dev+0xa8/0xf4 [c0000000053f7950] [c0000000005ff460] driver_attach+0x2c/0x40 [c0000000053f7970] [c0000000005fea68] bus_add_driver+0x130/0x278 [c0000000053f7a00] [c00000000060117c] driver_register+0x9c/0x1a0 [c0000000053f7a80] [c00000000055623c] __pci_register_driver+0x5c/0x70 [c0000000053f7aa0] [c0003d0001c058a0] nouveau_drm_init+0x254/0x278 [nouveau] [c0000000053f7b10] [c00000000000e9bc] do_one_initcall+0x84/0x268 [c0000000053f7bf0] [c0000000001a0ba0] do_init_module+0x70/0x2d8 [c0000000053f7c70] [c0000000001a42bc] init_module_from_file+0xb4/0x108 [c0000000053f7d50] [c0000000001a4504] sys_finit_module+0x1ac/0x478 [c0000000053f7e10] [c000000000023230] system_call_exception+0x1a4/0x20c [c0000000053f7e50] [c00000000000c554] system_call_common+0xf4/0x258 --- interrupt: c00 at 0xfd5f988 NIP: 000000000fd5f988 LR: 000000000ff9b148 CTR: 0000000000000000 REGS: c0000000053f7e80 TRAP: 0c00 Not tainted (6.14.0-09584-g7d06015d936c) MSR: 100000000000d032 <HV,EE,PR,ME,IR,DR,RI> CR: 28222244 XER: 00000000 IRQMASK: 0 \x0aGPR00: 0000000000000161 00000000ffcdc2d0 00000000405db160 0000000000000020 \x0aGPR04: 000000000ffa2c9c 0000000000000000 000000000000001f 0000000000000045 \x0aGPR08: 0000000011a13770 0000000000000000 0000000000000000 0000000000000000 \x0aGPR12: 0000000000000000 0000000010249d8c 0000000000000020 0000000000000000 \x0aGPR16: 0000000000000000 0000000000f52630 0000000000000000 0000000000000000 \x0aGPR20: 0000000000000000 0000000000000000 0000000000000000 0000000011a11a70 \x0aGPR24: 0000000011a13580 0000000011a11950 0000000011a11a70 0000000000020000 \x0aGPR28: 000000000ffa2c9c 0000000000000000 000000000ffafc40 0000000011a11a70 NIP [000000000fd5f988] 0xfd5f988 LR [000000000ff9b148] 0xff9b148 --- interrupt: c00 Code: f821ffc1 418200ac e93f0000 e9290038 e9291468 eba90000 48026c0d e8410018 e93f06aa 3d290001 392982a4 79291f24 <7fdd482a> 2c3e0000 41820030 7fc3f378 ---[ end trace 0000000000000000 ]--- This is caused by the i2c encoder modules vendored into nouveau/ now depending on the equally vendored nouveau_i2c_encoder_destroy function. Trying to auto-load this modules hangs on nouveau initialization until timeout, and nouveau continues without i2c video encoders. Fix by avoiding nouveau dependency by __always_inlining that helper functions into those i2c video encoder modules. Fixes: a735831 ("drm/nouveau: vendor in drm_encoder_slave API") Signed-off-by: René Rebe <rene@exactco.de> Reviewed-by: Lyude Paul <lyude@redhat.com> [Lyude: fixed commit reference in description] Signed-off-by: Lyude Paul <lyude@redhat.com> Link: https://patch.msgid.link/20251202.164952.2216481867721531616.rene@exactco.de
github-actions bot
pushed a commit
that referenced
this pull request
Dec 18, 2025
JIRA: https://issues.redhat.com/browse/RHEL-114091 commit eedf3e3 Author: Tamir Duberstein <tamird@gmail.com> Date: Tue, 06 May 2025 23:05:42 +0000 ACPICA commit 1c28da2242783579d59767617121035dafba18c3 This was originally done in NetBSD: NetBSD/src@b69d1ac and is the correct alternative to the smattering of `memcpy`s I previously contributed to this repository. This also sidesteps the newly strict checks added in UBSAN: llvm/llvm-project@7926744 Before this change we see the following UBSAN stack trace in Fuchsia: #0 0x000021afcfdeca5e in acpi_rs_get_address_common(struct acpi_resource*, union aml_resource*) ../../third_party/acpica/source/components/resources/rsaddr.c:329 <platform-bus-x86.so>+0x6aca5e #1.2 0x000021982bc4af3c in ubsan_get_stack_trace() compiler-rt/lib/ubsan/ubsan_diag.cpp:41 <libclang_rt.asan.so>+0x41f3c #1.1 0x000021982bc4af3c in maybe_print_stack_trace() compiler-rt/lib/ubsan/ubsan_diag.cpp:51 <libclang_rt.asan.so>+0x41f3c #1 0x000021982bc4af3c in ~scoped_report() compiler-rt/lib/ubsan/ubsan_diag.cpp:395 <libclang_rt.asan.so>+0x41f3c #2 0x000021982bc4bb6f in handletype_mismatch_impl() compiler-rt/lib/ubsan/ubsan_handlers.cpp:137 <libclang_rt.asan.so>+0x42b6f #3 0x000021982bc4b723 in __ubsan_handle_type_mismatch_v1 compiler-rt/lib/ubsan/ubsan_handlers.cpp:142 <libclang_rt.asan.so>+0x42723 #4 0x000021afcfdeca5e in acpi_rs_get_address_common(struct acpi_resource*, union aml_resource*) ../../third_party/acpica/source/components/resources/rsaddr.c:329 <platform-bus-x86.so>+0x6aca5e #5 0x000021afcfdf2089 in acpi_rs_convert_aml_to_resource(struct acpi_resource*, union aml_resource*, struct acpi_rsconvert_info*) ../../third_party/acpica/source/components/resources/rsmisc.c:355 <platform-bus-x86.so>+0x6b2089 #6 0x000021afcfded169 in acpi_rs_convert_aml_to_resources(u8*, u32, u32, u8, void**) ../../third_party/acpica/source/components/resources/rslist.c:137 <platform-bus-x86.so>+0x6ad169 #7 0x000021afcfe2d24a in acpi_ut_walk_aml_resources(struct acpi_walk_state*, u8*, acpi_size, acpi_walk_aml_callback, void**) ../../third_party/acpica/source/components/utilities/utresrc.c:237 <platform-bus-x86.so>+0x6ed24a ctrliq#8 0x000021afcfde66b7 in acpi_rs_create_resource_list(union acpi_operand_object*, struct acpi_buffer*) ../../third_party/acpica/source/components/resources/rscreate.c:199 <platform-bus-x86.so>+0x6a66b7 ctrliq#9 0x000021afcfdf6979 in acpi_rs_get_method_data(acpi_handle, const char*, struct acpi_buffer*) ../../third_party/acpica/source/components/resources/rsutils.c:770 <platform-bus-x86.so>+0x6b6979 ctrliq#10 0x000021afcfdf708f in acpi_walk_resources(acpi_handle, char*, acpi_walk_resource_callback, void*) ../../third_party/acpica/source/components/resources/rsxface.c:731 <platform-bus-x86.so>+0x6b708f ctrliq#11 0x000021afcfa95dcf in acpi::acpi_impl::walk_resources(acpi::acpi_impl*, acpi_handle, const char*, acpi::Acpi::resources_callable) ../../src/devices/board/lib/acpi/acpi-impl.cc:41 <platform-bus-x86.so>+0x355dcf ctrliq#12 0x000021afcfaa8278 in acpi::device_builder::gather_resources(acpi::device_builder*, acpi::Acpi*, fidl::any_arena&, acpi::Manager*, acpi::device_builder::gather_resources_callback) ../../src/devices/board/lib/acpi/device-builder.cc:84 <platform-bus-x86.so>+0x368278 ctrliq#13 0x000021afcfbddb87 in acpi::Manager::configure_discovered_devices(acpi::Manager*) ../../src/devices/board/lib/acpi/manager.cc:75 <platform-bus-x86.so>+0x49db87 ctrliq#14 0x000021afcf99091d in publish_acpi_devices(acpi::Manager*, zx_device_t*, zx_device_t*) ../../src/devices/board/drivers/x86/acpi-nswalk.cc:95 <platform-bus-x86.so>+0x25091d ctrliq#15 0x000021afcf9c1d4e in x86::X86::do_init(x86::X86*) ../../src/devices/board/drivers/x86/x86.cc:60 <platform-bus-x86.so>+0x281d4e ctrliq#16 0x000021afcf9e33ad in λ(x86::X86::ddk_init::(anon class)*) ../../src/devices/board/drivers/x86/x86.cc:77 <platform-bus-x86.so>+0x2a33ad ctrliq#17 0x000021afcf9e313e in fit::internal::target<(lambda at../../src/devices/board/drivers/x86/x86.cc:76:19), false, false, std::__2::allocator<std::byte>, void>::invoke(void*) ../../sdk/lib/fit/include/lib/fit/internal/function.h:183 <platform-bus-x86.so>+0x2a313e ctrliq#18 0x000021afcfbab4c7 in fit::internal::function_base<16UL, false, void(), std::__2::allocator<std::byte>>::invoke(const fit::internal::function_base<16UL, false, void (), std::__2::allocator<std::byte> >*) ../../sdk/lib/fit/include/lib/fit/internal/function.h:522 <platform-bus-x86.so>+0x46b4c7 ctrliq#19 0x000021afcfbab342 in fit::function_impl<16UL, false, void(), std::__2::allocator<std::byte>>::operator()(const fit::function_impl<16UL, false, void (), std::__2::allocator<std::byte> >*) ../../sdk/lib/fit/include/lib/fit/function.h:315 <platform-bus-x86.so>+0x46b342 ctrliq#20 0x000021afcfcd98c3 in async::internal::retained_task::Handler(async_dispatcher_t*, async_task_t*, zx_status_t) ../../sdk/lib/async/task.cc:24 <platform-bus-x86.so>+0x5998c3 ctrliq#21 0x00002290f9924616 in λ(const driver_runtime::Dispatcher::post_task::(anon class)*, std::__2::unique_ptr<driver_runtime::callback_request, std::__2::default_delete<driver_runtime::callback_request> >, zx_status_t) ../../src/devices/bin/driver_runtime/dispatcher.cc:789 <libdriver_runtime.so>+0x10a616 ctrliq#22 0x00002290f9924323 in fit::internal::target<(lambda at../../src/devices/bin/driver_runtime/dispatcher.cc:788:7), true, false, std::__2::allocator<std::byte>, void, std::__2::unique_ptr<driver_runtime::callback_request, std::__2::default_delete<driver_runtime::callback_request>>, int>::invoke(void*, std::__2::unique_ptr<driver_runtime::callback_request, std::__2::default_delete<driver_runtime::callback_request> >, int) ../../sdk/lib/fit/include/lib/fit/internal/function.h:128 <libdriver_runtime.so>+0x10a323 ctrliq#23 0x00002290f9904b76 in fit::internal::function_base<24UL, true, void(std::__2::unique_ptr<driver_runtime::callback_request, std::__2::default_delete<driver_runtime::callback_request>>, int), std::__2::allocator<std::byte>>::invoke(const fit::internal::function_base<24UL, true, void (std::__2::unique_ptr<driver_runtime::callback_request, std::__2::default_delete<driver_runtime::callback_request> >, int), std::__2::allocator<std::byte> >*, std::__2::unique_ptr<driver_runtime::callback_request, std::__2::default_delete<driver_runtime::callback_request> >, int) ../../sdk/lib/fit/include/lib/fit/internal/function.h:522 <libdriver_runtime.so>+0xeab76 ctrliq#24 0x00002290f9904831 in fit::callback_impl<24UL, true, void(std::__2::unique_ptr<driver_runtime::callback_request, std::__2::default_delete<driver_runtime::callback_request>>, int), std::__2::allocator<std::byte>>::operator()(fit::callback_impl<24UL, true, void (std::__2::unique_ptr<driver_runtime::callback_request, std::__2::default_delete<driver_runtime::callback_request> >, int), std::__2::allocator<std::byte> >*, std::__2::unique_ptr<driver_runtime::callback_request, std::__2::default_delete<driver_runtime::callback_request> >, int) ../../sdk/lib/fit/include/lib/fit/function.h:471 <libdriver_runtime.so>+0xea831 ctrliq#25 0x00002290f98d5adc in driver_runtime::callback_request::Call(driver_runtime::callback_request*, std::__2::unique_ptr<driver_runtime::callback_request, std::__2::default_delete<driver_runtime::callback_request> >, zx_status_t) ../../src/devices/bin/driver_runtime/callback_request.h:74 <libdriver_runtime.so>+0xbbadc ctrliq#26 0x00002290f98e1e58 in driver_runtime::Dispatcher::dispatch_callback(driver_runtime::Dispatcher*, std::__2::unique_ptr<driver_runtime::callback_request, std::__2::default_delete<driver_runtime::callback_request> >) ../../src/devices/bin/driver_runtime/dispatcher.cc:1248 <libdriver_runtime.so>+0xc7e58 ctrliq#27 0x00002290f98e4159 in driver_runtime::Dispatcher::dispatch_callbacks(driver_runtime::Dispatcher*, std::__2::unique_ptr<driver_runtime::Dispatcher::event_waiter, std::__2::default_delete<driver_runtime::Dispatcher::event_waiter> >, fbl::ref_ptr<driver_runtime::Dispatcher>) ../../src/devices/bin/driver_runtime/dispatcher.cc:1308 <libdriver_runtime.so>+0xca159 ctrliq#28 0x00002290f9918414 in λ(const driver_runtime::Dispatcher::create_with_adder::(anon class)*, std::__2::unique_ptr<driver_runtime::Dispatcher::event_waiter, std::__2::default_delete<driver_runtime::Dispatcher::event_waiter> >, fbl::ref_ptr<driver_runtime::Dispatcher>) ../../src/devices/bin/driver_runtime/dispatcher.cc:353 <libdriver_runtime.so>+0xfe414 ctrliq#29 0x00002290f991812d in fit::internal::target<(lambda at../../src/devices/bin/driver_runtime/dispatcher.cc:351:7), true, false, std::__2::allocator<std::byte>, void, std::__2::unique_ptr<driver_runtime::Dispatcher::event_waiter, std::__2::default_delete<driver_runtime::Dispatcher::event_waiter>>, fbl::ref_ptr<driver_runtime::Dispatcher>>::invoke(void*, std::__2::unique_ptr<driver_runtime::Dispatcher::event_waiter, std::__2::default_delete<driver_runtime::Dispatcher::event_waiter> >, fbl::ref_ptr<driver_runtime::Dispatcher>) ../../sdk/lib/fit/include/lib/fit/internal/function.h:128 <libdriver_runtime.so>+0xfe12d ctrliq#30 0x00002290f9906fc7 in fit::internal::function_base<8UL, true, void(std::__2::unique_ptr<driver_runtime::Dispatcher::event_waiter, std::__2::default_delete<driver_runtime::Dispatcher::event_waiter>>, fbl::ref_ptr<driver_runtime::Dispatcher>), std::__2::allocator<std::byte>>::invoke(const fit::internal::function_base<8UL, true, void (std::__2::unique_ptr<driver_runtime::Dispatcher::event_waiter, std::__2::default_delete<driver_runtime::Dispatcher::event_waiter> >, fbl::ref_ptr<driver_runtime::Dispatcher>), std::__2::allocator<std::byte> >*, std::__2::unique_ptr<driver_runtime::Dispatcher::event_waiter, std::__2::default_delete<driver_runtime::Dispatcher::event_waiter> >, fbl::ref_ptr<driver_runtime::Dispatcher>) ../../sdk/lib/fit/include/lib/fit/internal/function.h:522 <libdriver_runtime.so>+0xecfc7 ctrliq#31 0x00002290f9906c66 in fit::function_impl<8UL, true, void(std::__2::unique_ptr<driver_runtime::Dispatcher::event_waiter, std::__2::default_delete<driver_runtime::Dispatcher::event_waiter>>, fbl::ref_ptr<driver_runtime::Dispatcher>), std::__2::allocator<std::byte>>::operator()(const fit::function_impl<8UL, true, void (std::__2::unique_ptr<driver_runtime::Dispatcher::event_waiter, std::__2::default_delete<driver_runtime::Dispatcher::event_waiter> >, fbl::ref_ptr<driver_runtime::Dispatcher>), std::__2::allocator<std::byte> >*, std::__2::unique_ptr<driver_runtime::Dispatcher::event_waiter, std::__2::default_delete<driver_runtime::Dispatcher::event_waiter> >, fbl::ref_ptr<driver_runtime::Dispatcher>) ../../sdk/lib/fit/include/lib/fit/function.h:315 <libdriver_runtime.so>+0xecc66 ctrliq#32 0x00002290f98e73d9 in driver_runtime::Dispatcher::event_waiter::invoke_callback(driver_runtime::Dispatcher::event_waiter*, std::__2::unique_ptr<driver_runtime::Dispatcher::event_waiter, std::__2::default_delete<driver_runtime::Dispatcher::event_waiter> >, fbl::ref_ptr<driver_runtime::Dispatcher>) ../../src/devices/bin/driver_runtime/dispatcher.h:543 <libdriver_runtime.so>+0xcd3d9 ctrliq#33 0x00002290f98e700d in driver_runtime::Dispatcher::event_waiter::handle_event(std::__2::unique_ptr<driver_runtime::Dispatcher::event_waiter, std::__2::default_delete<driver_runtime::Dispatcher::event_waiter> >, async_dispatcher_t*, async::wait_base*, zx_status_t, zx_packet_signal_t const*) ../../src/devices/bin/driver_runtime/dispatcher.cc:1442 <libdriver_runtime.so>+0xcd00d ctrliq#34 0x00002290f9918983 in async_loop_owned_event_handler<driver_runtime::Dispatcher::event_waiter>::handle_event(async_loop_owned_event_handler<driver_runtime::Dispatcher::event_waiter>*, async_dispatcher_t*, async::wait_base*, zx_status_t, zx_packet_signal_t const*) ../../src/devices/bin/driver_runtime/async_loop_owned_event_handler.h:59 <libdriver_runtime.so>+0xfe983 ctrliq#35 0x00002290f9918b9e in async::wait_method<async_loop_owned_event_handler<driver_runtime::Dispatcher::event_waiter>, &async_loop_owned_event_handler<driver_runtime::Dispatcher::event_waiter>::handle_event>::call_handler(async_dispatcher_t*, async_wait_t*, zx_status_t, zx_packet_signal_t const*) ../../sdk/lib/async/include/lib/async/cpp/wait.h:201 <libdriver_runtime.so>+0xfeb9e ctrliq#36 0x00002290f99bf509 in async_loop_dispatch_wait(async_loop_t*, async_wait_t*, zx_status_t, zx_packet_signal_t const*) ../../sdk/lib/async-loop/loop.c:394 <libdriver_runtime.so>+0x1a5509 ctrliq#37 0x00002290f99b9958 in async_loop_run_once(async_loop_t*, zx_time_t) ../../sdk/lib/async-loop/loop.c:343 <libdriver_runtime.so>+0x19f958 ctrliq#38 0x00002290f99b9247 in async_loop_run(async_loop_t*, zx_time_t, _Bool) ../../sdk/lib/async-loop/loop.c:301 <libdriver_runtime.so>+0x19f247 ctrliq#39 0x00002290f99ba962 in async_loop_run_thread(void*) ../../sdk/lib/async-loop/loop.c:860 <libdriver_runtime.so>+0x1a0962 ctrliq#40 0x000041afd176ef30 in start_c11(void*) ../../zircon/third_party/ulib/musl/pthread/pthread_create.c:63 <libc.so>+0x84f30 ctrliq#41 0x000041afd18a448d in thread_trampoline(uintptr_t, uintptr_t) ../../zircon/system/ulib/runtime/thread.cc:100 <libc.so>+0x1ba48d Link: acpica/acpica@1c28da22 Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Link: https://patch.msgid.link/4664267.LvFx2qVVIh@rjwysocki.net Signed-off-by: Tamir Duberstein <tamird@gmail.com> [ rjw: Pick up the tag from Tamir ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Signed-off-by: Mark Langsdorf <mlangsdo@redhat.com>
github-actions bot
pushed a commit
that referenced
this pull request
Dec 19, 2025
[ Upstream commit 163e5f2 ] When using perf record with the `--overwrite` option, a segmentation fault occurs if an event fails to open. For example: perf record -e cycles-ct -F 1000 -a --overwrite Error: cycles-ct:H: PMU Hardware doesn't support sampling/overflow-interrupts. Try 'perf stat' perf: Segmentation fault #0 0x6466b6 in dump_stack debug.c:366 #1 0x646729 in sighandler_dump_stack debug.c:378 #2 0x453fd1 in sigsegv_handler builtin-record.c:722 #3 0x7f8454e65090 in __restore_rt libc-2.32.so[54090] #4 0x6c5671 in __perf_event__synthesize_id_index synthetic-events.c:1862 #5 0x6c5ac0 in perf_event__synthesize_id_index synthetic-events.c:1943 #6 0x458090 in record__synthesize builtin-record.c:2075 #7 0x45a85a in __cmd_record builtin-record.c:2888 ctrliq#8 0x45deb6 in cmd_record builtin-record.c:4374 ctrliq#9 0x4e5e33 in run_builtin perf.c:349 ctrliq#10 0x4e60bf in handle_internal_command perf.c:401 ctrliq#11 0x4e6215 in run_argv perf.c:448 ctrliq#12 0x4e653a in main perf.c:555 ctrliq#13 0x7f8454e4fa72 in __libc_start_main libc-2.32.so[3ea72] ctrliq#14 0x43a3ee in _start ??:0 The --overwrite option implies --tail-synthesize, which collects non-sample events reflecting the system status when recording finishes. However, when evsel opening fails (e.g., unsupported event 'cycles-ct'), session->evlist is not initialized and remains NULL. The code unconditionally calls record__synthesize() in the error path, which iterates through the NULL evlist pointer and causes a segfault. To fix it, move the record__synthesize() call inside the error check block, so it's only called when there was no error during recording, ensuring that evlist is properly initialized. Fixes: 4ea648a ("perf record: Add --tail-synthesize option") Signed-off-by: Shuai Xue <xueshuai@linux.alibaba.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Simplifies the workflow to use the reusable workflow defined in main branch. This reduces duplication and makes the workflow easier to maintain across multiple branches.
The workflow now references ctrliq/kernel-src-tree/.github/workflows/upstream-commit-check.yml@main which contains the full workflow implementation.