# git rev-parse -q --verify ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e^{commit} ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e already have revision, skipping fetch # git checkout -q -f -B kisskb ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e # git clean -qxdf # < git log -1 # commit ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e # Author: Thomas Weißschuh # Date: Mon Feb 20 06:46:12 2023 +0000 # # vc_screen: don't clobber return value in vcs_read # # Commit 226fae124b2d ("vc_screen: move load of struct vc_data pointer in # vcs_read() to avoid UAF") moved the call to vcs_vc() into the loop. # # While doing this it also moved the unconditional assignment of # # ret = -ENXIO; # # This unconditional assignment was valid outside the loop but within it # it clobbers the actual value of ret. # # To avoid this only assign "ret = -ENXIO" when actually needed. # # [ Also, the 'goto unlock_out" needs to be just a "break", so that it # does the right thing when it exits on later iterations when partial # success has happened - Linus ] # # Reported-by: Storm Dragon # Link: https://lore.kernel.org/lkml/Y%2FKS6vdql2pIsCiI@hotmail.com/ # Fixes: 226fae124b2d ("vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF") # Signed-off-by: Thomas Weißschuh # Link: https://lore.kernel.org/lkml/64981d94-d00c-4b31-9063-43ad0a384bde@t-8ch.de/ # Signed-off-by: Linus Torvalds # < /opt/cross/kisskb/korg/gcc-11.3.0-nolibc/hppa-linux/bin/hppa-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-11.3.0-nolibc/hppa-linux/bin/hppa-linux-ld --version # < git log --format=%s --max-count=1 ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e # < make -s -j 32 ARCH=parisc O=/kisskb/build/linus_parisc-allmodconfig_parisc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.3.0-nolibc/hppa-linux/bin/hppa-linux- allmodconfig # Added to kconfig CONFIG_BUILD_DOCSRC=n # Added to kconfig CONFIG_MODULE_SIG=n # Added to kconfig CONFIG_SAMPLES=n # < make -s -j 32 ARCH=parisc O=/kisskb/build/linus_parisc-allmodconfig_parisc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.3.0-nolibc/hppa-linux/bin/hppa-linux- help # make -s -j 32 ARCH=parisc O=/kisskb/build/linus_parisc-allmodconfig_parisc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.3.0-nolibc/hppa-linux/bin/hppa-linux- olddefconfig # make -s -j 32 ARCH=parisc O=/kisskb/build/linus_parisc-allmodconfig_parisc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.3.0-nolibc/hppa-linux/bin/hppa-linux- /kisskb/src/fs/btrfs/inode.c: In function 'btrfs_lookup_dentry': /kisskb/src/fs/btrfs/inode.c:5730:21: error: 'location.type' may be used uninitialized [-Werror=maybe-uninitialized] 5730 | if (location.type == BTRFS_INODE_ITEM_KEY) { | ~~~~~~~~^~~~~ /kisskb/src/fs/btrfs/inode.c:5719:26: note: 'location' declared here 5719 | struct btrfs_key location; | ^~~~~~~~ cc1: all warnings being treated as errors make[4]: *** [/kisskb/src/scripts/Makefile.build:252: fs/btrfs/inode.o] Error 1 make[4]: *** Waiting for unfinished jobs.... make[3]: *** [/kisskb/src/scripts/Makefile.build:494: fs/btrfs] Error 2 make[3]: *** Waiting for unfinished jobs.... make[2]: *** [/kisskb/src/scripts/Makefile.build:494: fs] Error 2 make[2]: *** Waiting for unfinished jobs.... In file included from ./arch/parisc/include/generated/asm/div64.h:1, from /kisskb/src/include/linux/math.h:6, from /kisskb/src/include/linux/kernel.h:25, from /kisskb/src/arch/parisc/include/asm/bug.h:5, from /kisskb/src/include/linux/bug.h:5, from /kisskb/src/include/linux/thread_info.h:13, from /kisskb/src/include/asm-generic/preempt.h:5, from ./arch/parisc/include/generated/asm/preempt.h:1, from /kisskb/src/include/linux/preempt.h:78, from /kisskb/src/include/linux/rcupdate.h:27, from /kisskb/src/include/linux/rculist.h:11, from /kisskb/src/include/linux/pid.h:5, from /kisskb/src/include/linux/sched.h:14, from /kisskb/src/include/linux/ratelimit.h:6, from /kisskb/src/include/linux/dev_printk.h:16, from /kisskb/src/include/linux/device.h:15, from /kisskb/src/include/linux/auxiliary_bus.h:11, from /kisskb/src/drivers/power/supply/qcom_battmgr.c:6: /kisskb/src/drivers/power/supply/qcom_battmgr.c: In function 'qcom_battmgr_sm8350_callback': /kisskb/src/include/asm-generic/div64.h:222:35: error: comparison of distinct pointer types lacks a cast [-Werror] 222 | (void)(((typeof((n)) *)0) == ((uint64_t *)0)); \ | ^~ /kisskb/src/drivers/power/supply/qcom_battmgr.c:1130:25: note: in expansion of macro 'do_div' 1130 | do_div(battmgr->status.percent, 100); | ^~~~~~ In file included from /kisskb/src/include/linux/dev_printk.h:14, from /kisskb/src/include/linux/device.h:15, from /kisskb/src/include/linux/auxiliary_bus.h:11, from /kisskb/src/drivers/power/supply/qcom_battmgr.c:6: /kisskb/src/include/asm-generic/div64.h:234:32: error: right shift count >= width of type [-Werror=shift-count-overflow] 234 | } else if (likely(((n) >> 32) == 0)) { \ | ^~ /kisskb/src/include/linux/compiler.h:77:45: note: in definition of macro 'likely' 77 | # define likely(x) __builtin_expect(!!(x), 1) | ^ /kisskb/src/drivers/power/supply/qcom_battmgr.c:1130:25: note: in expansion of macro 'do_div' 1130 | do_div(battmgr->status.percent, 100); | ^~~~~~ In file included from ./arch/parisc/include/generated/asm/div64.h:1, from /kisskb/src/include/linux/math.h:6, from /kisskb/src/include/linux/kernel.h:25, from /kisskb/src/arch/parisc/include/asm/bug.h:5, from /kisskb/src/include/linux/bug.h:5, from /kisskb/src/include/linux/thread_info.h:13, from /kisskb/src/include/asm-generic/preempt.h:5, from ./arch/parisc/include/generated/asm/preempt.h:1, from /kisskb/src/include/linux/preempt.h:78, from /kisskb/src/include/linux/rcupdate.h:27, from /kisskb/src/include/linux/rculist.h:11, from /kisskb/src/include/linux/pid.h:5, from /kisskb/src/include/linux/sched.h:14, from /kisskb/src/include/linux/ratelimit.h:6, from /kisskb/src/include/linux/dev_printk.h:16, from /kisskb/src/include/linux/device.h:15, from /kisskb/src/include/linux/auxiliary_bus.h:11, from /kisskb/src/drivers/power/supply/qcom_battmgr.c:6: /kisskb/src/include/asm-generic/div64.h:238:36: error: passing argument 1 of '__div64_32' from incompatible pointer type [-Werror=incompatible-pointer-types] 238 | __rem = __div64_32(&(n), __base); \ | ^~~~ | | | unsigned int * /kisskb/src/drivers/power/supply/qcom_battmgr.c:1130:25: note: in expansion of macro 'do_div' 1130 | do_div(battmgr->status.percent, 100); | ^~~~~~ /kisskb/src/include/asm-generic/div64.h:213:38: note: expected 'uint64_t *' {aka 'long long unsigned int *'} but argument is of type 'unsigned int *' 213 | extern uint32_t __div64_32(uint64_t *dividend, uint32_t divisor); | ~~~~~~~~~~^~~~~~~~ cc1: all warnings being treated as errors make[5]: *** [/kisskb/src/scripts/Makefile.build:252: drivers/power/supply/qcom_battmgr.o] Error 1 make[4]: *** [/kisskb/src/scripts/Makefile.build:494: drivers/power/supply] Error 2 make[3]: *** [/kisskb/src/scripts/Makefile.build:494: drivers/power] Error 2 make[3]: *** Waiting for unfinished jobs.... /kisskb/src/drivers/media/i2c/imx290.c:1090:12: error: 'imx290_runtime_suspend' defined but not used [-Werror=unused-function] 1090 | static int imx290_runtime_suspend(struct device *dev) | ^~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/drivers/media/i2c/imx290.c:1082:12: error: 'imx290_runtime_resume' defined but not used [-Werror=unused-function] 1082 | static int imx290_runtime_resume(struct device *dev) | ^~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors make[5]: *** [/kisskb/src/scripts/Makefile.build:252: drivers/media/i2c/imx290.o] Error 1 make[4]: *** [/kisskb/src/scripts/Makefile.build:494: drivers/media/i2c] Error 2 make[4]: *** Waiting for unfinished jobs.... make[3]: *** [/kisskb/src/scripts/Makefile.build:494: drivers/media] Error 2 make[2]: *** [/kisskb/src/scripts/Makefile.build:494: drivers] Error 2 make[1]: *** [/kisskb/src/Makefile:2028: .] Error 2 make: *** [Makefile:226: __sub-make] Error 2 Command 'make -s -j 32 ARCH=parisc O=/kisskb/build/linus_parisc-allmodconfig_parisc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.3.0-nolibc/hppa-linux/bin/hppa-linux- ' returned non-zero exit status 2 # rm -rf /kisskb/build/linus_parisc-allmodconfig_parisc-gcc11 # Build took: 0:11:14.646104