April 2022 - Linux-stable-mirror

[PATCH] clk: base: fix an incorrect NULL check on list iterator

by Xiaomeng Tong

The bug is here: if (nvkm_cstate_valid(clk, cstate, max_volt, clk->temp)) return cstate; The list iterator value 'cstate' will *always* be set and non-NULL by list_for_each_entry_from_reverse(), so it is incorrect to assume that the iterator value will be unchanged if the list is empty or no element is found (In fact, it will be a bogus pointer to an invalid structure object containing the HEAD). Also it missed a NULL check at callsite and may lead to invalid memory access after that. To fix this bug, just return 'encoder' when found, otherwise return NULL. And add the NULL check. Cc: stable(a)vger.kernel.org Fixes: 1f7f3d91ad38a ("drm/nouveau/clk: Respect voltage limits in nvkm_cstate_prog") Signed-off-by: Xiaomeng Tong <xiam0nd.tong(a)gmail.com> --- drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c b/drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c index 57199be082fd..c2b5cc5f97ed 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c @@ -135,10 +135,10 @@ nvkm_cstate_find_best(struct nvkm_clk *clk, struct nvkm_pstate *pstate, list_for_each_entry_from_reverse(cstate, &pstate->list, head) { if (nvkm_cstate_valid(clk, cstate, max_volt, clk->temp)) - break; + return cstate; } - return cstate; + return NULL; } static struct nvkm_cstate * @@ -169,6 +169,8 @@ nvkm_cstate_prog(struct nvkm_clk *clk, struct nvkm_pstate *pstate, int cstatei) if (!list_empty(&pstate->list)) { cstate = nvkm_cstate_get(clk, pstate, cstatei); cstate = nvkm_cstate_find_best(clk, pstate, cstate); + if (!cstate) + return -EINVAL; } else { cstate = &pstate->base; } -- 2.17.1

3 years, 8 months

2
1
0 0

stable-rc/queue/5.15 baseline: 50 runs, 2 regressions (v5.15.32-904-geae0a322eec07)

by kernelci.org bot

stable-rc/queue/5.15 baseline: 50 runs, 2 regressions (v5.15.32-904-geae0a322eec07) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+----------------------------+------------ kontron-pitx-imx8m | arm64 | lab-kontron | gcc-10 | defconfig | 1 rk3399-gru-kevin | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F5.15/kernel/v5.15.32… Test: baseline Tree: stable-rc Branch: queue/5.15 Describe: v5.15.32-904-geae0a322eec07 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: eae0a322eec07360d3e34f4ceba62ea28253d8df Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+----------------------------+------------ kontron-pitx-imx8m | arm64 | lab-kontron | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/624b2ea47741acf3c4ae0687 Results: 51 PASS, 1 FAIL, 1 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.15/v5.15.32-904-geae0a322ee… HTML log: https://storage.kernelci.org//stable-rc/queue-5.15/v5.15.32-904-geae0a322ee… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.bootrr.dwc3-usb1-probed: https://kernelci.org/test/case/id/624b2ea47741acf3c4ae069a new failure (last pass: v5.15.32-29-gfa2f2eb2bbe4) 2022-04-04T17:44:57.626430 /lava-105549/1/../bin/lava-test-case 2022-04-04T17:44:57.626812 <8>[ 14.435005] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=dwc3-usb1-probed RESULT=fail> platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+----------------------------+------------ rk3399-gru-kevin | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/624b2fe8d58642ae31ae06b9 Results: 88 PASS, 4 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.15/v5.15.32-904-geae0a322ee… HTML log: https://storage.kernelci.org//stable-rc/queue-5.15/v5.15.32-904-geae0a322ee… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.bootrr.rockchip-i2s1-probed: https://kernelci.org/test/case/id/624b2fe8d58642ae31ae06d9 failing since 27 days (last pass: v5.15.26-42-gc89c0807b943, first fail: v5.15.26-257-g2b9a22cd5eb8) 2022-04-04T17:50:21.870212 /lava-6019301/1/../bin/lava-test-case

3 years, 8 months

1
0
0 0

[PATCH for-5.18 v2] ath9k: Fix usage of driver-private space in tx_info

by Toke Høiland-Jørgensen

From: Toke Høiland-Jørgensen <toke(a)redhat.com> The ieee80211_tx_info_clear_status() helper also clears the rate counts and the driver-private part of struct ieee80211_tx_info, so using it breaks quite a few other things. So back out of using it, and instead define a ath-internal helper that only clears the area between the status_driver_data and the rates info. Combined with moving the ath_frame_info struct to status_driver_data, this avoids clearing anything we shouldn't be, and so we can keep the existing code for handling the rate information. While fixing this I also noticed that the setting of tx_info->status.rates[tx_rateindex].count on hardware underrun errors was always immediately overridden by the normal setting of the same fields, so rearrange the code so that the underrun detection actually takes effect. The new helper could be generalised to a 'memset_between()' helper, but leave it as a driver-internal helper for now since this needs to go to stable. Cc: stable(a)vger.kernel.org Reported-by: Peter Seiderer <ps.report(a)gmx.net> Fixes: 037250f0a45c ("ath9k: Properly clear TX status area before reporting to mac80211") Signed-off-by: Toke Høiland-Jørgensen <toke(a)redhat.com> --- drivers/net/wireless/ath/ath9k/xmit.c | 30 ++++++++++++++++++--------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c index cbcf96ac303e..db83cc4ba810 100644 --- a/drivers/net/wireless/ath/ath9k/xmit.c +++ b/drivers/net/wireless/ath/ath9k/xmit.c @@ -141,8 +141,8 @@ static struct ath_frame_info *get_frame_info(struct sk_buff *skb) { struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb); BUILD_BUG_ON(sizeof(struct ath_frame_info) > - sizeof(tx_info->rate_driver_data)); - return (struct ath_frame_info *) &tx_info->rate_driver_data[0]; + sizeof(tx_info->status.status_driver_data)); + return (struct ath_frame_info *) &tx_info->status.status_driver_data[0]; } static void ath_send_bar(struct ath_atx_tid *tid, u16 seqno) @@ -2542,6 +2542,16 @@ static void ath_tx_complete_buf(struct ath_softc *sc, struct ath_buf *bf, spin_unlock_irqrestore(&sc->tx.txbuflock, flags); } +static void ath_clear_tx_status(struct ieee80211_tx_info *tx_info) +{ + void *ptr = &tx_info->status; + + memset(ptr + sizeof(tx_info->status.rates), 0, + sizeof(tx_info->status) - + sizeof(tx_info->status.rates) - + sizeof(tx_info->status.status_driver_data)); +} + static void ath_tx_rc_status(struct ath_softc *sc, struct ath_buf *bf, struct ath_tx_status *ts, int nframes, int nbad, int txok) @@ -2553,7 +2563,7 @@ static void ath_tx_rc_status(struct ath_softc *sc, struct ath_buf *bf, struct ath_hw *ah = sc->sc_ah; u8 i, tx_rateindex; - ieee80211_tx_info_clear_status(tx_info); + ath_clear_tx_status(tx_info); if (txok) tx_info->status.ack_signal = ts->ts_rssi; @@ -2569,6 +2579,13 @@ static void ath_tx_rc_status(struct ath_softc *sc, struct ath_buf *bf, tx_info->status.ampdu_len = nframes; tx_info->status.ampdu_ack_len = nframes - nbad; + tx_info->status.rates[tx_rateindex].count = ts->ts_longretry + 1; + + for (i = tx_rateindex + 1; i < hw->max_rates; i++) { + tx_info->status.rates[i].count = 0; + tx_info->status.rates[i].idx = -1; + } + if ((ts->ts_status & ATH9K_TXERR_FILT) == 0 && (tx_info->flags & IEEE80211_TX_CTL_NO_ACK) == 0) { /* @@ -2590,13 +2607,6 @@ static void ath_tx_rc_status(struct ath_softc *sc, struct ath_buf *bf, tx_info->status.rates[tx_rateindex].count = hw->max_rate_tries; } - - for (i = tx_rateindex + 1; i < hw->max_rates; i++) { - tx_info->status.rates[i].count = 0; - tx_info->status.rates[i].idx = -1; - } - - tx_info->status.rates[tx_rateindex].count = ts->ts_longretry + 1; } static void ath_tx_processq(struct ath_softc *sc, struct ath_txq *txq) -- 2.35.1

3 years, 8 months

2
2
0 0

stable-rc/queue/5.4 baseline: 36 runs, 3 regressions (v5.4.188-368-gfedf71cf9cc4d)

by kernelci.org bot

stable-rc/queue/5.4 baseline: 36 runs, 3 regressions (v5.4.188-368-gfedf71cf9cc4d) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm-virt-gicv2-uefi | arm | lab-broonie | gcc-10 | multi_v7_defconfig | 1 qemu_arm-virt-gicv3-uefi | arm | lab-broonie | gcc-10 | multi_v7_defconfig | 1 rk3399-gru-kevin | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F5.4/kernel/v5.4.188-… Test: baseline Tree: stable-rc Branch: queue/5.4 Describe: v5.4.188-368-gfedf71cf9cc4d URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: fedf71cf9cc4d14ab79005d434854ad9667af76c Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm-virt-gicv2-uefi | arm | lab-broonie | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/624b2944c809a7227eae06b3 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.188-368-gfedf71cf9cc… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.188-368-gfedf71cf9cc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/624b2944c809a7227eae06b4 failing since 109 days (last pass: v5.4.165-9-g27d736c7bdee, first fail: v5.4.165-18-ge938927511cb) platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm-virt-gicv3-uefi | arm | lab-broonie | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/624b2959c809a7227eae06c2 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.188-368-gfedf71cf9cc… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.188-368-gfedf71cf9cc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/624b2959c809a7227eae06c3 failing since 109 days (last pass: v5.4.165-9-g27d736c7bdee, first fail: v5.4.165-18-ge938927511cb) platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+----------------------------+------------ rk3399-gru-kevin | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/624b2d5e1ffb498f25ae069c Results: 88 PASS, 2 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.188-368-gfedf71cf9cc… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.188-368-gfedf71cf9cc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.bootrr.rockchip-i2s1-probed: https://kernelci.org/test/case/id/624b2d5e1ffb498f25ae06be failing since 29 days (last pass: v5.4.182-30-g45ccd59cc16f, first fail: v5.4.182-53-ge31c0b084082) 2022-04-04T17:39:36.541635 /lava-6018887/1/../bin/lava-test-case 2022-04-04T17:39:36.550017 <8>[ 32.860489] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=rockchip-i2s1-probed RESULT=fail>

3 years, 8 months

1
0
0 0

stable-rc/linux-5.16.y baseline: 55 runs, 1 regressions (v5.16.18-1014-g5e405d759c5da)

by kernelci.org bot

stable-rc/linux-5.16.y baseline: 55 runs, 1 regressions (v5.16.18-1014-g5e405d759c5da) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------------+-------+---------------+----------+----------------------------+------------ rk3399-gru-kevin | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-5.16.y/kernel/v5.16.18… Test: baseline Tree: stable-rc Branch: linux-5.16.y Describe: v5.16.18-1014-g5e405d759c5da URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 5e405d759c5dacbc99e6f5740f17ef44c83c0c82 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------------+-------+---------------+----------+----------------------------+------------ rk3399-gru-kevin | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/624b1eb65b477e42beae06a8 Results: 88 PASS, 4 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.16.y/v5.16.18-1014-g5e405d7… HTML log: https://storage.kernelci.org//stable-rc/linux-5.16.y/v5.16.18-1014-g5e405d7… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.bootrr.rockchip-i2s1-probed: https://kernelci.org/test/case/id/624b1eb65b477e42beae06c9 failing since 29 days (last pass: v5.16.12, first fail: v5.16.12-166-g373826da847f) 2022-04-04T16:36:49.119431 <8>[ 32.233056] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=rockchip-i2s0-probed RESULT=pass> 2022-04-04T16:36:50.145849 /lava-6018339/1/../bin/lava-test-case 2022-04-04T16:36:50.157043 <8>[ 33.271162] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=rockchip-i2s1-probed RESULT=fail>

3 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] can: usb_8dev: usb_8dev_start_xmit(): fix double" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d3925ff6433f98992685a9679613a2cc97f3ce2 Mon Sep 17 00:00:00 2001 From: Hangyu Hua <hbh25y(a)gmail.com> Date: Fri, 11 Mar 2022 16:06:14 +0800 Subject: [PATCH] can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path There is no need to call dev_kfree_skb() when usb_submit_urb() fails because can_put_echo_skb() deletes original skb and can_free_echo_skb() deletes the cloned skb. Fixes: 0024d8ad1639 ("can: usb_8dev: Add support for USB2CAN interface from 8 devices") Link: https://lore.kernel.org/all/20220311080614.45229-1-hbh25y@gmail.com Cc: stable(a)vger.kernel.org Signed-off-by: Hangyu Hua <hbh25y(a)gmail.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/usb/usb_8dev.c b/drivers/net/can/usb/usb_8dev.c index 431af1ec1e3c..b638604bf1ee 100644 --- a/drivers/net/can/usb/usb_8dev.c +++ b/drivers/net/can/usb/usb_8dev.c @@ -663,9 +663,20 @@ static netdev_tx_t usb_8dev_start_xmit(struct sk_buff *skb, atomic_inc(&priv->active_tx_urbs); err = usb_submit_urb(urb, GFP_ATOMIC); - if (unlikely(err)) - goto failed; - else if (atomic_read(&priv->active_tx_urbs) >= MAX_TX_URBS) + if (unlikely(err)) { + can_free_echo_skb(netdev, context->echo_index, NULL); + + usb_unanchor_urb(urb); + usb_free_coherent(priv->udev, size, buf, urb->transfer_dma); + + atomic_dec(&priv->active_tx_urbs); + + if (err == -ENODEV) + netif_device_detach(netdev); + else + netdev_warn(netdev, "failed tx_urb %d\n", err); + stats->tx_dropped++; + } else if (atomic_read(&priv->active_tx_urbs) >= MAX_TX_URBS) /* Slow down tx path */ netif_stop_queue(netdev); @@ -684,19 +695,6 @@ static netdev_tx_t usb_8dev_start_xmit(struct sk_buff *skb, return NETDEV_TX_BUSY; -failed: - can_free_echo_skb(netdev, context->echo_index, NULL); - - usb_unanchor_urb(urb); - usb_free_coherent(priv->udev, size, buf, urb->transfer_dma); - - atomic_dec(&priv->active_tx_urbs); - - if (err == -ENODEV) - netif_device_detach(netdev); - else - netdev_warn(netdev, "failed tx_urb %d\n", err); - nomembuf: usb_free_urb(urb);

3 years, 8 months

2
1
0 0

+ highmem-fix-checks-in-__kmap_local_sched_inout.patch added to -mm tree

by Andrew Morton

The patch titled Subject: highmem: fix checks in __kmap_local_sched_{in,out} has been added to the -mm tree. Its filename is highmem-fix-checks-in-__kmap_local_sched_inout.patch This patch should soon appear at https://ozlabs.org/~akpm/mmots/broken-out/highmem-fix-checks-in-__kmap_loca… and later at https://ozlabs.org/~akpm/mmotm/broken-out/highmem-fix-checks-in-__kmap_loca… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Max Filippov <jcmvbkbc(a)gmail.com> Subject: highmem: fix checks in __kmap_local_sched_{in,out} When CONFIG_DEBUG_KMAP_LOCAL is enabled __kmap_local_sched_{in,out} check that even slots in the tsk->kmap_ctrl.pteval are unmapped. The slots are initialized with 0 value, but the check is done with pte_none. 0 pte however does not necessarily mean that pte_none will return true. e.g. on xtensa it returns false, resulting in the following runtime warnings: WARNING: CPU: 0 PID: 101 at mm/highmem.c:627 __kmap_local_sched_out+0x51/0x108 CPU: 0 PID: 101 Comm: touch Not tainted 5.17.0-rc7-00010-gd3a1cdde80d2-dirty #13 Call Trace: dump_stack+0xc/0x40 __warn+0x8f/0x174 warn_slowpath_fmt+0x48/0xac __kmap_local_sched_out+0x51/0x108 __schedule+0x71a/0x9c4 preempt_schedule_irq+0xa0/0xe0 common_exception_return+0x5c/0x93 do_wp_page+0x30e/0x330 handle_mm_fault+0xa70/0xc3c do_page_fault+0x1d8/0x3c4 common_exception+0x7f/0x7f WARNING: CPU: 0 PID: 101 at mm/highmem.c:664 __kmap_local_sched_in+0x50/0xe0 CPU: 0 PID: 101 Comm: touch Tainted: G W 5.17.0-rc7-00010-gd3a1cdde80d2-dirty #13 Call Trace: dump_stack+0xc/0x40 __warn+0x8f/0x174 warn_slowpath_fmt+0x48/0xac __kmap_local_sched_in+0x50/0xe0 finish_task_switch$isra$0+0x1ce/0x2f8 __schedule+0x86e/0x9c4 preempt_schedule_irq+0xa0/0xe0 common_exception_return+0x5c/0x93 do_wp_page+0x30e/0x330 handle_mm_fault+0xa70/0xc3c do_page_fault+0x1d8/0x3c4 common_exception+0x7f/0x7f Fix it by replacing !pte_none(pteval) with pte_val(pteval) != 0. Link: https://lkml.kernel.org/r/20220403235159.3498065-1-jcmvbkbc@gmail.com Fixes: 5fbda3ecd14a ("sched: highmem: Store local kmaps in task struct") Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> Reviewed-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: "Peter Zijlstra (Intel)" <peterz(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/highmem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mm/highmem.c~highmem-fix-checks-in-__kmap_local_sched_inout +++ a/mm/highmem.c @@ -624,7 +624,7 @@ void __kmap_local_sched_out(void) /* With debug all even slots are unmapped and act as guard */ if (IS_ENABLED(CONFIG_DEBUG_KMAP_LOCAL) && !(i & 0x01)) { - WARN_ON_ONCE(!pte_none(pteval)); + WARN_ON_ONCE(pte_val(pteval) != 0); continue; } if (WARN_ON_ONCE(pte_none(pteval))) @@ -661,7 +661,7 @@ void __kmap_local_sched_in(void) /* With debug all even slots are unmapped and act as guard */ if (IS_ENABLED(CONFIG_DEBUG_KMAP_LOCAL) && !(i & 0x01)) { - WARN_ON_ONCE(!pte_none(pteval)); + WARN_ON_ONCE(pte_val(pteval) != 0); continue; } if (WARN_ON_ONCE(pte_none(pteval))) _ Patches currently in -mm which might be from jcmvbkbc(a)gmail.com are highmem-fix-checks-in-__kmap_local_sched_inout.patch

3 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] can: m_can: m_can_tx_handler(): fix use after free of skb" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e8e79c416aae1de224c0f1860f2e3350fa171f8 Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde <mkl(a)pengutronix.de> Date: Thu, 17 Mar 2022 08:57:35 +0100 Subject: [PATCH] can: m_can: m_can_tx_handler(): fix use after free of skb can_put_echo_skb() will clone skb then free the skb. Move the can_put_echo_skb() for the m_can version 3.0.x directly before the start of the xmit in hardware, similar to the 3.1.x branch. Fixes: 80646733f11c ("can: m_can: update to support CAN FD features") Link: https://lore.kernel.org/all/20220317081305.739554-1-mkl@pengutronix.de Cc: stable(a)vger.kernel.org Reported-by: Hangyu Hua <hbh25y(a)gmail.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/m_can/m_can.c b/drivers/net/can/m_can/m_can.c index 1a4b56f6fa8c..b3b5bc1c803b 100644 --- a/drivers/net/can/m_can/m_can.c +++ b/drivers/net/can/m_can/m_can.c @@ -1637,8 +1637,6 @@ static netdev_tx_t m_can_tx_handler(struct m_can_classdev *cdev) if (err) goto out_fail; - can_put_echo_skb(skb, dev, 0, 0); - if (cdev->can.ctrlmode & CAN_CTRLMODE_FD) { cccr = m_can_read(cdev, M_CAN_CCCR); cccr &= ~CCCR_CMR_MASK; @@ -1655,6 +1653,9 @@ static netdev_tx_t m_can_tx_handler(struct m_can_classdev *cdev) m_can_write(cdev, M_CAN_CCCR, cccr); } m_can_write(cdev, M_CAN_TXBTIE, 0x1); + + can_put_echo_skb(skb, dev, 0, 0); + m_can_write(cdev, M_CAN_TXBAR, 0x1); /* End of xmit function for version 3.0.x */ } else {

3 years, 8 months

2
1
0 0

stable-rc/linux-5.10.y baseline: 52 runs, 1 regressions (v5.10.109-593-gd189d4a7b878)

by kernelci.org bot

stable-rc/linux-5.10.y baseline: 52 runs, 1 regressions (v5.10.109-593-gd189d4a7b878) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------------+-------+---------------+----------+----------------------------+------------ rk3399-gru-kevin | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-5.10.y/kernel/v5.10.10… Test: baseline Tree: stable-rc Branch: linux-5.10.y Describe: v5.10.109-593-gd189d4a7b878 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: d189d4a7b878ffe1fbb94de895104afbb8b669c1 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------------+-------+---------------+----------+----------------------------+------------ rk3399-gru-kevin | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/624b17bc493aabd1e2ae06a1 Results: 90 PASS, 2 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.10.y/v5.10.109-593-gd189d4a… HTML log: https://storage.kernelci.org//stable-rc/linux-5.10.y/v5.10.109-593-gd189d4a… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.bootrr.rockchip-i2s1-probed: https://kernelci.org/test/case/id/624b17bd493aabd1e2ae06c3 failing since 27 days (last pass: v5.10.103, first fail: v5.10.103-106-g79bd6348914c) 2022-04-04T16:07:12.620236 /lava-6017851/1/../bin/lava-test-case 2022-04-04T16:07:12.630733 <8>[ 34.053886] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=rockchip-i2s1-probed RESULT=fail>

3 years, 8 months

1
0
0 0

stable-rc/linux-5.4.y baseline: 52 runs, 3 regressions (v5.4.188-369-gfec0077da6ba)

by kernelci.org bot

stable-rc/linux-5.4.y baseline: 52 runs, 3 regressions (v5.4.188-369-gfec0077da6ba) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm-virt-gicv2-uefi | arm | lab-broonie | gcc-10 | multi_v7_defconfig | 1 qemu_arm-virt-gicv3-uefi | arm | lab-broonie | gcc-10 | multi_v7_defconfig | 1 rk3399-gru-kevin | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-5.4.y/kernel/v5.4.188-… Test: baseline Tree: stable-rc Branch: linux-5.4.y Describe: v5.4.188-369-gfec0077da6ba URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: fec0077da6bae2950e39f5171e9a9e0f54f8a1f1 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm-virt-gicv2-uefi | arm | lab-broonie | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/624b0e24092b273371ae0683 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.188-369-gfec0077da… HTML log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.188-369-gfec0077da… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/624b0e24092b273371ae0684 failing since 109 days (last pass: v5.4.165, first fail: v5.4.165-19-gb780ab989d60) platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm-virt-gicv3-uefi | arm | lab-broonie | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/624b0e2571c8422cd6ae067c Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.188-369-gfec0077da… HTML log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.188-369-gfec0077da… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/624b0e2571c8422cd6ae067d failing since 109 days (last pass: v5.4.165, first fail: v5.4.165-19-gb780ab989d60) platform | arch | lab | compiler | defconfig | regressions -------------------------+-------+---------------+----------+----------------------------+------------ rk3399-gru-kevin | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/624b1051b834743f7aae0684 Results: 88 PASS, 2 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.188-369-gfec0077da… HTML log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.188-369-gfec0077da… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.bootrr.rockchip-i2s1-probed: https://kernelci.org/test/case/id/624b1051b834743f7aae06a6 failing since 29 days (last pass: v5.4.181-51-gb77a12b8d613, first fail: v5.4.182-54-gf27af6bf3c32) 2022-04-04T15:35:34.379505 /lava-6017550/1/../bin/lava-test-case 2022-04-04T15:35:34.388334 <8>[ 31.356745] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=rockchip-i2s1-probed RESULT=fail>

3 years, 8 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror April 2022