October 2024 - Linux-stable-mirror

[PATCH v2 2/2] staging: vchiq_arm: Utilize devm_kzalloc() for allocation

by Umang Jain

The struct drv_mgmt 'mgmt' is currently allocated dynamically using kzalloc(). Unfortunately, it is subjected to memory leaks in the error handling paths of the probe() function. To address this issue, use device resource management helper devm_kzalloc(), to ensure cleanup after the allocation. Cc: stable(a)vger.kernel.org Fixes: 1c9e16b73166 ("staging: vc04_services: vchiq_arm: Split driver static and runtime data") Signed-off-by: Umang Jain <umang.jain(a)ideasonboard.com> --- drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c index 146442a3552c..373cfdd5b020 100644 --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c @@ -1344,7 +1344,7 @@ static int vchiq_probe(struct platform_device *pdev) return -ENOENT; } - mgmt = kzalloc(sizeof(*mgmt), GFP_KERNEL); + mgmt = devm_kzalloc(&pdev->dev, sizeof(*mgmt), GFP_KERNEL); if (!mgmt) return -ENOMEM; @@ -1402,8 +1402,6 @@ static void vchiq_remove(struct platform_device *pdev) arm_state = vchiq_platform_get_arm_state(&mgmt->state); kthread_stop(arm_state->ka_thread); - - kfree(mgmt); } static struct platform_driver vchiq_driver = { -- 2.45.2

1 week

1
0
0 0

Re: Patch "cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons" has been added to the 6.1-stable tree

by Dhananjay Ugwekar

Hello, This patch is only needed post the commit cpufreq: amd-pstate: Unify computation of {max,min,nominal,lowest_nonlinear}_freq (https://github.com/torvalds/linux/commit/5547c0ebfc2efdab6ee93a7fd4d9c411ad…). Hence, please do not add it to the 6.1 stable tree. Thanks, Dhananjay On 10/11/2024 5:49 AM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > cpufreq-amd-pstate-ut-convert-nominal_freq-to-khz-du.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit f73b7329361c75898fc97abd91c86a12bfe34830 > Author: Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> > Date: Tue Jul 2 08:14:13 2024 +0000 > > cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons > > [ Upstream commit f21ab5ed4e8758b06230900f44b9dcbcfdc0c3ae ] > > cpudata->nominal_freq being in MHz whereas other frequencies being in > KHz breaks the amd-pstate-ut frequency sanity check. This fixes it. > > Fixes: e4731baaf294 ("cpufreq: amd-pstate: Fix the inconsistency in max frequency units") > Reported-by: David Arcari <darcari(a)redhat.com> > Signed-off-by: Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> > Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> > Reviewed-by: Gautham R. Shenoy <gautham.shenoy(a)amd.com> > Link: https://lore.kernel.org/r/20240702081413.5688-2-Dhananjay.Ugwekar@amd.com > Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/cpufreq/amd-pstate-ut.c b/drivers/cpufreq/amd-pstate-ut.c > index b448c8d6a16dd..9c1fc386c010f 100644 > --- a/drivers/cpufreq/amd-pstate-ut.c > +++ b/drivers/cpufreq/amd-pstate-ut.c > @@ -201,6 +201,7 @@ static void amd_pstate_ut_check_freq(u32 index) > int cpu = 0; > struct cpufreq_policy *policy = NULL; > struct amd_cpudata *cpudata = NULL; > + u32 nominal_freq_khz; > > for_each_possible_cpu(cpu) { > policy = cpufreq_cpu_get(cpu); > @@ -208,13 +209,14 @@ static void amd_pstate_ut_check_freq(u32 index) > break; > cpudata = policy->driver_data; > > - if (!((cpudata->max_freq >= cpudata->nominal_freq) && > - (cpudata->nominal_freq > cpudata->lowest_nonlinear_freq) && > + nominal_freq_khz = cpudata->nominal_freq*1000; > + if (!((cpudata->max_freq >= nominal_freq_khz) && > + (nominal_freq_khz > cpudata->lowest_nonlinear_freq) && > (cpudata->lowest_nonlinear_freq > cpudata->min_freq) && > (cpudata->min_freq > 0))) { > amd_pstate_ut_cases[index].result = AMD_PSTATE_UT_RESULT_FAIL; > pr_err("%s cpu%d max=%d >= nominal=%d > lowest_nonlinear=%d > min=%d > 0, the formula is incorrect!\n", > - __func__, cpu, cpudata->max_freq, cpudata->nominal_freq, > + __func__, cpu, cpudata->max_freq, nominal_freq_khz, > cpudata->lowest_nonlinear_freq, cpudata->min_freq); > goto skip_test; > } > @@ -228,13 +230,13 @@ static void amd_pstate_ut_check_freq(u32 index) > > if (cpudata->boost_supported) { > if ((policy->max == cpudata->max_freq) || > - (policy->max == cpudata->nominal_freq)) > + (policy->max == nominal_freq_khz)) > amd_pstate_ut_cases[index].result = AMD_PSTATE_UT_RESULT_PASS; > else { > amd_pstate_ut_cases[index].result = AMD_PSTATE_UT_RESULT_FAIL; > pr_err("%s cpu%d policy_max=%d should be equal cpu_max=%d or cpu_nominal=%d !\n", > __func__, cpu, policy->max, cpudata->max_freq, > - cpudata->nominal_freq); > + nominal_freq_khz); > goto skip_test; > } > } else {

1 week

1
0
0 0

[PATCH 5.4.y 0/4] lockdep: deadlock fix and dependencies

by Carlos Llamas

This patchset adds the dependencies to apply commit a6f88ac32c6e ("lockdep: fix deadlock issue between lockdep and rcu") to the 5.4-stable tree. See the "FAILED" report at [1]. Note the dependencies actually fix a UAF and a bad recursion pattern. Thus it makes sense to also backport them. [1] https://lore.kernel.org/all/2024100226-unselfish-triangle-e5eb@gregkh/ Peter Zijlstra (2): locking/lockdep: Fix bad recursion pattern locking/lockdep: Rework lockdep_lock Waiman Long (1): locking/lockdep: Avoid potential access of invalid memory in lock_class Zhiguo Niu (1): lockdep: fix deadlock issue between lockdep and rcu kernel/locking/lockdep.c | 215 +++++++++++++++++++++++---------------- 1 file changed, 125 insertions(+), 90 deletions(-) -- 2.47.0.rc1.288.g06298d1525-goog

1 week

2
7
0 0

[PATCH AUTOSEL 4.19 1/2] net: amd: mvme147: Fix probe banner message

by Sasha Levin

From: Daniel Palmer <daniel(a)0x0f.com> [ Upstream commit 82c5b53140faf89c31ea2b3a0985a2f291694169 ] Currently this driver prints this line with what looks like a rogue format specifier when the device is probed: [ 2.840000] eth%d: MVME147 at 0xfffe1800, irq 12, Hardware Address xx:xx:xx:xx:xx:xx Change the printk() for netdev_info() and move it after the registration has completed so it prints out the name of the interface properly. Signed-off-by: Daniel Palmer <daniel(a)0x0f.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/amd/mvme147.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/amd/mvme147.c b/drivers/net/ethernet/amd/mvme147.c index 0a920448522f3..0bb27f4dd6428 100644 --- a/drivers/net/ethernet/amd/mvme147.c +++ b/drivers/net/ethernet/amd/mvme147.c @@ -105,10 +105,6 @@ struct net_device * __init mvme147lance_probe(int unit) address = address >> 8; dev->dev_addr[3] = address&0xff; - printk("%s: MVME147 at 0x%08lx, irq %d, Hardware Address %pM\n", - dev->name, dev->base_addr, MVME147_LANCE_IRQ, - dev->dev_addr); - lp = netdev_priv(dev); lp->ram = __get_dma_pages(GFP_ATOMIC, 3); /* 32K */ if (!lp->ram) { @@ -138,6 +134,9 @@ struct net_device * __init mvme147lance_probe(int unit) return ERR_PTR(err); } + netdev_info(dev, "MVME147 at 0x%08lx, irq %d, Hardware Address %pM\n", + dev->base_addr, MVME147_LANCE_IRQ, dev->dev_addr); + return dev; } -- 2.43.0

1 week

1
1
0 0

[PATCH AUTOSEL 5.4 1/2] net: amd: mvme147: Fix probe banner message

by Sasha Levin

From: Daniel Palmer <daniel(a)0x0f.com> [ Upstream commit 82c5b53140faf89c31ea2b3a0985a2f291694169 ] Currently this driver prints this line with what looks like a rogue format specifier when the device is probed: [ 2.840000] eth%d: MVME147 at 0xfffe1800, irq 12, Hardware Address xx:xx:xx:xx:xx:xx Change the printk() for netdev_info() and move it after the registration has completed so it prints out the name of the interface properly. Signed-off-by: Daniel Palmer <daniel(a)0x0f.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/amd/mvme147.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/amd/mvme147.c b/drivers/net/ethernet/amd/mvme147.c index 72abd3f82249b..eb7b1da2fb06f 100644 --- a/drivers/net/ethernet/amd/mvme147.c +++ b/drivers/net/ethernet/amd/mvme147.c @@ -106,10 +106,6 @@ struct net_device * __init mvme147lance_probe(int unit) address = address >> 8; dev->dev_addr[3] = address&0xff; - printk("%s: MVME147 at 0x%08lx, irq %d, Hardware Address %pM\n", - dev->name, dev->base_addr, MVME147_LANCE_IRQ, - dev->dev_addr); - lp = netdev_priv(dev); lp->ram = __get_dma_pages(GFP_ATOMIC, 3); /* 32K */ if (!lp->ram) { @@ -139,6 +135,9 @@ struct net_device * __init mvme147lance_probe(int unit) return ERR_PTR(err); } + netdev_info(dev, "MVME147 at 0x%08lx, irq %d, Hardware Address %pM\n", + dev->base_addr, MVME147_LANCE_IRQ, dev->dev_addr); + return dev; } -- 2.43.0

1 week

1
1
0 0

[PATCH AUTOSEL 5.10 1/3] net: amd: mvme147: Fix probe banner message

by Sasha Levin

From: Daniel Palmer <daniel(a)0x0f.com> [ Upstream commit 82c5b53140faf89c31ea2b3a0985a2f291694169 ] Currently this driver prints this line with what looks like a rogue format specifier when the device is probed: [ 2.840000] eth%d: MVME147 at 0xfffe1800, irq 12, Hardware Address xx:xx:xx:xx:xx:xx Change the printk() for netdev_info() and move it after the registration has completed so it prints out the name of the interface properly. Signed-off-by: Daniel Palmer <daniel(a)0x0f.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/amd/mvme147.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/amd/mvme147.c b/drivers/net/ethernet/amd/mvme147.c index 3f2e4cdd0b83e..133fe0f1166b0 100644 --- a/drivers/net/ethernet/amd/mvme147.c +++ b/drivers/net/ethernet/amd/mvme147.c @@ -106,10 +106,6 @@ struct net_device * __init mvme147lance_probe(int unit) address = address >> 8; dev->dev_addr[3] = address&0xff; - printk("%s: MVME147 at 0x%08lx, irq %d, Hardware Address %pM\n", - dev->name, dev->base_addr, MVME147_LANCE_IRQ, - dev->dev_addr); - lp = netdev_priv(dev); lp->ram = __get_dma_pages(GFP_ATOMIC, 3); /* 32K */ if (!lp->ram) { @@ -139,6 +135,9 @@ struct net_device * __init mvme147lance_probe(int unit) return ERR_PTR(err); } + netdev_info(dev, "MVME147 at 0x%08lx, irq %d, Hardware Address %pM\n", + dev->base_addr, MVME147_LANCE_IRQ, dev->dev_addr); + return dev; } -- 2.43.0

1 week

1
2
0 0

[PATCH AUTOSEL 5.15 1/8] fs/ntfs3: Check if more than chunk-size bytes are written

by Sasha Levin

From: Andrew Ballance <andrewjballance(a)gmail.com> [ Upstream commit 9931122d04c6d431b2c11b5bb7b10f28584067f0 ] A incorrectly formatted chunk may decompress into more than LZNT_CHUNK_SIZE bytes and a index out of bounds will occur in s_max_off. Signed-off-by: Andrew Ballance <andrewjballance(a)gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/lznt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/ntfs3/lznt.c b/fs/ntfs3/lznt.c index 28f654561f279..09db01c1098cd 100644 --- a/fs/ntfs3/lznt.c +++ b/fs/ntfs3/lznt.c @@ -236,6 +236,9 @@ static inline ssize_t decompress_chunk(u8 *unc, u8 *unc_end, const u8 *cmpr, /* Do decompression until pointers are inside range. */ while (up < unc_end && cmpr < cmpr_end) { + // return err if more than LZNT_CHUNK_SIZE bytes are written + if (up - unc > LZNT_CHUNK_SIZE) + return -EINVAL; /* Correct index */ while (unc + s_max_off[index] < up) index += 1; -- 2.43.0

1 week

1
7
0 0

[PATCH AUTOSEL 6.1 01/10] fs/ntfs3: Check if more than chunk-size bytes are written

by Sasha Levin

From: Andrew Ballance <andrewjballance(a)gmail.com> [ Upstream commit 9931122d04c6d431b2c11b5bb7b10f28584067f0 ] A incorrectly formatted chunk may decompress into more than LZNT_CHUNK_SIZE bytes and a index out of bounds will occur in s_max_off. Signed-off-by: Andrew Ballance <andrewjballance(a)gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/lznt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/ntfs3/lznt.c b/fs/ntfs3/lznt.c index 28f654561f279..09db01c1098cd 100644 --- a/fs/ntfs3/lznt.c +++ b/fs/ntfs3/lznt.c @@ -236,6 +236,9 @@ static inline ssize_t decompress_chunk(u8 *unc, u8 *unc_end, const u8 *cmpr, /* Do decompression until pointers are inside range. */ while (up < unc_end && cmpr < cmpr_end) { + // return err if more than LZNT_CHUNK_SIZE bytes are written + if (up - unc > LZNT_CHUNK_SIZE) + return -EINVAL; /* Correct index */ while (unc + s_max_off[index] < up) index += 1; -- 2.43.0

1 week

1
9
0 0

[PATCH AUTOSEL 6.6 01/17] ntfs3: Add bounds checking to mi_enum_attr()

by Sasha Levin

From: lei lu <llfamsec(a)gmail.com> [ Upstream commit 556bdf27c2dd5c74a9caacbe524b943a6cd42d99 ] Added bounds checking to make sure that every attr don't stray beyond valid memory region. Signed-off-by: lei lu <llfamsec(a)gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/record.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index 6c76503edc200..2a375247b3c09 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -223,28 +223,19 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) prev_type = 0; attr = Add2Ptr(rec, off); } else { - /* Check if input attr inside record. */ + /* + * We don't need to check previous attr here. There is + * a bounds checking in the previous round. + */ off = PtrOffset(rec, attr); - if (off >= used) - return NULL; asize = le32_to_cpu(attr->size); - if (asize < SIZEOF_RESIDENT) { - /* Impossible 'cause we should not return such attribute. */ - return NULL; - } - - /* Overflow check. */ - if (off + asize < off) - return NULL; prev_type = le32_to_cpu(attr->type); attr = Add2Ptr(attr, asize); off += asize; } - asize = le32_to_cpu(attr->size); - /* Can we use the first field (attr->type). */ if (off + 8 > used) { static_assert(ALIGN(sizeof(enum ATTR_TYPE), 8) == 8); @@ -265,6 +256,12 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) if (t32 < prev_type) return NULL; + asize = le32_to_cpu(attr->size); + if (asize < SIZEOF_RESIDENT) { + /* Impossible 'cause we should not return such attribute. */ + return NULL; + } + /* Check overflow and boundary. */ if (off + asize < off || off + asize > used) return NULL; -- 2.43.0

1 week

1
16
0 0

[PATCH AUTOSEL 6.11 01/20] ntfs3: Add bounds checking to mi_enum_attr()

by Sasha Levin

From: lei lu <llfamsec(a)gmail.com> [ Upstream commit 556bdf27c2dd5c74a9caacbe524b943a6cd42d99 ] Added bounds checking to make sure that every attr don't stray beyond valid memory region. Signed-off-by: lei lu <llfamsec(a)gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/record.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index 6c76503edc200..2a375247b3c09 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -223,28 +223,19 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) prev_type = 0; attr = Add2Ptr(rec, off); } else { - /* Check if input attr inside record. */ + /* + * We don't need to check previous attr here. There is + * a bounds checking in the previous round. + */ off = PtrOffset(rec, attr); - if (off >= used) - return NULL; asize = le32_to_cpu(attr->size); - if (asize < SIZEOF_RESIDENT) { - /* Impossible 'cause we should not return such attribute. */ - return NULL; - } - - /* Overflow check. */ - if (off + asize < off) - return NULL; prev_type = le32_to_cpu(attr->type); attr = Add2Ptr(attr, asize); off += asize; } - asize = le32_to_cpu(attr->size); - /* Can we use the first field (attr->type). */ if (off + 8 > used) { static_assert(ALIGN(sizeof(enum ATTR_TYPE), 8) == 8); @@ -265,6 +256,12 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) if (t32 < prev_type) return NULL; + asize = le32_to_cpu(attr->size); + if (asize < SIZEOF_RESIDENT) { + /* Impossible 'cause we should not return such attribute. */ + return NULL; + } + /* Check overflow and boundary. */ if (off + asize < off || off + asize > used) return NULL; -- 2.43.0

1 week

1
19
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2024