November 2024 - Linux-stable-mirror

[PATCH v2 2/2] of: address: Preserve the flags portion on 1:1 dma-ranges mapping

by Andrea della Porta

A missing or empty dma-ranges in a DT node implies a 1:1 mapping for dma translations. In this specific case, the current behaviour is to zero out the entire specifier so that the translation could be carried on as an offset from zero. This includes address specifier that has flags (e.g. PCI ranges). Once the flags portion has been zeroed, the translation chain is broken since the mapping functions will check the upcoming address specifier against mismatching flags, always failing the 1:1 mapping and its entire purpose of always succeeding. Set to zero only the address portion while passing the flags through. Fixes: dbbdee94734b ("of/address: Merge all of the bus translation code") Cc: stable(a)vger.kernel.org Signed-off-by: Andrea della Porta <andrea.porta(a)suse.com> Tested-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/of/address.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/of/address.c b/drivers/of/address.c index 286f0c161e33..b3479586bd4d 100644 --- a/drivers/of/address.c +++ b/drivers/of/address.c @@ -455,7 +455,8 @@ static int of_translate_one(struct device_node *parent, struct of_bus *bus, } if (ranges == NULL || rlen == 0) { offset = of_read_number(addr, na); - memset(addr, 0, pna * 4); + /* set address to zero, pass flags through */ + memset(addr + pbus->flag_cells, 0, (pna - pbus->flag_cells) * 4); pr_debug("empty ranges; 1:1 translation\n"); goto finish; } -- 2.35.3

1 month, 2 weeks

1
0
0 0

[PATCH 00/18] leds: switch to device_for_each_child_node_scoped()

by Javier Carrasco

This series switches from the device_for_each_child_node() macro to its scoped variant, which in general makes the code more robust if new early exits are added to the loops, because there is no need for explicit calls to fwnode_handle_put(). Depending on the complexity of the loop and its error handling, the code gets simplified and it gets easier to follow. The non-scoped variant of the macro is error-prone, and it has been the source of multiple bugs where the child node refcount was not decremented accordingly in error paths within the loops. The first patch of this series is a good example, which fixes that kind of bug that is regularly found in node iterators. The uses of device_for_each_child_node() with no early exits have been left untouched because their simpilicty justifies the non-scoped variant. Note that the child node is now declared in the macro, and therefore the explicit declaration is no longer required. The general functionality should not be affected by this modification. If functional changes are found, please report them back as errors. Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Javier Carrasco (18): leds: flash: mt6360: fix device_for_each_child_node() refcounting in error paths leds: flash: mt6370: switch to device_for_each_child_node_scoped() leds: flash: leds-qcom-flash: switch to device_for_each_child_node_scoped() leds: aw200xx: switch to device_for_each_child_node_scoped() leds: cr0014114: switch to device_for_each_child_node_scoped() leds: el15203000: switch to device_for_each_child_node_scoped() leds: gpio: switch to device_for_each_child_node_scoped() leds: lm3532: switch to device_for_each_child_node_scoped() leds: lm3697: switch to device_for_each_child_node_scoped() leds: lp50xx: switch to device_for_each_child_node_scoped() leds: max77650: switch to device_for_each_child_node_scoped() leds: ns2: switch to device_for_each_child_node_scoped() leds: pca963x: switch to device_for_each_child_node_scoped() leds: pwm: switch to device_for_each_child_node_scoped() leds: sun50i-a100: switch to device_for_each_child_node_scoped() leds: tca6507: switch to device_for_each_child_node_scoped() leds: rgb: ktd202x: switch to device_for_each_child_node_scoped() leds: rgb: mt6370: switch to device_for_each_child_node_scoped() drivers/leds/flash/leds-mt6360.c | 3 +-- drivers/leds/flash/leds-mt6370-flash.c | 11 +++------- drivers/leds/flash/leds-qcom-flash.c | 4 +--- drivers/leds/leds-aw200xx.c | 7 ++----- drivers/leds/leds-cr0014114.c | 4 +--- drivers/leds/leds-el15203000.c | 14 ++++--------- drivers/leds/leds-gpio.c | 9 +++------ drivers/leds/leds-lm3532.c | 18 +++++++---------- drivers/leds/leds-lm3697.c | 18 ++++++----------- drivers/leds/leds-lp50xx.c | 21 +++++++------------ drivers/leds/leds-max77650.c | 18 ++++++----------- drivers/leds/leds-ns2.c | 7 ++----- drivers/leds/leds-pca963x.c | 11 +++------- drivers/leds/leds-pwm.c | 15 ++++---------- drivers/leds/leds-sun50i-a100.c | 27 +++++++++---------------- drivers/leds/leds-tca6507.c | 7 ++----- drivers/leds/rgb/leds-ktd202x.c | 8 +++----- drivers/leds/rgb/leds-mt6370-rgb.c | 37 ++++++++++------------------------ 18 files changed, 75 insertions(+), 164 deletions(-) --- base-commit: 92fc9636d1471b7f68bfee70c776f7f77e747b97 change-id: 20240926-leds_device_for_each_child_node_scoped-5a95255413fa Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

1 month, 2 weeks

3
3
0 0

[PATCH v2] iio: imu: inv_icm42600: fix spi burst write not supported

by Jean-Baptiste Maneyrol via B4 Relay

From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Burst write with SPI is not working for all icm42600 chips. It was only used for setting user offsets with regmap_bulk_write. Add specific SPI regmap config for using only single write with SPI. Fixes: 9f9ff91b775b ("iio: imu: inv_icm42600: add SPI driver for inv_icm42600 driver") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> --- Changes in v2: - Add new spi specific regmap config instead of editing existing one. - Link to v1: https://lore.kernel.org/r/20241107-inv-icm42600-fix-spi-burst-write-not-sup… --- drivers/iio/imu/inv_icm42600/inv_icm42600.h | 1 + drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 15 +++++++++++++++ drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c | 3 ++- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600.h b/drivers/iio/imu/inv_icm42600/inv_icm42600.h index 3a07e43e4cf154f3107c015c30248330d8e677f8..18787a43477b89db12caee597ab040af5c8f52d5 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600.h +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600.h @@ -403,6 +403,7 @@ struct inv_icm42600_sensor_state { typedef int (*inv_icm42600_bus_setup)(struct inv_icm42600_state *); extern const struct regmap_config inv_icm42600_regmap_config; +extern const struct regmap_config inv_icm42600_spi_regmap_config; extern const struct dev_pm_ops inv_icm42600_pm_ops; const struct iio_mount_matrix * diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 93b5d7a3339ccff16b21bf6c40ed7b2311317cf4..834c32cb07f354ab52e69bfeea8f00b6443e8dd9 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -87,6 +87,21 @@ const struct regmap_config inv_icm42600_regmap_config = { }; EXPORT_SYMBOL_NS_GPL(inv_icm42600_regmap_config, IIO_ICM42600); +/* define specific regmap for SPI not supporting burst write */ +const struct regmap_config inv_icm42600_spi_regmap_config = { + .name = "inv_icm42600", + .reg_bits = 8, + .val_bits = 8, + .max_register = 0x4FFF, + .ranges = inv_icm42600_regmap_ranges, + .num_ranges = ARRAY_SIZE(inv_icm42600_regmap_ranges), + .volatile_table = inv_icm42600_regmap_volatile_accesses, + .rd_noinc_table = inv_icm42600_regmap_rd_noinc_accesses, + .cache_type = REGCACHE_RBTREE, + .use_single_write = true, +}; +EXPORT_SYMBOL_NS_GPL(inv_icm42600_spi_regmap_config, IIO_ICM42600); + struct inv_icm42600_hw { uint8_t whoami; const char *name; diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c index 3b6d05fce65d544524b25299c6d342af92cfd1e0..deb0cbd8b7fe6fcb562067afaca931c148f6fca6 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c @@ -59,7 +59,8 @@ static int inv_icm42600_probe(struct spi_device *spi) return -EINVAL; chip = (uintptr_t)match; - regmap = devm_regmap_init_spi(spi, &inv_icm42600_regmap_config); + /* use SPI specific regmap */ + regmap = devm_regmap_init_spi(spi, &inv_icm42600_spi_regmap_config); if (IS_ERR(regmap)) return PTR_ERR(regmap); --- base-commit: c9f8285ec18c08fae0de08835eb8e5953339e664 change-id: 20241107-inv-icm42600-fix-spi-burst-write-not-supported-efe78d7379a5 Best regards, -- Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>

1 month, 2 weeks

2
1
0 0

[PATCH] f2fs: fix to drop all discards after creating snapshot on lvm device

by Chao Yu

Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd(). Cc: stable(a)vger.kernel.org Fixes: 35ec7d574884 ("f2fs: split discard command in prior to block layer") Reported-by: Piergiorgio Sartor <piergiorgio.sartor(a)nexgo.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219484 Signed-off-by: Chao Yu <chao(a)kernel.org> --- fs/f2fs/segment.c | 16 +++++++++------- fs/f2fs/super.c | 12 ++++++++++++ 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 7bdfe08ce9ea..af3fb3f6d9b5 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1290,16 +1290,18 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi, wait_list, issued); return 0; } - - /* - * Issue discard for conventional zones only if the device - * supports discard. - */ - if (!bdev_max_discard_sectors(bdev)) - return -EOPNOTSUPP; } #endif + /* + * stop issuing discard for any of below cases: + * 1. device is conventional zone, but it doesn't support discard. + * 2. device is regulare device, after snapshot it doesn't support + * discard. + */ + if (!bdev_max_discard_sectors(bdev)) + return -EOPNOTSUPP; + trace_f2fs_issue_discard(bdev, dc->di.start, dc->di.len); lstart = dc->di.lstart; diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c0670cd61956..fc7d463dee15 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1760,6 +1760,18 @@ static int f2fs_freeze(struct super_block *sb) static int f2fs_unfreeze(struct super_block *sb) { + struct f2fs_sb_info *sbi = F2FS_SB(sb); + + /* + * It will update discard_max_bytes of mounted lvm device to zero + * after creating snapshot on this lvm device, let's drop all + * remained discards. + * We don't need to disable real-time discard because discard_max_bytes + * will recover after removal of snapshot. + */ + if (test_opt(sbi, DISCARD) && !f2fs_hw_support_discard(sbi)) + f2fs_issue_discard_timeout(sbi); + clear_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING); return 0; } -- 2.40.1

1 month, 2 weeks

2
1
0 0

Re:

by Christoph Biedl

the Hide wrote... > Who should I contact regarding the following error > > > E: Malformed entry 5 in list file > /etc/apt/sources.list.d/additional-repositories.list (Component) > E: The list of sources could not be read. > E: _cache->open() failed, please report. Assuming you're using Debian and not some derivatve: Some Debian users mailing list, like <https://lists.debian.org/debian-user/> From the above error message I assume there's a format error in /etc/apt/sources.list.d/additional-repositories.list - so it was wise to include the content of that file in a message to that list. If it's actually a bug in apt, the Debian bug tracker was the place to go. This list here however is about development of the Linux kernel, the stable releases, so not quite the right place. Christoph

1 month, 2 weeks

1
0
0 0

[PATCH 2/3] drm/xe/guc_submit: fix race around pending_disable

by Matthew Auld

Currently in some testcases we can trigger: [drm] *ERROR* GT0: SCHED_DONE: Unexpected engine state 0x02b1, guc_id=8, runnable_state=0 [drm] *ERROR* GT0: G2H action 0x1002 failed (-EPROTO) len 3 msg 02 10 00 90 08 00 00 00 00 00 00 00 Looking at a snippet of corresponding ftrace for this GuC id we can see: 498.852891: xe_sched_msg_add: dev=0000:03:00.0, gt=0 guc_id=8, opcode=3 498.854083: xe_sched_msg_recv: dev=0000:03:00.0, gt=0 guc_id=8, opcode=3 498.855389: xe_exec_queue_kill: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x3, flags=0x0 498.855436: xe_exec_queue_lr_cleanup: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x83, flags=0x0 498.856767: xe_exec_queue_close: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x83, flags=0x0 498.862889: xe_exec_queue_scheduling_disable: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0xa9, flags=0x0 498.863032: xe_exec_queue_scheduling_disable: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x2b9, flags=0x0 498.875596: xe_exec_queue_scheduling_done: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x2b9, flags=0x0 498.875604: xe_exec_queue_deregister: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x2b1, flags=0x0 499.074483: xe_exec_queue_deregister_done: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x2b1, flags=0x0 This looks to be the two scheduling_disable racing with each other, one from the suspend (opcode=3) and then again during lr cleanup. While those two operations are serialized, the G2H portion is not, therefore when marking the queue as pending_disabled and then firing off the first request, we proceed do the same again, however the first disable response only fires after this which then clears the pending_disabled. At this point the second comes back and is processed, however the pending_disabled is no longer set, hence triggering the warning. To fix this wait for pending_disabled when doing the lr cleanup and calling disable_scheduling_deregister. Also do the same for all other disable_scheduling callers. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/3515 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_guc_submit.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_guc_submit.c b/drivers/gpu/drm/xe/xe_guc_submit.c index f9ecee5364d8..f3c22b101916 100644 --- a/drivers/gpu/drm/xe/xe_guc_submit.c +++ b/drivers/gpu/drm/xe/xe_guc_submit.c @@ -767,12 +767,15 @@ static void disable_scheduling_deregister(struct xe_guc *guc, set_min_preemption_timeout(guc, q); smp_rmb(); - ret = wait_event_timeout(guc->ct.wq, !exec_queue_pending_enable(q) || - xe_guc_read_stopped(guc), HZ * 5); + ret = wait_event_timeout(guc->ct.wq, + (!exec_queue_pending_enable(q) && + !exec_queue_pending_disable(q)) || + xe_guc_read_stopped(guc), + HZ * 5); if (!ret) { struct xe_gpu_scheduler *sched = &q->guc->sched; - xe_gt_warn(q->gt, "Pending enable failed to respond\n"); + xe_gt_warn(q->gt, "Pending enable/disable failed to respond\n"); xe_sched_submission_start(sched); xe_gt_reset_async(q->gt); xe_sched_tdr_queue_imm(sched); @@ -1099,7 +1102,8 @@ guc_exec_queue_timedout_job(struct drm_sched_job *drm_job) * modifying state */ ret = wait_event_timeout(guc->ct.wq, - !exec_queue_pending_enable(q) || + (!exec_queue_pending_enable(q) && + !exec_queue_pending_disable(q)) || xe_guc_read_stopped(guc), HZ * 5); if (!ret || xe_guc_read_stopped(guc)) goto trigger_reset; @@ -1329,8 +1333,8 @@ static void __guc_exec_queue_process_msg_suspend(struct xe_sched_msg *msg) if (guc_exec_queue_allowed_to_change_state(q) && !exec_queue_suspended(q) && exec_queue_enabled(q)) { - wait_event(guc->ct.wq, q->guc->resume_time != RESUME_PENDING || - xe_guc_read_stopped(guc)); + wait_event(guc->ct.wq, (q->guc->resume_time != RESUME_PENDING || + xe_guc_read_stopped(guc)) && !exec_queue_pending_disable(q)); if (!xe_guc_read_stopped(guc)) { s64 since_resume_ms = -- 2.47.0

1 month, 2 weeks

2
1
0 0

[PATCH 5.10.y] scsi: core: Backport fixes for CVE-2021-47182

by Vasiliy Kovalev

The patch titled "scsi: core: Fix scsi_mode_sense() buffer length handling" addresses CVE-2021-47182, fixing the following issues in `scsi_mode_sense()` buffer length handling: 1. Incorrect handling of the allocation length field in the MODE SENSE(10) command, causing truncation of buffer lengths larger than 255 bytes. 2. Memory corruption when handling small buffer lengths due to lack of proper validation. Original patch submission: https://lore.kernel.org/all/20210820070255.682775-2-damien.lemoal@wdc.com/ CVE announcement in linux-cve-announce: https://lore.kernel.org/linux-cve-announce/2024041032-CVE-2021-47182-377e@g… Fixed versions: - Fixed in 5.15.5 with commit e15de347faf4 - Fixed in 5.16 with commit 17b49bcbf835 Official CVE entry: https://cve.org/CVERecord/?id=CVE-2021-47182 [PATCH 5.10.y] scsi: core: Fix scsi_mode_sense() buffer length handling

1 month, 2 weeks

2
2
0 0

[PATCH AUTOSEL 6.6 1/6] ASoC: audio-graph-card2: Purge absent supplies for device tree nodes

by Sasha Levin

From: John Watts <contact(a)jookia.org> [ Upstream commit f8da001ae7af0abd9f6250c02c01a1121074ca60 ] The audio graph card doesn't mark its subnodes such as multi {}, dpcm {} and c2c {} as not requiring any suppliers. This causes a hang as Linux waits for these phantom suppliers to show up on boot. Make it clear these nodes have no suppliers. Example error message: [ 15.208558] platform 2034000.i2s: deferred probe pending: platform: wait for supplier /sound/multi [ 15.208584] platform sound: deferred probe pending: asoc-audio-graph-card2: parse error Signed-off-by: John Watts <contact(a)jookia.org> Acked-by: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> Link: https://patch.msgid.link/20241108-graph_dt_fix-v1-1-173e2f9603d6@jookia.org Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/generic/audio-graph-card2.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sound/soc/generic/audio-graph-card2.c b/sound/soc/generic/audio-graph-card2.c index b1c675c6b6db6..686e0dea2bc75 100644 --- a/sound/soc/generic/audio-graph-card2.c +++ b/sound/soc/generic/audio-graph-card2.c @@ -261,16 +261,19 @@ static enum graph_type __graph_get_type(struct device_node *lnk) if (of_node_name_eq(np, GRAPH_NODENAME_MULTI)) { ret = GRAPH_MULTI; + fw_devlink_purge_absent_suppliers(&np->fwnode); goto out_put; } if (of_node_name_eq(np, GRAPH_NODENAME_DPCM)) { ret = GRAPH_DPCM; + fw_devlink_purge_absent_suppliers(&np->fwnode); goto out_put; } if (of_node_name_eq(np, GRAPH_NODENAME_C2C)) { ret = GRAPH_C2C; + fw_devlink_purge_absent_suppliers(&np->fwnode); goto out_put; } -- 2.43.0

1 month, 2 weeks

2
7
0 0

[PATCH v1] mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM

by David Hildenbrand

We currently assume that there is at least one VMA in a MM, which isn't true. So we might end up having find_vma() return NULL, to then de-reference NULL. So properly handle find_vma() returning NULL. This fixes the report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:migrate_to_node mm/mempolicy.c:1090 [inline] RIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194 Code: ... RSP: 0018:ffffc9000375fd08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000375fd78 RCX: 0000000000000000 RDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044 RBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1 R10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003 R13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8 FS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709 __do_sys_migrate_pages mm/mempolicy.c:1727 [inline] __se_sys_migrate_pages mm/mempolicy.c:1723 [inline] __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Fixes: 39743889aaf7 ("[PATCH] Swap Migration V5: sys_migrate_pages interface") Reported-by: syzbot+3511625422f7aa637f0d(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/lkml/673d2696.050a0220.3c9d61.012f.GAE@google.com/T/ Cc: <stable(a)vger.kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Christoph Lameter <cl(a)linux.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- mm/mempolicy.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index b646fab3e45e1..fbb6127e4595a 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1080,6 +1080,10 @@ static long migrate_to_node(struct mm_struct *mm, int source, int dest, mmap_read_lock(mm); vma = find_vma(mm, 0); + if (!vma) { + mmap_read_unlock(mm); + return 0; + } /* * This does not migrate the range, but isolates all pages that -- 2.47.0

1 month, 2 weeks

3
6
0 0

Linux 6.11.10

by Greg Kroah-Hartman

I'm announcing the release of the 6.11.10 kernel. All users of the 6.11 kernel series must upgrade. The updated 6.11.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.11.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/Kconfig | 3 arch/arm/kernel/head.S | 8 arch/arm/kernel/traps.c | 3 arch/arm/mm/mmu.c | 34 +- arch/arm64/Kconfig | 3 arch/arm64/include/asm/mman.h | 10 arch/loongarch/Kconfig | 3 arch/loongarch/include/asm/kasan.h | 13 - arch/loongarch/kernel/paravirt.c | 15 + arch/loongarch/kernel/smp.c | 2 arch/loongarch/mm/kasan_init.c | 46 +++ arch/mips/Kconfig | 3 arch/parisc/include/asm/mman.h | 5 arch/powerpc/Kconfig | 4 arch/riscv/Kconfig | 3 arch/s390/Kconfig | 3 arch/sh/Kconfig | 3 arch/x86/Kconfig | 3 arch/x86/Makefile | 5 arch/x86/entry/entry.S | 16 + arch/x86/include/asm/asm-prototypes.h | 3 arch/x86/kernel/cpu/amd.c | 11 arch/x86/kernel/cpu/common.c | 2 arch/x86/kernel/vmlinux.lds.S | 3 arch/x86/kvm/lapic.c | 29 +- arch/x86/kvm/vmx/nested.c | 30 ++ arch/x86/kvm/vmx/vmx.c | 6 arch/x86/mm/ioremap.c | 6 drivers/bluetooth/btintel.c | 5 drivers/char/tpm/tpm2-sessions.c | 7 drivers/firmware/arm_scmi/perf.c | 44 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 3 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 13 - drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 2 drivers/gpu/drm/amd/amdgpu/nbio_v7_7.c | 6 drivers/gpu/drm/amd/amdgpu/nv.c | 12 - drivers/gpu/drm/amd/amdgpu/soc15.c | 4 drivers/gpu/drm/amd/amdgpu/soc21.c | 12 - drivers/gpu/drm/amd/amdgpu/soc24.c | 2 drivers/gpu/drm/amd/amdgpu/vi.c | 8 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 117 +++++----- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 17 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq_params.h | 2 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 6 drivers/gpu/drm/amd/display/dc/core/dc_state.c | 3 drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_pmo/dml2_pmo_dcn4_fams2.c | 11 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 49 +--- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 4 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 4 drivers/gpu/drm/amd/pm/swsmu/smu12/renoir_ppt.c | 4 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 20 - drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_0_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 9 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 8 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.h | 2 drivers/gpu/drm/bridge/tc358768.c | 21 + drivers/gpu/drm/i915/gt/uc/intel_gsc_fw.c | 50 ++-- drivers/gpu/drm/i915/i915_drv.h | 8 drivers/gpu/drm/i915/intel_device_info.c | 24 +- drivers/gpu/drm/i915/intel_device_info.h | 4 drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c | 59 ++--- drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 11 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 6 drivers/gpu/drm/panthor/panthor_mmu.c | 2 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 8 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 2 drivers/gpu/drm/xe/xe_bo.c | 43 +-- drivers/gpu/drm/xe/xe_bo_evict.c | 20 + drivers/gpu/drm/xe/xe_oa.c | 2 drivers/infiniband/core/addr.c | 2 drivers/mailbox/qcom-cpucp-mbox.c | 2 drivers/media/dvb-core/dvbdev.c | 15 - drivers/mmc/host/dw_mmc.c | 4 drivers/mmc/host/sunxi-mmc.c | 6 drivers/net/bonding/bond_main.c | 16 + drivers/net/bonding/bond_options.c | 82 ++++++- drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 8 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_selftest.c | 4 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 15 + drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 32 ++ drivers/net/ethernet/stmicro/stmmac/dwmac-intel-plat.c | 25 +- drivers/net/ethernet/stmicro/stmmac/dwmac-mediatek.c | 4 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 13 - drivers/net/ethernet/ti/icssg/icssg_prueth.h | 12 + drivers/net/ethernet/vertexcom/mse102x.c | 4 drivers/net/phy/phylink.c | 14 - drivers/perf/riscv_pmu_sbi.c | 4 drivers/pmdomain/arm/scmi_perf_domain.c | 3 drivers/pmdomain/core.c | 49 ++-- drivers/pmdomain/imx/imx93-blk-ctrl.c | 4 drivers/vdpa/mlx5/core/mr.c | 8 drivers/vdpa/solidrun/snet_main.c | 14 - drivers/vdpa/virtio_pci/vp_vdpa.c | 10 fs/btrfs/delayed-ref.c | 2 fs/nilfs2/btnode.c | 2 fs/nilfs2/gcinode.c | 4 fs/nilfs2/mdt.c | 1 fs/nilfs2/page.c | 2 fs/ocfs2/resize.c | 2 fs/ocfs2/super.c | 13 - fs/proc/task_mmu.c | 4 include/drm/intel/i915_pciids.h | 19 + include/linux/mman.h | 7 include/linux/pm_domain.h | 6 include/linux/sched/task_stack.h | 2 include/linux/sockptr.h | 4 include/net/bond_options.h | 2 kernel/Kconfig.kexec | 2 lib/buildid.c | 2 mm/mmap.c | 2 mm/mremap.c | 2 mm/nommu.c | 4 mm/page_alloc.c | 18 + mm/shmem.c | 5 mm/swap.c | 14 - net/bluetooth/hci_core.c | 2 net/dccp/ipv6.c | 2 net/ipv6/tcp_ipv6.c | 4 net/mptcp/pm_netlink.c | 3 net/mptcp/pm_userspace.c | 15 + net/mptcp/protocol.c | 16 - net/netlink/af_netlink.c | 31 -- net/netlink/af_netlink.h | 2 net/sched/cls_u32.c | 18 + net/sctp/ipv6.c | 19 + net/vmw_vsock/af_vsock.c | 3 net/vmw_vsock/virtio_transport_common.c | 9 samples/pktgen/pktgen_sample01_simple.sh | 2 security/integrity/evm/evm_main.c | 3 security/integrity/ima/ima_template_lib.c | 14 - sound/pci/hda/patch_realtek.c | 13 - tools/mm/page-types.c | 2 tools/testing/selftests/kvm/Makefile | 8 tools/testing/selftests/mm/hugetlb_dio.c | 7 tools/testing/selftests/tc-testing/tc-tests/filters/u32.json | 24 ++ 143 files changed, 1076 insertions(+), 533 deletions(-) Akash Goel (1): drm/panthor: Fix handling of partial GPU mapping of BOs Alex Deucher (2): Revert "drm/amd/pm: correct the workload setting" Revert "drm/amd/display: parse umc_info or vram_info based on ASIC" Alexandre Ferrieux (2): net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes. net: sched: u32: Add test case for systematic hnode IDR leaks Alexandre Ghiti (1): drivers: perf: Fix wrong put_cpu() placement Andre Przywara (1): mmc: sunxi-mmc: Fix A100 compatible description Andrew Morton (1): mm: revert "mm: shmem: fix data-race in shmem_getattr()" Andy Yan (1): drm/rockchip: vop: Fix a dereferenced before check warning Ard Biesheuvel (1): x86/stackprotector: Work around strict Clang TLS symbol requirements Ashutosh Dixit (1): drm/xe/oa: Fix "Missing outer runtime PM protection" warning Aurelien Jarno (1): Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" Baoquan He (1): x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y Bibo Mao (1): LoongArch: Fix AP booting issue in VM mode Carolina Jubran (1): net/mlx5e: Disable loopback self-test on multi-PF netdev Chen Ridong (1): drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle Christian König (2): drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() drm/amdgpu: enable GTT fallback handling for dGPUs only Cristian Marussi (1): firmware: arm_scmi: Skip opp duplicates Dan Carpenter (1): fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args() Daniele Ceraolo Spurio (1): drm/i915/gsc: ARL-H and ARL-U need a newer GSC FW. Dave Airlie (3): nouveau: fw: sync dma after setup is called. nouveau: handle EBUSY and EAGAIN for GSP aux errors. nouveau/dp: handle retries for AUX CH transfers with GSP. Dave Vasilevsky (1): crash, powerpc: default to CRASH_DUMP=n on PPC_BOOK3S_32 David Rosca (1): drm/amdgpu: Fix video caps for H264 and HEVC encode maximum size Dillon Varone (1): drm/amd/display: Require minimum VBlank size for stutter optimization Dmitry Antipov (2): ocfs2: uncache inode which has failed entering the group ocfs2: fix UBSAN warning in ocfs2_verify_volume() Donet Tom (1): selftests: hugetlb_dio: fixup check for initial conditions to skip in the start Dragos Tatulea (1): net/mlx5e: kTLS, Fix incorrect page refcounting Eric Dumazet (1): sctp: fix possible UAF in sctp_v6_available() Francesco Dolcini (1): drm/bridge: tc358768: Fix DSI command tx Geliang Tang (2): mptcp: update local address flags when setting it mptcp: hold pm lock when deleting entry Greg Kroah-Hartman (1): Linux 6.11.10 Hajime Tazaki (1): nommu: pass NULL argument to vma_iter_prealloc() Hamish Claxton (1): drm/amd/display: Fix failure to read vram info due to static BP_RESULT Hangbin Liu (1): bonding: add ns target multicast address to slave device Harith G (1): ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels Huacai Chen (3): LoongArch: Fix early_numa_add_cpu() usage for FDT systems LoongArch: Disable KASAN if PGDIR_SIZE is too large for cpu_vabits LoongArch: Make KASAN work with 5-level page-tables Jack Xiao (1): drm/amdgpu/mes12: correct kiq unmap latency Jakub Kicinski (1): netlink: terminate outstanding dump on socket close Jann Horn (1): mm/mremap: fix address wraparound in move_page_tables() Jarkko Sakkinen (1): tpm: Disable TPM on tpm2_create_primary() failure Jinjiang Tu (1): mm: fix NULL pointer dereference in alloc_pages_bulk_noprof Jiri Olsa (1): lib/buildid: Fix build ID parsing logic Josef Bacik (1): btrfs: fix incorrect comparison for delayed refs Kailang Yang (2): ALSA: hda/realtek - Fixed Clevo platform headset Mic issue ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 Kanglong Wang (1): LoongArch: Add WriteCombine shadow mapping in KASAN Kiran K (1): Bluetooth: btintel: Direct exception event to bluetooth stack Leo Li (1): drm/amd/display: Run idle optimizations at end of vblank handler Leon Romanovsky (1): Revert "RDMA/core: Fix ENODEV error for iWARP test over vlan" Lorenzo Stoakes (1): mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling Luiz Augusto von Dentz (1): Bluetooth: hci_core: Fix calling mgmt_device_connected Maksym Glubokiy (1): ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 Mario Limonciello (1): x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client Mark Bloch (1): net/mlx5: fs, lock FTE when checking if active Mateusz Guzik (1): evm: stop avoidably reading i_writecount in evm_file_release Matthew Auld (2): drm/xe: handle flat ccs during hibernation on igpu drm/xe: improve hibernation on igpu Matthew Brost (1): drm/xe: Restore system memory GGTT mappings Matthieu Baerts (NGI0) (1): mptcp: pm: use _rcu variant under rcu_read_lock Mauro Carvalho Chehab (1): media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Meghana Malladi (1): net: ti: icssg-prueth: Fix 1 PPS sync Michal Luczaj (4): virtio/vsock: Fix accept_queue memory leak vsock: Fix sk_error_queue memory leak virtio/vsock: Improve MSG_ZEROCOPY error handling net: Make copy_safe_from_sockptr() match documentation Moshe Shemesh (1): net/mlx5e: CT: Fix null-ptr-deref in add rule err flow Motiejus JakÅ`tys (1): tools/mm: fix compile error Nícolas F. R. A. Prado (1): net: stmmac: dwmac-mediatek: Fix inverted handling of mediatek,mac-wol Paolo Abeni (2): mptcp: error out earlier on disconnect mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Parav Pandit (1): net/mlx5: Fix msix vectors to respect platform limit Peng Fan (1): pmdomain: imx93-blk-ctrl: correct remove path Philipp Stanner (1): vdpa: solidrun: Fix UB bug with devres Qun-Wei Lin (1): sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers Rodrigo Siqueira (1): drm/amd/display: Adjust VSDB parser for replay feature Roman Gushchin (1): mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Russell King (Oracle) (2): net: phylink: ensure PHY momentary link-fails are handled ARM: fix cacheflush with PAN Ryan Seto (1): drm/amd/display: Handle dml allocation failure to avoid crash Ryusuke Konishi (2): nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Samasth Norway Ananda (1): ima: fix buffer overrun in ima_eventdigest_init_common Sean Christopherson (4): KVM: selftests: Disable strict aliasing KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled KVM: x86: Unconditionally set irr_pending when updating APICv state KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Si-Wei Liu (1): vdpa/mlx5: Fix PA offset with unaligned starting iotlb map Sibi Sankar (4): mailbox: qcom-cpucp: Mark the irq with IRQF_NO_SUSPEND flag firmware: arm_scmi: Report duplicate opps as firmware bugs pmdomain: arm: Use FLAG_DEV_NAME_FW to ensure unique names pmdomain: core: Add GENPD_FLAG_DEV_NAME_FW flag Stefan Wahren (1): net: vertexcom: mse102x: Fix tx_bytes calculation Tim Huang (1): drm/amd/pm: print pp_dpm_mclk in ascending order on SMU v14.0.0 Tom Chung (2): drm/amd/display: Change some variable name of psr drm/amd/display: Fix Panel Replay not update screen correctly Vijendar Mukunda (1): drm/amd: Fix initialization mistake for NBIO 7.7.0 Vitalii Mordan (1): stmmac: dwmac-intel-plat: fix call balance of tx_clk handling routines Wang Liang (1): net: fix data-races around sk->sk_forward_alloc Wei Fang (1): samples: pktgen: correct dev to DEV William Tu (1): net/mlx5e: clear xdp features on non-uplink representors Xiaoguang Wang (1): vp_vdpa: fix id_table array not null terminated error

1 month, 2 weeks

1
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2024