November 2024 - Linux-stable-mirror

[PATCH v1] mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM

by David Hildenbrand

We currently assume that there is at least one VMA in a MM, which isn't true. So we might end up having find_vma() return NULL, to then de-reference NULL. So properly handle find_vma() returning NULL. This fixes the report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:migrate_to_node mm/mempolicy.c:1090 [inline] RIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194 Code: ... RSP: 0018:ffffc9000375fd08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000375fd78 RCX: 0000000000000000 RDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044 RBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1 R10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003 R13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8 FS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709 __do_sys_migrate_pages mm/mempolicy.c:1727 [inline] __se_sys_migrate_pages mm/mempolicy.c:1723 [inline] __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Fixes: 39743889aaf7 ("[PATCH] Swap Migration V5: sys_migrate_pages interface") Reported-by: syzbot+3511625422f7aa637f0d(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/lkml/673d2696.050a0220.3c9d61.012f.GAE@google.com/T/ Cc: <stable(a)vger.kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Christoph Lameter <cl(a)linux.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- mm/mempolicy.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index b646fab3e45e1..fbb6127e4595a 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1080,6 +1080,10 @@ static long migrate_to_node(struct mm_struct *mm, int source, int dest, mmap_read_lock(mm); vma = find_vma(mm, 0); + if (!vma) { + mmap_read_unlock(mm); + return 0; + } /* * This does not migrate the range, but isolates all pages that -- 2.47.0

5 months

3
6
0 0

Linux 6.11.10

by Greg Kroah-Hartman

I'm announcing the release of the 6.11.10 kernel. All users of the 6.11 kernel series must upgrade. The updated 6.11.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.11.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/Kconfig | 3 arch/arm/kernel/head.S | 8 arch/arm/kernel/traps.c | 3 arch/arm/mm/mmu.c | 34 +- arch/arm64/Kconfig | 3 arch/arm64/include/asm/mman.h | 10 arch/loongarch/Kconfig | 3 arch/loongarch/include/asm/kasan.h | 13 - arch/loongarch/kernel/paravirt.c | 15 + arch/loongarch/kernel/smp.c | 2 arch/loongarch/mm/kasan_init.c | 46 +++ arch/mips/Kconfig | 3 arch/parisc/include/asm/mman.h | 5 arch/powerpc/Kconfig | 4 arch/riscv/Kconfig | 3 arch/s390/Kconfig | 3 arch/sh/Kconfig | 3 arch/x86/Kconfig | 3 arch/x86/Makefile | 5 arch/x86/entry/entry.S | 16 + arch/x86/include/asm/asm-prototypes.h | 3 arch/x86/kernel/cpu/amd.c | 11 arch/x86/kernel/cpu/common.c | 2 arch/x86/kernel/vmlinux.lds.S | 3 arch/x86/kvm/lapic.c | 29 +- arch/x86/kvm/vmx/nested.c | 30 ++ arch/x86/kvm/vmx/vmx.c | 6 arch/x86/mm/ioremap.c | 6 drivers/bluetooth/btintel.c | 5 drivers/char/tpm/tpm2-sessions.c | 7 drivers/firmware/arm_scmi/perf.c | 44 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 3 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 13 - drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 2 drivers/gpu/drm/amd/amdgpu/nbio_v7_7.c | 6 drivers/gpu/drm/amd/amdgpu/nv.c | 12 - drivers/gpu/drm/amd/amdgpu/soc15.c | 4 drivers/gpu/drm/amd/amdgpu/soc21.c | 12 - drivers/gpu/drm/amd/amdgpu/soc24.c | 2 drivers/gpu/drm/amd/amdgpu/vi.c | 8 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 117 +++++----- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 17 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq_params.h | 2 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 6 drivers/gpu/drm/amd/display/dc/core/dc_state.c | 3 drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_pmo/dml2_pmo_dcn4_fams2.c | 11 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 49 +--- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 4 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 4 drivers/gpu/drm/amd/pm/swsmu/smu12/renoir_ppt.c | 4 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 20 - drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_0_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 9 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 8 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.h | 2 drivers/gpu/drm/bridge/tc358768.c | 21 + drivers/gpu/drm/i915/gt/uc/intel_gsc_fw.c | 50 ++-- drivers/gpu/drm/i915/i915_drv.h | 8 drivers/gpu/drm/i915/intel_device_info.c | 24 +- drivers/gpu/drm/i915/intel_device_info.h | 4 drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c | 59 ++--- drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 11 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 6 drivers/gpu/drm/panthor/panthor_mmu.c | 2 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 8 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 2 drivers/gpu/drm/xe/xe_bo.c | 43 +-- drivers/gpu/drm/xe/xe_bo_evict.c | 20 + drivers/gpu/drm/xe/xe_oa.c | 2 drivers/infiniband/core/addr.c | 2 drivers/mailbox/qcom-cpucp-mbox.c | 2 drivers/media/dvb-core/dvbdev.c | 15 - drivers/mmc/host/dw_mmc.c | 4 drivers/mmc/host/sunxi-mmc.c | 6 drivers/net/bonding/bond_main.c | 16 + drivers/net/bonding/bond_options.c | 82 ++++++- drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 8 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_selftest.c | 4 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 15 + drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 32 ++ drivers/net/ethernet/stmicro/stmmac/dwmac-intel-plat.c | 25 +- drivers/net/ethernet/stmicro/stmmac/dwmac-mediatek.c | 4 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 13 - drivers/net/ethernet/ti/icssg/icssg_prueth.h | 12 + drivers/net/ethernet/vertexcom/mse102x.c | 4 drivers/net/phy/phylink.c | 14 - drivers/perf/riscv_pmu_sbi.c | 4 drivers/pmdomain/arm/scmi_perf_domain.c | 3 drivers/pmdomain/core.c | 49 ++-- drivers/pmdomain/imx/imx93-blk-ctrl.c | 4 drivers/vdpa/mlx5/core/mr.c | 8 drivers/vdpa/solidrun/snet_main.c | 14 - drivers/vdpa/virtio_pci/vp_vdpa.c | 10 fs/btrfs/delayed-ref.c | 2 fs/nilfs2/btnode.c | 2 fs/nilfs2/gcinode.c | 4 fs/nilfs2/mdt.c | 1 fs/nilfs2/page.c | 2 fs/ocfs2/resize.c | 2 fs/ocfs2/super.c | 13 - fs/proc/task_mmu.c | 4 include/drm/intel/i915_pciids.h | 19 + include/linux/mman.h | 7 include/linux/pm_domain.h | 6 include/linux/sched/task_stack.h | 2 include/linux/sockptr.h | 4 include/net/bond_options.h | 2 kernel/Kconfig.kexec | 2 lib/buildid.c | 2 mm/mmap.c | 2 mm/mremap.c | 2 mm/nommu.c | 4 mm/page_alloc.c | 18 + mm/shmem.c | 5 mm/swap.c | 14 - net/bluetooth/hci_core.c | 2 net/dccp/ipv6.c | 2 net/ipv6/tcp_ipv6.c | 4 net/mptcp/pm_netlink.c | 3 net/mptcp/pm_userspace.c | 15 + net/mptcp/protocol.c | 16 - net/netlink/af_netlink.c | 31 -- net/netlink/af_netlink.h | 2 net/sched/cls_u32.c | 18 + net/sctp/ipv6.c | 19 + net/vmw_vsock/af_vsock.c | 3 net/vmw_vsock/virtio_transport_common.c | 9 samples/pktgen/pktgen_sample01_simple.sh | 2 security/integrity/evm/evm_main.c | 3 security/integrity/ima/ima_template_lib.c | 14 - sound/pci/hda/patch_realtek.c | 13 - tools/mm/page-types.c | 2 tools/testing/selftests/kvm/Makefile | 8 tools/testing/selftests/mm/hugetlb_dio.c | 7 tools/testing/selftests/tc-testing/tc-tests/filters/u32.json | 24 ++ 143 files changed, 1076 insertions(+), 533 deletions(-) Akash Goel (1): drm/panthor: Fix handling of partial GPU mapping of BOs Alex Deucher (2): Revert "drm/amd/pm: correct the workload setting" Revert "drm/amd/display: parse umc_info or vram_info based on ASIC" Alexandre Ferrieux (2): net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes. net: sched: u32: Add test case for systematic hnode IDR leaks Alexandre Ghiti (1): drivers: perf: Fix wrong put_cpu() placement Andre Przywara (1): mmc: sunxi-mmc: Fix A100 compatible description Andrew Morton (1): mm: revert "mm: shmem: fix data-race in shmem_getattr()" Andy Yan (1): drm/rockchip: vop: Fix a dereferenced before check warning Ard Biesheuvel (1): x86/stackprotector: Work around strict Clang TLS symbol requirements Ashutosh Dixit (1): drm/xe/oa: Fix "Missing outer runtime PM protection" warning Aurelien Jarno (1): Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" Baoquan He (1): x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y Bibo Mao (1): LoongArch: Fix AP booting issue in VM mode Carolina Jubran (1): net/mlx5e: Disable loopback self-test on multi-PF netdev Chen Ridong (1): drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle Christian König (2): drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() drm/amdgpu: enable GTT fallback handling for dGPUs only Cristian Marussi (1): firmware: arm_scmi: Skip opp duplicates Dan Carpenter (1): fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args() Daniele Ceraolo Spurio (1): drm/i915/gsc: ARL-H and ARL-U need a newer GSC FW. Dave Airlie (3): nouveau: fw: sync dma after setup is called. nouveau: handle EBUSY and EAGAIN for GSP aux errors. nouveau/dp: handle retries for AUX CH transfers with GSP. Dave Vasilevsky (1): crash, powerpc: default to CRASH_DUMP=n on PPC_BOOK3S_32 David Rosca (1): drm/amdgpu: Fix video caps for H264 and HEVC encode maximum size Dillon Varone (1): drm/amd/display: Require minimum VBlank size for stutter optimization Dmitry Antipov (2): ocfs2: uncache inode which has failed entering the group ocfs2: fix UBSAN warning in ocfs2_verify_volume() Donet Tom (1): selftests: hugetlb_dio: fixup check for initial conditions to skip in the start Dragos Tatulea (1): net/mlx5e: kTLS, Fix incorrect page refcounting Eric Dumazet (1): sctp: fix possible UAF in sctp_v6_available() Francesco Dolcini (1): drm/bridge: tc358768: Fix DSI command tx Geliang Tang (2): mptcp: update local address flags when setting it mptcp: hold pm lock when deleting entry Greg Kroah-Hartman (1): Linux 6.11.10 Hajime Tazaki (1): nommu: pass NULL argument to vma_iter_prealloc() Hamish Claxton (1): drm/amd/display: Fix failure to read vram info due to static BP_RESULT Hangbin Liu (1): bonding: add ns target multicast address to slave device Harith G (1): ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels Huacai Chen (3): LoongArch: Fix early_numa_add_cpu() usage for FDT systems LoongArch: Disable KASAN if PGDIR_SIZE is too large for cpu_vabits LoongArch: Make KASAN work with 5-level page-tables Jack Xiao (1): drm/amdgpu/mes12: correct kiq unmap latency Jakub Kicinski (1): netlink: terminate outstanding dump on socket close Jann Horn (1): mm/mremap: fix address wraparound in move_page_tables() Jarkko Sakkinen (1): tpm: Disable TPM on tpm2_create_primary() failure Jinjiang Tu (1): mm: fix NULL pointer dereference in alloc_pages_bulk_noprof Jiri Olsa (1): lib/buildid: Fix build ID parsing logic Josef Bacik (1): btrfs: fix incorrect comparison for delayed refs Kailang Yang (2): ALSA: hda/realtek - Fixed Clevo platform headset Mic issue ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 Kanglong Wang (1): LoongArch: Add WriteCombine shadow mapping in KASAN Kiran K (1): Bluetooth: btintel: Direct exception event to bluetooth stack Leo Li (1): drm/amd/display: Run idle optimizations at end of vblank handler Leon Romanovsky (1): Revert "RDMA/core: Fix ENODEV error for iWARP test over vlan" Lorenzo Stoakes (1): mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling Luiz Augusto von Dentz (1): Bluetooth: hci_core: Fix calling mgmt_device_connected Maksym Glubokiy (1): ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 Mario Limonciello (1): x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client Mark Bloch (1): net/mlx5: fs, lock FTE when checking if active Mateusz Guzik (1): evm: stop avoidably reading i_writecount in evm_file_release Matthew Auld (2): drm/xe: handle flat ccs during hibernation on igpu drm/xe: improve hibernation on igpu Matthew Brost (1): drm/xe: Restore system memory GGTT mappings Matthieu Baerts (NGI0) (1): mptcp: pm: use _rcu variant under rcu_read_lock Mauro Carvalho Chehab (1): media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Meghana Malladi (1): net: ti: icssg-prueth: Fix 1 PPS sync Michal Luczaj (4): virtio/vsock: Fix accept_queue memory leak vsock: Fix sk_error_queue memory leak virtio/vsock: Improve MSG_ZEROCOPY error handling net: Make copy_safe_from_sockptr() match documentation Moshe Shemesh (1): net/mlx5e: CT: Fix null-ptr-deref in add rule err flow Motiejus JakÅ`tys (1): tools/mm: fix compile error Nícolas F. R. A. Prado (1): net: stmmac: dwmac-mediatek: Fix inverted handling of mediatek,mac-wol Paolo Abeni (2): mptcp: error out earlier on disconnect mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Parav Pandit (1): net/mlx5: Fix msix vectors to respect platform limit Peng Fan (1): pmdomain: imx93-blk-ctrl: correct remove path Philipp Stanner (1): vdpa: solidrun: Fix UB bug with devres Qun-Wei Lin (1): sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers Rodrigo Siqueira (1): drm/amd/display: Adjust VSDB parser for replay feature Roman Gushchin (1): mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Russell King (Oracle) (2): net: phylink: ensure PHY momentary link-fails are handled ARM: fix cacheflush with PAN Ryan Seto (1): drm/amd/display: Handle dml allocation failure to avoid crash Ryusuke Konishi (2): nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Samasth Norway Ananda (1): ima: fix buffer overrun in ima_eventdigest_init_common Sean Christopherson (4): KVM: selftests: Disable strict aliasing KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled KVM: x86: Unconditionally set irr_pending when updating APICv state KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Si-Wei Liu (1): vdpa/mlx5: Fix PA offset with unaligned starting iotlb map Sibi Sankar (4): mailbox: qcom-cpucp: Mark the irq with IRQF_NO_SUSPEND flag firmware: arm_scmi: Report duplicate opps as firmware bugs pmdomain: arm: Use FLAG_DEV_NAME_FW to ensure unique names pmdomain: core: Add GENPD_FLAG_DEV_NAME_FW flag Stefan Wahren (1): net: vertexcom: mse102x: Fix tx_bytes calculation Tim Huang (1): drm/amd/pm: print pp_dpm_mclk in ascending order on SMU v14.0.0 Tom Chung (2): drm/amd/display: Change some variable name of psr drm/amd/display: Fix Panel Replay not update screen correctly Vijendar Mukunda (1): drm/amd: Fix initialization mistake for NBIO 7.7.0 Vitalii Mordan (1): stmmac: dwmac-intel-plat: fix call balance of tx_clk handling routines Wang Liang (1): net: fix data-races around sk->sk_forward_alloc Wei Fang (1): samples: pktgen: correct dev to DEV William Tu (1): net/mlx5e: clear xdp features on non-uplink representors Xiaoguang Wang (1): vp_vdpa: fix id_table array not null terminated error

5 months

1
1
0 0

Linux 6.6.63

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.63 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/kernel/head.S | 8 arch/arm/mm/mmu.c | 34 +- arch/arm64/include/asm/mman.h | 10 arch/loongarch/include/asm/kasan.h | 2 arch/loongarch/kernel/smp.c | 2 arch/loongarch/mm/kasan_init.c | 41 ++- arch/parisc/include/asm/mman.h | 5 arch/x86/kvm/lapic.c | 29 +- arch/x86/kvm/vmx/nested.c | 30 +- arch/x86/kvm/vmx/vmx.c | 6 arch/x86/mm/ioremap.c | 6 drivers/bluetooth/btintel.c | 5 drivers/gpu/drm/amd/amdgpu/nbio_v7_7.c | 6 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 7 drivers/gpu/drm/bridge/tc358768.c | 21 + drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 11 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 8 drivers/infiniband/core/addr.c | 2 drivers/leds/leds-mlxreg.c | 16 - drivers/media/dvb-core/dvbdev.c | 15 - drivers/mmc/host/dw_mmc.c | 4 drivers/mmc/host/sunxi-mmc.c | 6 drivers/net/bonding/bond_main.c | 16 + drivers/net/bonding/bond_options.c | 82 ++++++ drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 8 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 15 - drivers/net/ethernet/stmicro/stmmac/dwmac-intel-plat.c | 40 +-- drivers/net/ethernet/stmicro/stmmac/dwmac-mediatek.c | 4 drivers/net/ethernet/stmicro/stmmac/dwmac-visconti.c | 18 - drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 23 - drivers/net/ethernet/stmicro/stmmac/stmmac_platform.h | 1 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 13 - drivers/net/ethernet/ti/icssg/icssg_prueth.h | 12 drivers/net/ethernet/vertexcom/mse102x.c | 4 drivers/pmdomain/imx/imx93-blk-ctrl.c | 4 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 25 - drivers/vdpa/mlx5/core/mr.c | 8 drivers/vdpa/solidrun/snet_main.c | 14 - drivers/vdpa/virtio_pci/vp_vdpa.c | 10 fs/9p/vfs_inode.c | 17 - fs/nfsd/netns.h | 1 fs/nfsd/nfs4proc.c | 34 +- fs/nfsd/nfs4state.c | 1 fs/nfsd/xdr4.h | 1 fs/nilfs2/btnode.c | 2 fs/nilfs2/gcinode.c | 4 fs/nilfs2/mdt.c | 1 fs/nilfs2/page.c | 2 fs/ocfs2/resize.c | 2 fs/ocfs2/super.c | 13 - include/linux/damon.h | 17 + include/linux/mman.h | 28 +- include/linux/sockptr.h | 4 include/net/bond_options.h | 2 lib/buildid.c | 2 mm/damon/core.c | 84 +++++- mm/damon/dbgfs.c | 3 mm/damon/lru_sort.c | 2 mm/damon/reclaim.c | 2 mm/damon/sysfs-schemes.c | 2 mm/internal.h | 45 +++ mm/mmap.c | 128 +++++----- mm/mprotect.c | 2 mm/nommu.c | 11 mm/page_alloc.c | 3 mm/shmem.c | 5 net/bluetooth/hci_core.c | 2 net/mptcp/pm_netlink.c | 15 - net/mptcp/pm_userspace.c | 77 +++--- net/mptcp/protocol.c | 16 - net/netlink/af_netlink.c | 31 -- net/netlink/af_netlink.h | 2 net/sched/cls_u32.c | 54 ++-- net/sctp/ipv6.c | 19 + net/vmw_vsock/virtio_transport_common.c | 8 samples/pktgen/pktgen_sample01_simple.sh | 2 security/integrity/ima/ima_template_lib.c | 14 - sound/pci/hda/patch_realtek.c | 3 tools/mm/page-types.c | 2 83 files changed, 819 insertions(+), 424 deletions(-) Alexandre Ferrieux (1): net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes. Andre Przywara (1): mmc: sunxi-mmc: Fix A100 compatible description Andrew Morton (1): mm: revert "mm: shmem: fix data-race in shmem_getattr()" Andy Yan (1): drm/rockchip: vop: Fix a dereferenced before check warning Aurelien Jarno (1): Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" Baoquan He (1): x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y Chuck Lever (4): NFSD: Async COPY result needs to return a write verifier NFSD: Limit the number of concurrent async COPY operations NFSD: Initialize struct nfsd4_copy earlier NFSD: Never decrement pending_async_copies on error Dai Ngo (1): NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point Dave Airlie (1): nouveau: fw: sync dma after setup is called. Dmitry Antipov (2): ocfs2: uncache inode which has failed entering the group ocfs2: fix UBSAN warning in ocfs2_verify_volume() Dragos Tatulea (1): net/mlx5e: kTLS, Fix incorrect page refcounting Eric Dumazet (1): sctp: fix possible UAF in sctp_v6_available() Eric Van Hensbergen (1): fs/9p: fix uninitialized values during inode evict Francesco Dolcini (1): drm/bridge: tc358768: Fix DSI command tx Geliang Tang (5): mptcp: define more local variables sk mptcp: add userspace_pm_lookup_addr_by_id helper mptcp: update local address flags when setting it mptcp: hold pm lock when deleting entry mptcp: drop lookup_by_id in lookup_addr George Stark (1): leds: mlxreg: Use devm_mutex_init() for mutex initialization Greg Kroah-Hartman (1): Linux 6.6.63 Hajime Tazaki (1): nommu: pass NULL argument to vma_iter_prealloc() Hangbin Liu (1): bonding: add ns target multicast address to slave device Harith G (1): ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels Huacai Chen (3): LoongArch: Fix early_numa_add_cpu() usage for FDT systems LoongArch: Disable KASAN if PGDIR_SIZE is too large for cpu_vabits LoongArch: Make KASAN work with 5-level page-tables Jakub Kicinski (1): netlink: terminate outstanding dump on socket close Jinjiang Tu (1): mm: fix NULL pointer dereference in alloc_pages_bulk_noprof Jiri Olsa (1): lib/buildid: Fix build ID parsing logic Jisheng Zhang (3): net: stmmac: dwmac-intel-plat: use devm_stmmac_probe_config_dt() net: stmmac: dwmac-visconti: use devm_stmmac_probe_config_dt() net: stmmac: rename stmmac_pltfr_remove_no_dt to stmmac_pltfr_remove Kailang Yang (1): ALSA: hda/realtek - Fixed Clevo platform headset Mic issue Kiran K (1): Bluetooth: btintel: Direct exception event to bluetooth stack Leon Romanovsky (1): Revert "RDMA/core: Fix ENODEV error for iWARP test over vlan" Lorenzo Stoakes (5): mm: avoid unsafe VMA hook invocation when error arises on mmap hook mm: unconditionally close VMAs on error mm: refactor map_deny_write_exec() mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling mm: resolve faulty mmap_region() error path behaviour Luiz Augusto von Dentz (1): Bluetooth: hci_core: Fix calling mgmt_device_connected Maksym Glubokiy (1): ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 Mark Bloch (1): net/mlx5: fs, lock FTE when checking if active Matthieu Baerts (NGI0) (1): mptcp: pm: use _rcu variant under rcu_read_lock Mauro Carvalho Chehab (1): media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Meghana Malladi (1): net: ti: icssg-prueth: Fix 1 PPS sync Michal Luczaj (2): virtio/vsock: Fix accept_queue memory leak net: Make copy_safe_from_sockptr() match documentation Moshe Shemesh (1): net/mlx5e: CT: Fix null-ptr-deref in add rule err flow Motiejus JakÅ`tys (1): tools/mm: fix compile error Nícolas F. R. A. Prado (1): net: stmmac: dwmac-mediatek: Fix inverted handling of mediatek,mac-wol Paolo Abeni (2): mptcp: error out earlier on disconnect mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Pedro Tammela (1): net/sched: cls_u32: replace int refcounts with proper refcounts Peng Fan (1): pmdomain: imx93-blk-ctrl: correct remove path Philipp Stanner (1): vdpa: solidrun: Fix UB bug with devres Rodrigo Siqueira (1): drm/amd/display: Adjust VSDB parser for replay feature Ryusuke Konishi (2): nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Samasth Norway Ananda (1): ima: fix buffer overrun in ima_eventdigest_init_common Sean Christopherson (3): KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled KVM: x86: Unconditionally set irr_pending when updating APICv state KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN SeongJae Park (5): mm/damon/core: implement scheme-specific apply interval mm/damon/core: handle zero {aggregation,ops_update} intervals mm/damon/core: check apply interval in damon_do_apply_schemes() mm/damon/core: handle zero schemes apply interval mm/damon/core: copy nr_accesses when splitting region Si-Wei Liu (1): vdpa/mlx5: Fix PA offset with unaligned starting iotlb map Stefan Wahren (2): net: vertexcom: mse102x: Fix tx_bytes calculation staging: vchiq_arm: Get the rid off struct vchiq_2835_state Tvrtko Ursulin (1): drm/amd/pm: Vangogh: Fix kernel memory out of bounds write Umang Jain (1): staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation Vijendar Mukunda (1): drm/amd: Fix initialization mistake for NBIO 7.7.0 Vitalii Mordan (1): stmmac: dwmac-intel-plat: fix call balance of tx_clk handling routines Wei Fang (1): samples: pktgen: correct dev to DEV William Tu (1): net/mlx5e: clear xdp features on non-uplink representors Xiaoguang Wang (1): vp_vdpa: fix id_table array not null terminated error

5 months

1
1
0 0

Linux 6.1.119

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.119 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/kernel/head.S | 8 arch/arm/mm/mmu.c | 34 +- arch/arm64/include/asm/mman.h | 10 arch/parisc/Kconfig | 1 arch/parisc/include/asm/cache.h | 11 arch/x86/kvm/lapic.c | 29 + arch/x86/kvm/vmx/nested.c | 30 + arch/x86/kvm/vmx/vmx.c | 6 arch/x86/mm/ioremap.c | 6 drivers/block/null_blk/main.c | 45 +- drivers/char/xillybus/xillybus_class.c | 7 drivers/char/xillybus/xillyusb.c | 22 + drivers/cxl/core/pci.c | 2 drivers/gpu/drm/amd/amdgpu/nbio_v7_7.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 3 drivers/gpu/drm/bridge/tc358768.c | 21 + drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 8 drivers/media/dvb-core/dvbdev.c | 15 drivers/mmc/host/dw_mmc.c | 4 drivers/mmc/host/sunxi-mmc.c | 6 drivers/net/bonding/bond_main.c | 16 drivers/net/bonding/bond_options.c | 82 ++++- drivers/net/ethernet/freescale/fec_main.c | 26 - drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 8 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 15 drivers/net/ethernet/vertexcom/mse102x.c | 4 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 25 - drivers/vdpa/mlx5/core/mr.c | 8 drivers/vdpa/virtio_pci/vp_vdpa.c | 10 fs/9p/vfs_inode.c | 23 - fs/nfsd/netns.h | 1 fs/nfsd/nfs4proc.c | 34 -- fs/nfsd/nfs4state.c | 1 fs/nfsd/xdr4.h | 1 fs/nilfs2/btnode.c | 2 fs/nilfs2/gcinode.c | 4 fs/nilfs2/mdt.c | 1 fs/nilfs2/page.c | 2 fs/ntfs3/file.c | 12 fs/ocfs2/resize.c | 2 fs/ocfs2/super.c | 13 fs/smb/server/smb2misc.c | 26 + fs/smb/server/smb2pdu.c | 48 +- include/linux/mman.h | 7 include/linux/sockptr.h | 27 + include/net/bond_options.h | 2 lib/buildid.c | 2 mm/internal.h | 19 + mm/mmap.c | 120 +++---- mm/nommu.c | 9 mm/page_alloc.c | 3 mm/shmem.c | 5 mm/util.c | 33 ++ net/bluetooth/hci_core.c | 2 net/bluetooth/hci_event.c | 163 ---------- net/bluetooth/iso.c | 32 - net/mptcp/pm_netlink.c | 15 net/mptcp/pm_userspace.c | 77 +++- net/mptcp/protocol.c | 16 net/netfilter/ipvs/ip_vs_ctl.c | 10 net/netlink/af_netlink.c | 31 - net/netlink/af_netlink.h | 2 net/nfc/llcp_sock.c | 12 net/sched/cls_u32.c | 54 +-- net/sched/sch_taprio.c | 10 net/vmw_vsock/virtio_transport_common.c | 8 samples/pktgen/pktgen_sample01_simple.sh | 2 security/integrity/ima/ima_template_lib.c | 14 sound/pci/hda/patch_realtek.c | 3 tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json | 22 + 72 files changed, 759 insertions(+), 583 deletions(-) Alexandre Ferrieux (1): net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes. Andre Przywara (1): mmc: sunxi-mmc: Fix A100 compatible description Andrew Morton (1): mm: revert "mm: shmem: fix data-race in shmem_getattr()" Andy Yan (1): drm/rockchip: vop: Fix a dereferenced before check warning Aurelien Jarno (1): Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" Baoquan He (1): x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y Chen Hanxiao (1): ipvs: properly dereference pe in ip_vs_add_service Christophe JAILLET (1): null_blk: Remove usage of the deprecated ida_simple_xx() API Chuck Lever (4): NFSD: Async COPY result needs to return a write verifier NFSD: Limit the number of concurrent async COPY operations NFSD: Initialize struct nfsd4_copy earlier NFSD: Never decrement pending_async_copies on error Dai Ngo (1): NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point Damien Le Moal (1): null_blk: Fix return value of nullb_device_power_store() Dan Carpenter (1): cxl/pci: fix error code in __cxl_hdm_decode_init() Dmitry Antipov (2): ocfs2: uncache inode which has failed entering the group ocfs2: fix UBSAN warning in ocfs2_verify_volume() Dragos Tatulea (1): net/mlx5e: kTLS, Fix incorrect page refcounting Eli Billauer (2): char: xillybus: Prevent use-after-free due to race condition char: xillybus: Fix trivial bug with mutex Eric Dumazet (2): net: add copy_safe_from_sockptr() helper nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies Eric Van Hensbergen (1): fs/9p: fix uninitialized values during inode evict Francesco Dolcini (1): drm/bridge: tc358768: Fix DSI command tx Geliang Tang (5): mptcp: define more local variables sk mptcp: add userspace_pm_lookup_addr_by_id helper mptcp: update local address flags when setting it mptcp: hold pm lock when deleting entry mptcp: drop lookup_by_id in lookup_addr Greg Kroah-Hartman (1): Linux 6.1.119 Hangbin Liu (1): bonding: add ns target multicast address to slave device Harith G (1): ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels Jakub Kicinski (1): netlink: terminate outstanding dump on socket close Jinjiang Tu (1): mm: fix NULL pointer dereference in alloc_pages_bulk_noprof Jiri Olsa (1): lib/buildid: Fix build ID parsing logic Kailang Yang (1): ALSA: hda/realtek - Fixed Clevo platform headset Mic issue Konstantin Komarov (1): fs/ntfs3: Additional check in ntfs_file_release Lin.Cao (1): drm/amd: check num of link levels when update pcie param Lorenzo Stoakes (4): mm: avoid unsafe VMA hook invocation when error arises on mmap hook mm: unconditionally close VMAs on error mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling mm: resolve faulty mmap_region() error path behaviour Luiz Augusto von Dentz (2): Bluetooth: hci_core: Fix calling mgmt_device_connected Bluetooth: ISO: Fix not validating setsockopt user input Lukas Bulwahn (1): Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS Maksym Glubokiy (1): ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 Mark Bloch (1): net/mlx5: fs, lock FTE when checking if active Matthieu Baerts (NGI0) (1): mptcp: pm: use _rcu variant under rcu_read_lock Mauro Carvalho Chehab (1): media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Michal Luczaj (2): virtio/vsock: Fix accept_queue memory leak net: Make copy_safe_from_sockptr() match documentation Mikulas Patocka (1): parisc: fix a possible DMA corruption Moshe Shemesh (1): net/mlx5e: CT: Fix null-ptr-deref in add rule err flow Namjae Jeon (2): ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() ksmbd: fix potencial out-of-bounds when buffer offset is invalid Paolo Abeni (2): mptcp: error out earlier on disconnect mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Pedro Tammela (1): net/sched: cls_u32: replace int refcounts with proper refcounts Ryusuke Konishi (2): nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Samasth Norway Ananda (1): ima: fix buffer overrun in ima_eventdigest_init_common Sean Christopherson (3): KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled KVM: x86: Unconditionally set irr_pending when updating APICv state KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Si-Wei Liu (1): vdpa/mlx5: Fix PA offset with unaligned starting iotlb map Stefan Wahren (2): net: vertexcom: mse102x: Fix tx_bytes calculation staging: vchiq_arm: Get the rid off struct vchiq_2835_state Umang Jain (1): staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation Vijendar Mukunda (1): drm/amd: Fix initialization mistake for NBIO 7.7.0 Vladimir Oltean (1): net/sched: taprio: extend minimum interval restriction to entire cycle too Wei Fang (2): samples: pktgen: correct dev to DEV net: fec: remove .ndo_poll_controller to avoid deadlocks Xiaoguang Wang (1): vp_vdpa: fix id_table array not null terminated error Yu Kuai (1): null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'

5 months

1
1
0 0

Linux 6.12.1

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.1 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- drivers/media/usb/uvc/uvc_driver.c | 2 +- mm/mmap.c | 13 ++++++++++++- net/vmw_vsock/hyperv_transport.c | 1 + 4 files changed, 15 insertions(+), 3 deletions(-) Benoit Sevens (1): media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format Greg Kroah-Hartman (1): Linux 6.12.1 Hyunwoo Kim (1): hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer Liam R. Howlett (1): mm/mmap: fix __mmap_region() error handling in rare merge failure case

5 months

1
1
0 0

[PATCH stable 5.15/5.10 0/2] rcu-tasks: Idle tasks on offline CPUs are in quiescent states

by Krister Johansen

Paul, Neeraj, and Stable Team: I've run into a case with rcu_tasks_postscan where the warning introduced as part of 46aa886c4("rcu-tasks: Fix IPI failure handling in trc_wait_for_one_reader") is getting triggered when trc_wait_for_one_reader sends an IPI to a CPU that is offline. This is occurring on a platform that has hotplug slots available but not populated. I don't believe the bug is caused by this change, but I do think that Paul's commit that confines the postscan operation to just the active CPUs would help prevent this from happening. Would the RCU maintainers be amenable to having this patch backported to the 5.10 and 5.15 branches as well? I've attached cherry-picks of the relevant commits to minimize the additional work needed. Thanks, -K Paul E. McKenney (1): rcu-tasks: Idle tasks on offline CPUs are in quiescent states kernel/rcu/tasks.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.25.1

5 months

2
4
0 0

[PATCH 6.1] net: fix crash when config small gso_max_size/gso_ipv4_max_size

by Bin Lan

From: Wang Liang <wangliang74(a)huawei.com> [ Upstream commit 9ab5cf19fb0e4680f95e506d6c544259bf1111c4 ] Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk_gso_max_size would be much bigger than device limits. Call Trace: tcp_write_xmit tso_segs = tcp_init_tso_segs(skb, mss_now); tcp_set_skb_tso_segs tcp_skb_pcount_set // skb->len = 524288, mss_now = 8 // u16 tso_segs = 524288/8 = 65535 -> 0 tso_segs = DIV_ROUND_UP(skb->len, mss_now) BUG_ON(!tso_segs) Add check for the minimum value of gso_max_size and gso_ipv4_max_size. Fixes: 46e6b992c250 ("rtnetlink: allow GSO maximums to be set on device creation") Fixes: 9eefedd58ae1 ("net: add gso_ipv4_max_size and gro_ipv4_max_size per device") Signed-off-by: Wang Liang <wangliang74(a)huawei.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Link: https://patch.msgid.link/20241023035213.517386-1-wangliang74@huawei.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [ Resolve minor conflicts to fix CVE-2024-50258 ] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> --- net/core/rtnetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index afb52254a47e..45c54fb9ad03 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -1939,7 +1939,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = { [IFLA_NUM_TX_QUEUES] = { .type = NLA_U32 }, [IFLA_NUM_RX_QUEUES] = { .type = NLA_U32 }, [IFLA_GSO_MAX_SEGS] = { .type = NLA_U32 }, - [IFLA_GSO_MAX_SIZE] = { .type = NLA_U32 }, + [IFLA_GSO_MAX_SIZE] = NLA_POLICY_MIN(NLA_U32, MAX_TCP_HEADER + 1), [IFLA_PHYS_PORT_ID] = { .type = NLA_BINARY, .len = MAX_PHYS_ITEM_ID_LEN }, [IFLA_CARRIER_CHANGES] = { .type = NLA_U32 }, /* ignored */ [IFLA_PHYS_SWITCH_ID] = { .type = NLA_BINARY, .len = MAX_PHYS_ITEM_ID_LEN }, -- 2.43.0

5 months

2
1
0 0

[PATCH 6.1] serial: sc16is7xx: fix invalid FIFO access with special register set

by Bin Lan

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> [ Upstream commit 7d3b793faaab1305994ce568b59d61927235f57b ] When enabling access to the special register set, Receiver time-out and RHR interrupts can happen. In this case, the IRQ handler will try to read from the FIFO thru the RHR register at address 0x00, but address 0x00 is mapped to DLL register, resulting in erroneous FIFO reading. Call graph example: sc16is7xx_startup(): entry sc16is7xx_ms_proc(): entry sc16is7xx_set_termios(): entry sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set sc16is7xx_port_irq() entry --> IIR is 0x0C sc16is7xx_handle_rx() entry sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is mapped to DLL (LCR=LCR_CONF_MODE_A) sc16is7xx_set_baud(): exit --> Restore access to general register set Fix the problem by claiming the efr_lock mutex when accessing the Special register set. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Link: https://lore.kernel.org/r/20240723125302.1305372-3-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [ Resolve minor conflicts ] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> --- drivers/tty/serial/sc16is7xx.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index a723df9b37dd..c07baf5d5a9c 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -545,6 +545,9 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) SC16IS7XX_MCR_CLKSEL_BIT, prescaler == 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); + + mutex_lock(&one->efr_lock); + /* Open the LCR divisors for configuration */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, SC16IS7XX_LCR_CONF_MODE_A); @@ -558,6 +561,8 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) /* Put LCR back to the normal mode */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); + mutex_unlock(&one->efr_lock); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } -- 2.43.0

5 months

2
1
0 0

[PATCH 6.6] serial: sc16is7xx: fix invalid FIFO access with special register set

by Bin Lan

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> [ Upstream commit 7d3b793faaab1305994ce568b59d61927235f57b ] When enabling access to the special register set, Receiver time-out and RHR interrupts can happen. In this case, the IRQ handler will try to read from the FIFO thru the RHR register at address 0x00, but address 0x00 is mapped to DLL register, resulting in erroneous FIFO reading. Call graph example: sc16is7xx_startup(): entry sc16is7xx_ms_proc(): entry sc16is7xx_set_termios(): entry sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set sc16is7xx_port_irq() entry --> IIR is 0x0C sc16is7xx_handle_rx() entry sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is mapped to DLL (LCR=LCR_CONF_MODE_A) sc16is7xx_set_baud(): exit --> Restore access to general register set Fix the problem by claiming the efr_lock mutex when accessing the Special register set. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Link: https://lore.kernel.org/r/20240723125302.1305372-3-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [ Resolve minor conflicts ] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> --- drivers/tty/serial/sc16is7xx.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 7a9924d9b294..f290fbe21d63 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -545,6 +545,8 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) SC16IS7XX_MCR_CLKSEL_BIT, prescaler == 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); + mutex_lock(&one->efr_lock); + /* Open the LCR divisors for configuration */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, SC16IS7XX_LCR_CONF_MODE_A); @@ -558,6 +560,8 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) /* Put LCR back to the normal mode */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); + mutex_unlock(&one->efr_lock); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } -- 2.43.0

5 months

2
1
0 0

[PATCH 1/2] pmdomain: core: Add missing put_device()

by Ulf Hansson

When removing a genpd we don't clean up the genpd->dev correctly. Let's add the missing put_device() in genpd_free_data() to fix this. Fixes: 401ea1572de9 ("PM / Domain: Add struct device to genpd") Cc: stable(a)vger.kernel.org Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> --- drivers/pmdomain/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/pmdomain/core.c b/drivers/pmdomain/core.c index a6c8b85dd024..4d8b0d18bb4a 100644 --- a/drivers/pmdomain/core.c +++ b/drivers/pmdomain/core.c @@ -2183,6 +2183,7 @@ static int genpd_alloc_data(struct generic_pm_domain *genpd) static void genpd_free_data(struct generic_pm_domain *genpd) { + put_device(&genpd->dev); if (genpd_is_cpu_domain(genpd)) free_cpumask_var(genpd->cpus); if (genpd->free_states) -- 2.43.0

5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2024