- Linux-stable-mirror - lists.linaro.org

[PATCH 1/2] btrfs: fix beyond-EOF write handling

by Qu Wenruo

[BUG] For the following write sequence with 64K page size and 4K fs block size, it will lead to file extent items to be inserted without any data checksum: mkfs.btrfs -s 4k -f $dev > /dev/null mount $dev $mnt xfs_io -f -c "pwrite 0 16k" -c "pwrite 32k 4k" -c pwrite "60k 64K" \ -c "truncate 16k" $mnt/foobar umount $mnt This will result the following 2 file extent items to be inserted (extra trace point added to insert_ordered_extent_file_extent()): btrfs_finish_one_ordered: root=5 ino=257 file_off=61440 num_bytes=4096 csum_bytes=0 btrfs_finish_one_ordered: root=5 ino=257 file_off=0 num_bytes=16384 csum_bytes=16384 Note for file offset 60K, we're inserting an file extent without any data checksum. Also note that range [32K, 36K) didn't reach insert_ordered_extent_file_extent(), which is the correct behavior as that OE is fully truncated, should not result any file extent. Although file extent at 60K will be later dropped by btrfs_truncate(), if the transaction got committed after file extent inserted but before the file extent dropping, we will have a small window where we have a file extent beyond EOF and without any data checksum. That will cause "btrfs check" to report error. [CAUSE] The sequence happens like this: - Buffered write dirtied the page cache and updated isize Now the inode size is 64K, with the following page cache layout: 0 16K 32K 48K 64K |/////////////| |//| |//| - Truncate the inode to 16K Which will trigger writeback through: btrfs_setsize() |- truncate_setsize() | Now the inode size is set to 16K | |- btrfs_truncacte() |- btrfs_wait_ordered_range() for [16K, u64(-1)] |- btrfs_fdatawrite_range() for [16K, u64(-1)} |- extent_writepage() for folio 0 |- writepage_delalloc() | Generated OE for [0, 16K), [32K, 36K] and [60K, 64K) | |- extent_writepage_io() Then inside extent_writepage_io(), the dirty fs blocks are handled differently: - Submit write for range [0, 16K) As they are still inside the inode size (16K). - Mark OE [32K, 36K) as truncated Since we only call btrfs_lookup_first_ordered_range() once, which returned the first OE after file offset 16K. - Mark all OEs inside range [16K, 64K) as finished Which will mark OE ranges [32K, 36K) and [60K, 64K) as finished. For OE [32K, 36K) since it's already marked as truncated, and its truncated length is 0, no file extent will be inserted. For OE [60K, 64K) it has never been submitted thus has no data checksum, and we insert the file extent as usual. This is the root cause of file extent at 60K to be inserted without any data checksum. - Clear dirty flags for range [16K, 64K) It is the function btrfs_folio_clear_dirty() which search and clear any dirty blocks inside that range. [FIX] The bug itself is introduced a long time ago, way before subpage and larger folio support. At that time, fs block size must match page size, thus the range [cur, end) is just one fs block. But later with subpage and larger folios, the same range [cur, end) can have multiple blocks and ordered extents. Later commit 18de34daa7c6 ("btrfs: truncate ordered extent when skipping writeback past i_size") is fixing a bug related to subpage/larger folios, but it's still utilizing the old range [cur, end), meaning only the first OE will be marked as truncated. The proper fix here is to make EOF handling block-by-block, not trying to handle the whole range to @end. By this we always locate and truncate the OE for every dirty block. Cc: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent_io.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 629fd5af4286..a4b74023618d 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1728,7 +1728,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, struct btrfs_ordered_extent *ordered; ordered = btrfs_lookup_first_ordered_range(inode, cur, - folio_end - cur); + fs_info->sectorsize); /* * We have just run delalloc before getting here, so * there must be an ordered extent. @@ -1742,7 +1742,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, btrfs_put_ordered_extent(ordered); btrfs_mark_ordered_io_finished(inode, folio, cur, - end - cur, true); + fs_info->sectorsize, true); /* * This range is beyond i_size, thus we don't need to * bother writing back. @@ -1751,8 +1751,8 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, * writeback the sectors with subpage dirty bits, * causing writeback without ordered extent. */ - btrfs_folio_clear_dirty(fs_info, folio, cur, end - cur); - break; + btrfs_folio_clear_dirty(fs_info, folio, cur, fs_info->sectorsize); + continue; } ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size); if (unlikely(ret < 0)) { -- 2.52.0

4 minutes

1
0
0 0

[PATCH] USB: serial: ftdi_sio: add support for PICAXE AXE027 cable

by Ethan Nelson-Moore

The vendor provides instructions to write "0403 bd90" to /sys/bus/usb-serial/drivers/ftdi_sio/new_id; see: https://picaxe.com/docs/picaxe_linux_instructions.pdf Cc: stable(a)vger.kernel.org Signed-off-by: Ethan Nelson-Moore <enelsonmoore(a)gmail.com> --- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 2 ++ 2 files changed, 3 insertions(+) diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c index fe2f21d85737..acb48b1c83f7 100644 --- a/drivers/usb/serial/ftdi_sio.c +++ b/drivers/usb/serial/ftdi_sio.c @@ -848,6 +848,7 @@ static const struct usb_device_id id_table_combined[] = { { USB_DEVICE_INTERFACE_NUMBER(FTDI_VID, LMI_LM3S_DEVEL_BOARD_PID, 1) }, { USB_DEVICE_INTERFACE_NUMBER(FTDI_VID, LMI_LM3S_EVAL_BOARD_PID, 1) }, { USB_DEVICE_INTERFACE_NUMBER(FTDI_VID, LMI_LM3S_ICDI_BOARD_PID, 1) }, + { USB_DEVICE(FTDI_VID, FTDI_AXE027_PID) }, { USB_DEVICE_INTERFACE_NUMBER(FTDI_VID, FTDI_TURTELIZER_PID, 1) }, { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_USB60F) }, { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_SCU18) }, diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h index 2539b9e2f712..6c76cfebfd0e 100644 --- a/drivers/usb/serial/ftdi_sio_ids.h +++ b/drivers/usb/serial/ftdi_sio_ids.h @@ -96,6 +96,8 @@ #define LMI_LM3S_EVAL_BOARD_PID 0xbcd9 #define LMI_LM3S_ICDI_BOARD_PID 0xbcda +#define FTDI_AXE027_PID 0xBD90 /* PICAXE AXE027 USB download cable */ + #define FTDI_TURTELIZER_PID 0xBDC8 /* JTAG/RS-232 adapter by egnite GmbH */ /* OpenDCC (www.opendcc.de) product id */ -- 2.43.0

18 minutes

1
0
0 0

[PATCH] mpi3mr: Read missing IOCFacts flag for reply queue full overflow

by Chandrakanth Patil

The driver was not reading the MAX_REQ_PER_REPLY_QUEUE_LIMIT IOCFacts flag, so the reply-queue-full handling was never enabled even on firmware that supports it. Reading this flag enables the feature and prevents reply queue overflow Fixes: f08b24d82749 ("scsi: mpi3mr: Avoid reply queue full condition") Cc: stable(a)vger.kernel.org Signed-off-by: Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> --- drivers/scsi/mpi3mr/mpi/mpi30_ioc.h | 1 + drivers/scsi/mpi3mr/mpi3mr_fw.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/drivers/scsi/mpi3mr/mpi/mpi30_ioc.h b/drivers/scsi/mpi3mr/mpi/mpi30_ioc.h index b42933fcd423..6561f98c3cb2 100644 --- a/drivers/scsi/mpi3mr/mpi/mpi30_ioc.h +++ b/drivers/scsi/mpi3mr/mpi/mpi30_ioc.h @@ -166,6 +166,7 @@ struct mpi3_ioc_facts_data { #define MPI3_IOCFACTS_FLAGS_SIGNED_NVDATA_REQUIRED (0x00010000) #define MPI3_IOCFACTS_FLAGS_DMA_ADDRESS_WIDTH_MASK (0x0000ff00) #define MPI3_IOCFACTS_FLAGS_DMA_ADDRESS_WIDTH_SHIFT (8) +#define MPI3_IOCFACTS_FLAGS_MAX_REQ_PER_REPLY_QUEUE_LIMIT (0x00000040) #define MPI3_IOCFACTS_FLAGS_INITIAL_PORT_ENABLE_MASK (0x00000030) #define MPI3_IOCFACTS_FLAGS_INITIAL_PORT_ENABLE_SHIFT (4) #define MPI3_IOCFACTS_FLAGS_INITIAL_PORT_ENABLE_NOT_STARTED (0x00000000) diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c index 8fe6e0bf342e..8c4bb7169a87 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_fw.c +++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c @@ -3158,6 +3158,8 @@ static void mpi3mr_process_factsdata(struct mpi3mr_ioc *mrioc, mrioc->facts.dma_mask = (facts_flags & MPI3_IOCFACTS_FLAGS_DMA_ADDRESS_WIDTH_MASK) >> MPI3_IOCFACTS_FLAGS_DMA_ADDRESS_WIDTH_SHIFT; + mrioc->facts.max_req_limit = (facts_flags & + MPI3_IOCFACTS_FLAGS_MAX_REQ_PER_REPLY_QUEUE_LIMIT); mrioc->facts.protocol_flags = facts_data->protocol_flags; mrioc->facts.mpi_version = le32_to_cpu(facts_data->mpi_version.word); mrioc->facts.max_reqs = le16_to_cpu(facts_data->max_outstanding_requests); -- 2.47.1

1 hour, 50 minutes

1
0
0 0

[PATCH 6.12 00/49] 6.12.62-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.62 release. There are 49 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 12 Dec 2025 07:29:38 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.62-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.62-rc1 Daniele Palmas <dnlplm(a)gmail.com> bus: mhi: host: pci_generic: Add Telit FN990B40 modem support Daniele Palmas <dnlplm(a)gmail.com> bus: mhi: host: pci_generic: Add Telit FN920C04 modem support Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: check device's attached status in compat ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: multiq3: sanitize config options in multiq3_attach() Ian Abbott <abbotti(a)mev.co.uk> comedi: c6xdigio: Fix invalid PNP driver unregistration Zenm Chen <zenmchen(a)gmail.com> wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 Linus Torvalds <torvalds(a)linux-foundation.org> samples: work around glibc redefining some of our defines wrong Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Mask all interrupts during kexec/kdump Naoki Ueki <naoki25519(a)gmail.com> HID: elecom: Add support for ELECOM M-XT3URBK (018F) Antheas Kapenekakis <lkml(a)antheas.dev> platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally Antheas Kapenekakis <lkml(a)antheas.dev> platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list Jia Ston <ston.jia(a)outlook.com> platform/x86: huawei-wmi: add keys for HONOR models April Grimoire <april(a)aprilg.moe> HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore backlight event Praveen Talari <praveen.talari(a)oss.qualcomm.com> pinctrl: qcom: msm: Fix deadlock in pinmux configuration Keith Busch <kbusch(a)kernel.org> nvme: fix admin request_queue lifetime Mario Limonciello (AMD) <superm1(a)kernel.org> HID: hid-input: Extend Elan ignore battery quirk to USB Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> bfs: Reconstruct file type when loading from disk Lushih Hsieh <bruce(a)mail.kh.edu.tw> ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: Fix GPU mappings for APU after prefetch Yiqi Sun <sunyiqixm(a)gmail.com> smb: fix invalid username check in smb3_fs_context_parse_param() Max Chou <max.chou(a)realtek.com> Bluetooth: btrtl: Avoid loading the config file on security chips Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Use kref in vmw_bo_dirty Robin Gong <yibin.gong(a)nxp.com> spi: imx: keep dma request disabled before dma transfer setup Alvaro Gamez Machado <alvaro.gamez(a)hazent.com> spi: xilinx: increase number of retries before declaring stall Song Liu <song(a)kernel.org> ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Johan Hovold <johan(a)kernel.org> USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC Magne Bruno <magne.bruno(a)addi-data.com> serial: add support of CPCI cards Johan Hovold <johan(a)kernel.org> USB: serial: ftdi_sio: match on interface number for jtag Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: move Telit 0x10c7 composition in the right place Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 new compositions Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W760 Omar Sandoval <osandov(a)fb.com> KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Alexey Nepomnyashih <sdl(a)nppct.ru> ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Alexander Sverdlin <alexander.sverdlin(a)siemens.com> locking/spinlock/debug: Fix data-race in do_raw_write_lock Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: ipc: fix use-after-free in ipc_msg_send_request Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: refresh inline data size before write operations Ye Bin <yebin10(a)huawei.com> jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: process: Also mention Sasha Levin as stable tree maintainer Sabrina Dubroca <sd(a)queasysnail.net> xfrm: flush all states in xfrm_state_fini Sabrina Dubroca <sd(a)queasysnail.net> xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added Sabrina Dubroca <sd(a)queasysnail.net> Revert "xfrm: destroy xfrm_state synchronously on net exit path" Sabrina Dubroca <sd(a)queasysnail.net> xfrm: delete x->tunnel as we delete x ------------- Diffstat: Documentation/process/2.Process.rst | 6 ++- Makefile | 4 +- arch/loongarch/kernel/machine_kexec.c | 2 + arch/x86/include/asm/kvm_host.h | 9 ++++ arch/x86/kvm/svm/svm.c | 24 +++++---- arch/x86/kvm/x86.c | 21 ++++++++ drivers/bluetooth/btrtl.c | 24 +++++---- drivers/bus/mhi/host/pci_generic.c | 52 +++++++++++++++++++ drivers/comedi/comedi_fops.c | 42 ++++++++++++--- drivers/comedi/drivers/c6xdigio.c | 46 ++++++++++++---- drivers/comedi/drivers/multiq3.c | 9 ++++ drivers/comedi/drivers/pcl818.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 ++--- drivers/hid/hid-apple.c | 1 + drivers/hid/hid-elecom.c | 6 ++- drivers/hid/hid-ids.h | 3 +- drivers/hid/hid-input.c | 5 +- drivers/hid/hid-quirks.c | 3 +- drivers/net/wireless/realtek/rtl8xxxu/core.c | 3 ++ drivers/net/wireless/realtek/rtw88/rtw8822cu.c | 2 + drivers/nvme/host/core.c | 3 +- drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- drivers/platform/x86/acer-wmi.c | 4 ++ drivers/platform/x86/amd/pmc/pmc-quirks.c | 25 +++++++++ drivers/platform/x86/huawei-wmi.c | 4 ++ drivers/spi/spi-imx.c | 15 ++++-- drivers/spi/spi-xilinx.c | 2 +- drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 ++--- drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 +++-- drivers/tty/serial/8250/8250_pci.c | 37 +++++++++++++ drivers/usb/serial/belkin_sa.c | 28 ++++++---- drivers/usb/serial/ftdi_sio.c | 72 +++++++++----------------- drivers/usb/serial/kobil_sct.c | 18 +++---- drivers/usb/serial/option.c | 22 ++++++-- fs/bfs/inode.c | 19 ++++++- fs/ext4/inline.c | 14 ++++- fs/jbd2/transaction.c | 19 +++++-- fs/smb/client/fs_context.c | 2 +- fs/smb/server/transport_ipc.c | 7 ++- include/net/xfrm.h | 13 ++--- kernel/locking/spinlock_debug.c | 4 +- kernel/trace/ftrace.c | 40 ++++++++++---- net/ipv4/ipcomp.c | 2 + net/ipv6/ipcomp6.c | 2 + net/ipv6/xfrm6_tunnel.c | 2 +- net/key/af_key.c | 2 +- net/xfrm/xfrm_ipcomp.c | 1 - net/xfrm/xfrm_state.c | 41 ++++++--------- net/xfrm/xfrm_user.c | 2 +- samples/vfs/test-statx.c | 6 +++ samples/watch_queue/watch_test.c | 6 +++ sound/usb/quirks.c | 6 +++ 53 files changed, 521 insertions(+), 207 deletions(-)

4 hours, 7 minutes

8
56
0 0

[PATCH 6.17 00/60] 6.17.12-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.12 release. There are 60 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 12 Dec 2025 07:29:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.12-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.12-rc1 Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: check device's attached status in compat ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: multiq3: sanitize config options in multiq3_attach() Ian Abbott <abbotti(a)mev.co.uk> comedi: c6xdigio: Fix invalid PNP driver unregistration Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: adc: ad4080: fix chip identification Zenm Chen <zenmchen(a)gmail.com> wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 Marcos Vega <marcosmola2(a)gmail.com> platform/x86: hp-wmi: Add Omen MAX 16-ah0xx fan support and thermal profile Krishna Chomal <krishna.chomal108(a)gmail.com> platform/x86: hp-wmi: Add Omen 16-wf1xxx fan support Linus Torvalds <torvalds(a)linux-foundation.org> samples: work around glibc redefining some of our defines wrong Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Mask all interrupts during kexec/kdump Zqiang <qiang.zhang(a)linux.dev> sched_ext: Use IRQ_WORK_INIT_HARD() to initialize rq->scx.kick_cpus_irq_work Naoki Ueki <naoki25519(a)gmail.com> HID: elecom: Add support for ELECOM M-XT3URBK (018F) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel/hid: Add Nova Lake support Zqiang <qiang.zhang(a)linux.dev> sched_ext: Fix possible deadlock in the deferred_irq_workfn() Antheas Kapenekakis <lkml(a)antheas.dev> platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally Antheas Kapenekakis <lkml(a)antheas.dev> platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> platform/x86: intel-uncore-freq: Add additional client processors Jia Ston <ston.jia(a)outlook.com> platform/x86: huawei-wmi: add keys for HONOR models April Grimoire <april(a)aprilg.moe> HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore backlight event Praveen Talari <praveen.talari(a)oss.qualcomm.com> pinctrl: qcom: msm: Fix deadlock in pinmux configuration Keith Busch <kbusch(a)kernel.org> nvme: fix admin request_queue lifetime Edip Hazuri <edip(a)medip.dev> platform/x86: hp-wmi: mark Victus 16-r0 and 16-s0 for victus_s fan and thermal profile support Antheas Kapenekakis <lkml(a)antheas.dev> platform/x86/amd/pmc: Add support for Van Gogh SoC Mario Limonciello (AMD) <superm1(a)kernel.org> HID: hid-input: Extend Elan ignore battery quirk to USB Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> bfs: Reconstruct file type when loading from disk Lauri Tirkkonen <lauri(a)hacktheplanet.fi> HID: lenovo: fixup Lenovo Yoga Slim 7x Keyboard rdesc Lushih Hsieh <bruce(a)mail.kh.edu.tw> ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: Fix GPU mappings for APU after prefetch Yiqi Sun <sunyiqixm(a)gmail.com> smb: fix invalid username check in smb3_fs_context_parse_param() Niranjan H Y <niranjan.hy(a)ti.com> ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list Max Chou <max.chou(a)realtek.com> Bluetooth: btrtl: Avoid loading the config file on security chips Baojun Xu <baojun.xu(a)ti.com> ALSA: hda/tas2781: Add new quirk for HP new projects Adrian Barnaś <abarnas(a)google.com> arm64: Reject modules with internal alternative callbacks Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Use kref in vmw_bo_dirty Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> ACPI: MRRM: Fix memory leaks and improve error handling Robin Gong <yibin.gong(a)nxp.com> spi: imx: keep dma request disabled before dma transfer setup Alvaro Gamez Machado <alvaro.gamez(a)hazent.com> spi: xilinx: increase number of retries before declaring stall Song Liu <song(a)kernel.org> ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Johan Hovold <johan(a)kernel.org> USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC Biju Das <biju.das.jz(a)bp.renesas.com> serial: sh-sci: Fix deadlock during RSCI FIFO overrun error Biju Das <biju.das.jz(a)bp.renesas.com> dt-bindings: serial: rsci: Drop "uart-has-rtscts: false" Magne Bruno <magne.bruno(a)addi-data.com> serial: add support of CPCI cards Johan Hovold <johan(a)kernel.org> USB: serial: ftdi_sio: match on interface number for jtag Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: move Telit 0x10c7 composition in the right place Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 new compositions Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W760 Omar Sandoval <osandov(a)fb.com> KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Alexey Nepomnyashih <sdl(a)nppct.ru> ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: zstd - fix double-free in per-CPU stream cleanup Alexander Sverdlin <alexander.sverdlin(a)gmail.com> locking/spinlock/debug: Fix data-race in do_raw_write_lock Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: ipc: fix use-after-free in ipc_msg_send_request Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: refresh inline data size before write operations Ye Bin <yebin10(a)huawei.com> jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: process: Also mention Sasha Levin as stable tree maintainer ------------- Diffstat: .../devicetree/bindings/serial/renesas,rsci.yaml | 2 - Documentation/process/2.Process.rst | 6 +- Makefile | 4 +- arch/arm64/include/asm/alternative.h | 7 ++- arch/arm64/kernel/alternative.c | 19 +++--- arch/arm64/kernel/module.c | 9 ++- arch/loongarch/kernel/machine_kexec.c | 2 + arch/x86/include/asm/kvm_host.h | 9 +++ arch/x86/kvm/svm/svm.c | 24 ++++---- arch/x86/kvm/x86.c | 21 +++++++ crypto/zstd.c | 7 +-- drivers/acpi/acpi_mrrm.c | 51 ++++++++++----- drivers/bluetooth/btrtl.c | 24 ++++---- drivers/comedi/comedi_fops.c | 42 +++++++++++-- drivers/comedi/drivers/c6xdigio.c | 46 ++++++++++---- drivers/comedi/drivers/multiq3.c | 9 +++ drivers/comedi/drivers/pcl818.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 ++-- drivers/hid/hid-apple.c | 1 + drivers/hid/hid-elecom.c | 6 +- drivers/hid/hid-ids.h | 4 +- drivers/hid/hid-input.c | 5 +- drivers/hid/hid-lenovo.c | 17 +++++ drivers/hid/hid-quirks.c | 3 +- drivers/iio/adc/ad4080.c | 9 ++- drivers/net/wireless/realtek/rtl8xxxu/core.c | 3 + drivers/net/wireless/realtek/rtw88/rtw8822cu.c | 2 + drivers/nvme/host/core.c | 3 +- drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- drivers/platform/x86/acer-wmi.c | 4 ++ drivers/platform/x86/amd/pmc/pmc-quirks.c | 25 ++++++++ drivers/platform/x86/amd/pmc/pmc.c | 3 + drivers/platform/x86/amd/pmc/pmc.h | 1 + drivers/platform/x86/hp/hp-wmi.c | 6 +- drivers/platform/x86/huawei-wmi.c | 4 ++ drivers/platform/x86/intel/hid.c | 1 + .../x86/intel/uncore-frequency/uncore-frequency.c | 4 ++ drivers/spi/spi-imx.c | 15 +++-- drivers/spi/spi-xilinx.c | 2 +- drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 +++-- drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 ++-- drivers/tty/serial/8250/8250_pci.c | 37 +++++++++++ drivers/tty/serial/sh-sci.c | 12 +++- drivers/usb/serial/belkin_sa.c | 28 +++++---- drivers/usb/serial/ftdi_sio.c | 72 ++++++++-------------- drivers/usb/serial/kobil_sct.c | 18 +++--- drivers/usb/serial/option.c | 22 ++++++- fs/bfs/inode.c | 19 +++++- fs/ext4/inline.c | 14 ++++- fs/jbd2/transaction.c | 19 ++++-- fs/smb/client/fs_context.c | 2 +- fs/smb/server/transport_ipc.c | 7 ++- kernel/locking/spinlock_debug.c | 4 +- kernel/sched/ext.c | 4 +- kernel/trace/ftrace.c | 40 +++++++++--- samples/vfs/test-statx.c | 6 ++ samples/watch_queue/watch_test.c | 6 ++ sound/hda/codecs/realtek/alc269.c | 9 +++ sound/soc/sdca/sdca_functions.c | 3 +- sound/usb/quirks.c | 6 ++ 61 files changed, 564 insertions(+), 212 deletions(-)

4 hours, 18 minutes

7
68
0 0

[PATCH] drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb

by Lyude Paul

Since we recently started warning about uses of this function after the atomic check phase completes, we've started getting warnings about this in nouveau. It appears a misplaced drm_atomic_get_crtc_state() call has been hiding in our .prepare_fb callback for a while. So, fix this by adding a new nv50_head_atom_get_new() function and use that in our .prepare_fb callback instead. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Fixes: 1590700d94ac ("drm/nouveau/kms/nv50-: split each resource type into their own source files") Cc: <stable(a)vger.kernel.org> # v4.18+ Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/nouveau/dispnv50/atom.h | 13 +++++++++++++ drivers/gpu/drm/nouveau/dispnv50/wndw.c | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/atom.h b/drivers/gpu/drm/nouveau/dispnv50/atom.h index 93f8f4f645784..85b7cf70d13c4 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/atom.h +++ b/drivers/gpu/drm/nouveau/dispnv50/atom.h @@ -152,8 +152,21 @@ static inline struct nv50_head_atom * nv50_head_atom_get(struct drm_atomic_state *state, struct drm_crtc *crtc) { struct drm_crtc_state *statec = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(statec)) return (void *)statec; + + return nv50_head_atom(statec); +} + +static inline struct nv50_head_atom * +nv50_head_atom_get_new(struct drm_atomic_state *state, struct drm_crtc *crtc) +{ + struct drm_crtc_state *statec = drm_atomic_get_new_crtc_state(state, crtc); + + if (IS_ERR(statec)) + return (void*)statec; + return nv50_head_atom(statec); } diff --git a/drivers/gpu/drm/nouveau/dispnv50/wndw.c b/drivers/gpu/drm/nouveau/dispnv50/wndw.c index ef9e410babbfb..9a2c20fce0f3e 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/wndw.c +++ b/drivers/gpu/drm/nouveau/dispnv50/wndw.c @@ -583,7 +583,7 @@ nv50_wndw_prepare_fb(struct drm_plane *plane, struct drm_plane_state *state) asyw->image.offset[0] = nvbo->offset; if (wndw->func->prepare) { - asyh = nv50_head_atom_get(asyw->state.state, asyw->state.crtc); + asyh = nv50_head_atom_get_new(asyw->state.state, asyw->state.crtc); if (IS_ERR(asyh)) return PTR_ERR(asyh); -- 2.52.0

4 hours, 20 minutes

3
3
0 0

[PATCH 6.18 00/29] 6.18.1-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.18.1 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 12 Dec 2025 07:29:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.18.1-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.18.1-rc1 Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: check device's attached status in compat ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: multiq3: sanitize config options in multiq3_attach() Ian Abbott <abbotti(a)mev.co.uk> comedi: c6xdigio: Fix invalid PNP driver unregistration Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: adc: ad4080: fix chip identification Zenm Chen <zenmchen(a)gmail.com> wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 Gopi Krishna Menon <krishnagopi487(a)gmail.com> Documentation/rtla: rename common_xxx.rst files to common_xxx.txt Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Johan Hovold <johan(a)kernel.org> USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC Biju Das <biju.das.jz(a)bp.renesas.com> serial: sh-sci: Fix deadlock during RSCI FIFO overrun error Biju Das <biju.das.jz(a)bp.renesas.com> dt-bindings: serial: rsci: Drop "uart-has-rtscts: false" Magne Bruno <magne.bruno(a)addi-data.com> serial: add support of CPCI cards Johan Hovold <johan(a)kernel.org> USB: serial: ftdi_sio: match on interface number for jtag Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: move Telit 0x10c7 composition in the right place Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 new compositions Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W760 Omar Sandoval <osandov(a)fb.com> KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Alice Ryhl <aliceryhl(a)google.com> rust_binder: fix race condition on death_list Alexey Nepomnyashih <sdl(a)nppct.ru> ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: zstd - fix double-free in per-CPU stream cleanup Alexander Sverdlin <alexander.sverdlin(a)gmail.com> locking/spinlock/debug: Fix data-race in do_raw_write_lock Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: ipc: fix use-after-free in ipc_msg_send_request Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: refresh inline data size before write operations Ye Bin <yebin10(a)huawei.com> jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: process: Also mention Sasha Levin as stable tree maintainer ------------- Diffstat: .../devicetree/bindings/serial/renesas,rsci.yaml | 2 - Documentation/process/2.Process.rst | 6 +- .../{common_appendix.rst => common_appendix.txt} | 0 ...on_hist_options.rst => common_hist_options.txt} | 0 .../{common_options.rst => common_options.txt} | 0 ...cription.rst => common_osnoise_description.txt} | 0 ...oise_options.rst => common_osnoise_options.txt} | 0 ...mmon_timerlat_aa.rst => common_timerlat_aa.txt} | 0 ...ription.rst => common_timerlat_description.txt} | 0 ...lat_options.rst => common_timerlat_options.txt} | 0 ...mmon_top_options.rst => common_top_options.txt} | 0 Documentation/tools/rtla/rtla-hwnoise.rst | 8 +-- Documentation/tools/rtla/rtla-osnoise-hist.rst | 10 +-- Documentation/tools/rtla/rtla-osnoise-top.rst | 10 +-- Documentation/tools/rtla/rtla-osnoise.rst | 4 +- Documentation/tools/rtla/rtla-timerlat-hist.rst | 12 ++-- Documentation/tools/rtla/rtla-timerlat-top.rst | 12 ++-- Documentation/tools/rtla/rtla-timerlat.rst | 4 +- Documentation/tools/rtla/rtla.rst | 2 +- Makefile | 4 +- arch/x86/include/asm/kvm_host.h | 9 +++ arch/x86/kvm/svm/svm.c | 24 ++++---- arch/x86/kvm/x86.c | 21 +++++++ crypto/zstd.c | 7 +-- drivers/android/binder/node.rs | 6 +- drivers/comedi/comedi_fops.c | 42 +++++++++++-- drivers/comedi/drivers/c6xdigio.c | 46 ++++++++++---- drivers/comedi/drivers/multiq3.c | 9 +++ drivers/comedi/drivers/pcl818.c | 5 +- drivers/iio/adc/ad4080.c | 9 ++- drivers/net/wireless/realtek/rtl8xxxu/core.c | 3 + drivers/net/wireless/realtek/rtw88/rtw8822cu.c | 2 + drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 +++-- drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 ++-- drivers/tty/serial/8250/8250_pci.c | 37 +++++++++++ drivers/tty/serial/sh-sci.c | 12 +++- drivers/usb/serial/belkin_sa.c | 28 +++++---- drivers/usb/serial/ftdi_sio.c | 72 ++++++++-------------- drivers/usb/serial/kobil_sct.c | 18 +++--- drivers/usb/serial/option.c | 22 ++++++- fs/ext4/inline.c | 14 ++++- fs/jbd2/transaction.c | 19 ++++-- fs/smb/server/transport_ipc.c | 7 ++- kernel/locking/spinlock_debug.c | 4 +- 44 files changed, 343 insertions(+), 174 deletions(-)

4 hours, 25 minutes

11
39
0 0

[PATCH 1/1] PCI: Use resource_set_range() that correctly sets ->end

by Ilpo Järvinen

__pci_read_base() sets resource start and end addresses when resource is larger than 4G but pci_bus_addr_t or resource_size_t are not capable of representing 64-bit PCI addresses. This creates a problematic resource that has non-zero flags but the start and end addresses do not yield to resource size of 0 but 1. Replace custom resource addresses setup with resource_set_range() that correctly sets end address as -1 which results in resource_size() returning 0. For consistency, also use resource_set_range() in the other branch that does size based resource setup. Fixes: 23b13bc76f35 ("PCI: Fail safely if we can't handle BARs larger than 4GB") Link: https://lore.kernel.org/all/20251207215359.28895-1-ansuelsmth@gmail.com/T/#… Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: stable(a)vger.kernel.org Cc: Christian Marangi <ansuelsmth(a)gmail.com> --- drivers/pci/probe.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index 124d2d309c58..b8294a2f11f9 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -287,8 +287,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, if ((sizeof(pci_bus_addr_t) < 8 || sizeof(resource_size_t) < 8) && sz64 > 0x100000000ULL) { res->flags |= IORESOURCE_UNSET | IORESOURCE_DISABLED; - res->start = 0; - res->end = 0; + resource_set_range(res, 0, 0); pci_err(dev, "%s: can't handle BAR larger than 4GB (size %#010llx)\n", res_name, (unsigned long long)sz64); goto out; @@ -297,8 +296,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, if ((sizeof(pci_bus_addr_t) < 8) && l) { /* Above 32-bit boundary; try to reallocate */ res->flags |= IORESOURCE_UNSET; - res->start = 0; - res->end = sz64 - 1; + resource_set_range(res, 0, sz64); pci_info(dev, "%s: can't handle BAR above 4GB (bus address %#010llx)\n", res_name, (unsigned long long)l64); goto out; base-commit: 43dfc13ca972988e620a6edb72956981b75ab6b0 -- 2.39.5

4 hours, 49 minutes

4
4
0 0

FAILED: patch "[PATCH] net/mlx5e: Avoid field-overflowing memcpy()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ad5185735f7dab342fdd0dd41044da4c9ccfef67 Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook(a)chromium.org> Date: Mon, 24 Jan 2022 09:20:28 -0800 Subject: [PATCH] net/mlx5e: Avoid field-overflowing memcpy() In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally writing across neighboring fields. Use flexible arrays instead of zero-element arrays (which look like they are always overflowing) and split the cross-field memcpy() into two halves that can be appropriately bounds-checked by the compiler. We were doing: #define ETH_HLEN 14 #define VLAN_HLEN 4 ... #define MLX5E_XDP_MIN_INLINE (ETH_HLEN + VLAN_HLEN) ... struct mlx5e_tx_wqe *wqe = mlx5_wq_cyc_get_wqe(wq, pi); ... struct mlx5_wqe_eth_seg *eseg = &wqe->eth; struct mlx5_wqe_data_seg *dseg = wqe->data; ... memcpy(eseg->inline_hdr.start, xdptxd->data, MLX5E_XDP_MIN_INLINE); target is wqe->eth.inline_hdr.start (which the compiler sees as being 2 bytes in size), but copying 18, intending to write across start (really vlan_tci, 2 bytes). The remaining 16 bytes get written into wqe->data[0], covering byte_count (4 bytes), lkey (4 bytes), and addr (8 bytes). struct mlx5e_tx_wqe { struct mlx5_wqe_ctrl_seg ctrl; /* 0 16 */ struct mlx5_wqe_eth_seg eth; /* 16 16 */ struct mlx5_wqe_data_seg data[]; /* 32 0 */ /* size: 32, cachelines: 1, members: 3 */ /* last cacheline: 32 bytes */ }; struct mlx5_wqe_eth_seg { u8 swp_outer_l4_offset; /* 0 1 */ u8 swp_outer_l3_offset; /* 1 1 */ u8 swp_inner_l4_offset; /* 2 1 */ u8 swp_inner_l3_offset; /* 3 1 */ u8 cs_flags; /* 4 1 */ u8 swp_flags; /* 5 1 */ __be16 mss; /* 6 2 */ __be32 flow_table_metadata; /* 8 4 */ union { struct { __be16 sz; /* 12 2 */ u8 start[2]; /* 14 2 */ } inline_hdr; /* 12 4 */ struct { __be16 type; /* 12 2 */ __be16 vlan_tci; /* 14 2 */ } insert; /* 12 4 */ __be32 trailer; /* 12 4 */ }; /* 12 4 */ /* size: 16, cachelines: 1, members: 9 */ /* last cacheline: 16 bytes */ }; struct mlx5_wqe_data_seg { __be32 byte_count; /* 0 4 */ __be32 lkey; /* 4 4 */ __be64 addr; /* 8 8 */ /* size: 16, cachelines: 1, members: 3 */ /* last cacheline: 16 bytes */ }; So, split the memcpy() so the compiler can reason about the buffer sizes. "pahole" shows no size nor member offset changes to struct mlx5e_tx_wqe nor struct mlx5e_umr_wqe. "objdump -d" shows no meaningful object code changes (i.e. only source line number induced differences and optimizations). Fixes: b5503b994ed5 ("net/mlx5e: XDP TX forwarding support") Signed-off-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Saeed Mahameed <saeedm(a)nvidia.com> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en.h b/drivers/net/ethernet/mellanox/mlx5/core/en.h index 812e6810cb3b..c14e06ca64d8 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en.h +++ b/drivers/net/ethernet/mellanox/mlx5/core/en.h @@ -224,7 +224,7 @@ static inline int mlx5e_get_max_num_channels(struct mlx5_core_dev *mdev) struct mlx5e_tx_wqe { struct mlx5_wqe_ctrl_seg ctrl; struct mlx5_wqe_eth_seg eth; - struct mlx5_wqe_data_seg data[0]; + struct mlx5_wqe_data_seg data[]; }; struct mlx5e_rx_wqe_ll { @@ -241,8 +241,8 @@ struct mlx5e_umr_wqe { struct mlx5_wqe_umr_ctrl_seg uctrl; struct mlx5_mkey_seg mkc; union { - struct mlx5_mtt inline_mtts[0]; - struct mlx5_klm inline_klms[0]; + DECLARE_FLEX_ARRAY(struct mlx5_mtt, inline_mtts); + DECLARE_FLEX_ARRAY(struct mlx5_klm, inline_klms); }; }; diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c b/drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c index 338d65e2c9ce..56e10c84a706 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c @@ -341,8 +341,10 @@ mlx5e_xmit_xdp_frame(struct mlx5e_xdpsq *sq, struct mlx5e_xmit_data *xdptxd, /* copy the inline part if required */ if (sq->min_inline_mode != MLX5_INLINE_MODE_NONE) { - memcpy(eseg->inline_hdr.start, xdptxd->data, MLX5E_XDP_MIN_INLINE); + memcpy(eseg->inline_hdr.start, xdptxd->data, sizeof(eseg->inline_hdr.start)); eseg->inline_hdr.sz = cpu_to_be16(MLX5E_XDP_MIN_INLINE); + memcpy(dseg, xdptxd->data + sizeof(eseg->inline_hdr.start), + MLX5E_XDP_MIN_INLINE - sizeof(eseg->inline_hdr.start)); dma_len -= MLX5E_XDP_MIN_INLINE; dma_addr += MLX5E_XDP_MIN_INLINE; dseg++;

5 hours, 3 minutes

2
1
0 0

¿Cuánto cuesta una mala contratación?

by Valeria Pérez

¿Cuánto cuesta una mala contratación? body { margin: 0; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #333; background-color: #ffffff; } table { border-spacing: 0; width: 100%; max-width: 600px; margin: auto; } td { padding: 12px 20px; } a { color: #1a73e8; text-decoration: none; } .footer { font-size: 12px; color: #888888; text-align: center; } Una mala contratación cuesta 3X el salario. Evítalo con datos, no percepciones. Hola, , ¿Sabías que una mala contratación cuesta hasta 3 veces el salario anual? El 74% de empresas admite haber contratado a la persona equivocada. El motivo: decisiones basadas en percepciones, no en datos objetivos. PsicoSmart te ayuda a evaluar talento con precisión: 31 pruebas psicométricas validadas para medir liderazgo, honestidad e inteligencia 2,500+ exámenes técnicos especializados por industria Verificación de identidad con captura fotográfica automática Resultados en minutos, accesible desde cualquier dispositivo Reduce hasta 60% el riesgo de error en selección. ¿Quieres una demostración gratuita? Responde este correo y te contacto en menos de 24 horas. Saludos, -------------- Atte.: Valeria Pérez Ciudad de México: (55) 5018 0565 WhatsApp: +52 33 1607 2089 Si no deseas recibir más correos, haz clic aquí para darte de baja. Para remover su dirección de esta lista haga <a href="https://s1.arrobamail.com/unsuscribe.php?id=yiwtsrewiswqtyseup">click aquí</a>

6 hours, 36 minutes

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror