Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

314 participants
124196 discussions

[REGRESSION] stable-rc/linux-5.10.y: (build) use of undeclared identifier '__free_device_node'; did you mean '_...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- use of undeclared identifier '__free_device_node'; did you mean '__free_device_del'? in drivers/soc/imx/gpc.o (drivers/soc/imx/gpc.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:998dfbb422b4d80c9d4f6176e9c36655d3481e74 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: c4fc4bf97778e67ad01a3ca95dd8fbb05f226590 Please include the KernelCI tag when submitting a fix: Reported-by: kernelci.org bot <bot(a)kernelci.org> Log excerpt: ===================================================== drivers/soc/imx/gpc.c:408:31: error: use of undeclared identifier '__free_device_node'; did you mean '__free_device_del'? 408 | struct device_node *pgc_node __free(device_node) | ^~~~~~~~~~~~~~~~~~~ ./include/linux/cleanup.h:40:33: note: expanded from macro '__free' 40 | #define __free(_name) __cleanup(__free_##_name) | ^~~~~~~~~~~~~~ <scratch space>:216:1: note: expanded from here 216 | __free_device_node | ^~~~~~~~~~~~~~~~~~ ./include/linux/device.h:834:1: note: '__free_device_del' declared here 834 | DEFINE_FREE(device_del, struct device *, if (_T) device_del(_T)) | ^ ./include/linux/cleanup.h:38:21: note: expanded from macro 'DEFINE_FREE' 38 | static inline void __free_##_name(void *p) { _type _T = *(_type *)p; _free; } | ^ <scratch space>:165:1: note: expanded from here 165 | __free_device_del | ^ 1 error generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-arm-allmodconfig-6960eee4cbfd84c… - dashboard: https://d.kernelci.org/build/maestro:6960eee4cbfd84c3cde53db8 ## multi_v7_defconfig on (arm): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-arm-6960eee4cbfd84c3cde53db5/.co… - dashboard: https://d.kernelci.org/build/maestro:6960eee4cbfd84c3cde53db5 #kernelci issue maestro:998dfbb422b4d80c9d4f6176e9c36655d3481e74 -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 days, 11 hours

[REGRESSION] stable-rc/linux-5.15.y: (build) implicit declaration of function ‘__access_ok’; did you mean ‘acce...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- implicit declaration of function ‘__access_ok’; did you mean ‘access_ok’? [-Werror=implicit-function-declaration] in mm/maccess.o (mm/maccess.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:0c63e4dbb44c9b76d839bfeb8915e39be9e56566 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0d9534c7d771ce08f816b189a8634517e0ccdb07 Please include the KernelCI tag when submitting a fix: Reported-by: kernelci.org bot <bot(a)kernelci.org> Log excerpt: ===================================================== mm/maccess.c:227:14: error: implicit declaration of function ‘__access_ok’; did you mean ‘access_ok’? [-Werror=implicit-function-declaration] 227 | if (!__access_ok(src, size)) | ^~~~~~~~~~~ | access_ok CC fs/proc/array.o CC fs/iomap/fiemap.o cc1: some warnings being treated as errors ===================================================== # Builds where the incident occurred: ## cros://chromeos-5.15/arm64/chromiumos-qualcomm.flavour.config+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm64-chromeos-qualcomm-6960efc5cb… - dashboard: https://d.kernelci.org/build/maestro:6960efc5cbfd84c3cde53eef ## defconfig+arm64-chromebook+kcidebug+lab-setup on (arm64): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm64-chromebook-kcidebug-6960ef8a… - dashboard: https://d.kernelci.org/build/maestro:6960ef8acbfd84c3cde53e91 ## defconfig+arm64-chromebook+kselftest on (arm64): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm64-kselftest-16k_pages-6960ef86… - dashboard: https://d.kernelci.org/build/maestro:6960ef86cbfd84c3cde53e8e ## defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm64-chromebook-6960efc1cbfd84c3c… - dashboard: https://d.kernelci.org/build/maestro:6960efc1cbfd84c3cde53eec ## defconfig+lab-setup+kselftest on (arm64): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm64-6960ef82cbfd84c3cde53e8b/.co… - dashboard: https://d.kernelci.org/build/maestro:6960ef82cbfd84c3cde53e8b ## imx_v6_v7_defconfig on (arm): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm-imx_v6_v7_defconfig-6960ef72cb… - dashboard: https://d.kernelci.org/build/maestro:6960ef72cbfd84c3cde53e7f ## multi_v5_defconfig on (arm): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm-multi_v5_defconfig-6960ef76cbf… - dashboard: https://d.kernelci.org/build/maestro:6960ef76cbfd84c3cde53e82 ## multi_v7_defconfig on (arm): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm-6960ef6ecbfd84c3cde53e7b/.conf… - dashboard: https://d.kernelci.org/build/maestro:6960ef6ecbfd84c3cde53e7b ## vexpress_defconfig on (arm): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm-vexpress_defconfig-6960ef7ecbf… - dashboard: https://d.kernelci.org/build/maestro:6960ef7ecbfd84c3cde53e88 #kernelci issue maestro:0c63e4dbb44c9b76d839bfeb8915e39be9e56566 -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 days, 11 hours

[REGRESSION] stable-rc/linux-5.15.y: (build) implicit declaration of function '__access_ok' [-Werror,-Wimplicit...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- implicit declaration of function '__access_ok' [-Werror,-Wimplicit-function-declaration] in mm/maccess.o (mm/maccess.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:87a3df1c8cb729c6fac33d91be47dcd67f9ee3ca - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0d9534c7d771ce08f816b189a8634517e0ccdb07 Please include the KernelCI tag when submitting a fix: Reported-by: kernelci.org bot <bot(a)kernelci.org> Log excerpt: ===================================================== mm/maccess.c:227:7: error: implicit declaration of function '__access_ok' [-Werror,-Wimplicit-function-declaration] 227 | if (!__access_ok(src, size)) | ^ 1 error generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig on (arm64): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-arm64-allmodconfig-6960ef5ecbfd8… - dashboard: https://d.kernelci.org/build/maestro:6960ef5ecbfd84c3cde53e57 #kernelci issue maestro:87a3df1c8cb729c6fac33d91be47dcd67f9ee3ca -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 days, 11 hours

[PATCH] HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()

by Günther Noack

Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be used to crash the kernel over USB. Cc: stable(a)vger.kernel.org Signed-off-by: Günther Noack <gnoack(a)google.com> --- drivers/hid/hid-logitech-hidpp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/hid/hid-logitech-hidpp.c b/drivers/hid/hid-logitech-hidpp.c index 9ced0e4d46ae..919ba9f50292 100644 --- a/drivers/hid/hid-logitech-hidpp.c +++ b/drivers/hid/hid-logitech-hidpp.c @@ -4316,6 +4316,9 @@ static int hidpp_get_report_length(struct hid_device *hdev, int id) if (!report) return 0; + if (!report->maxfield) + return 0; + return report->field[0]->report_count + 1; } -- 2.52.0.457.g6b5491de43-goog

3 days, 11 hours

[PATCH] ksmbd: smbd: fix dma_unmap_sg() nents

by Thomas Fourier

The dma_unmap_sg() functions should be called with the same nents as the dma_map_sg(), not the value the map function returned. Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> --- fs/smb/server/transport_rdma.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/fs/smb/server/transport_rdma.c b/fs/smb/server/transport_rdma.c index f585359684d4..8620690aa2ec 100644 --- a/fs/smb/server/transport_rdma.c +++ b/fs/smb/server/transport_rdma.c @@ -1353,14 +1353,12 @@ static int get_sg_list(void *buf, int size, struct scatterlist *sg_list, int nen static int get_mapped_sg_list(struct ib_device *device, void *buf, int size, struct scatterlist *sg_list, int nentries, - enum dma_data_direction dir) + enum dma_data_direction dir, int *npages) { - int npages; - - npages = get_sg_list(buf, size, sg_list, nentries); - if (npages < 0) + *npages = get_sg_list(buf, size, sg_list, nentries); + if (*npages < 0) return -EINVAL; - return ib_dma_map_sg(device, sg_list, npages, dir); + return ib_dma_map_sg(device, sg_list, *npages, dir); } static int post_sendmsg(struct smbdirect_socket *sc, @@ -1431,12 +1429,13 @@ static int smb_direct_post_send_data(struct smbdirect_socket *sc, for (i = 0; i < niov; i++) { struct ib_sge *sge; int sg_cnt; + int npages; sg_init_table(sg, SMBDIRECT_SEND_IO_MAX_SGE - 1); sg_cnt = get_mapped_sg_list(sc->ib.dev, iov[i].iov_base, iov[i].iov_len, sg, SMBDIRECT_SEND_IO_MAX_SGE - 1, - DMA_TO_DEVICE); + DMA_TO_DEVICE, &npages); if (sg_cnt <= 0) { pr_err("failed to map buffer\n"); ret = -ENOMEM; @@ -1444,7 +1443,7 @@ static int smb_direct_post_send_data(struct smbdirect_socket *sc, } else if (sg_cnt + msg->num_sge > SMBDIRECT_SEND_IO_MAX_SGE) { pr_err("buffer not fitted into sges\n"); ret = -E2BIG; - ib_dma_unmap_sg(sc->ib.dev, sg, sg_cnt, + ib_dma_unmap_sg(sc->ib.dev, sg, npages, DMA_TO_DEVICE); goto err; } -- 2.43.0

3 days, 12 hours

[PATCH v5 0/2] Enable 1GHz OPP am335x-bonegreen-eco

by Kory Maincent (TI.com)

The vdd_mpu regulator maximum voltage was previously limited to 1.2985V, which prevented the CPU from reaching the 1GHz operating point. This limitation was put in place because voltage changes were not working correctly, causing the board to stall when attempting higher frequencies. Increase the maximum voltage to 1.3515V to allow the full 1GHz OPP to be used. Add a TPS65219 PMIC driver fixes that properly implement the LOCK register handling, to make voltage transitions work reliably. Changes in v5: - Add a error message. - Link to v4: https://lore.kernel.org/r/20251112-fix_tps65219-v4-0-696a0f55d5d8@bootlin.c… Changes in v4: - Move the registers unlock in the probe instead of a custom regmap write operation. - Link to v3: https://lore.kernel.org/r/20251112-fix_tps65219-v3-0-e49bab4c01ce@bootlin.c… Changes in v3: - Remove an unused variable - Link to v2: https://lore.kernel.org/r/20251106-fix_tps65219-v2-0-a7d608c4272f@bootlin.c… Changes in v2: - Setup a custom regmap_bus only for the TPS65214 instead of checking the chip_id every time reg_write is called. - Add the am335x-bonegreen-eco devicetree change in the same patch series. Signed-off-by: Kory Maincent (TI.com) <kory.maincent(a)bootlin.com> --- Kory Maincent (TI.com) (2): mfd: tps65219: Implement LOCK register handling for TPS65214 ARM: dts: am335x-bonegreen-eco: Enable 1GHz OPP by increasing vdd_mpu voltage arch/arm/boot/dts/ti/omap/am335x-bonegreen-eco.dts | 2 +- drivers/mfd/tps65219.c | 9 +++++++++ include/linux/mfd/tps65219.h | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) --- base-commit: 2bb202416d33347102b12bbd1db4837fb6685617 change-id: 20251106-fix_tps65219-dd62141d22cf Best regards, -- Köry Maincent, Bootlin Embedded Linux and kernel engineering https://bootlin.com

3 days, 13 hours

[PATCH v5.10.y] bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself

by HarinadhD

From: Jakub Sitnicki <jakub(a)cloudflare.com> [ Upstream commit 5b4a79ba65a1ab479903fff2e604865d229b70a9 ] sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in favor of a resource leak. [1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/ Suggested-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Jakub Sitnicki <jakub(a)cloudflare.com> Acked-by: John Fastabend <john.fastabend(a)gmail.com> Link: https://lore.kernel.org/r/20230113-sockmap-fix-v2-1-1e0ee7ac2f90@cloudflare… Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [ Harinadh: Modified to apply on v5.10.y ] Signed-off-by: HarinadhD <Harinadh.Dommaraju(a)broadcom.com> --- net/core/sock_map.c | 53 +++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 3a9e0046a780..438bbef5ff75 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -1558,15 +1558,16 @@ void sock_map_unhash(struct sock *sk) psock = sk_psock(sk); if (unlikely(!psock)) { rcu_read_unlock(); - if (sk->sk_prot->unhash) - sk->sk_prot->unhash(sk); - return; + saved_unhash = READ_ONCE(sk->sk_prot)->unhash; + } else { + saved_unhash = psock->saved_unhash; + sock_map_remove_links(sk, psock); + rcu_read_unlock(); } - - saved_unhash = psock->saved_unhash; - sock_map_remove_links(sk, psock); - rcu_read_unlock(); - saved_unhash(sk); + if (WARN_ON_ONCE(saved_unhash == sock_map_unhash)) + return; + if (saved_unhash) + saved_unhash(sk); } void sock_map_destroy(struct sock *sk) @@ -1578,16 +1579,17 @@ void sock_map_destroy(struct sock *sk) psock = sk_psock_get(sk); if (unlikely(!psock)) { rcu_read_unlock(); - if (sk->sk_prot->destroy) - sk->sk_prot->destroy(sk); - return; + saved_destroy = READ_ONCE(sk->sk_prot)->destroy; + } else { + saved_destroy = psock->saved_destroy; + sock_map_remove_links(sk, psock); + rcu_read_unlock(); + sk_psock_put(sk, psock); } - - saved_destroy = psock->saved_destroy; - sock_map_remove_links(sk, psock); - rcu_read_unlock(); - sk_psock_put(sk, psock); - saved_destroy(sk); + if (WARN_ON_ONCE(saved_destroy == sock_map_destroy)) + return; + if (saved_destroy) + saved_destroy(sk); } EXPORT_SYMBOL_GPL(sock_map_destroy); @@ -1602,13 +1604,18 @@ void sock_map_close(struct sock *sk, long timeout) if (unlikely(!psock)) { rcu_read_unlock(); release_sock(sk); - return sk->sk_prot->close(sk, timeout); + saved_close = READ_ONCE(sk->sk_prot)->close; + } else { + saved_close = psock->saved_close; + sock_map_remove_links(sk, psock); + rcu_read_unlock(); + release_sock(sk); } - - saved_close = psock->saved_close; - sock_map_remove_links(sk, psock); - rcu_read_unlock(); - release_sock(sk); + /* Make sure we do not recurse. This is a bug. + * Leak the socket instead of crashing on a stack overflow. + */ + if (WARN_ON_ONCE(saved_close == sock_map_close)) + return; saved_close(sk, timeout); } -- 2.43.7

3 days, 13 hours

[PATCH 6/8] drm/sysfb: Remove duplicate declarations

by Thomas Zimmermann

Commit 6046b49bafff ("drm/sysfb: Share helpers for integer validation") and commit e8c086880b2b ("drm/sysfb: Share helpers for screen_info validation") added duplicate function declarations. Remove the latter ones. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: e8c086880b2b ("drm/sysfb: Share helpers for screen_info validation") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.16+ --- drivers/gpu/drm/sysfb/drm_sysfb_helper.h | 9 --------- 1 file changed, 9 deletions(-) diff --git a/drivers/gpu/drm/sysfb/drm_sysfb_helper.h b/drivers/gpu/drm/sysfb/drm_sysfb_helper.h index da670d7eeb2e..de96bfe7562c 100644 --- a/drivers/gpu/drm/sysfb/drm_sysfb_helper.h +++ b/drivers/gpu/drm/sysfb/drm_sysfb_helper.h @@ -54,15 +54,6 @@ const struct drm_format_info *drm_sysfb_get_format_si(struct drm_device *dev, const struct screen_info *si); #endif -/* - * Input parsing - */ - -int drm_sysfb_get_validated_int(struct drm_device *dev, const char *name, - u64 value, u32 max); -int drm_sysfb_get_validated_int0(struct drm_device *dev, const char *name, - u64 value, u32 max); - /* * Display modes */ -- 2.52.0

3 days, 14 hours

[PATCH] usb: dwc3: apple: Set USB2 PHY mode before dwc3 init

by Sven Peter

Now that the upstream code has been getting broader test coverage by our users we occasionally see issues with USB2 devices plugged in during boot. Before Linux is running, the USB2 PHY has usually been running in device mode and it turns out that sometimes host->device or device->host transitions don't work. The root cause: If the role inside the USB2 PHY is re-configured when it has already been powered on or when dwc2 has already enabled the ULPI interface the new configuration sometimes doesn't take affect until dwc3 is reset again. Fix this rare issue by configuring the role much earlier. Note that the USB3 PHY does not suffer from this issue and actually requires dwc3 to be up before the correct role can be configured there. Reported-by: James Calligeros <jcalligeros99(a)gmail.com> Reported-by: Janne Grunau <j(a)jannau.net> Fixes: 0ec946d32ef7 ("usb: dwc3: Add Apple Silicon DWC3 glue layer driver") Cc: stable(a)vger.kernel.org Signed-off-by: Sven Peter <sven(a)kernel.org> --- drivers/usb/dwc3/dwc3-apple.c | 48 +++++++++++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 15 deletions(-) diff --git a/drivers/usb/dwc3/dwc3-apple.c b/drivers/usb/dwc3/dwc3-apple.c index cc47cad232e397ac4498b09165dfdb5bd215ded7..c2ae8eb21d514e5e493d2927bc12908c308dfe19 100644 --- a/drivers/usb/dwc3/dwc3-apple.c +++ b/drivers/usb/dwc3/dwc3-apple.c @@ -218,25 +218,31 @@ static int dwc3_apple_core_init(struct dwc3_apple *appledwc) return ret; } -static void dwc3_apple_phy_set_mode(struct dwc3_apple *appledwc, enum phy_mode mode) -{ - lockdep_assert_held(&appledwc->lock); - - /* - * This platform requires SUSPHY to be enabled here already in order to properly configure - * the PHY and switch dwc3's PIPE interface to USB3 PHY. - */ - dwc3_enable_susphy(&appledwc->dwc, true); - phy_set_mode(appledwc->dwc.usb2_generic_phy[0], mode); - phy_set_mode(appledwc->dwc.usb3_generic_phy[0], mode); -} - static int dwc3_apple_init(struct dwc3_apple *appledwc, enum dwc3_apple_state state) { int ret, ret_reset; lockdep_assert_held(&appledwc->lock); + /* + * The USB2 PHY on this platform must be configured for host or device mode while it is + * still powered off and before dwc3 tries to access it. Otherwise, the new configuration + * will sometimes only take affect after the *next* time dwc3 is brought up which causes + * the connected device to just not work. + * The USB3 PHY must be configured later after dwc3 has already been initialized. + */ + switch (state) { + case DWC3_APPLE_HOST: + phy_set_mode(appledwc->dwc.usb2_generic_phy[0], PHY_MODE_USB_HOST); + break; + case DWC3_APPLE_DEVICE: + phy_set_mode(appledwc->dwc.usb2_generic_phy[0], PHY_MODE_USB_DEVICE); + break; + default: + /* Unreachable unless there's a bug in this driver */ + return -EINVAL; + } + ret = reset_control_deassert(appledwc->reset); if (ret) { dev_err(appledwc->dev, "Failed to deassert reset, err=%d\n", ret); @@ -257,7 +263,13 @@ static int dwc3_apple_init(struct dwc3_apple *appledwc, enum dwc3_apple_state st case DWC3_APPLE_HOST: appledwc->dwc.dr_mode = USB_DR_MODE_HOST; dwc3_apple_set_ptrcap(appledwc, DWC3_GCTL_PRTCAP_HOST); - dwc3_apple_phy_set_mode(appledwc, PHY_MODE_USB_HOST); + /* + * This platform requires SUSPHY to be enabled here already in order to properly + * configure the PHY and switch dwc3's PIPE interface to USB3 PHY. The USB2 PHY + * has already been configured to the correct mode earlier. + */ + dwc3_enable_susphy(&appledwc->dwc, true); + phy_set_mode(appledwc->dwc.usb3_generic_phy[0], PHY_MODE_USB_HOST); ret = dwc3_host_init(&appledwc->dwc); if (ret) { dev_err(appledwc->dev, "Failed to initialize host, ret=%d\n", ret); @@ -268,7 +280,13 @@ static int dwc3_apple_init(struct dwc3_apple *appledwc, enum dwc3_apple_state st case DWC3_APPLE_DEVICE: appledwc->dwc.dr_mode = USB_DR_MODE_PERIPHERAL; dwc3_apple_set_ptrcap(appledwc, DWC3_GCTL_PRTCAP_DEVICE); - dwc3_apple_phy_set_mode(appledwc, PHY_MODE_USB_DEVICE); + /* + * This platform requires SUSPHY to be enabled here already in order to properly + * configure the PHY and switch dwc3's PIPE interface to USB3 PHY. The USB2 PHY + * has already been configured to the correct mode earlier. + */ + dwc3_enable_susphy(&appledwc->dwc, true); + phy_set_mode(appledwc->dwc.usb3_generic_phy[0], PHY_MODE_USB_DEVICE); ret = dwc3_gadget_init(&appledwc->dwc); if (ret) { dev_err(appledwc->dev, "Failed to initialize gadget, ret=%d\n", ret); --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20260108-dwc3-apple-usb2phy-fix-cf1d26018dd0 Best regards, -- Sven Peter <sven(a)kernel.org>

3 days, 14 hours

[PATCH v2 v5.10.y] bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself

by HarinadhD

From: Jakub Sitnicki <jakub(a)cloudflare.com> [ Upstream commit 5b4a79ba65a1ab479903fff2e604865d229b70a9 ] sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in favor of a resource leak. [1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/ Suggested-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Jakub Sitnicki <jakub(a)cloudflare.com> Acked-by: John Fastabend <john.fastabend(a)gmail.com> Link: https://lore.kernel.org/r/20230113-sockmap-fix-v2-1-1e0ee7ac2f90@cloudflare… Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Harinadh: Modified to apply on v5.10.y ] Signed-off-by: Harinadh Dommaraju <Harinadh.Dommaraju(a)broadcom.com> --- net/core/sock_map.c | 53 +++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 3a9e0046a780..438bbef5ff75 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -1558,15 +1558,16 @@ void sock_map_unhash(struct sock *sk) psock = sk_psock(sk); if (unlikely(!psock)) { rcu_read_unlock(); - if (sk->sk_prot->unhash) - sk->sk_prot->unhash(sk); - return; + saved_unhash = READ_ONCE(sk->sk_prot)->unhash; + } else { + saved_unhash = psock->saved_unhash; + sock_map_remove_links(sk, psock); + rcu_read_unlock(); } - - saved_unhash = psock->saved_unhash; - sock_map_remove_links(sk, psock); - rcu_read_unlock(); - saved_unhash(sk); + if (WARN_ON_ONCE(saved_unhash == sock_map_unhash)) + return; + if (saved_unhash) + saved_unhash(sk); } void sock_map_destroy(struct sock *sk) @@ -1578,16 +1579,17 @@ void sock_map_destroy(struct sock *sk) psock = sk_psock_get(sk); if (unlikely(!psock)) { rcu_read_unlock(); - if (sk->sk_prot->destroy) - sk->sk_prot->destroy(sk); - return; + saved_destroy = READ_ONCE(sk->sk_prot)->destroy; + } else { + saved_destroy = psock->saved_destroy; + sock_map_remove_links(sk, psock); + rcu_read_unlock(); + sk_psock_put(sk, psock); } - - saved_destroy = psock->saved_destroy; - sock_map_remove_links(sk, psock); - rcu_read_unlock(); - sk_psock_put(sk, psock); - saved_destroy(sk); + if (WARN_ON_ONCE(saved_destroy == sock_map_destroy)) + return; + if (saved_destroy) + saved_destroy(sk); } EXPORT_SYMBOL_GPL(sock_map_destroy); @@ -1602,13 +1604,18 @@ void sock_map_close(struct sock *sk, long timeout) if (unlikely(!psock)) { rcu_read_unlock(); release_sock(sk); - return sk->sk_prot->close(sk, timeout); + saved_close = READ_ONCE(sk->sk_prot)->close; + } else { + saved_close = psock->saved_close; + sock_map_remove_links(sk, psock); + rcu_read_unlock(); + release_sock(sk); } - - saved_close = psock->saved_close; - sock_map_remove_links(sk, psock); - rcu_read_unlock(); - release_sock(sk); + /* Make sure we do not recurse. This is a bug. + * Leak the socket instead of crashing on a stack overflow. + */ + if (WARN_ON_ONCE(saved_close == sock_map_close)) + return; saved_close(sk, timeout); } -- 2.43.7

3 days, 14 hours

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror