- Linux-stable-mirror - lists.linaro.org

[PATCH 6.1.y] Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()'

by alvalan9＠foxmail.com

From: Arseniy Krasnov <avkrasnov(a)salutedevices.com> [ Upstream commit 2935e556850e9c94d7a00adf14d3cd7fe406ac03 ] Function 'hci_discovery_filter_clear()' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hci_cmd_sync_work()' 'update_passive_scan_sync()' 'hci_update_passive_scan_sync()' 'hci_discovery_filter_clear()' kfree(uuids); <-------------------------preempted--------------------------------> 'start_service_discovery()' 'hci_discovery_filter_clear()' kfree(uuids); // DOUBLE FREE <-------------------------preempted--------------------------------> uuids = NULL; To fix it let's add locking around 'kfree()' call and NULL pointer assignment. Otherwise the following backtrace fires: [ ] ------------[ cut here ]------------ [ ] kernel BUG at mm/slub.c:547! [ ] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ ] CPU: 3 UID: 0 PID: 246 Comm: bluetoothd Tainted: G O 6.12.19-kernel #1 [ ] Tainted: [O]=OOT_MODULE [ ] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ ] pc : __slab_free+0xf8/0x348 [ ] lr : __slab_free+0x48/0x348 ... [ ] Call trace: [ ] __slab_free+0xf8/0x348 [ ] kfree+0x164/0x27c [ ] start_service_discovery+0x1d0/0x2c0 [ ] hci_sock_sendmsg+0x518/0x924 [ ] __sock_sendmsg+0x54/0x60 [ ] sock_write_iter+0x98/0xf8 [ ] do_iter_readv_writev+0xe4/0x1c8 [ ] vfs_writev+0x128/0x2b0 [ ] do_writev+0xfc/0x118 [ ] __arm64_sys_writev+0x20/0x2c [ ] invoke_syscall+0x68/0xf0 [ ] el0_svc_common.constprop.0+0x40/0xe0 [ ] do_el0_svc+0x1c/0x28 [ ] el0_svc+0x30/0xd0 [ ] el0t_64_sync_handler+0x100/0x12c [ ] el0t_64_sync+0x194/0x198 [ ] Code: 8b0002e6 eb17031f 54fffbe1 d503201f (d4210000) [ ] ---[ end trace 0000000000000000 ]--- Fixes: ad383c2c65a5 ("Bluetooth: hci_sync: Enable advertising when LL privacy is enabled") Signed-off-by: Arseniy Krasnov <avkrasnov(a)salutedevices.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> [ Minor context change fixed. ] Signed-off-by: Alva Lan <alvalan9(a)foxmail.com> --- include/net/bluetooth/hci_core.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 4a1faf11785f..b0a7ceb99eec 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -28,7 +28,7 @@ #include <linux/idr.h> #include <linux/leds.h> #include <linux/rculist.h> - +#include <linux/spinlock.h> #include <net/bluetooth/hci.h> #include <net/bluetooth/hci_sync.h> #include <net/bluetooth/hci_sock.h> @@ -92,6 +92,7 @@ struct discovery_state { unsigned long scan_start; unsigned long scan_duration; unsigned long name_resolve_timeout; + spinlock_t lock; }; #define SUSPEND_NOTIFIER_TIMEOUT msecs_to_jiffies(2000) /* 2 seconds */ @@ -881,6 +882,7 @@ static inline void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, static inline void discovery_init(struct hci_dev *hdev) { + spin_lock_init(&hdev->discovery.lock); hdev->discovery.state = DISCOVERY_STOPPED; INIT_LIST_HEAD(&hdev->discovery.all); INIT_LIST_HEAD(&hdev->discovery.unknown); @@ -895,8 +897,12 @@ static inline void hci_discovery_filter_clear(struct hci_dev *hdev) hdev->discovery.report_invalid_rssi = true; hdev->discovery.rssi = HCI_RSSI_INVALID; hdev->discovery.uuid_count = 0; + + spin_lock(&hdev->discovery.lock); kfree(hdev->discovery.uuids); hdev->discovery.uuids = NULL; + spin_unlock(&hdev->discovery.lock); + hdev->discovery.scan_start = 0; hdev->discovery.scan_duration = 0; } -- 2.43.0

6 hours, 51 minutes

2
1
0 0

[merged mm-stable] mm-damon-tests-sysfs-kunit-handle-alloc-failures-on-damon_sysfs_test_add_targets.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets() has been removed from the -mm tree. Its filename was mm-damon-tests-sysfs-kunit-handle-alloc-failures-on-damon_sysfs_test_add_targets.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets() Date: Sat, 1 Nov 2025 11:20:14 -0700 damon_sysfs_test_add_targets() is assuming all dynamic memory allocation in it will succeed. Those are indeed likely in the real use cases since those allocations are too small to fail, but theoretically those could fail. In the case, inappropriate memory access can happen. Fix it by appropriately cleanup pre-allocated memory and skip the execution of the remaining tests in the failure cases. Link: https://lkml.kernel.org/r/20251101182021.74868-21-sj@kernel.org Fixes: b8ee5575f763 ("mm/damon/sysfs-test: add a unit test for damon_sysfs_set_targets()") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Brendan Higgins <brendan.higgins(a)linux.dev> Cc: David Gow <davidgow(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.7+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/tests/sysfs-kunit.h | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) --- a/mm/damon/tests/sysfs-kunit.h~mm-damon-tests-sysfs-kunit-handle-alloc-failures-on-damon_sysfs_test_add_targets +++ a/mm/damon/tests/sysfs-kunit.h @@ -45,16 +45,41 @@ static void damon_sysfs_test_add_targets struct damon_ctx *ctx; sysfs_targets = damon_sysfs_targets_alloc(); + if (!sysfs_targets) + kunit_skip(test, "sysfs_targets alloc fail"); sysfs_targets->nr = 1; sysfs_targets->targets_arr = kmalloc_array(1, sizeof(*sysfs_targets->targets_arr), GFP_KERNEL); + if (!sysfs_targets->targets_arr) { + kfree(sysfs_targets); + kunit_skip(test, "targets_arr alloc fail"); + } sysfs_target = damon_sysfs_target_alloc(); + if (!sysfs_target) { + kfree(sysfs_targets->targets_arr); + kfree(sysfs_targets); + kunit_skip(test, "sysfs_target alloc fail"); + } sysfs_target->pid = __damon_sysfs_test_get_any_pid(12, 100); sysfs_target->regions = damon_sysfs_regions_alloc(); + if (!sysfs_target->regions) { + kfree(sysfs_targets->targets_arr); + kfree(sysfs_targets); + kfree(sysfs_target); + kunit_skip(test, "sysfs_regions alloc fail"); + } + sysfs_targets->targets_arr[0] = sysfs_target; ctx = damon_new_ctx(); + if (!ctx) { + kfree(sysfs_targets->targets_arr); + kfree(sysfs_targets); + kfree(sysfs_target); + kfree(sysfs_target->regions); + kunit_skip(test, "ctx alloc fail"); + } damon_sysfs_add_targets(ctx, sysfs_targets); KUNIT_EXPECT_EQ(test, 1u, nr_damon_targets(ctx)); _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-tests-core-kunit-remove-dynamic-allocs-on-damos_test_commit_filter.patch mm-damon-tests-core-kunit-split-out-damos_test_commit_filter-core-logic.patch mm-damon-tests-core-kunit-extend-damos_test_commit_filter_for-for-union-fields.patch mm-damon-tests-core-kunit-add-test-cases-to-damos_test_commit_filter.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goal-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goals-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota-test.patch mm-damon-core-pass-migrate_dests-to-damos_commit_dests.patch mm-damon-tests-core-kunit-add-damos_commit_dests-test.patch mm-damon-tests-core-kunit-add-damos_commit-test.patch mm-damon-tests-core-kunit-add-damon_commit_target_regions-test.patch mm-damon-rename-damos-core-filter-helpers-to-have-word-core.patch mm-damon-rename-damos-filters-to-damos-core_filters.patch mm-damon-vaddr-cleanup-using-pmd_trans_huge_lock.patch mm-damon-vaddr-use-vm_normal_folio_pmd-instead-of-damon_get_folio.patch mm-damon-vaddr-consistently-use-only-pmd_entry-for-damos_migrate.patch mm-damon-tests-core-kunit-remove-damon_min_region-redefinition.patch selftests-damon-sysfspy-merge-damon-status-dumping-into-commitment-assertion.patch docs-mm-damon-maintainer-profile-fix-a-typo-on-mm-untable-link.patch docs-mm-damon-maintainer-profile-fix-grammartical-errors.patch

6 hours, 54 minutes

1
0
0 0

[merged mm-stable] mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_test_split_evenly_succ.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() has been removed from the -mm tree. Its filename was mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_test_split_evenly_succ.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() Date: Sat, 1 Nov 2025 11:20:13 -0700 damon_test_split_evenly_succ() is assuming all dynamic memory allocation in it will succeed. Those are indeed likely in the real use cases since those allocations are too small to fail, but theoretically those could fail. In the case, inappropriate memory access can happen. Fix it by appropriately cleanup pre-allocated memory and skip the execution of the remaining tests in the failure cases. Link: https://lkml.kernel.org/r/20251101182021.74868-20-sj@kernel.org Fixes: 17ccae8bb5c9 ("mm/damon: add kunit tests") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Brendan Higgins <brendan.higgins(a)linux.dev> Cc: David Gow <davidgow(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> [5.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/tests/vaddr-kunit.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) --- a/mm/damon/tests/vaddr-kunit.h~mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_test_split_evenly_succ +++ a/mm/damon/tests/vaddr-kunit.h @@ -284,10 +284,17 @@ static void damon_test_split_evenly_succ unsigned long start, unsigned long end, unsigned int nr_pieces) { struct damon_target *t = damon_new_target(); - struct damon_region *r = damon_new_region(start, end); + struct damon_region *r; unsigned long expected_width = (end - start) / nr_pieces; unsigned long i = 0; + if (!t) + kunit_skip(test, "target alloc fail"); + r = damon_new_region(start, end); + if (!r) { + damon_free_target(t); + kunit_skip(test, "region alloc fail"); + } damon_add_region(r, t); KUNIT_EXPECT_EQ(test, damon_va_evenly_split_region(t, r, nr_pieces), 0); _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-tests-core-kunit-remove-dynamic-allocs-on-damos_test_commit_filter.patch mm-damon-tests-core-kunit-split-out-damos_test_commit_filter-core-logic.patch mm-damon-tests-core-kunit-extend-damos_test_commit_filter_for-for-union-fields.patch mm-damon-tests-core-kunit-add-test-cases-to-damos_test_commit_filter.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goal-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goals-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota-test.patch mm-damon-core-pass-migrate_dests-to-damos_commit_dests.patch mm-damon-tests-core-kunit-add-damos_commit_dests-test.patch mm-damon-tests-core-kunit-add-damos_commit-test.patch mm-damon-tests-core-kunit-add-damon_commit_target_regions-test.patch mm-damon-rename-damos-core-filter-helpers-to-have-word-core.patch mm-damon-rename-damos-filters-to-damos-core_filters.patch mm-damon-vaddr-cleanup-using-pmd_trans_huge_lock.patch mm-damon-vaddr-use-vm_normal_folio_pmd-instead-of-damon_get_folio.patch mm-damon-vaddr-consistently-use-only-pmd_entry-for-damos_migrate.patch mm-damon-tests-core-kunit-remove-damon_min_region-redefinition.patch selftests-damon-sysfspy-merge-damon-status-dumping-into-commitment-assertion.patch docs-mm-damon-maintainer-profile-fix-a-typo-on-mm-untable-link.patch docs-mm-damon-maintainer-profile-fix-grammartical-errors.patch

6 hours, 54 minutes

1
0
0 0

[merged mm-stable] mm-damon-tests-vaddr-kunit-handle-alloc-failures-in-damon_test_split_evenly_fail.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() has been removed from the -mm tree. Its filename was mm-damon-tests-vaddr-kunit-handle-alloc-failures-in-damon_test_split_evenly_fail.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() Date: Sat, 1 Nov 2025 11:20:12 -0700 damon_test_split_evenly_fail() is assuming all dynamic memory allocation in it will succeed. Those are indeed likely in the real use cases since those allocations are too small to fail, but theoretically those could fail. In the case, inappropriate memory access can happen. Fix it by appropriately cleanup pre-allocated memory and skip the execution of the remaining tests in the failure cases. Link: https://lkml.kernel.org/r/20251101182021.74868-19-sj@kernel.org Fixes: 17ccae8bb5c9 ("mm/damon: add kunit tests") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Brendan Higgins <brendan.higgins(a)linux.dev> Cc: David Gow <davidgow(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> [5.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/tests/vaddr-kunit.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) --- a/mm/damon/tests/vaddr-kunit.h~mm-damon-tests-vaddr-kunit-handle-alloc-failures-in-damon_test_split_evenly_fail +++ a/mm/damon/tests/vaddr-kunit.h @@ -256,7 +256,16 @@ static void damon_test_split_evenly_fail unsigned long start, unsigned long end, unsigned int nr_pieces) { struct damon_target *t = damon_new_target(); - struct damon_region *r = damon_new_region(start, end); + struct damon_region *r; + + if (!t) + kunit_skip(test, "target alloc fail"); + + r = damon_new_region(start, end); + if (!r) { + damon_free_target(t); + kunit_skip(test, "region alloc fail"); + } damon_add_region(r, t); KUNIT_EXPECT_EQ(test, _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-tests-core-kunit-remove-dynamic-allocs-on-damos_test_commit_filter.patch mm-damon-tests-core-kunit-split-out-damos_test_commit_filter-core-logic.patch mm-damon-tests-core-kunit-extend-damos_test_commit_filter_for-for-union-fields.patch mm-damon-tests-core-kunit-add-test-cases-to-damos_test_commit_filter.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goal-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goals-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota-test.patch mm-damon-core-pass-migrate_dests-to-damos_commit_dests.patch mm-damon-tests-core-kunit-add-damos_commit_dests-test.patch mm-damon-tests-core-kunit-add-damos_commit-test.patch mm-damon-tests-core-kunit-add-damon_commit_target_regions-test.patch mm-damon-rename-damos-core-filter-helpers-to-have-word-core.patch mm-damon-rename-damos-filters-to-damos-core_filters.patch mm-damon-vaddr-cleanup-using-pmd_trans_huge_lock.patch mm-damon-vaddr-use-vm_normal_folio_pmd-instead-of-damon_get_folio.patch mm-damon-vaddr-consistently-use-only-pmd_entry-for-damos_migrate.patch mm-damon-tests-core-kunit-remove-damon_min_region-redefinition.patch selftests-damon-sysfspy-merge-damon-status-dumping-into-commitment-assertion.patch docs-mm-damon-maintainer-profile-fix-a-typo-on-mm-untable-link.patch docs-mm-damon-maintainer-profile-fix-grammartical-errors.patch

6 hours, 54 minutes

1
0
0 0

[merged mm-stable] mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_do_test_apply_three_regions.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() has been removed from the -mm tree. Its filename was mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_do_test_apply_three_regions.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() Date: Sat, 1 Nov 2025 11:20:11 -0700 damon_do_test_apply_three_regions() is assuming all dynamic memory allocation in it will succeed. Those are indeed likely in the real use cases since those allocations are too small to fail, but theoretically those could fail. In the case, inappropriate memory access can happen. Fix it by appropriately cleanup pre-allocated memory and skip the execution of the remaining tests in the failure cases. Link: https://lkml.kernel.org/r/20251101182021.74868-18-sj@kernel.org Fixes: 17ccae8bb5c9 ("mm/damon: add kunit tests") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Brendan Higgins <brendan.higgins(a)linux.dev> Cc: David Gow <davidgow(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> [5.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/tests/vaddr-kunit.h | 6 ++++++ 1 file changed, 6 insertions(+) --- a/mm/damon/tests/vaddr-kunit.h~mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_do_test_apply_three_regions +++ a/mm/damon/tests/vaddr-kunit.h @@ -136,8 +136,14 @@ static void damon_do_test_apply_three_re int i; t = damon_new_target(); + if (!t) + kunit_skip(test, "target alloc fail"); for (i = 0; i < nr_regions / 2; i++) { r = damon_new_region(regions[i * 2], regions[i * 2 + 1]); + if (!r) { + damon_destroy_target(t, NULL); + kunit_skip(test, "region alloc fail"); + } damon_add_region(r, t); } _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-tests-core-kunit-remove-dynamic-allocs-on-damos_test_commit_filter.patch mm-damon-tests-core-kunit-split-out-damos_test_commit_filter-core-logic.patch mm-damon-tests-core-kunit-extend-damos_test_commit_filter_for-for-union-fields.patch mm-damon-tests-core-kunit-add-test-cases-to-damos_test_commit_filter.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goal-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goals-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota-test.patch mm-damon-core-pass-migrate_dests-to-damos_commit_dests.patch mm-damon-tests-core-kunit-add-damos_commit_dests-test.patch mm-damon-tests-core-kunit-add-damos_commit-test.patch mm-damon-tests-core-kunit-add-damon_commit_target_regions-test.patch mm-damon-rename-damos-core-filter-helpers-to-have-word-core.patch mm-damon-rename-damos-filters-to-damos-core_filters.patch mm-damon-vaddr-cleanup-using-pmd_trans_huge_lock.patch mm-damon-vaddr-use-vm_normal_folio_pmd-instead-of-damon_get_folio.patch mm-damon-vaddr-consistently-use-only-pmd_entry-for-damos_migrate.patch mm-damon-tests-core-kunit-remove-damon_min_region-redefinition.patch selftests-damon-sysfspy-merge-damon-status-dumping-into-commitment-assertion.patch docs-mm-damon-maintainer-profile-fix-a-typo-on-mm-untable-link.patch docs-mm-damon-maintainer-profile-fix-grammartical-errors.patch

6 hours, 54 minutes

1
0
0 0

[merged mm-stable] mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_set_filters_default_reject.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/tests/core-kunit: handle alloc failures on damon_test_set_filters_default_reject() has been removed from the -mm tree. Its filename was mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_set_filters_default_reject.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/tests/core-kunit: handle alloc failures on damon_test_set_filters_default_reject() Date: Sat, 1 Nov 2025 11:20:10 -0700 damon_test_set_filters_default_reject() is assuming all dynamic memory allocation in it will succeed. Those are indeed likely in the real use cases since those allocations are too small to fail, but theoretically those could fail. In the case, inappropriate memory access can happen. Fix it by appropriately cleanup pre-allocated memory and skip the execution of the remaining tests in the failure cases. Link: https://lkml.kernel.org/r/20251101182021.74868-17-sj@kernel.org Fixes: 094fb14913c7 ("mm/damon/tests/core-kunit: add a test for damos_set_filters_default_reject()") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Brendan Higgins <brendan.higgins(a)linux.dev> Cc: David Gow <davidgow(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.16+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/tests/core-kunit.h | 6 ++++++ 1 file changed, 6 insertions(+) --- a/mm/damon/tests/core-kunit.h~mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_set_filters_default_reject +++ a/mm/damon/tests/core-kunit.h @@ -659,6 +659,8 @@ static void damon_test_set_filters_defau KUNIT_EXPECT_EQ(test, scheme.ops_filters_default_reject, false); target_filter = damos_new_filter(DAMOS_FILTER_TYPE_TARGET, true, true); + if (!target_filter) + kunit_skip(test, "filter alloc fail"); damos_add_filter(&scheme, target_filter); damos_set_filters_default_reject(&scheme); /* @@ -684,6 +686,10 @@ static void damon_test_set_filters_defau KUNIT_EXPECT_EQ(test, scheme.ops_filters_default_reject, false); anon_filter = damos_new_filter(DAMOS_FILTER_TYPE_ANON, true, true); + if (!anon_filter) { + damos_free_filter(target_filter); + kunit_skip(test, "anon_filter alloc fail"); + } damos_add_filter(&scheme, anon_filter); damos_set_filters_default_reject(&scheme); _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-tests-core-kunit-remove-dynamic-allocs-on-damos_test_commit_filter.patch mm-damon-tests-core-kunit-split-out-damos_test_commit_filter-core-logic.patch mm-damon-tests-core-kunit-extend-damos_test_commit_filter_for-for-union-fields.patch mm-damon-tests-core-kunit-add-test-cases-to-damos_test_commit_filter.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goal-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goals-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota-test.patch mm-damon-core-pass-migrate_dests-to-damos_commit_dests.patch mm-damon-tests-core-kunit-add-damos_commit_dests-test.patch mm-damon-tests-core-kunit-add-damos_commit-test.patch mm-damon-tests-core-kunit-add-damon_commit_target_regions-test.patch mm-damon-rename-damos-core-filter-helpers-to-have-word-core.patch mm-damon-rename-damos-filters-to-damos-core_filters.patch mm-damon-vaddr-cleanup-using-pmd_trans_huge_lock.patch mm-damon-vaddr-use-vm_normal_folio_pmd-instead-of-damon_get_folio.patch mm-damon-vaddr-consistently-use-only-pmd_entry-for-damos_migrate.patch mm-damon-tests-core-kunit-remove-damon_min_region-redefinition.patch selftests-damon-sysfspy-merge-damon-status-dumping-into-commitment-assertion.patch docs-mm-damon-maintainer-profile-fix-a-typo-on-mm-untable-link.patch docs-mm-damon-maintainer-profile-fix-grammartical-errors.patch

6 hours, 54 minutes

1
0
0 0

[merged mm-stable] mm-damon-tests-core-kunit-handle-alloc-failures-on-damos_test_filter_out.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/tests/core-kunit: handle alloc failures on damos_test_filter_out() has been removed from the -mm tree. Its filename was mm-damon-tests-core-kunit-handle-alloc-failures-on-damos_test_filter_out.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/tests/core-kunit: handle alloc failures on damos_test_filter_out() Date: Sat, 1 Nov 2025 11:20:09 -0700 damon_test_filter_out() is assuming all dynamic memory allocation in it will succeed. Those are indeed likely in the real use cases since those allocations are too small to fail, but theoretically those could fail. In the case, inappropriate memory access can happen. Fix it by appropriately cleanup pre-allocated memory and skip the execution of the remaining tests in the failure cases. Link: https://lkml.kernel.org/r/20251101182021.74868-16-sj@kernel.org Fixes: 26713c890875 ("mm/damon/core-test: add a unit test for __damos_filter_out()") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Brendan Higgins <brendan.higgins(a)linux.dev> Cc: David Gow <davidgow(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/tests/core-kunit.h | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/mm/damon/tests/core-kunit.h~mm-damon-tests-core-kunit-handle-alloc-failures-on-damos_test_filter_out +++ a/mm/damon/tests/core-kunit.h @@ -542,11 +542,22 @@ static void damos_test_filter_out(struct struct damos_filter *f; f = damos_new_filter(DAMOS_FILTER_TYPE_ADDR, true, false); + if (!f) + kunit_skip(test, "filter alloc fail"); f->addr_range = (struct damon_addr_range){ .start = DAMON_MIN_REGION * 2, .end = DAMON_MIN_REGION * 6}; t = damon_new_target(); + if (!t) { + damos_destroy_filter(f); + kunit_skip(test, "target alloc fail"); + } r = damon_new_region(DAMON_MIN_REGION * 3, DAMON_MIN_REGION * 5); + if (!r) { + damos_destroy_filter(f); + damon_free_target(t); + kunit_skip(test, "region alloc fail"); + } damon_add_region(r, t); /* region in the range */ _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-tests-core-kunit-remove-dynamic-allocs-on-damos_test_commit_filter.patch mm-damon-tests-core-kunit-split-out-damos_test_commit_filter-core-logic.patch mm-damon-tests-core-kunit-extend-damos_test_commit_filter_for-for-union-fields.patch mm-damon-tests-core-kunit-add-test-cases-to-damos_test_commit_filter.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goal-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goals-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota-test.patch mm-damon-core-pass-migrate_dests-to-damos_commit_dests.patch mm-damon-tests-core-kunit-add-damos_commit_dests-test.patch mm-damon-tests-core-kunit-add-damos_commit-test.patch mm-damon-tests-core-kunit-add-damon_commit_target_regions-test.patch mm-damon-rename-damos-core-filter-helpers-to-have-word-core.patch mm-damon-rename-damos-filters-to-damos-core_filters.patch mm-damon-vaddr-cleanup-using-pmd_trans_huge_lock.patch mm-damon-vaddr-use-vm_normal_folio_pmd-instead-of-damon_get_folio.patch mm-damon-vaddr-consistently-use-only-pmd_entry-for-damos_migrate.patch mm-damon-tests-core-kunit-remove-damon_min_region-redefinition.patch selftests-damon-sysfspy-merge-damon-status-dumping-into-commitment-assertion.patch docs-mm-damon-maintainer-profile-fix-a-typo-on-mm-untable-link.patch docs-mm-damon-maintainer-profile-fix-grammartical-errors.patch

6 hours, 54 minutes

1
0
0 0

[merged mm-stable] mm-damon-tests-core-kunit-handle-alloc-failure-on-damos_test_commit_filter.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/tests/core-kunit: handle alloc failure on damos_test_commit_filter() has been removed from the -mm tree. Its filename was mm-damon-tests-core-kunit-handle-alloc-failure-on-damos_test_commit_filter.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/tests/core-kunit: handle alloc failure on damos_test_commit_filter() Date: Sat, 1 Nov 2025 11:20:08 -0700 damon_test_commit_filter() is assuming all dynamic memory allocation in it will succeed. Those are indeed likely in the real use cases since those allocations are too small to fail, but theoretically those could fail. In the case, inappropriate memory access can happen. Fix it by appropriately cleanup pre-allocated memory and skip the execution of the remaining tests in the failure cases. Link: https://lkml.kernel.org/r/20251101182021.74868-15-sj@kernel.org Fixes: f6a4a150f1ec ("mm/damon/tests/core-kunit: add damos_commit_filter test") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Brendan Higgins <brendan.higgins(a)linux.dev> Cc: David Gow <davidgow(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.18+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/tests/core-kunit.h | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) --- a/mm/damon/tests/core-kunit.h~mm-damon-tests-core-kunit-handle-alloc-failure-on-damos_test_commit_filter +++ a/mm/damon/tests/core-kunit.h @@ -516,11 +516,16 @@ static void damos_test_new_filter(struct static void damos_test_commit_filter(struct kunit *test) { - struct damos_filter *src_filter = damos_new_filter( - DAMOS_FILTER_TYPE_ANON, true, true); - struct damos_filter *dst_filter = damos_new_filter( - DAMOS_FILTER_TYPE_ACTIVE, false, false); + struct damos_filter *src_filter, *dst_filter; + src_filter = damos_new_filter(DAMOS_FILTER_TYPE_ANON, true, true); + if (!src_filter) + kunit_skip(test, "src filter alloc fail"); + dst_filter = damos_new_filter(DAMOS_FILTER_TYPE_ACTIVE, false, false); + if (!dst_filter) { + damos_destroy_filter(src_filter); + kunit_skip(test, "dst filter alloc fail"); + } damos_commit_filter(dst_filter, src_filter); KUNIT_EXPECT_EQ(test, dst_filter->type, src_filter->type); KUNIT_EXPECT_EQ(test, dst_filter->matching, src_filter->matching); _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-tests-core-kunit-remove-dynamic-allocs-on-damos_test_commit_filter.patch mm-damon-tests-core-kunit-split-out-damos_test_commit_filter-core-logic.patch mm-damon-tests-core-kunit-extend-damos_test_commit_filter_for-for-union-fields.patch mm-damon-tests-core-kunit-add-test-cases-to-damos_test_commit_filter.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goal-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goals-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota-test.patch mm-damon-core-pass-migrate_dests-to-damos_commit_dests.patch mm-damon-tests-core-kunit-add-damos_commit_dests-test.patch mm-damon-tests-core-kunit-add-damos_commit-test.patch mm-damon-tests-core-kunit-add-damon_commit_target_regions-test.patch mm-damon-rename-damos-core-filter-helpers-to-have-word-core.patch mm-damon-rename-damos-filters-to-damos-core_filters.patch mm-damon-vaddr-cleanup-using-pmd_trans_huge_lock.patch mm-damon-vaddr-use-vm_normal_folio_pmd-instead-of-damon_get_folio.patch mm-damon-vaddr-consistently-use-only-pmd_entry-for-damos_migrate.patch mm-damon-tests-core-kunit-remove-damon_min_region-redefinition.patch selftests-damon-sysfspy-merge-damon-status-dumping-into-commitment-assertion.patch docs-mm-damon-maintainer-profile-fix-a-typo-on-mm-untable-link.patch docs-mm-damon-maintainer-profile-fix-grammartical-errors.patch

6 hours, 54 minutes

1
0
0 0

[merged mm-stable] mm-damon-tests-core-kunit-handle-alloc-failres-in-damon_test_new_filter.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/tests/core-kunit: handle alloc failres in damon_test_new_filter() has been removed from the -mm tree. Its filename was mm-damon-tests-core-kunit-handle-alloc-failres-in-damon_test_new_filter.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/tests/core-kunit: handle alloc failres in damon_test_new_filter() Date: Sat, 1 Nov 2025 11:20:07 -0700 damon_test_new_filter() is assuming all dynamic memory allocation in it will succeed. Those are indeed likely in the real use cases since those allocations are too small to fail, but theoretically those could fail. In the case, inappropriate memory access can happen. Fix it by appropriately cleanup pre-allocated memory and skip the execution of the remaining tests in the failure cases. Link: https://lkml.kernel.org/r/20251101182021.74868-14-sj@kernel.org Fixes: 2a158e956b98 ("mm/damon/core-test: add a test for damos_new_filter()") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Brendan Higgins <brendan.higgins(a)linux.dev> Cc: David Gow <davidgow(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/tests/core-kunit.h | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/damon/tests/core-kunit.h~mm-damon-tests-core-kunit-handle-alloc-failres-in-damon_test_new_filter +++ a/mm/damon/tests/core-kunit.h @@ -505,6 +505,8 @@ static void damos_test_new_filter(struct struct damos_filter *filter; filter = damos_new_filter(DAMOS_FILTER_TYPE_ANON, true, false); + if (!filter) + kunit_skip(test, "filter alloc fail"); KUNIT_EXPECT_EQ(test, filter->type, DAMOS_FILTER_TYPE_ANON); KUNIT_EXPECT_EQ(test, filter->matching, true); KUNIT_EXPECT_PTR_EQ(test, filter->list.prev, &filter->list); _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-tests-core-kunit-remove-dynamic-allocs-on-damos_test_commit_filter.patch mm-damon-tests-core-kunit-split-out-damos_test_commit_filter-core-logic.patch mm-damon-tests-core-kunit-extend-damos_test_commit_filter_for-for-union-fields.patch mm-damon-tests-core-kunit-add-test-cases-to-damos_test_commit_filter.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goal-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goals-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota-test.patch mm-damon-core-pass-migrate_dests-to-damos_commit_dests.patch mm-damon-tests-core-kunit-add-damos_commit_dests-test.patch mm-damon-tests-core-kunit-add-damos_commit-test.patch mm-damon-tests-core-kunit-add-damon_commit_target_regions-test.patch mm-damon-rename-damos-core-filter-helpers-to-have-word-core.patch mm-damon-rename-damos-filters-to-damos-core_filters.patch mm-damon-vaddr-cleanup-using-pmd_trans_huge_lock.patch mm-damon-vaddr-use-vm_normal_folio_pmd-instead-of-damon_get_folio.patch mm-damon-vaddr-consistently-use-only-pmd_entry-for-damos_migrate.patch mm-damon-tests-core-kunit-remove-damon_min_region-redefinition.patch selftests-damon-sysfspy-merge-damon-status-dumping-into-commitment-assertion.patch docs-mm-damon-maintainer-profile-fix-a-typo-on-mm-untable-link.patch docs-mm-damon-maintainer-profile-fix-grammartical-errors.patch

6 hours, 54 minutes

1
0
0 0

[merged mm-stable] mm-damon-tests-core-kunit-handle-alloc-failure-on-damon_test_set_attrs.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/tests/core-kunit: handle alloc failure on damon_test_set_attrs() has been removed from the -mm tree. Its filename was mm-damon-tests-core-kunit-handle-alloc-failure-on-damon_test_set_attrs.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/tests/core-kunit: handle alloc failure on damon_test_set_attrs() Date: Sat, 1 Nov 2025 11:20:06 -0700 damon_test_set_attrs() is assuming all dynamic memory allocation in it will succeed. Those are indeed likely in the real use cases since those allocations are too small to fail, but theoretically those could fail. In the case, inappropriate memory access can happen. Fix it by appropriately cleanup pre-allocated memory and skip the execution of the remaining tests in the failure cases. Link: https://lkml.kernel.org/r/20251101182021.74868-13-sj@kernel.org Fixes: aa13779be6b7 ("mm/damon/core-test: add a test for damon_set_attrs()") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Brendan Higgins <brendan.higgins(a)linux.dev> Cc: David Gow <davidgow(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/tests/core-kunit.h | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/damon/tests/core-kunit.h~mm-damon-tests-core-kunit-handle-alloc-failure-on-damon_test_set_attrs +++ a/mm/damon/tests/core-kunit.h @@ -465,6 +465,9 @@ static void damon_test_set_attrs(struct .sample_interval = 5000, .aggr_interval = 100000,}; struct damon_attrs invalid_attrs; + if (!c) + kunit_skip(test, "ctx alloc fail"); + KUNIT_EXPECT_EQ(test, damon_set_attrs(c, &valid_attrs), 0); invalid_attrs = valid_attrs; _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-tests-core-kunit-remove-dynamic-allocs-on-damos_test_commit_filter.patch mm-damon-tests-core-kunit-split-out-damos_test_commit_filter-core-logic.patch mm-damon-tests-core-kunit-extend-damos_test_commit_filter_for-for-union-fields.patch mm-damon-tests-core-kunit-add-test-cases-to-damos_test_commit_filter.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goal-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota_goals-test.patch mm-damon-tests-core-kunit-add-damos_commit_quota-test.patch mm-damon-core-pass-migrate_dests-to-damos_commit_dests.patch mm-damon-tests-core-kunit-add-damos_commit_dests-test.patch mm-damon-tests-core-kunit-add-damos_commit-test.patch mm-damon-tests-core-kunit-add-damon_commit_target_regions-test.patch mm-damon-rename-damos-core-filter-helpers-to-have-word-core.patch mm-damon-rename-damos-filters-to-damos-core_filters.patch mm-damon-vaddr-cleanup-using-pmd_trans_huge_lock.patch mm-damon-vaddr-use-vm_normal_folio_pmd-instead-of-damon_get_folio.patch mm-damon-vaddr-consistently-use-only-pmd_entry-for-damos_migrate.patch mm-damon-tests-core-kunit-remove-damon_min_region-redefinition.patch selftests-damon-sysfspy-merge-damon-status-dumping-into-commitment-assertion.patch docs-mm-damon-maintainer-profile-fix-a-typo-on-mm-untable-link.patch docs-mm-damon-maintainer-profile-fix-grammartical-errors.patch

6 hours, 54 minutes

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror