Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

301 participants
124138 discussions

[PATCH] ecryptfs: Add missing gotos in ecryptfs_read_metadata

by Thorsten Blum

Add two missing goto statements to exit ecryptfs_read_metadata() when an error occurs. The first goto is required; otherwise ECRYPTFS_METADATA_IN_XATTR may be set when xattr metadata is enabled even though parsing the metadata failed. The second goto is not strictly necessary, but it makes the error path explicit instead of relying on falling through to 'out'. Cc: stable(a)vger.kernel.org Fixes: dd2a3b7ad98f ("[PATCH] eCryptfs: Generalize metadata read/write") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- fs/ecryptfs/crypto.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 260f8a4938b0..d49cdf7292ab 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -1328,6 +1328,7 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) "file xattr region either, inode %lu\n", ecryptfs_inode->i_ino); rc = -EINVAL; + goto out; } if (crypt_stat->mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) { @@ -1340,6 +1341,7 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) "this like an encrypted file, inode %lu\n", ecryptfs_inode->i_ino); rc = -EINVAL; + goto out; } } out: -- Thorsten Blum <thorsten.blum(a)linux.dev> GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4

15 hours, 51 minutes

[PATCH] fuse: Check for large folio with SPLICE_F_MOVE

by Bernd Schubert

xfstest generic/074 and generic/075 complain result in kernel warning messages / page dumps. This is easily reproducible (on 6.19) with CONFIG_TRANSPARENT_HUGEPAGE_SHMEM_HUGE_ALWAYS=y CONFIG_TRANSPARENT_HUGEPAGE_TMPFS_HUGE_ALWAYS=y This just adds a test for large folios fuse_try_move_folio with the same page copy fallback, but to avoid the warnings from fuse_check_folio(). Cc: stable(a)vger.kernel.org Signed-off-by: Bernd Schubert <bschubert(a)ddn.com> Signed-off-by: Horst Birthelmer <hbirthelmer(a)ddn.com> --- fs/fuse/dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index 6d59cbc877c6ad06deb6b02eba05a9015228cd05..1f1071d621441b334573ab42b6d820d996bdb00d 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -1011,6 +1011,9 @@ static int fuse_try_move_folio(struct fuse_copy_state *cs, struct folio **foliop folio_clear_uptodate(newfolio); folio_clear_mappedtodisk(newfolio); + if (folio_test_large(newfolio)) + goto out_fallback_unlock; + if (fuse_check_folio(newfolio) != 0) goto out_fallback_unlock; --- base-commit: 755bc1335e3b116b702205b72eb57b7b8aef2bb2 change-id: 20260111-fuse_try_move_folio-check-large-folio-823b995dc06c Best regards, -- Bernd Schubert <bschubert(a)ddn.com>

16 hours, 31 minutes

Re: [PATCH v2] fbdev: bitblit: bound-check glyph index in bit_putcs*

by Vitaly Chikunov

Dear linux-fbdev, stable, On Mon, Oct 20, 2025 at 09:47:01PM +0800, Junjie Cao wrote: > bit_putcs_aligned()/unaligned() derived the glyph pointer from the > character value masked by 0xff/0x1ff, which may exceed the actual font's > glyph count and read past the end of the built-in font array. > Clamp the index to the actual glyph count before computing the address. > > This fixes a global out-of-bounds read reported by syzbot. > > Reported-by: syzbot+793cf822d213be1a74f2(a)syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=793cf822d213be1a74f2 > Tested-by: syzbot+793cf822d213be1a74f2(a)syzkaller.appspotmail.com > Signed-off-by: Junjie Cao <junjie.cao(a)intel.com> This commit is applied to v5.10.247 and causes a regression: when switching VT with ctrl-alt-f2 the screen is blank or completely filled with angle characters, then new text is not appearing (or not visible). This commit is found with git bisect from v5.10.246 to v5.10.247: 0998a6cb232674408a03e8561dc15aa266b2f53b is the first bad commit commit 0998a6cb232674408a03e8561dc15aa266b2f53b Author: Junjie Cao <junjie.cao(a)intel.com> AuthorDate: 2025-10-20 21:47:01 +0800 Commit: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> CommitDate: 2025-12-07 06:08:07 +0900 fbdev: bitblit: bound-check glyph index in bit_putcs* commit 18c4ef4e765a798b47980555ed665d78b71aeadf upstream. bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and read past the end of the built-in font array. Clamp the index to the actual glyph count before computing the address. This fixes a global out-of-bounds read reported by syzbot. Reported-by: syzbot+793cf822d213be1a74f2(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=793cf822d213be1a74f2 Tested-by: syzbot+793cf822d213be1a74f2(a)syzkaller.appspotmail.com Signed-off-by: Junjie Cao <junjie.cao(a)intel.com> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> drivers/video/fbdev/core/bitblit.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) The minimal reproducer in cli, after kernel is booted: date >/dev/tty2; chvt 2 and the date does not appear. Thanks, #regzbot introduced: 0998a6cb232674408a03e8561dc15aa266b2f53b > --- > v1: https://lore.kernel.org/linux-fbdev/5d237d1a-a528-4205-a4d8-71709134f1e1@su… > v1 -> v2: > - Fix indentation and add blank line after declarations with the .pl helper > - No functional changes > > drivers/video/fbdev/core/bitblit.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/drivers/video/fbdev/core/bitblit.c b/drivers/video/fbdev/core/bitblit.c > index 9d2e59796c3e..085ffb44c51a 100644 > --- a/drivers/video/fbdev/core/bitblit.c > +++ b/drivers/video/fbdev/core/bitblit.c > @@ -79,12 +79,16 @@ static inline void bit_putcs_aligned(struct vc_data *vc, struct fb_info *info, > struct fb_image *image, u8 *buf, u8 *dst) > { > u16 charmask = vc->vc_hi_font_mask ? 0x1ff : 0xff; > + unsigned int charcnt = vc->vc_font.charcount; > u32 idx = vc->vc_font.width >> 3; > u8 *src; > > while (cnt--) { > - src = vc->vc_font.data + (scr_readw(s++)& > - charmask)*cellsize; > + u16 ch = scr_readw(s++) & charmask; > + > + if (ch >= charcnt) > + ch = 0; > + src = vc->vc_font.data + (unsigned int)ch * cellsize; > > if (attr) { > update_attr(buf, src, attr, vc); > @@ -112,14 +116,18 @@ static inline void bit_putcs_unaligned(struct vc_data *vc, > u8 *dst) > { > u16 charmask = vc->vc_hi_font_mask ? 0x1ff : 0xff; > + unsigned int charcnt = vc->vc_font.charcount; > u32 shift_low = 0, mod = vc->vc_font.width % 8; > u32 shift_high = 8; > u32 idx = vc->vc_font.width >> 3; > u8 *src; > > while (cnt--) { > - src = vc->vc_font.data + (scr_readw(s++)& > - charmask)*cellsize; > + u16 ch = scr_readw(s++) & charmask; > + > + if (ch >= charcnt) > + ch = 0; > + src = vc->vc_font.data + (unsigned int)ch * cellsize; > > if (attr) { > update_attr(buf, src, attr, vc); > -- > 2.48.1 >

22 hours, 52 minutes

+ migrate-correct-lock-ordering-for-hugetlb-file-folios.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: migrate: correct lock ordering for hugetlb file folios has been added to the -mm mm-hotfixes-unstable branch. Its filename is migrate-correct-lock-ordering-for-hugetlb-file-folios.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via various branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there most days ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: migrate: correct lock ordering for hugetlb file folios Date: Fri, 9 Jan 2026 04:13:42 +0000 Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock). 2) Task (5754): Holds i_mmap_rwsem(write lock), then tries to acquire folio_lock. migrate_pages() -> migrate_hugetlbs() -> unmap_and_move_huge_page() <- Takes folio_lock! -> remove_migration_ptes() -> __rmap_walk_file() -> i_mmap_lock_read() <- Waits for i_mmap_rwsem(read lock)! hugetlbfs_fallocate() -> hugetlbfs_punch_hole() <- Takes i_mmap_rwsem(write lock)! -> hugetlbfs_zero_partial_page() -> filemap_lock_hugetlb_folio() -> filemap_lock_folio() -> __filemap_get_folio <- Waits for folio_lock! The migration path is the one taking locks in the wrong order according to the documentation at the top of mm/rmap.c. So expand the scope of the existing i_mmap_lock to cover the calls to remove_migration_ptes() too. This is (mostly) how it used to be after commit c0d0381ade79. That was removed by 336bf30eb765 for both file & anon hugetlb pages when it should only have been removed for anon hugetlb pages. Link: https://lkml.kernel.org/r/20260109041345.3863089-2-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Fixes: 336bf30eb765 ("hugetlbfs: fix anon huge page migration race") Reported-by: syzbot+2d9c96466c978346b55f(a)syzkaller.appspotmail.com Link: https://lore.kernel.org/all/68e9715a.050a0220.1186a4.000d.GAE@google.com Debugged-by: Lance Yang <lance.yang(a)linux.dev> Acked-by: David Hildenbrand (Red Hat) <david(a)kernel.org> Acked-by: Zi Yan <ziy(a)nvidia.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Gregory Price <gourry(a)gourry.net> Cc: Jann Horn <jannh(a)google.com> Cc: Joshua Hahn <joshua.hahnjy(a)gmail.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Rakie Kim <rakie.kim(a)sk.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Ying Huang <ying.huang(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- a/mm/migrate.c~migrate-correct-lock-ordering-for-hugetlb-file-folios +++ a/mm/migrate.c @@ -1458,6 +1458,7 @@ static int unmap_and_move_huge_page(new_ int page_was_mapped = 0; struct anon_vma *anon_vma = NULL; struct address_space *mapping = NULL; + enum ttu_flags ttu = 0; if (folio_ref_count(src) == 1) { /* page was freed from under us. So we are done. */ @@ -1498,8 +1499,6 @@ static int unmap_and_move_huge_page(new_ goto put_anon; if (folio_mapped(src)) { - enum ttu_flags ttu = 0; - if (!folio_test_anon(src)) { /* * In shared mappings, try_to_unmap could potentially @@ -1516,16 +1515,17 @@ static int unmap_and_move_huge_page(new_ try_to_migrate(src, ttu); page_was_mapped = 1; - - if (ttu & TTU_RMAP_LOCKED) - i_mmap_unlock_write(mapping); } if (!folio_mapped(src)) rc = move_to_new_folio(dst, src, mode); if (page_was_mapped) - remove_migration_ptes(src, !rc ? dst : src, 0); + remove_migration_ptes(src, !rc ? dst : src, + ttu ? RMP_LOCKED : 0); + + if (ttu & TTU_RMAP_LOCKED) + i_mmap_unlock_write(mapping); unlock_put_anon: folio_unlock(dst); _ Patches currently in -mm which might be from willy(a)infradead.org are migrate-correct-lock-ordering-for-hugetlb-file-folios.patch migrate-replace-rmp_-flags-with-ttu_-flags.patch

1 day, 1 hour

[PATCH] USB: OHCI/UHCI: Add soft dependencies on ehci_hcd

by Huacai Chen

Commit 9beeee6584b9aa4f ("USB: EHCI: log a warning if ehci-hcd is not loaded first") said that ehci-hcd should be loaded before ohci-hcd and uhci-hcd. However, commit 05c92da0c52494ca ("usb: ohci/uhci - add soft dependencies on ehci_pci") only makes ohci-pci/uhci-pci depend on ehci- pci, which is not enough and we may still see the warnings in boot log. So fix it by also making ohci-hcd/uhci-hcd depend on ehci-hcd. Cc: stable(a)vger.kernel.org Reported-by: Shengwen Xiao <atzlinux(a)sina.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/usb/host/ohci-hcd.c | 1 + drivers/usb/host/uhci-hcd.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/usb/host/ohci-hcd.c b/drivers/usb/host/ohci-hcd.c index 9c7f3008646e..549c965b7fbe 100644 --- a/drivers/usb/host/ohci-hcd.c +++ b/drivers/usb/host/ohci-hcd.c @@ -1355,4 +1355,5 @@ static void __exit ohci_hcd_mod_exit(void) clear_bit(USB_OHCI_LOADED, &usb_hcds_loaded); } module_exit(ohci_hcd_mod_exit); +MODULE_SOFTDEP("pre: ehci_hcd"); diff --git a/drivers/usb/host/uhci-hcd.c b/drivers/usb/host/uhci-hcd.c index 14e6dfef16c6..e1a27d01bdbc 100644 --- a/drivers/usb/host/uhci-hcd.c +++ b/drivers/usb/host/uhci-hcd.c @@ -939,3 +939,4 @@ module_exit(uhci_hcd_cleanup); MODULE_AUTHOR(DRIVER_AUTHOR); MODULE_DESCRIPTION(DRIVER_DESC); MODULE_LICENSE("GPL"); +MODULE_SOFTDEP("pre: ehci_hcd"); -- 2.47.3

1 day, 2 hours

[PATCH net 2/3] can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak

by Marc Kleine-Budde

In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. In the complete callback gs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In gs_can_close() the URBs are freed by calling usb_kill_anchored_urbs(parent->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in gs_can_close(). Fix the memory leak by anchoring the URB in the gs_usb_receive_bulk_callback() to the parent->rx_submitted anchor. Fixes: d08e973a77d1 ("can: gs_usb: Added support for the GS_USB CAN devices") Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20260105-gs_usb-fix-memory-leak-v2-1-cc6ed6438034@… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/usb/gs_usb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c index a0233e550a5a..d093babbc320 100644 --- a/drivers/net/can/usb/gs_usb.c +++ b/drivers/net/can/usb/gs_usb.c @@ -751,6 +751,8 @@ static void gs_usb_receive_bulk_callback(struct urb *urb) hf, parent->hf_size_rx, gs_usb_receive_bulk_callback, parent); + usb_anchor_urb(urb, &parent->rx_submitted); + rc = usb_submit_urb(urb, GFP_ATOMIC); /* USB failure take down all interfaces */ -- 2.51.0

1 day, 5 hours

[PATCH 6.18 0/5] 6.18.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.18.5 release. There are 5 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 11 Jan 2026 11:19:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.18.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.18.5-rc1 Mike Snitzer <snitzer(a)kernel.org> nfs/localio: fix regression due to out-of-order __put_cred Peter Zijlstra <peterz(a)infradead.org> sched/fair: Proportional newidle balance Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to update_newidle_cost() Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to sched_balance_newidle() Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure context reset on disconnect() ------------- Diffstat: Makefile | 4 +-- fs/nfs/localio.c | 12 ++++---- include/linux/sched/topology.h | 3 ++ kernel/sched/core.c | 3 ++ kernel/sched/fair.c | 65 ++++++++++++++++++++++++++++++++++-------- kernel/sched/features.h | 5 ++++ kernel/sched/sched.h | 7 +++++ kernel/sched/topology.c | 6 ++++ net/mptcp/protocol.c | 8 ++++-- net/mptcp/protocol.h | 3 +- 10 files changed, 92 insertions(+), 24 deletions(-)

1 day, 6 hours

[PATCH 6.12 00/16] 6.12.65-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.65 release. There are 16 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 11 Jan 2026 11:19:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.65-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.65-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "iommu/amd: Skip enabling command/event buffers for kdump" Sean Nyekjaer <sean(a)geanix.com> pwm: stm32: Always program polarity Maximilian Immanuel Brandtner <maxbr(a)linux.ibm.com> virtio_console: fix order of fields cols and rows Peter Zijlstra <peterz(a)infradead.org> sched/fair: Proportional newidle balance Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to update_newidle_cost() Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to sched_balance_newidle() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. Richa Bharti <richa.bharti(a)siemens.com> cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes Natalie Vock <natalie.vock(a)gmx.de> drm/amdgpu: Forward VMID reservation errors Miaoqian Lin <linmq006(a)gmail.com> net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration Jouni Malinen <jouni.malinen(a)oss.qualcomm.com> wifi: mac80211: Discard Beacon frames to non-broadcast address Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure context reset on disconnect() Bijan Tabatabai <bijan311(a)gmail.com> mm: consider non-anon swap cache folios in folio_expected_ref_count() David Hildenbrand <david(a)redhat.com> mm: simplify folio_expected_ref_count() Alexander Gordeev <agordeev(a)linux.ibm.com> mm/page_alloc: change all pageblocks migrate type on coalescing Paolo Abeni <pabeni(a)redhat.com> mptcp: fallback earlier on simult connection ------------- Diffstat: Makefile | 4 +-- drivers/char/virtio_console.c | 2 +- drivers/cpufreq/intel_pstate.c | 9 +++-- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 ++-- drivers/iommu/amd/init.c | 28 +++++---------- drivers/net/phy/mediatek-ge-soc.c | 2 +- drivers/pwm/pwm-stm32.c | 3 +- include/linux/if_bridge.h | 6 ++-- include/linux/mm.h | 10 +++--- include/linux/sched/topology.h | 3 ++ kernel/sched/core.c | 3 ++ kernel/sched/fair.c | 65 +++++++++++++++++++++++++++------- kernel/sched/features.h | 5 +++ kernel/sched/sched.h | 7 ++++ kernel/sched/topology.c | 6 ++++ mm/page_alloc.c | 24 ++++++------- net/bridge/br_ioctl.c | 36 +++++++++++++++++-- net/bridge/br_private.h | 3 +- net/core/dev_ioctl.c | 16 --------- net/mac80211/rx.c | 5 +++ net/mptcp/options.c | 10 ++++++ net/mptcp/protocol.c | 8 +++-- net/mptcp/protocol.h | 9 +++-- net/mptcp/subflow.c | 10 +----- net/socket.c | 19 +++++----- 25 files changed, 186 insertions(+), 113 deletions(-)

1 day, 7 hours

[PATCH net v3 1/3] virtio-net: don't schedule delayed refill worker

by Bui Quang Minh

When we fail to refill the receive buffers, we schedule a delayed worker to retry later. However, this worker creates some concurrency issues. For example, when the worker runs concurrently with virtnet_xdp_set, both need to temporarily disable queue's NAPI before enabling again. Without proper synchronization, a deadlock can happen when napi_disable() is called on an already disabled NAPI. That napi_disable() call will be stuck and so will the subsequent napi_enable() call. To simplify the logic and avoid further problems, we will instead retry refilling in the next NAPI poll. Fixes: 4bc12818b363 ("virtio-net: disable delayed refill when pausing rx") Reported-by: Paolo Abeni <pabeni(a)redhat.com> Closes: https://netdev-ctrl.bots.linux.dev/logs/vmksft/drv-hw-dbg/results/400961/3-… Cc: stable(a)vger.kernel.org Suggested-by: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> --- drivers/net/virtio_net.c | 48 +++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 1bb3aeca66c6..f986abf0c236 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -3046,16 +3046,16 @@ static int virtnet_receive(struct receive_queue *rq, int budget, else packets = virtnet_receive_packets(vi, rq, budget, xdp_xmit, &stats); + u64_stats_set(&stats.packets, packets); if (rq->vq->num_free > min((unsigned int)budget, virtqueue_get_vring_size(rq->vq)) / 2) { - if (!try_fill_recv(vi, rq, GFP_ATOMIC)) { - spin_lock(&vi->refill_lock); - if (vi->refill_enabled) - schedule_delayed_work(&vi->refill, 0); - spin_unlock(&vi->refill_lock); - } + if (!try_fill_recv(vi, rq, GFP_ATOMIC)) + /* We need to retry refilling in the next NAPI poll so + * we must return budget to make sure the NAPI is + * repolled. + */ + packets = budget; } - u64_stats_set(&stats.packets, packets); u64_stats_update_begin(&rq->stats.syncp); for (i = 0; i < ARRAY_SIZE(virtnet_rq_stats_desc); i++) { size_t offset = virtnet_rq_stats_desc[i].offset; @@ -3230,9 +3230,10 @@ static int virtnet_open(struct net_device *dev) for (i = 0; i < vi->max_queue_pairs; i++) { if (i < vi->curr_queue_pairs) - /* Make sure we have some buffers: if oom use wq. */ - if (!try_fill_recv(vi, &vi->rq[i], GFP_KERNEL)) - schedule_delayed_work(&vi->refill, 0); + /* Pre-fill rq agressively, to make sure we are ready to + * get packets immediately. + */ + try_fill_recv(vi, &vi->rq[i], GFP_KERNEL); err = virtnet_enable_queue_pair(vi, i); if (err < 0) @@ -3472,16 +3473,15 @@ static void __virtnet_rx_resume(struct virtnet_info *vi, struct receive_queue *rq, bool refill) { - bool running = netif_running(vi->dev); - bool schedule_refill = false; + if (netif_running(vi->dev)) { + /* Pre-fill rq agressively, to make sure we are ready to get + * packets immediately. + */ + if (refill) + try_fill_recv(vi, rq, GFP_KERNEL); - if (refill && !try_fill_recv(vi, rq, GFP_KERNEL)) - schedule_refill = true; - if (running) virtnet_napi_enable(rq); - - if (schedule_refill) - schedule_delayed_work(&vi->refill, 0); + } } static void virtnet_rx_resume_all(struct virtnet_info *vi) @@ -3829,11 +3829,13 @@ static int virtnet_set_queues(struct virtnet_info *vi, u16 queue_pairs) } succ: vi->curr_queue_pairs = queue_pairs; - /* virtnet_open() will refill when device is going to up. */ - spin_lock_bh(&vi->refill_lock); - if (dev->flags & IFF_UP && vi->refill_enabled) - schedule_delayed_work(&vi->refill, 0); - spin_unlock_bh(&vi->refill_lock); + if (dev->flags & IFF_UP) { + local_bh_disable(); + for (int i = 0; i < vi->curr_queue_pairs; ++i) + virtqueue_napi_schedule(&vi->rq[i].napi, vi->rq[i].vq); + + local_bh_enable(); + } return 0; } -- 2.43.0

1 day, 9 hours

[PATCH can 0/5] can: usb: fix URB memory leaks

by Marc Kleine-Budde

An URB memory leak [1] was recently fixed in the gs_usb driver. The driver did not take into account that completed URBs are no longer anchored, causing them to be lost during ifdown. The memory leak was fixed by re-anchoring the URBs in the URB completion callback. Several USB CAN drivers are affected by the same error. Fix them accordingly. [1] https://lore.kernel.org/all/20260109135311.576033-3-mkl@pengutronix.de/ Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- Marc Kleine-Budde (5): can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak drivers/net/can/usb/ems_usb.c | 2 ++ drivers/net/can/usb/esd_usb.c | 2 ++ drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 ++ drivers/net/can/usb/mcba_usb.c | 2 ++ drivers/net/can/usb/usb_8dev.c | 2 ++ 5 files changed, 10 insertions(+) --- base-commit: 7470a7a63dc162f07c26dbf960e41ee1e248d80e change-id: 20260109-can_usb-fix-memory-leak-0d769e002393 Best regards, -- Marc Kleine-Budde <mkl(a)pengutronix.de>

1 day, 10 hours

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror