- Linux-stable-mirror - lists.linaro.org

[PATCH] staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()

by Nathan Chancellor

After commit 6f110a5e4f99 ("Disable SLUB_TINY for build testing"), which causes CONFIG_KASAN to be enabled in allmodconfig again, arm64 allmodconfig builds with older versions of clang (15 through 17) show an instance of -Wframe-larger-than (which breaks the build with CONFIG_WERROR=y): drivers/staging/rtl8723bs/core/rtw_security.c:1287:5: error: stack frame size (2208) exceeds limit (2048) in 'rtw_aes_decrypt' [-Werror,-Wframe-larger-than] 1287 | u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe) | ^ This comes from aes_decipher() being inlined in rtw_aes_decrypt(). Running the same build with CONFIG_FRAME_WARN=128 shows aes_cipher() also uses a decent amount of stack, just under the limit of 2048: drivers/staging/rtl8723bs/core/rtw_security.c:864:19: warning: stack frame size (1952) exceeds limit (128) in 'aes_cipher' [-Wframe-larger-than] 864 | static signed int aes_cipher(u8 *key, uint hdrlen, | ^ -Rpass-analysis=stack-frame-layout only shows one large structure on the stack, which is the ctx variable inlined from aes128k128d(). A good number of the other variables come from the additional checks of fortified string routines, which are present in memset(), which both aes_cipher() and aes_decipher() use to initialize some temporary buffers. In this case, since the size is known at compile time, these additional checks should not result in any code generation changes but allmodconfig has several sanitizers enabled, which may make it harder for the compiler to eliminate the compile time checks and the variables that come about from them. The memset() calls are just initializing these buffers to zero, so use '= {}' instead, which is used all over the kernel and does the exact same thing as memset() without the fortify checks, which drops the stack usage of these functions by a few hundred kilobytes. drivers/staging/rtl8723bs/core/rtw_security.c:864:19: warning: stack frame size (1584) exceeds limit (128) in 'aes_cipher' [-Wframe-larger-than] 864 | static signed int aes_cipher(u8 *key, uint hdrlen, | ^ drivers/staging/rtl8723bs/core/rtw_security.c:1271:5: warning: stack frame size (1456) exceeds limit (128) in 'rtw_aes_decrypt' [-Wframe-larger-than] 1271 | u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe) | ^ Cc: stable(a)vger.kernel.org Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/staging/rtl8723bs/core/rtw_security.c | 44 +++++++++------------------ 1 file changed, 14 insertions(+), 30 deletions(-) diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c index 1e9eff01b1aa..e9f382c280d9 100644 --- a/drivers/staging/rtl8723bs/core/rtw_security.c +++ b/drivers/staging/rtl8723bs/core/rtw_security.c @@ -868,29 +868,21 @@ static signed int aes_cipher(u8 *key, uint hdrlen, num_blocks, payload_index; u8 pn_vector[6]; - u8 mic_iv[16]; - u8 mic_header1[16]; - u8 mic_header2[16]; - u8 ctr_preload[16]; + u8 mic_iv[16] = {}; + u8 mic_header1[16] = {}; + u8 mic_header2[16] = {}; + u8 ctr_preload[16] = {}; /* Intermediate Buffers */ - u8 chain_buffer[16]; - u8 aes_out[16]; - u8 padded_buffer[16]; + u8 chain_buffer[16] = {}; + u8 aes_out[16] = {}; + u8 padded_buffer[16] = {}; u8 mic[8]; uint frtype = GetFrameType(pframe); uint frsubtype = GetFrameSubType(pframe); frsubtype = frsubtype>>4; - memset((void *)mic_iv, 0, 16); - memset((void *)mic_header1, 0, 16); - memset((void *)mic_header2, 0, 16); - memset((void *)ctr_preload, 0, 16); - memset((void *)chain_buffer, 0, 16); - memset((void *)aes_out, 0, 16); - memset((void *)padded_buffer, 0, 16); - if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) a4_exists = 0; else @@ -1080,15 +1072,15 @@ static signed int aes_decipher(u8 *key, uint hdrlen, num_blocks, payload_index; signed int res = _SUCCESS; u8 pn_vector[6]; - u8 mic_iv[16]; - u8 mic_header1[16]; - u8 mic_header2[16]; - u8 ctr_preload[16]; + u8 mic_iv[16] = {}; + u8 mic_header1[16] = {}; + u8 mic_header2[16] = {}; + u8 ctr_preload[16] = {}; /* Intermediate Buffers */ - u8 chain_buffer[16]; - u8 aes_out[16]; - u8 padded_buffer[16]; + u8 chain_buffer[16] = {}; + u8 aes_out[16] = {}; + u8 padded_buffer[16] = {}; u8 mic[8]; uint frtype = GetFrameType(pframe); @@ -1096,14 +1088,6 @@ static signed int aes_decipher(u8 *key, uint hdrlen, frsubtype = frsubtype>>4; - memset((void *)mic_iv, 0, 16); - memset((void *)mic_header1, 0, 16); - memset((void *)mic_header2, 0, 16); - memset((void *)ctr_preload, 0, 16); - memset((void *)chain_buffer, 0, 16); - memset((void *)aes_out, 0, 16); - memset((void *)padded_buffer, 0, 16); - /* start to decrypt the payload */ num_blocks = (plen-8) / 16; /* plen including LLC, payload_length and mic) */ --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250609-rtl8723bs-fix-clang-arm64-wflt-b4b9652904b5 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

3 months, 1 week

2
1
0 0

Linux 6.14.11

by Greg Kroah-Hartman

----------------- Note this is the LAST 6.14.y release. This kernel branch is now end-of-life. Please move to the 6.15.y kernel branch at this time. If you notice, this has happened a bit more "early" than previous end-of-life announcements. Normally, after -rc1 is out there is a TON of stable patches happening due to the changes that come into the merge-window that were marked for stable backports but didn't get into Linus's release before -final. As some people have objected to this large influx being added to a stable kernel that is just about to go end-of-life, let's try marking this end-of-life a bit earlier to see how it goes. It might also spur maintainers/developers to get fixes into -final a bit more as well :) ----------------- I'm announcing the release of the 6.14.11 kernel. All users of the 6.14 kernel series must upgrade. The updated 6.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 - Documentation/devicetree/bindings/pwm/adi,axi-pwmgen.yaml | 13 ++++- Documentation/devicetree/bindings/usb/cypress,hx3.yaml | 19 ++++++- Documentation/firmware-guide/acpi/dsd/data-node-references.rst | 26 ++++------ Documentation/firmware-guide/acpi/dsd/graph.rst | 11 +--- Documentation/firmware-guide/acpi/dsd/leds.rst | 7 -- Makefile | 2 drivers/android/binder.c | 16 +++++- drivers/android/binder_internal.h | 8 ++- drivers/android/binderfs.c | 2 drivers/bluetooth/hci_qca.c | 14 ++--- drivers/clk/samsung/clk-exynosautov920.c | 2 drivers/cpufreq/acpi-cpufreq.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 +----- drivers/nvmem/Kconfig | 1 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 +++-- drivers/rtc/class.c | 2 drivers/rtc/lib.c | 24 +++++++-- drivers/thunderbolt/ctl.c | 5 + drivers/tty/serial/jsm/jsm_tty.c | 1 drivers/usb/class/usbtmc.c | 4 + drivers/usb/core/quirks.c | 3 + drivers/usb/serial/pl2303.c | 2 drivers/usb/storage/unusual_uas.h | 7 ++ drivers/usb/typec/ucsi/ucsi.h | 2 fs/orangefs/inode.c | 9 +-- kernel/trace/trace.c | 2 27 files changed, 138 insertions(+), 79 deletions(-) Alexandre Mergnat (2): rtc: Make rtc_time64_to_tm() support dates before 1970 rtc: Fix offset calculation for .start_secs < 0 Arnd Bergmann (1): nvmem: rmem: select CONFIG_CRC32 Aurabindo Pillai (1): Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Bartosz Golaszewski (1): Bluetooth: hci_qca: move the SoC type check to the right place Carlos Llamas (1): binder: fix yet another UAF in binder_devices Charles Yeh (1): USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Dave Penkler (1): usb: usbtmc: Fix timeout value in get_stb David Lechner (1): dt-bindings: pwm: adi,axi-pwmgen: Fix clocks Dmitry Antipov (1): binder: fix use-after-free in binderfs_evict_inode() Dustin Lundquist (1): serial: jsm: fix NPE during jsm_uart_port_init Gabor Juhos (2): pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 pinctrl: armada-37xx: set GPIO output value before setting direction Gautham R. Shenoy (1): acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Greg Kroah-Hartman (1): Linux 6.14.11 Hongyu Xie (1): usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Jiayi Li (1): usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Lukasz Czechowski (1): dt-bindings: usb: cypress,hx3: Add support for all variants Mike Marshall (1): orangefs: adjust counting code to recover from 665575cf Pan Taixi (1): tracing: Fix compilation warning on arm32 Pritam Manohar Sutar (1): clk: samsung: correct clock summary for hsi1 block Qasim Ijaz (1): usb: typec: ucsi: fix Clang -Wsign-conversion warning Sakari Ailus (1): Documentation: ACPI: Use all-string data node references Sergey Senozhatsky (1): thunderbolt: Do not double dequeue a configuration request Xu Yang (1): dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property

3 months, 1 week

1
1
0 0

Linux 6.15.2

by Greg Kroah-Hartman

I'm announcing the release of the 6.15.2 kernel. All users of the 6.15 kernel series must upgrade. The updated 6.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 Documentation/devicetree/bindings/pwm/adi,axi-pwmgen.yaml | 13 + Documentation/devicetree/bindings/remoteproc/qcom,sm8150-pas.yaml | 3 Documentation/devicetree/bindings/usb/cypress,hx3.yaml | 19 ++ Documentation/firmware-guide/acpi/dsd/data-node-references.rst | 26 +-- Documentation/firmware-guide/acpi/dsd/graph.rst | 11 - Documentation/firmware-guide/acpi/dsd/leds.rst | 7 Makefile | 2 arch/x86/kernel/smpboot.c | 54 ++++++- drivers/acpi/acpica/acdebug.h | 2 drivers/acpi/acpica/aclocal.h | 4 drivers/acpi/acpica/nsnames.c | 2 drivers/acpi/acpica/nsrepair2.c | 2 drivers/android/binder.c | 16 +- drivers/android/binder_internal.h | 8 - drivers/android/binderfs.c | 2 drivers/bluetooth/hci_qca.c | 14 - drivers/clk/samsung/clk-exynosautov920.c | 2 drivers/cpufreq/acpi-cpufreq.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 -- drivers/nvmem/Kconfig | 1 drivers/pinctrl/mediatek/mtk-eint.c | 26 +-- drivers/pinctrl/mediatek/mtk-eint.h | 5 drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 2 drivers/pinctrl/mediatek/pinctrl-mtk-common.c | 2 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 + drivers/rtc/class.c | 2 drivers/rtc/lib.c | 24 ++- drivers/thunderbolt/ctl.c | 5 drivers/tty/serial/jsm/jsm_tty.c | 1 drivers/usb/class/usbtmc.c | 4 drivers/usb/core/quirks.c | 3 drivers/usb/serial/pl2303.c | 2 drivers/usb/storage/unusual_uas.h | 7 drivers/usb/typec/ucsi/ucsi.h | 2 fs/bcachefs/dirent.c | 12 - fs/bcachefs/dirent.h | 4 fs/bcachefs/errcode.h | 2 fs/bcachefs/fs.c | 8 - fs/bcachefs/fsck.c | 8 + fs/bcachefs/inode.c | 77 ++++++---- fs/bcachefs/namei.c | 4 fs/bcachefs/sb-errors_format.h | 4 fs/bcachefs/subvolume.c | 19 +- include/acpi/actbl.h | 6 include/acpi/actypes.h | 4 include/acpi/platform/acgcc.h | 8 + kernel/trace/trace.c | 2 tools/power/acpi/os_specific/service_layers/oslinuxtbl.c | 2 tools/power/acpi/tools/acpidump/apfiles.c | 2 50 files changed, 313 insertions(+), 157 deletions(-) Ahmed Salem (1): ACPICA: Apply ACPI_NONSTRING in more places Alexandre Mergnat (2): rtc: Make rtc_time64_to_tm() support dates before 1970 rtc: Fix offset calculation for .start_secs < 0 Arnd Bergmann (1): nvmem: rmem: select CONFIG_CRC32 Aurabindo Pillai (1): Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Bartosz Golaszewski (1): Bluetooth: hci_qca: move the SoC type check to the right place Carlos Llamas (1): binder: fix yet another UAF in binder_devices Charles Yeh (1): USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Dave Penkler (1): usb: usbtmc: Fix timeout value in get_stb David Lechner (1): dt-bindings: pwm: adi,axi-pwmgen: Fix clocks Dmitry Antipov (1): binder: fix use-after-free in binderfs_evict_inode() Dustin Lundquist (1): serial: jsm: fix NPE during jsm_uart_port_init Gabor Juhos (2): pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 pinctrl: armada-37xx: set GPIO output value before setting direction Gautham R. Shenoy (1): acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Greg Kroah-Hartman (1): Linux 6.15.2 Hongyu Xie (1): usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Jiayi Li (1): usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Kees Cook (2): ACPICA: Introduce ACPI_NONSTRING ACPICA: Apply ACPI_NONSTRING Kent Overstreet (5): bcachefs: Kill un-reverted directory i_size code bcachefs: Repair code for directory i_size bcachefs: delete dead code from may_delete_deleted_inode() bcachefs: Run may_delete_deleted_inode() checks in bch2_inode_rm() bcachefs: Fix subvol to missing root repair Krzysztof Kozlowski (1): dt-bindings: remoteproc: qcom,sm8150-pas: Add missing SC8180X compatible Lukasz Czechowski (1): dt-bindings: usb: cypress,hx3: Add support for all variants Nícolas F. R. A. Prado (1): pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms Pan Taixi (1): tracing: Fix compilation warning on arm32 Pritam Manohar Sutar (1): clk: samsung: correct clock summary for hsi1 block Qasim Ijaz (1): usb: typec: ucsi: fix Clang -Wsign-conversion warning Rafael J. Wysocki (1): Revert "x86/smp: Eliminate mwait_play_dead_cpuid_hint()" Sakari Ailus (1): Documentation: ACPI: Use all-string data node references Sergey Senozhatsky (1): thunderbolt: Do not double dequeue a configuration request Xu Yang (1): dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property

3 months, 1 week

1
1
0 0

Linux 6.12.33

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.33 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 Documentation/devicetree/bindings/usb/cypress,hx3.yaml | 19 +- Documentation/firmware-guide/acpi/dsd/data-node-references.rst | 26 +- Documentation/firmware-guide/acpi/dsd/graph.rst | 11 - Documentation/firmware-guide/acpi/dsd/leds.rst | 7 Makefile | 2 block/bio.c | 11 - drivers/accel/ivpu/ivpu_drv.c | 1 drivers/accel/ivpu/ivpu_drv.h | 10 - drivers/accel/ivpu/ivpu_fw.c | 3 drivers/accel/ivpu/ivpu_hw_40xx_reg.h | 2 drivers/accel/ivpu/ivpu_hw_ip.c | 49 +++-- drivers/bluetooth/hci_qca.c | 14 - drivers/cpufreq/acpi-cpufreq.c | 2 drivers/cpufreq/tegra186-cpufreq.c | 7 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 - drivers/pci/pcie/aspm.c | 92 +++++----- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 - drivers/rtc/class.c | 2 drivers/rtc/lib.c | 24 ++ drivers/thunderbolt/ctl.c | 5 drivers/tty/serial/jsm/jsm_tty.c | 1 drivers/usb/class/usbtmc.c | 4 drivers/usb/core/quirks.c | 3 drivers/usb/serial/pl2303.c | 2 drivers/usb/storage/unusual_uas.h | 7 drivers/usb/typec/ucsi/ucsi.h | 2 fs/f2fs/inode.c | 7 fs/f2fs/segment.h | 9 kernel/trace/trace.c | 2 30 files changed, 216 insertions(+), 141 deletions(-) Ajay Agarwal (1): PCI/ASPM: Disable L1 before disabling L1 PM Substates Alexandre Mergnat (2): rtc: Make rtc_time64_to_tm() support dates before 1970 rtc: Fix offset calculation for .start_secs < 0 Aurabindo Pillai (1): Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Bartosz Golaszewski (1): Bluetooth: hci_qca: move the SoC type check to the right place Chao Yu (1): f2fs: fix to avoid accessing uninitialized curseg Charles Yeh (1): USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Dave Penkler (1): usb: usbtmc: Fix timeout value in get_stb Dustin Lundquist (1): serial: jsm: fix NPE during jsm_uart_port_init Gabor Juhos (2): pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 pinctrl: armada-37xx: set GPIO output value before setting direction Gautham R. Shenoy (1): acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Greg Kroah-Hartman (1): Linux 6.12.33 Hongyu Xie (1): usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Jiayi Li (1): usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Jon Hunter (1): Revert "cpufreq: tegra186: Share policy per cluster" Karol Wachowski (1): accel/ivpu: Update power island delays Lukasz Czechowski (1): dt-bindings: usb: cypress,hx3: Add support for all variants Maciej Falkowski (1): accel/ivpu: Add initial Panther Lake support Ming Lei (1): block: fix adding folio to bio Pan Taixi (1): tracing: Fix compilation warning on arm32 Qasim Ijaz (1): usb: typec: ucsi: fix Clang -Wsign-conversion warning Sakari Ailus (1): Documentation: ACPI: Use all-string data node references Sergey Senozhatsky (1): thunderbolt: Do not double dequeue a configuration request Xu Yang (1): dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property

3 months, 1 week

1
1
0 0

[PATCH 1/2] PCI: Relaxed tail alignment should never increase min_align

by Ilpo Järvinen

When using relaxed tail alignment for the bridge window, pbus_size_mem() also tries to minimize min_align, which can under certain scenarios end up increasing min_align from that found by calculate_mem_align(). Ensure min_align is not increased by the relaxed tail alignment. Eventually, it would be better to add calculate_relaxed_head_align() similar to calculate_mem_align() which finds out what alignment can be used for the head without introducing any gaps into the bridge window to give flexibility on head address too. But that looks relatively complex algorithm so it requires much more testing than fixing the immediate problem causing a regression. Fixes: 67f9085596ee ("PCI: Allow relaxed bridge window tail sizing for optional resources") Reported-by: Rio <rio(a)r26.me> Tested-by: Rio <rio(a)r26.me> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> --- drivers/pci/setup-bus.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c index 07c3d021a47e..f90d49cd07da 100644 --- a/drivers/pci/setup-bus.c +++ b/drivers/pci/setup-bus.c @@ -1169,6 +1169,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, resource_size_t children_add_size = 0; resource_size_t children_add_align = 0; resource_size_t add_align = 0; + resource_size_t relaxed_align; if (!b_res) return -ENOSPC; @@ -1246,8 +1247,9 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, if (bus->self && size0 && !pbus_upstream_space_available(bus, mask | IORESOURCE_PREFETCH, type, size0, min_align)) { - min_align = 1ULL << (max_order + __ffs(SZ_1M)); - min_align = max(min_align, win_align); + relaxed_align = 1ULL << (max_order + __ffs(SZ_1M)); + relaxed_align = max(relaxed_align, win_align); + min_align = min(min_align, relaxed_align); size0 = calculate_memsize(size, min_size, 0, 0, resource_size(b_res), win_align); pci_info(bus->self, "bridge window %pR to %pR requires relaxed alignment rules\n", b_res, &bus->busn_res); @@ -1261,8 +1263,9 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, if (bus->self && size1 && !pbus_upstream_space_available(bus, mask | IORESOURCE_PREFETCH, type, size1, add_align)) { - min_align = 1ULL << (max_order + __ffs(SZ_1M)); - min_align = max(min_align, win_align); + relaxed_align = 1ULL << (max_order + __ffs(SZ_1M)); + relaxed_align = max(min_align, win_align); + min_align = min(min_align, relaxed_align); size1 = calculate_memsize(size, min_size, add_size, children_add_size, resource_size(b_res), win_align); pci_info(bus->self, -- 2.39.5

3 months, 1 week

2
2
0 0

[PATCH v1 0/4] Fix uprobe pte be overwritten when expanding vma

by Pu Lehui

From: Pu Lehui <pulehui(a)huawei.com> patch 1: the mainly fix for uprobe pte be overwritten issue. patch 2: WARN_ON_ONCE for new_pte not NULL during move_ptes. patch 3: extract some utils function for upcomming selftest. patch 4: selftest related to this series. v1: - limit skip uprobe_mmap to copy_vma flow. - add related selftest. - correct Fixes tag. RFC v2: https://lore.kernel.org/all/20250527132351.2050820-1-pulehui@huaweicloud.co… - skip uprobe_mmap on expanded vma. - add skip_vma_uprobe field to struct vma_prepare and vma_merge_struct. (Lorenzo) - add WARN_ON_ONCE when new_pte is not NULL. (Oleg) - Corrected some of the comments. RFC v1: https://lore.kernel.org/all/20250521092503.3116340-1-pulehui@huaweicloud.co… Pu Lehui (4): mm: Fix uprobe pte be overwritten when expanding vma mm: Expose abnormal new_pte during move_ptes selftests/mm: Extract read_sysfs and write_sysfs into vm_util selftests/mm: Add test about uprobe pte be orphan during vma merge mm/mremap.c | 2 ++ mm/vma.c | 20 ++++++++++-- mm/vma.h | 7 +++++ tools/testing/selftests/mm/ksm_tests.c | 32 ++------------------ tools/testing/selftests/mm/merge.c | 42 ++++++++++++++++++++++++++ tools/testing/selftests/mm/thuge-gen.c | 6 ++-- tools/testing/selftests/mm/vm_util.c | 38 +++++++++++++++++++++++ tools/testing/selftests/mm/vm_util.h | 2 ++ 8 files changed, 113 insertions(+), 36 deletions(-) -- 2.34.1

3 months, 1 week

9
29
0 0

[PATCH v1] xhci: dbctty: disable ECHO flag by default

by Łukasz Bartosik

When /dev/ttyDBC0 device is created then by default ECHO flag is set for the terminal device. However if data arrives from a peer before application using /dev/ttyDBC0 applies its set of terminal flags then the arriving data will be echoed which might not be desired behavior. Fixes: 4521f1613940 ("xhci: dbctty: split dbc tty driver registration and unregistration functions.") Signed-off-by: Łukasz Bartosik <ukaszb(a)chromium.org> --- drivers/usb/host/xhci-dbgtty.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/host/xhci-dbgtty.c b/drivers/usb/host/xhci-dbgtty.c index 60ed753c85bb..d894081d8d15 100644 --- a/drivers/usb/host/xhci-dbgtty.c +++ b/drivers/usb/host/xhci-dbgtty.c @@ -617,6 +617,7 @@ int dbc_tty_init(void) dbc_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; dbc_tty_driver->subtype = SERIAL_TYPE_NORMAL; dbc_tty_driver->init_termios = tty_std_termios; + dbc_tty_driver->init_termios.c_lflag &= ~ECHO; dbc_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; dbc_tty_driver->init_termios.c_ispeed = 9600; -- 2.50.0.rc0.642.g800a2b2222-goog

3 months, 1 week

2
1
0 0

[PATCH 2/2] PCI: Fix pdev_resources_assignable() disparity

by Ilpo Järvinen

pdev_sort_resources() uses pdev_resources_assignable() helper to decide if device's resources cannot be assigned. pbus_size_mem(), on the other hand, does not do the same check. This could lead into a situation where a resource ends up on realloc_head list but is not on the head list, which is turn prevents emptying the resource from the realloc_head list in __assign_resources_sorted(). A non-empty realloc_head is unacceptable because it triggers an internal sanity check as show in this log with a device that has class 0 (PCI_CLASS_NOT_DEFINED): pci 0001:01:00.0: [144d:a5a5] type 00 class 0x000000 PCIe Endpoint pci 0001:01:00.0: BAR 0 [mem 0x00000000-0x000fffff 64bit] pci 0001:01:00.0: ROM [mem 0x00000000-0x0000ffff pref] pci 0001:01:00.0: enabling Extended Tags pci 0001:01:00.0: PME# supported from D0 D3hot D3cold pci 0001:01:00.0: 15.752 Gb/s available PCIe bandwidth, limited by 8.0 GT/s PCIe x2 link at 0001:00:00.0 (capable of 31.506 Gb/s with 16.0 GT/s PCIe x2 link) pcieport 0001:00:00.0: bridge window [mem 0x00100000-0x001fffff] to [bus 01-ff] add_size 100000 add_align 100000 pcieport 0001:00:00.0: bridge window [mem 0x40000000-0x401fffff]: assigned ------------[ cut here ]------------ kernel BUG at drivers/pci/setup-bus.c:2532! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP ... Call trace: pci_assign_unassigned_bus_resources+0x110/0x114 (P) pci_rescan_bus+0x28/0x48 Use pdev_resources_assignable() also within pbus_size_mem() to skip processing of non-assignable resources which removes the disparity in between what resources pdev_sort_resources() and pbus_size_mem() consider. As non-assignable resources are no longer processed, they are not added to the realloc_head list, thus the sanity check no longer triggers. This disparity problem is very old but only now became apparent after the commit 2499f5348431 ("PCI: Rework optional resource handling") that made the ROM resources optional when calculating bridge window sizes which required adding the resource to the realloc_head list. Previously, bridge windows were just sized larger than necessary. Fixes: 2499f5348431 ("PCI: Rework optional resource handling") Reported-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> --- The reporter was perhaps not happy with this fix as behavior of PCI core isn't identical after this fix even if this patch fixes the problem on the PCI core side which causes the internal sanity check to fire. It seems that in the reporter's case, an out-of-tree driver was involved that performed things and made assumptions a driver should not do in its probe function such as assuming a bridge window is assigned even if there are not child resources to be put into it (the child device in reporter's case doesn't have a valid class and gets therefore skipped by the resource fitting/assignment): https://lore.kernel.org/all/bd579412-d07c-476d-8932-55c1f69adc9f@linaro.org/ In other words, the out-of-tree driver relies on the disparity in the PCI core's resource fitting code which is now eliminated by this fix. drivers/pci/setup-bus.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c index f90d49cd07da..24863d8d0053 100644 --- a/drivers/pci/setup-bus.c +++ b/drivers/pci/setup-bus.c @@ -1191,6 +1191,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, resource_size_t r_size; if (r->parent || (r->flags & IORESOURCE_PCI_FIXED) || + !pdev_resources_assignable(dev) || ((r->flags & mask) != type && (r->flags & mask) != type2 && (r->flags & mask) != type3)) -- 2.39.5

3 months, 1 week

2
1
0 0

[PATCH 5.10] blk-mq: Fix kmemleak in blk_mq_init_allocated_queue

by Denis Arefev

From: Chen Jun <chenjun102(a)huawei.com> commit 943f45b9399ed8b2b5190cbc797995edaa97f58f upstream. There is a kmemleak caused by modprobe null_blk.ko unreferenced object 0xffff8881acb1f000 (size 1024): comm "modprobe", pid 836, jiffies 4294971190 (age 27.068s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S...... backtrace: [<000000004a10c249>] kmalloc_node_trace+0x22/0x60 [<00000000648f7950>] blk_mq_alloc_and_init_hctx+0x289/0x350 [<00000000af06de0e>] blk_mq_realloc_hw_ctxs+0x2fe/0x3d0 [<00000000e00c1872>] blk_mq_init_allocated_queue+0x48c/0x1440 [<00000000d16b4e68>] __blk_mq_alloc_disk+0xc8/0x1c0 [<00000000d10c98c3>] 0xffffffffc450d69d [<00000000b9299f48>] 0xffffffffc4538392 [<0000000061c39ed6>] do_one_initcall+0xd0/0x4f0 [<00000000b389383b>] do_init_module+0x1a4/0x680 [<0000000087cf3542>] load_module+0x6249/0x7110 [<00000000beba61b8>] __do_sys_finit_module+0x140/0x200 [<00000000fdcfff51>] do_syscall_64+0x35/0x80 [<000000003c0f1f71>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 That is because q->ma_ops is set to NULL before blk_release_queue is called. blk_mq_init_queue_data blk_mq_init_allocated_queue blk_mq_realloc_hw_ctxs for (i = 0; i < set->nr_hw_queues; i++) { old_hctx = xa_load(&q->hctx_table, i); if (!blk_mq_alloc_and_init_hctx(.., i, ..)) [1] if (!old_hctx) break; xa_for_each_start(&q->hctx_table, j, hctx, j) blk_mq_exit_hctx(q, set, hctx, j); [2] if (!q->nr_hw_queues) [3] goto err_hctxs; err_exit: q->mq_ops = NULL; [4] blk_put_queue blk_release_queue if (queue_is_mq(q)) [5] blk_mq_release(q); [1]: blk_mq_alloc_and_init_hctx failed at i != 0. [2]: The hctxs allocated by [1] are moved to q->unused_hctx_list and will be cleaned up in blk_mq_release. [3]: q->nr_hw_queues is 0. [4]: Set q->mq_ops to NULL. [5]: queue_is_mq returns false due to [4]. And blk_mq_release will not be called. The hctxs in q->unused_hctx_list are leaked. To fix it, call blk_release_queue in exception path. Fixes: 2f8f1336a48b ("blk-mq: always free hctx after request queue is freed") Signed-off-by: Yuan Can <yuancan(a)huawei.com> Signed-off-by: Chen Jun <chenjun102(a)huawei.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20221031031242.94107-1-chenjun102@huawei.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> [Denis: minor fix to resolve merge conflict.] Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- Backport fix for CVE-2022-49901 Link: https://nvd.nist.gov/vuln/detail/CVE-2022-49901 --- block/blk-mq.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/block/blk-mq.c b/block/blk-mq.c index 21531aa163cb..6dd1398d0301 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -3335,9 +3335,8 @@ struct request_queue *blk_mq_init_allocated_queue(struct blk_mq_tag_set *set, return q; err_hctxs: - kfree(q->queue_hw_ctx); - q->nr_hw_queues = 0; - blk_mq_sysfs_deinit(q); + blk_mq_release(q); + err_poll: blk_stat_free_callback(q->poll_cb); q->poll_cb = NULL; -- 2.43.0

3 months, 1 week

1
0
0 0

[PATCH] usb: hub: fix detection of high tier USB3 devices behind suspended hubs

by Mathias Nyman

USB3 devices connected behind several external suspended hubs may not be detected when plugged in due to aggressive hub runtime pm suspend. The hub driver immediately runtime-suspends hubs if there are no active children or port activity. There is a delay between the wake signal causing hub resume, and driver visible port activity on the hub downstream facing ports. Most of the LFPS handshake, resume signaling and link training done on the downstream ports is not visible to the hub driver until completed, when device then will appear fully enabled and running on the port. This delay between wake signal and detectable port change is even more significant with chained suspended hubs where the wake signal will propagate upstream first. Suspended hubs will only start resuming downstream ports after upstream facing port resumes. The hub driver may resume a USB3 hub, read status of all ports, not yet see any activity, and runtime suspend back the hub before any port activity is visible. This exact case was seen when conncting USB3 devices to a suspended Thunderbolt dock. USB3 specification defines a 100ms tU3WakeupRetryDelay, indicating USB3 devices expect to be resumed within 100ms after signaling wake. if not then device will resend the wake signal. Give the USB3 hubs twice this time (200ms) to detect any port changes after resume, before allowing hub to runtime suspend again. Cc: stable(a)vger.kernel.org Fixes: 596d789a211d ("USB: set hub's default autosuspend delay as 0") Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/core/hub.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 770d1e91183c..5c12dfdef569 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -68,6 +68,12 @@ */ #define USB_SHORT_SET_ADDRESS_REQ_TIMEOUT 500 /* ms */ +/* + * Give SS hubs 200ms time after wake to train downstream links before + * assuming no port activity and allowing hub to runtime suspend back. + */ +#define USB_SS_PORT_U0_WAKE_TIME 200 /* ms */ + /* Protect struct usb_device->state and ->children members * Note: Both are also protected by ->dev.sem, except that ->state can * change to USB_STATE_NOTATTACHED even when the semaphore isn't held. */ @@ -1068,11 +1074,12 @@ int usb_remove_device(struct usb_device *udev) enum hub_activation_type { HUB_INIT, HUB_INIT2, HUB_INIT3, /* INITs must come first */ - HUB_POST_RESET, HUB_RESUME, HUB_RESET_RESUME, + HUB_POST_RESET, HUB_RESUME, HUB_RESET_RESUME, HUB_POST_RESUME, }; static void hub_init_func2(struct work_struct *ws); static void hub_init_func3(struct work_struct *ws); +static void hub_post_resume(struct work_struct *ws); static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) { @@ -1095,6 +1102,13 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) goto init2; goto init3; } + + if (type == HUB_POST_RESUME) { + usb_autopm_put_interface_async(to_usb_interface(hub->intfdev)); + hub_put(hub); + return; + } + hub_get(hub); /* The superspeed hub except for root hub has to use Hub Depth @@ -1343,6 +1357,16 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) device_unlock(&hdev->dev); } + if (type == HUB_RESUME && hub_is_superspeed(hub->hdev)) { + /* give usb3 downstream links training time after hub resume */ + INIT_DELAYED_WORK(&hub->init_work, hub_post_resume); + queue_delayed_work(system_power_efficient_wq, &hub->init_work, + msecs_to_jiffies(USB_SS_PORT_U0_WAKE_TIME)); + usb_autopm_get_interface_no_resume( + to_usb_interface(hub->intfdev)); + return; + } + hub_put(hub); } @@ -1361,6 +1385,13 @@ static void hub_init_func3(struct work_struct *ws) hub_activate(hub, HUB_INIT3); } +static void hub_post_resume(struct work_struct *ws) +{ + struct usb_hub *hub = container_of(ws, struct usb_hub, init_work.work); + + hub_activate(hub, HUB_POST_RESUME); +} + enum hub_quiescing_type { HUB_DISCONNECT, HUB_PRE_RESET, HUB_SUSPEND }; -- 2.43.0

3 months, 1 week

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror