- Linux-stable-mirror - lists.linaro.org

[PATCH] ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids()

by Miaoqian Lin

If krealloc_array() fails in iort_rmr_alloc_sids(), the function returns NULL but does not free the original 'sids' allocation. This results in a memory leak since the caller overwrites the original pointer with the NULL return value. Fixes: 491cf4a6735a ("ACPI/IORT: Add support to retrieve IORT RMR reserved regions") Cc: <stable(a)vger.kernel.org> Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- This follows the same pattern as the fix in commit 06615967d488 ("bpf, verifier: Fix memory leak in array reallocation for stack state"). --- drivers/acpi/arm64/iort.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c index 98759d6199d3..65f0f56ad753 100644 --- a/drivers/acpi/arm64/iort.c +++ b/drivers/acpi/arm64/iort.c @@ -937,8 +937,10 @@ static u32 *iort_rmr_alloc_sids(u32 *sids, u32 count, u32 id_start, new_sids = krealloc_array(sids, count + new_count, sizeof(*new_sids), GFP_KERNEL); - if (!new_sids) + if (!new_sids) { + kfree(sids); return NULL; + } for (i = count; i < total_count; i++) new_sids[i] = id_start++; -- 2.39.5 (Apple Git-154)

3 months, 2 weeks

4
3
0 0

[PATCH v6.16.y] drm/dp: Change AUX DPCD probe address to DP_TRAINING_PATTERN_SET

by Imre Deak

commit d34d6feaf4a76833effcec0b148b65946b04cde8 upstream. Change the AUX DPCD probe address to DP_TRAINING_PATTERN_SET. Using DP_DPCD_REV for this is not compliant with the DP Standard and it leads to link training failures at least on a DP2.0 docking station when using UHBR link rates. This patch is a revert of commit 944e732be9c3 ("drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS") and the corresponding fix for commit 05981233cf2e ("Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS") in the v6.16.y tree. This change is only meant to be applied in the v6.16.y tree, not in earlier stable trees. Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Sasha Levin <sashal(a)kernel.org> Cc: dri-devel(a)lists.freedesktop.org Cc: stable(a)vger.kernel.org # v6.16 Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c index f2a6559a27100..ea78c6c8ca7a6 100644 --- a/drivers/gpu/drm/display/drm_dp_helper.c +++ b/drivers/gpu/drm/display/drm_dp_helper.c @@ -725,7 +725,7 @@ ssize_t drm_dp_dpcd_read(struct drm_dp_aux *aux, unsigned int offset, * monitor doesn't power down exactly after the throw away read. */ if (!aux->is_remote) { - ret = drm_dp_dpcd_probe(aux, DP_DPCD_REV); + ret = drm_dp_dpcd_probe(aux, DP_TRAINING_PATTERN_SET); if (ret < 0) return ret; } -- 2.49.1

3 months, 2 weeks

1
0
0 0

[GIT PULL 6.18 1/2] xfs: improve online repair reap calculations

by Darrick J. Wong

Hi Carlos, Please pull this branch with changes for xfs. As usual, I did a test-merge with the main upstream branch as of a few minutes ago, and didn't see any conflicts. Please let me know if you encounter any problems. --D The following changes since commit b320789d6883cc00ac78ce83bccbfe7ed58afcf0: Linux 6.17-rc4 (2025-08-31 15:33:07 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git tags/fix-scrub-reap-calculations_2025-09-05 for you to fetch changes up to 07c34f8cef69cb8eeef69c18d6cf0c04fbee3cb3: xfs: use deferred reaping for data device cow extents (2025-09-05 08:48:23 -0700) ---------------------------------------------------------------- xfs: improve online repair reap calculations [6.18 v2 1/2] A few months ago, the multi-fsblock untorn writes patchset added a bunch of log intent item helper functions to estimate the number of intent items that could be added to a particular transaction. Those helpers enabled us to compute a safe upper bound on the number of blocks that could be written in an untorn fashion with filesystem-provided out of place writes. Currently, the online fsck code employs static limits on the number of intent items that it's willing to accrue to a single transaction when it's trying to reap what it thinks are the old blocks from a corrupt structure. There have been no problems reported with this approach after years of testing, but static limits are scary and gross because overestimating the intent item limit could result in transaction overflows and dead filesystems; and underestimating causes unnecessary overhead. This series uses the new log intent item size helpers to estimate the limits dynamically based on worst-case per-block repair work vs. the size of the scrub transaction. After several months of testing this, there don't seem to be any problems here either. v2: rearrange patches, add review tags This has been running on the djcloud for months with no problems. Enjoy! Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> ---------------------------------------------------------------- Darrick J. Wong (9): xfs: use deferred intent items for reaping crosslinked blocks xfs: prepare reaping code for dynamic limits xfs: convert the ifork reap code to use xreap_state xfs: compute per-AG extent reap limits dynamically xfs: compute data device CoW staging extent reap limits dynamically xfs: compute realtime device CoW staging extent reap limits dynamically xfs: compute file mapping reap limits dynamically xfs: remove static reap limits from repair.h xfs: use deferred reaping for data device cow extents fs/xfs/scrub/repair.h | 8 - fs/xfs/scrub/trace.h | 45 ++++ fs/xfs/scrub/newbt.c | 9 + fs/xfs/scrub/reap.c | 622 ++++++++++++++++++++++++++++++++++++++++---------- fs/xfs/scrub/trace.c | 1 + 5 files changed, 554 insertions(+), 131 deletions(-)

3 months, 2 weeks

1
0
0 0

[PATCH 6.16 000/142] 6.16.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.16.5 release. There are 142 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Sep 2025 13:19:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.16.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.16.5-rc1 Mason Chang <mason-cw.chang(a)mediatek.com> thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands Mason Chang <mason-cw.chang(a)mediatek.com> thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data Mason Chang <mason-cw.chang(a)mediatek.com> thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const Imre Deak <imre.deak(a)intel.com> Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: request the waitqueue irq *after* initializing SCM Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: initialize tzmem before marking SCM as available Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: take struct device as argument in SHM bridge enable Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: remove unused arguments from SHM bridge routines Eric Dumazet <edumazet(a)google.com> net: rose: fix a typo in rose_clear_routes() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx12: set MQD as appriopriate for queue types Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: set MQD as appriopriate for queue types Jesse.Zhang <Jesse.Zhang(a)amd.com> drm/amdgpu: update firmware version checks for user queue support Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/userq: fix error handling of invalid doorbell Yang Wang <kevinyang.wang(a)amd.com> drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode Ma Ke <make24(a)iscas.ac.cn> drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv Nathan Chancellor <nathan(a)kernel.org> drm/msm/dpu: Initialize crtc_state to NULL in dpu_plane_virtual_atomic_check() Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 James Jones <jajones(a)nvidia.com> drm/nouveau/disp: Always accept linear modifier Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/vm: Clear the scratch_pt pointer on error Eric Sandeen <sandeen(a)redhat.com> xfs: do not propagate ENODATA disk errors into xattr code Steve French <stfrench(a)microsoft.com> smb3 client: fix return code mapping of remap_file_range Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions Shuhao Fu <sfual(a)cse.ust.hk> fs/smb: Fix inconsistent refcnt update Shanker Donthineni <sdonthineni(a)nvidia.com> dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted Bart Van Assche <bvanassche(a)acm.org> blk-zoned: Fix a lockdep complaint about recursive locking Kees Cook <kees(a)kernel.org> arm64: mm: Fix CFI failure due to kpti_ng_pgd_alloc function signature Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: fix incorrect vm flags to map bo" Minjong Kim <minbell.kim(a)samsung.com> HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() Ping Cheng <pinglinux(a)gmail.com> HID: wacom: Add a new Art Pen 2 Matt Coffin <mcoffin13(a)gmail.com> HID: logitech: Add ids for G PRO 2 LIGHTSPEED Antheas Kapenekakis <lkml(a)antheas.dev> HID: quirks: add support for Legion Go dual dinput modes Martin Hilgendorf <martin.hilgendorf(a)posteo.de> HID: elecom: add support for ELECOM M-DT2DRBK Qasim Ijaz <qasdev00(a)gmail.com> HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() Qasim Ijaz <qasdev00(a)gmail.com> HID: asus: fix UAF via HID_CLAIMED_INPUT validation K Prateek Nayak <kprateek.nayak(a)amd.com> x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Handle the case of no BIOS microcode Suchit Karunakaran <suchitkarunakaran(a)gmail.com> x86/cpu/intel: Fix the constant_tsc model check for Pentium 4 Radim Krčmář <rkrcmar(a)ventanamicro.com> RISC-V: KVM: fix stack overrun when loading vlenb Thijs Raymakers <thijs(a)raymakers.nl> KVM: x86: use array_index_nospec with indices that come from guest Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> drm/mediatek: mtk_hdmi: Fix inverted parameters in some regmap_update_bits calls Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths Neil Mandir <neil.mandir(a)seco.com> net: macb: Disable clocks once Li Nan <linan122(a)huawei.com> efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Alexander Duyck <alexanderduyck(a)fb.com> fbnic: Move phylink resume out of service_task and into open/close Eric Dumazet <edumazet(a)google.com> l2tp: do not use sock_hold() in pppol2tp_session_get_sock() Eric Dumazet <edumazet(a)google.com> sctp: initialize more fields in sctp_v6_from_sk() Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: include node references in rose_neigh refcount Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: convert 'use' field to refcount_t Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: split remove and free operations in rose_remove_neigh() Qingyue Zhang <chunzhennn(a)qq.com> io_uring/kbuf: fix signedness in this_len calculation Dipayaan Roy <dipayanroy(a)linux.microsoft.com> net: hv_netvsc: fix loss of early receive events from host during channel open. Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: Set CIC bit only for TX queues with COE Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Correct supported speed modes Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Set local Xoff after FW update Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon port speed set Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon MTU set Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Prevent flow steering mode changes in switchdev mode Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Nack sync reset when SFs are present Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix lockdep assertion on sync reset unload event Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Reload auxiliary drivers on fw_activate Lama Kayal <lkayal(a)nvidia.com> net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path Lama Kayal <lkayal(a)nvidia.com> net/mlx5: HWS, Fix uninitialized variables in mlx5hws_pat_calc_nop error flow Lama Kayal <lkayal(a)nvidia.com> net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow Lama Kayal <lkayal(a)nvidia.com> net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix stats context reservation logic Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Adjust TX rings if reservation is less than requested Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> bnxt_en: Fix memory corruption when FW resources change during ifdown Sean Anderson <sean.anderson(a)linux.dev> net: macb: Fix offset error in gem_update_stats Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix when PTP clock is register and unregister Nilay Shroff <nilay(a)linux.ibm.com> block: validate QoS before calling __rq_qos_done_bio() Matthew Brost <matthew.brost(a)intel.com> drm/xe: Don't trigger rebind on initial dma-buf validation Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/vm: Don't pin the vm_resv during validation Zbigniew Kempczyński <zbigniew.kempczynski(a)intel.com> drm/xe/xe_sync: avoid race during ufence signaling Jan Kiszka <jan.kiszka(a)siemens.com> efi: stmm: Fix incorrect buffer allocation method Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: fix multicast stats being counted incorrectly Vladimir Riabchun <ferr.lambarginio(a)gmail.com> mISDN: hfcpci: Fix warning when deleting uninitialized timer Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: Fix NIX X2P calibration failures Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2: Set appropriate PF, VF masks and shifts based on silicon Chenyuan Yang <chenyuan0y(a)gmail.com> drm/msm/dpu: Add a null ptr check for dpu_encoder_needs_modeset Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> dt-bindings: display/msm: qcom,mdp5: drop lut clock Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: fix ixgbe_orom_civd_info struct layout Michal Kubiak <michal.kubiak(a)intel.com> ice: fix incorrect counter for buffer allocation failures Jacob Keller <jacob.e.keller(a)intel.com> ice: use fixed adapter index for E825C embedded devices Jacob Keller <jacob.e.keller(a)intel.com> ice: don't leave device non-functional if Tx scheduler config fails Emil Tantilov <emil.s.tantilov(a)intel.com> ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: remove unused memory target test Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr Kuniyuki Iwashima <kuniyu(a)google.com> atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-vf: Fix max packet length errors Mina Almasry <almasrymina(a)google.com> page_pool: fix incorrect mp_ops error handling Pavel Shpakovskiy <pashpakovskii(a)salutedevices.com> Bluetooth: hci_sync: fix set_local_name race condition Yang Li <yang.li(a)amlogic.com> Bluetooth: hci_event: Disconnect device when BIG sync is lost Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced Ludovico de Nittis <ludovico.denittis(a)collabora.com> Bluetooth: hci_event: Mark connection as closed during suspend disconnect Ludovico de Nittis <ludovico.denittis(a)collabora.com> Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Make unacked packet handling more robust luoguangfei <15388634752(a)163.com> net: macb: fix unregister_netdev call order in macb_remove() Joshua Hay <joshua.a.hay(a)intel.com> idpf: stop Tx if there are insufficient buffer resources Joshua Hay <joshua.a.hay(a)intel.com> idpf: replace flow scheduling buffer ring with buffer pool Joshua Hay <joshua.a.hay(a)intel.com> idpf: simplify and fix splitq Tx packet rollback error path Joshua Hay <joshua.a.hay(a)intel.com> idpf: add support for Tx refillqs in flow scheduling mode José Expósito <jose.exposito89(a)gmail.com> HID: input: report battery status changes immediately José Expósito <jose.exposito89(a)gmail.com> HID: input: rename hidinput_set_battery_charge_status() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kvm: Fix ifdef to remove build warning Jason-JH Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Add error handling for old state CRTC in atomic_disable Ayushi Makhija <quic_amakhija(a)quicinc.com> drm/msm: update the high bitfield of certain DSI registers Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/msm/dpu: correct dpu_plane_virtual_atomic_check() Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/msm/kms: move snapshot init earlier in KMS init Even Xu <even.xu(a)intel.com> HID: intel-thc-hid: Intel-quicki2c: Enhance driver re-install flow Aaron Ma <aaron.ma(a)canonical.com> HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Aaron Ma <aaron.ma(a)canonical.com> HID: intel-thc-hid: intel-quicki2c: Fix ACPI dsd ICRS/ISUB length Oreoluwa Babatunde <oreoluwa.babatunde(a)oss.qualcomm.com> of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Defer fd_install in SUBMIT ioctl Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix regression in local-broadcast routes Nikolay Kuratov <kniv(a)yandex-team.ru> vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() Dongcheng Yan <dongcheng.yan(a)intel.com> platform/x86: int3472: add hpd pin support Fengnan Chang <changfengnan(a)bytedance.com> io_uring/io-wq: add check free worker before create new worker Junli Liu <liujunli(a)lixiang.com> erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC Yuezhang Mo <Yuezhang.Mo(a)sony.com> erofs: Fallback to normal access if DAX is not supported on extra device Shuming Fan <shumingf(a)realtek.com> ASoC: rt1320: fix random cycle mute issue Shuming Fan <shumingf(a)realtek.com> ASoC: rt721: fix FU33 Boost Volume control not working Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: tx-macro: correct tx_macro_component_drv name Paulo Alcantara <pc(a)manguebit.org> smb: client: fix race with concurrent opens in rename(2) Paulo Alcantara <pc(a)manguebit.org> smb: client: fix race with concurrent opens in unlink(2) Damien Le Moal <dlemoal(a)kernel.org> scsi: core: sysfs: Correct sysfs attributes access rights Namhyung Kim <namhyung(a)kernel.org> vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER Igor Torrente <igor.torrente(a)collabora.com> Revert "virtio: reject shm region if length is zero" Ian Rogers <irogers(a)google.com> perf symbol-minimal: Fix ehdr reading in filename__read_build_id Tengda Wu <wutengda(a)huaweicloud.com> ftrace: Fix potential warning in trace_printk_seq during ftrace_dump Steven Rostedt <rostedt(a)goodmis.org> fgraph: Copy args in intermediate storage with entry Dan Carpenter <dan.carpenter(a)linaro.org> of: dynamic: Fix use after free in of_changeset_add_prop_helper() Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename the etop node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: dts: lantiq: danube: add missing burst length property Lorenzo Bianconi <lorenzo(a)kernel.org> pinctrl: airoha: Fix return value in pinconf callbacks Randy Dunlap <rdunlap(a)infradead.org> pinctrl: STMFX: add missing HAS_IOMEM dependency Rob Herring (Arm) <robh(a)kernel.org> of: reserved_mem: Add missing IORESOURCE_MEM flag on resources Lizhi Hou <lizhi.hou(a)amd.com> of: dynamic: Fix memleak when of_pci_add_properties() failed Ye Weihua <yeweihua4(a)huawei.com> trace/fgraph: Fix the warning caused by missing unregister notifier Tao Chen <chen.dylane(a)linux.dev> rtla: Check pkg-config install Tao Chen <chen.dylane(a)linux.dev> tools/latency-collector: Check pkg-config install Yunseong Kim <ysk(a)kzalloc.com> perf: Avoid undefined behavior from stopping/starting inactive events ------------- Diffstat: .../devicetree/bindings/display/msm/qcom,mdp5.yaml | 1 - Makefile | 4 +- arch/arm64/include/asm/mmu.h | 7 + arch/arm64/kernel/cpufeature.c | 5 +- arch/arm64/mm/mmu.c | 7 - arch/mips/boot/dts/lantiq/danube_easy50712.dts | 5 +- arch/mips/lantiq/xway/sysctrl.c | 10 +- arch/powerpc/kernel/kvm.c | 8 +- arch/riscv/kvm/vcpu_vector.c | 2 + arch/x86/kernel/cpu/intel.c | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 22 +- arch/x86/kernel/cpu/topology_amd.c | 27 +- arch/x86/kvm/lapic.c | 2 + arch/x86/kvm/x86.c | 7 +- block/blk-rq-qos.h | 13 +- block/blk-zoned.c | 11 +- drivers/atm/atmtcp.c | 17 +- drivers/crypto/marvell/octeontx2/otx2_cpt_common.h | 5 +- drivers/crypto/marvell/octeontx2/otx2_cptpf_mbox.c | 13 +- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 4 +- drivers/crypto/marvell/octeontx2/otx2_cptvf_mbox.c | 6 +- drivers/firmware/efi/stmm/tee_stmm_efi.c | 21 +- drivers/firmware/qcom/qcom_scm.c | 95 +++-- drivers/firmware/qcom/qcom_scm.h | 1 + drivers/firmware/qcom/qcom_tzmem.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_userq.c | 1 + drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 14 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 8 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 18 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 21 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 8 +- drivers/gpu/drm/mediatek/mtk_plane.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 2 + drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 4 +- drivers/gpu/drm/msm/msm_gem_submit.c | 14 +- drivers/gpu/drm/msm/msm_kms.c | 10 +- drivers/gpu/drm/msm/registers/display/dsi.xml | 28 +- drivers/gpu/drm/nouveau/dispnv50/wndw.c | 4 + drivers/gpu/drm/nouveau/nvkm/falcon/gm200.c | 15 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c | 5 +- drivers/gpu/drm/xe/xe_bo.c | 8 +- drivers/gpu/drm/xe/xe_sync.c | 2 +- drivers/gpu/drm/xe/xe_vm.c | 8 +- drivers/gpu/drm/xe/xe_vm.h | 15 +- drivers/hid/hid-asus.c | 8 +- drivers/hid/hid-elecom.c | 2 + drivers/hid/hid-ids.h | 4 + drivers/hid/hid-input-test.c | 10 +- drivers/hid/hid-input.c | 51 ++- drivers/hid/hid-logitech-dj.c | 4 + drivers/hid/hid-logitech-hidpp.c | 2 + drivers/hid/hid-multitouch.c | 8 + drivers/hid/hid-ntrig.c | 3 + drivers/hid/hid-quirks.c | 3 + .../intel-thc-hid/intel-quicki2c/pci-quicki2c.c | 1 + .../intel-thc-hid/intel-quicki2c/quicki2c-dev.h | 2 + .../hid/intel-thc-hid/intel-thc/intel-thc-dev.c | 4 +- drivers/hid/wacom_wac.c | 1 + drivers/isdn/hardware/mISDN/hfcpci.c | 12 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 36 +- drivers/net/ethernet/cadence/macb_main.c | 11 +- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/intel/ice/ice.h | 1 + drivers/net/ethernet/intel/ice/ice_adapter.c | 49 ++- drivers/net/ethernet/intel/ice/ice_adapter.h | 4 +- drivers/net/ethernet/intel/ice/ice_ddp.c | 44 ++- drivers/net/ethernet/intel/ice/ice_idc.c | 10 +- drivers/net/ethernet/intel/ice/ice_main.c | 16 +- drivers/net/ethernet/intel/ice/ice_txrx.c | 2 +- .../net/ethernet/intel/idpf/idpf_singleq_txrx.c | 61 ++- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 411 ++++++++++++--------- drivers/net/ethernet/intel/idpf/idpf_txrx.h | 38 +- drivers/net/ethernet/intel/ixgbe/ixgbe_e610.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_type_e610.h | 2 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 7 + .../net/ethernet/marvell/octeontx2/af/mcs_rvu_if.c | 6 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 30 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 66 +++- .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 68 ++-- .../net/ethernet/marvell/octeontx2/af/rvu_cn10k.c | 4 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 4 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 22 +- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 54 +-- .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_npc_hash.c | 16 +- .../ethernet/marvell/octeontx2/af/rvu_npc_hash.h | 4 +- .../net/ethernet/marvell/octeontx2/af/rvu_rep.c | 13 +- .../net/ethernet/marvell/octeontx2/af/rvu_sdp.c | 10 +- .../net/ethernet/marvell/octeontx2/af/rvu_switch.c | 8 +- .../ethernet/marvell/octeontx2/nic/cn10k_ipsec.c | 2 +- .../ethernet/marvell/octeontx2/nic/cn10k_ipsec.h | 2 +- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 4 +- .../ethernet/marvell/octeontx2/nic/otx2_common.h | 12 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 24 +- .../net/ethernet/marvell/octeontx2/nic/otx2_reg.h | 30 -- .../net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 3 +- .../net/ethernet/marvell/octeontx2/nic/otx2_vf.c | 10 + drivers/net/ethernet/marvell/octeontx2/nic/rep.c | 20 +- drivers/net/ethernet/marvell/octeontx2/nic/rep.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 3 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 15 +- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 132 ++++--- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.h | 1 + .../net/ethernet/mellanox/mlx5/core/sf/devlink.c | 10 + drivers/net/ethernet/mellanox/mlx5/core/sf/sf.h | 6 + .../mellanox/mlx5/core/steering/hws/action.c | 2 +- .../mellanox/mlx5/core/steering/hws/pat_arg.c | 6 +- .../mellanox/mlx5/core/steering/hws/pool.c | 1 + drivers/net/ethernet/meta/fbnic/fbnic_netdev.c | 4 + drivers/net/ethernet/meta/fbnic/fbnic_pci.c | 2 - .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 13 +- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 9 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 +- drivers/net/hyperv/netvsc.c | 17 +- drivers/net/hyperv/rndis_filter.c | 23 +- drivers/net/phy/mscc/mscc.h | 4 + drivers/net/phy/mscc/mscc_main.c | 4 +- drivers/net/phy/mscc/mscc_ptp.c | 34 +- drivers/net/usb/qmi_wwan.c | 3 + drivers/of/dynamic.c | 9 +- drivers/of/of_reserved_mem.c | 17 +- drivers/pinctrl/Kconfig | 1 + drivers/pinctrl/mediatek/pinctrl-airoha.c | 8 +- drivers/platform/x86/intel/int3472/discrete.c | 6 + drivers/scsi/scsi_sysfs.c | 4 +- drivers/thermal/mediatek/lvts_thermal.c | 74 +++- drivers/vhost/net.c | 9 +- fs/efivarfs/super.c | 4 + fs/erofs/super.c | 24 +- fs/erofs/zdata.c | 13 +- fs/smb/client/cifsfs.c | 14 + fs/smb/client/inode.c | 34 +- fs/smb/client/smb2inode.c | 7 +- fs/xfs/libxfs/xfs_attr_remote.c | 7 + fs/xfs/libxfs/xfs_da_btree.c | 6 + include/linux/atmdev.h | 1 + include/linux/dma-map-ops.h | 3 + include/linux/firmware/qcom/qcom_scm.h | 5 +- include/linux/platform_data/x86/int3472.h | 1 + include/linux/soc/marvell/silicons.h | 25 ++ include/linux/virtio_config.h | 2 - include/net/bluetooth/hci_sync.h | 2 +- include/net/rose.h | 18 +- include/uapi/linux/vhost.h | 4 +- io_uring/io-wq.c | 8 + io_uring/kbuf.c | 20 +- kernel/dma/contiguous.c | 2 - kernel/dma/pool.c | 4 +- kernel/events/core.c | 6 + kernel/trace/fgraph.c | 1 + kernel/trace/trace.c | 4 +- kernel/trace/trace_functions_graph.c | 22 +- net/atm/common.c | 15 +- net/bluetooth/hci_conn.c | 58 ++- net/bluetooth/hci_event.c | 25 +- net/bluetooth/hci_sync.c | 6 +- net/bluetooth/mgmt.c | 9 +- net/core/page_pool.c | 6 +- net/ipv4/route.c | 10 +- net/l2tp/l2tp_ppp.c | 25 +- net/rose/af_rose.c | 13 +- net/rose/rose_in.c | 12 +- net/rose/rose_route.c | 62 ++-- net/rose/rose_timer.c | 2 +- net/sctp/ipv6.c | 2 + sound/soc/codecs/lpass-tx-macro.c | 2 +- sound/soc/codecs/rt1320-sdw.c | 3 +- sound/soc/codecs/rt721-sdca.c | 2 + sound/soc/codecs/rt721-sdca.h | 4 + tools/perf/util/symbol-minimal.c | 55 ++- tools/tracing/latency/Makefile.config | 8 + tools/tracing/rtla/Makefile.config | 8 + 177 files changed, 1765 insertions(+), 987 deletions(-)

3 months, 2 weeks

15
160
0 0

[PATCHSET 6.18 v2 1/2] xfs: improve online repair reap calculations

by Darrick J. Wong

Hi all, A few months ago, the multi-fsblock untorn writes patchset added a bunch of log intent item helper functions to estimate the number of intent items that could be added to a particular transaction. Those helpers enabled us to compute a safe upper bound on the number of blocks that could be written in an untorn fashion with filesystem-provided out of place writes. Currently, the online fsck code employs static limits on the number of intent items that it's willing to accrue to a single transaction when it's trying to reap what it thinks are the old blocks from a corrupt structure. There have been no problems reported with this approach after years of testing, but static limits are scary and gross because overestimating the intent item limit could result in transaction overflows and dead filesystems; and underestimating causes unnecessary overhead. This series uses the new log intent item size helpers to estimate the limits dynamically based on worst-case per-block repair work vs. the size of the scrub transaction. After several months of testing this, there don't seem to be any problems here either. v2: rearrange patches, add review tags If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. This has been running on the djcloud for months with no problems. Enjoy! Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=fi… --- Commits in this patchset: * xfs: use deferred intent items for reaping crosslinked blocks * xfs: prepare reaping code for dynamic limits * xfs: convert the ifork reap code to use xreap_state * xfs: compute per-AG extent reap limits dynamically * xfs: compute data device CoW staging extent reap limits dynamically * xfs: compute realtime device CoW staging extent reap limits dynamically * xfs: compute file mapping reap limits dynamically * xfs: remove static reap limits from repair.h * xfs: use deferred reaping for data device cow extents --- fs/xfs/scrub/repair.h | 8 - fs/xfs/scrub/trace.h | 45 ++++ fs/xfs/scrub/newbt.c | 9 + fs/xfs/scrub/reap.c | 622 +++++++++++++++++++++++++++++++++++++++---------- fs/xfs/scrub/trace.c | 1 5 files changed, 554 insertions(+), 131 deletions(-)

3 months, 2 weeks

1
1
0 0

FAILED: patch "[PATCH] randstruct: gcc-plugin: Fix attribute addition" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f39f18f3c3531aa802b58a20d39d96e82eb96c14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060527-upwind-coveting-bcba@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f39f18f3c3531aa802b58a20d39d96e82eb96c14 Mon Sep 17 00:00:00 2001 From: Kees Cook <kees(a)kernel.org> Date: Fri, 30 May 2025 15:18:28 -0700 Subject: [PATCH] randstruct: gcc-plugin: Fix attribute addition Based on changes in the 2021 public version of the randstruct out-of-tree GCC plugin[1], more carefully update the attributes on resulting decls, to avoid tripping checks in GCC 15's comptypes_check_enum_int() when it has been configured with "--enable-checking=misc": arch/arm64/kernel/kexec_image.c:132:14: internal compiler error: in comptypes_check_enum_int, at c/c-typeck.cc:1519 132 | const struct kexec_file_ops kexec_image_ops = { | ^~~~~~~~~~~~~~ internal_error(char const*, ...), at gcc/gcc/diagnostic-global-context.cc:517 fancy_abort(char const*, int, char const*), at gcc/gcc/diagnostic.cc:1803 comptypes_check_enum_int(tree_node*, tree_node*, bool*), at gcc/gcc/c/c-typeck.cc:1519 ... Link: https://archive.org/download/grsecurity/grsecurity-3.1-5.10.41-202105280954… [1] Reported-by: Thiago Jung Bauermann <thiago.bauermann(a)linaro.org> Closes: https://github.com/KSPP/linux/issues/367 Closes: https://lore.kernel.org/lkml/20250530000646.104457-1-thiago.bauermann@linar… Reported-by: Ingo Saitz <ingo(a)hannover.ccc.de> Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104745 Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin") Tested-by: Thiago Jung Bauermann <thiago.bauermann(a)linaro.org> Link: https://lore.kernel.org/r/20250530221824.work.623-kees@kernel.org Signed-off-by: Kees Cook <kees(a)kernel.org> diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h index 3222c1070444..ef12c8f929ed 100644 --- a/scripts/gcc-plugins/gcc-common.h +++ b/scripts/gcc-plugins/gcc-common.h @@ -123,6 +123,38 @@ static inline tree build_const_char_string(int len, const char *str) return cstr; } +static inline void __add_type_attr(tree type, const char *attr, tree args) +{ + tree oldattr; + + if (type == NULL_TREE) + return; + oldattr = lookup_attribute(attr, TYPE_ATTRIBUTES(type)); + if (oldattr != NULL_TREE) { + gcc_assert(TREE_VALUE(oldattr) == args || TREE_VALUE(TREE_VALUE(oldattr)) == TREE_VALUE(args)); + return; + } + + TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); + TYPE_ATTRIBUTES(type) = tree_cons(get_identifier(attr), args, TYPE_ATTRIBUTES(type)); +} + +static inline void add_type_attr(tree type, const char *attr, tree args) +{ + tree main_variant = TYPE_MAIN_VARIANT(type); + + __add_type_attr(TYPE_CANONICAL(type), attr, args); + __add_type_attr(TYPE_CANONICAL(main_variant), attr, args); + __add_type_attr(main_variant, attr, args); + + for (type = TYPE_NEXT_VARIANT(main_variant); type; type = TYPE_NEXT_VARIANT(type)) { + if (!lookup_attribute(attr, TYPE_ATTRIBUTES(type))) + TYPE_ATTRIBUTES(type) = TYPE_ATTRIBUTES(main_variant); + + __add_type_attr(TYPE_CANONICAL(type), attr, args); + } +} + #define PASS_INFO(NAME, REF, ID, POS) \ struct register_pass_info NAME##_pass_info = { \ .pass = make_##NAME##_pass(), \ diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index 971a1908a8cc..ff65a4f87f24 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -73,6 +73,9 @@ static tree handle_randomize_layout_attr(tree *node, tree name, tree args, int f if (TYPE_P(*node)) { type = *node; + } else if (TREE_CODE(*node) == FIELD_DECL) { + *no_add_attrs = false; + return NULL_TREE; } else { gcc_assert(TREE_CODE(*node) == TYPE_DECL); type = TREE_TYPE(*node); @@ -348,15 +351,14 @@ static int relayout_struct(tree type) TREE_CHAIN(newtree[i]) = newtree[i+1]; TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE; + add_type_attr(type, "randomize_performed", NULL_TREE); + add_type_attr(type, "designated_init", NULL_TREE); + if (has_flexarray) + add_type_attr(type, "has_flexarray", NULL_TREE); + main_variant = TYPE_MAIN_VARIANT(type); - for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) { + for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) TYPE_FIELDS(variant) = newtree[0]; - TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("designated_init"), NULL_TREE, TYPE_ATTRIBUTES(variant)); - if (has_flexarray) - TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("has_flexarray"), NULL_TREE, TYPE_ATTRIBUTES(type)); - } /* * force a re-layout of the main variant @@ -424,10 +426,8 @@ static void randomize_type(tree type) if (lookup_attribute("randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type))) || is_pure_ops_struct(type)) relayout_struct(type); - for (variant = TYPE_MAIN_VARIANT(type); variant; variant = TYPE_NEXT_VARIANT(variant)) { - TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); - TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("randomize_considered"), NULL_TREE, TYPE_ATTRIBUTES(type)); - } + add_type_attr(type, "randomize_considered", NULL_TREE); + #ifdef __DEBUG_PLUGIN fprintf(stderr, "Marking randomize_considered on struct %s\n", ORIG_TYPE_NAME(type)); #ifdef __DEBUG_VERBOSE

3 months, 2 weeks

2
2
0 0

[PATCH] x86/boot/compressed/64: clear high flags from pgd entry in configure_5level_paging

by Eric Hagberg

In commit d0ceea662d45 ("x86/mm: Add _PAGE_NOPTISHADOW bit to avoid updating userspace page tables") we started setting _PAGE_NOPTISHADOW (bit 58) in identity map PTEs created by kernel_ident_mapping_init. In configure_5level_paging when transiting from 5-level paging to 4-level paging we copy the first p4d to become our new (4-level) pgd by dereferencing the first entry in the current pgd, but we only mask off the low 12 bits in the pgd entry. When kexecing, the previous kernel sets up an identity map using kernel_ident_mapping_init before transiting to the new kernel, which means the new kernel gets a pgd with entries with bit 58 set. Then we mask off only the low 12 bits, resulting in a non-canonical address, and try to copy from it, and fault. Fixes: d0ceea662d45 ("x86/mm: Add _PAGE_NOPTISHADOW bit to avoid updating userspace page tables") Signed-off-by: Eric Hagberg <ehagberg(a)janestreet.com> Cc: stable(a)vger.kernel.org --- arch/x86/boot/compressed/pgtable_64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/pgtable_64.c b/arch/x86/boot/compressed/pgtable_64.c index bdd26050dff7..c785c5d54a11 100644 --- a/arch/x86/boot/compressed/pgtable_64.c +++ b/arch/x86/boot/compressed/pgtable_64.c @@ -180,7 +180,7 @@ asmlinkage void configure_5level_paging(struct boot_params *bp, void *pgtable) * We cannot just point to the page table from trampoline as it * may be above 4G. */ - src = *(unsigned long *)__native_read_cr3() & PAGE_MASK; + src = *(unsigned long *)__native_read_cr3() & PTE_PFN_MASK; memcpy(trampoline_32bit, (void *)src, PAGE_SIZE); } -- 2.43.7

3 months, 2 weeks

1
0
0 0

Crypto Loan Pre-Approval

by Lucy Seinfield

Hello linux-stable-mirror, Are you looking for a loan to either increase your activity or to carry out a project. We offer Crypto Loans at 2-7% interest rate with or without a credit check. We also pay 1% commission to brokers, who introduce project owners for finance or other opportunities. Please get back to me if you are interested in more details. Best Regards, Lucy Seinfield Assistant Secretary

3 months, 2 weeks

1
0
0 0

[PATCH v2] bus: mhi: ep: Fix chained transfer handling in read path

by Sumit Kumar

From: Sumit Kumar <sumk(a)qti.qualcomm.com> The current implementation of mhi_ep_read_channel, in case of chained transactions, assumes the End of Transfer(EOT) bit is received with the doorbell. As a result, it may incorrectly advance mhi_chan->rd_offset beyond wr_offset during host-to-device transfers when EOT has not yet arrived. This can lead to access of unmapped host memory, causing IOMMU faults and processing of stale TREs. This change modifies the loop condition to ensure mhi_queue is not empty, allowing the function to process only valid TREs up to the current write pointer. This prevents premature reads and ensures safe traversal of chained TREs. Removed buf_left from the while loop condition to avoid exiting prematurely before reading the ring completely. Removed write_offset since it will always be zero because the new cache buffer is allocated everytime. Fixes: 5301258899773 ("bus: mhi: ep: Add support for reading from the host") Cc: stable(a)vger.kernel.org Co-developed-by: Akhil Vinod <akhvin(a)qti.qualcomm.com> Signed-off-by: Akhil Vinod <akhvin(a)qti.qualcomm.com> Signed-off-by: Sumit Kumar <sumk(a)qti.qualcomm.com> --- Changes in v2: - Use mhi_ep_queue_is_empty in while loop (Mani). - Remove do while loop in mhi_ep_process_ch_ring (Mani). - Remove buf_left, wr_offset, tr_done. - Haven't added Reviewed-by as there is change in logic. - Link to v1: https://lore.kernel.org/r/20250709-chained_transfer-v1-1-2326a4605c9c@quici… --- drivers/bus/mhi/ep/main.c | 37 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 25 deletions(-) diff --git a/drivers/bus/mhi/ep/main.c b/drivers/bus/mhi/ep/main.c index b3eafcf2a2c50d95e3efd3afb27038ecf55552a5..cdea24e9291959ae0a92487c1b9698dc8164d2f1 100644 --- a/drivers/bus/mhi/ep/main.c +++ b/drivers/bus/mhi/ep/main.c @@ -403,17 +403,13 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, { struct mhi_ep_chan *mhi_chan = &mhi_cntrl->mhi_chan[ring->ch_id]; struct device *dev = &mhi_cntrl->mhi_dev->dev; - size_t tr_len, read_offset, write_offset; + size_t tr_len, read_offset; struct mhi_ep_buf_info buf_info = {}; u32 len = MHI_EP_DEFAULT_MTU; struct mhi_ring_element *el; - bool tr_done = false; void *buf_addr; - u32 buf_left; int ret; - buf_left = len; - do { /* Don't process the transfer ring if the channel is not in RUNNING state */ if (mhi_chan->state != MHI_CH_STATE_RUNNING) { @@ -426,24 +422,23 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, /* Check if there is data pending to be read from previous read operation */ if (mhi_chan->tre_bytes_left) { dev_dbg(dev, "TRE bytes remaining: %u\n", mhi_chan->tre_bytes_left); - tr_len = min(buf_left, mhi_chan->tre_bytes_left); + tr_len = min(len, mhi_chan->tre_bytes_left); } else { mhi_chan->tre_loc = MHI_TRE_DATA_GET_PTR(el); mhi_chan->tre_size = MHI_TRE_DATA_GET_LEN(el); mhi_chan->tre_bytes_left = mhi_chan->tre_size; - tr_len = min(buf_left, mhi_chan->tre_size); + tr_len = min(len, mhi_chan->tre_size); } read_offset = mhi_chan->tre_size - mhi_chan->tre_bytes_left; - write_offset = len - buf_left; buf_addr = kmem_cache_zalloc(mhi_cntrl->tre_buf_cache, GFP_KERNEL); if (!buf_addr) return -ENOMEM; buf_info.host_addr = mhi_chan->tre_loc + read_offset; - buf_info.dev_addr = buf_addr + write_offset; + buf_info.dev_addr = buf_addr; buf_info.size = tr_len; buf_info.cb = mhi_ep_read_completion; buf_info.cb_buf = buf_addr; @@ -459,16 +454,12 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, goto err_free_buf_addr; } - buf_left -= tr_len; mhi_chan->tre_bytes_left -= tr_len; - if (!mhi_chan->tre_bytes_left) { - if (MHI_TRE_DATA_GET_IEOT(el)) - tr_done = true; - + if (!mhi_chan->tre_bytes_left) mhi_chan->rd_offset = (mhi_chan->rd_offset + 1) % ring->ring_size; - } - } while (buf_left && !tr_done); + /* Read until the some buffer is left or the ring becomes not empty */ + } while (!mhi_ep_queue_is_empty(mhi_chan->mhi_dev, DMA_TO_DEVICE)); return 0; @@ -502,15 +493,11 @@ static int mhi_ep_process_ch_ring(struct mhi_ep_ring *ring) mhi_chan->xfer_cb(mhi_chan->mhi_dev, &result); } else { /* UL channel */ - do { - ret = mhi_ep_read_channel(mhi_cntrl, ring); - if (ret < 0) { - dev_err(&mhi_chan->mhi_dev->dev, "Failed to read channel\n"); - return ret; - } - - /* Read until the ring becomes empty */ - } while (!mhi_ep_queue_is_empty(mhi_chan->mhi_dev, DMA_TO_DEVICE)); + ret = mhi_ep_read_channel(mhi_cntrl, ring); + if (ret < 0) { + dev_err(&mhi_chan->mhi_dev->dev, "Failed to read channel\n"); + return ret; + } } return 0; --- base-commit: 4c06e63b92038fadb566b652ec3ec04e228931e8 change-id: 20250709-chained_transfer-0b95f8afa487 Best regards, -- Sumit Kumar <quic_sumk(a)quicinc.com>

3 months, 2 weeks

3
2
0 0

[PATCH] mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()

by Uladzislau Rezki (Sony)

kasan_populate_vmalloc() and its helpers ignore the caller's gfp_mask and always allocate memory using the hardcoded GFP_KERNEL flag. This makes them inconsistent with vmalloc(), which was recently extended to support GFP_NOFS and GFP_NOIO allocations. Page table allocations performed during shadow population also ignore the external gfp_mask. To preserve the intended semantics of GFP_NOFS and GFP_NOIO, wrap the apply_to_page_range() calls into the appropriate memalloc scope. This patch: - Extends kasan_populate_vmalloc() and helpers to take gfp_mask; - Passes gfp_mask down to alloc_pages_bulk() and __get_free_page(); - Enforces GFP_NOFS/NOIO semantics with memalloc_*_save()/restore() around apply_to_page_range(); - Updates vmalloc.c and percpu allocator call sites accordingly. To: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: <stable(a)vger.kernel.org> Fixes: 451769ebb7e7 ("mm/vmalloc: alloc GFP_NO{FS,IO} for vmalloc") Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> --- include/linux/kasan.h | 6 +++--- mm/kasan/shadow.c | 31 ++++++++++++++++++++++++------- mm/vmalloc.c | 8 ++++---- 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 890011071f2b..fe5ce9215821 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -562,7 +562,7 @@ static inline void kasan_init_hw_tags(void) { } #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) void kasan_populate_early_vm_area_shadow(void *start, unsigned long size); -int kasan_populate_vmalloc(unsigned long addr, unsigned long size); +int kasan_populate_vmalloc(unsigned long addr, unsigned long size, gfp_t gfp_mask); void kasan_release_vmalloc(unsigned long start, unsigned long end, unsigned long free_region_start, unsigned long free_region_end, @@ -574,7 +574,7 @@ static inline void kasan_populate_early_vm_area_shadow(void *start, unsigned long size) { } static inline int kasan_populate_vmalloc(unsigned long start, - unsigned long size) + unsigned long size, gfp_t gfp_mask) { return 0; } @@ -610,7 +610,7 @@ static __always_inline void kasan_poison_vmalloc(const void *start, static inline void kasan_populate_early_vm_area_shadow(void *start, unsigned long size) { } static inline int kasan_populate_vmalloc(unsigned long start, - unsigned long size) + unsigned long size, gfp_t gfp_mask) { return 0; } diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index d2c70cd2afb1..c7c0be119173 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -335,13 +335,13 @@ static void ___free_pages_bulk(struct page **pages, int nr_pages) } } -static int ___alloc_pages_bulk(struct page **pages, int nr_pages) +static int ___alloc_pages_bulk(struct page **pages, int nr_pages, gfp_t gfp_mask) { unsigned long nr_populated, nr_total = nr_pages; struct page **page_array = pages; while (nr_pages) { - nr_populated = alloc_pages_bulk(GFP_KERNEL, nr_pages, pages); + nr_populated = alloc_pages_bulk(gfp_mask, nr_pages, pages); if (!nr_populated) { ___free_pages_bulk(page_array, nr_total - nr_pages); return -ENOMEM; @@ -353,25 +353,42 @@ static int ___alloc_pages_bulk(struct page **pages, int nr_pages) return 0; } -static int __kasan_populate_vmalloc(unsigned long start, unsigned long end) +static int __kasan_populate_vmalloc(unsigned long start, unsigned long end, gfp_t gfp_mask) { unsigned long nr_pages, nr_total = PFN_UP(end - start); struct vmalloc_populate_data data; + unsigned int flags; int ret = 0; - data.pages = (struct page **)__get_free_page(GFP_KERNEL | __GFP_ZERO); + data.pages = (struct page **)__get_free_page(gfp_mask | __GFP_ZERO); if (!data.pages) return -ENOMEM; while (nr_total) { nr_pages = min(nr_total, PAGE_SIZE / sizeof(data.pages[0])); - ret = ___alloc_pages_bulk(data.pages, nr_pages); + ret = ___alloc_pages_bulk(data.pages, nr_pages, gfp_mask); if (ret) break; data.start = start; + + /* + * page tables allocations ignore external gfp mask, enforce it + * by the scope API + */ + if ((gfp_mask & (__GFP_FS | __GFP_IO)) == __GFP_IO) + flags = memalloc_nofs_save(); + else if ((gfp_mask & (__GFP_FS | __GFP_IO)) == 0) + flags = memalloc_noio_save(); + ret = apply_to_page_range(&init_mm, start, nr_pages * PAGE_SIZE, kasan_populate_vmalloc_pte, &data); + + if ((gfp_mask & (__GFP_FS | __GFP_IO)) == __GFP_IO) + memalloc_nofs_restore(flags); + else if ((gfp_mask & (__GFP_FS | __GFP_IO)) == 0) + memalloc_noio_restore(flags); + ___free_pages_bulk(data.pages, nr_pages); if (ret) break; @@ -385,7 +402,7 @@ static int __kasan_populate_vmalloc(unsigned long start, unsigned long end) return ret; } -int kasan_populate_vmalloc(unsigned long addr, unsigned long size) +int kasan_populate_vmalloc(unsigned long addr, unsigned long size, gfp_t gfp_mask) { unsigned long shadow_start, shadow_end; int ret; @@ -414,7 +431,7 @@ int kasan_populate_vmalloc(unsigned long addr, unsigned long size) shadow_start = PAGE_ALIGN_DOWN(shadow_start); shadow_end = PAGE_ALIGN(shadow_end); - ret = __kasan_populate_vmalloc(shadow_start, shadow_end); + ret = __kasan_populate_vmalloc(shadow_start, shadow_end, gfp_mask); if (ret) return ret; diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 6dbcdceecae1..5edd536ba9d2 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -2026,6 +2026,8 @@ static struct vmap_area *alloc_vmap_area(unsigned long size, if (unlikely(!vmap_initialized)) return ERR_PTR(-EBUSY); + /* Only reclaim behaviour flags are relevant. */ + gfp_mask = gfp_mask & GFP_RECLAIM_MASK; might_sleep(); /* @@ -2038,8 +2040,6 @@ static struct vmap_area *alloc_vmap_area(unsigned long size, */ va = node_alloc(size, align, vstart, vend, &addr, &vn_id); if (!va) { - gfp_mask = gfp_mask & GFP_RECLAIM_MASK; - va = kmem_cache_alloc_node(vmap_area_cachep, gfp_mask, node); if (unlikely(!va)) return ERR_PTR(-ENOMEM); @@ -2089,7 +2089,7 @@ static struct vmap_area *alloc_vmap_area(unsigned long size, BUG_ON(va->va_start < vstart); BUG_ON(va->va_end > vend); - ret = kasan_populate_vmalloc(addr, size); + ret = kasan_populate_vmalloc(addr, size, gfp_mask); if (ret) { free_vmap_area(va); return ERR_PTR(ret); @@ -4826,7 +4826,7 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, /* populate the kasan shadow space */ for (area = 0; area < nr_vms; area++) { - if (kasan_populate_vmalloc(vas[area]->va_start, sizes[area])) + if (kasan_populate_vmalloc(vas[area]->va_start, sizes[area], GFP_KERNEL)) goto err_free_shadow; } -- 2.47.2

3 months, 2 weeks

5
8
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror