Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

286 participants
124115 discussions

[REGRESSION] stable-rc/linux-5.10.y: (build) use of undeclared identifier '__free_device_node'; did you mean '_...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- use of undeclared identifier '__free_device_node'; did you mean '__free_device_del'? in drivers/soc/imx/gpc.o (drivers/soc/imx/gpc.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:998dfbb422b4d80c9d4f6176e9c36655d3481e74 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: c4fc4bf97778e67ad01a3ca95dd8fbb05f226590 Please include the KernelCI tag when submitting a fix: Reported-by: kernelci.org bot <bot(a)kernelci.org> Log excerpt: ===================================================== drivers/soc/imx/gpc.c:408:31: error: use of undeclared identifier '__free_device_node'; did you mean '__free_device_del'? 408 | struct device_node *pgc_node __free(device_node) | ^~~~~~~~~~~~~~~~~~~ ./include/linux/cleanup.h:40:33: note: expanded from macro '__free' 40 | #define __free(_name) __cleanup(__free_##_name) | ^~~~~~~~~~~~~~ <scratch space>:216:1: note: expanded from here 216 | __free_device_node | ^~~~~~~~~~~~~~~~~~ ./include/linux/device.h:834:1: note: '__free_device_del' declared here 834 | DEFINE_FREE(device_del, struct device *, if (_T) device_del(_T)) | ^ ./include/linux/cleanup.h:38:21: note: expanded from macro 'DEFINE_FREE' 38 | static inline void __free_##_name(void *p) { _type _T = *(_type *)p; _free; } | ^ <scratch space>:165:1: note: expanded from here 165 | __free_device_del | ^ 1 error generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-arm-allmodconfig-6960eee4cbfd84c… - dashboard: https://d.kernelci.org/build/maestro:6960eee4cbfd84c3cde53db8 ## multi_v7_defconfig on (arm): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-arm-6960eee4cbfd84c3cde53db5/.co… - dashboard: https://d.kernelci.org/build/maestro:6960eee4cbfd84c3cde53db5 #kernelci issue maestro:998dfbb422b4d80c9d4f6176e9c36655d3481e74 -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

18 hours, 59 minutes

[REGRESSION] stable-rc/linux-5.15.y: (build) implicit declaration of function ‘__access_ok’; did you mean ‘acce...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- implicit declaration of function ‘__access_ok’; did you mean ‘access_ok’? [-Werror=implicit-function-declaration] in mm/maccess.o (mm/maccess.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:0c63e4dbb44c9b76d839bfeb8915e39be9e56566 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0d9534c7d771ce08f816b189a8634517e0ccdb07 Please include the KernelCI tag when submitting a fix: Reported-by: kernelci.org bot <bot(a)kernelci.org> Log excerpt: ===================================================== mm/maccess.c:227:14: error: implicit declaration of function ‘__access_ok’; did you mean ‘access_ok’? [-Werror=implicit-function-declaration] 227 | if (!__access_ok(src, size)) | ^~~~~~~~~~~ | access_ok CC fs/proc/array.o CC fs/iomap/fiemap.o cc1: some warnings being treated as errors ===================================================== # Builds where the incident occurred: ## cros://chromeos-5.15/arm64/chromiumos-qualcomm.flavour.config+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm64-chromeos-qualcomm-6960efc5cb… - dashboard: https://d.kernelci.org/build/maestro:6960efc5cbfd84c3cde53eef ## defconfig+arm64-chromebook+kcidebug+lab-setup on (arm64): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm64-chromebook-kcidebug-6960ef8a… - dashboard: https://d.kernelci.org/build/maestro:6960ef8acbfd84c3cde53e91 ## defconfig+arm64-chromebook+kselftest on (arm64): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm64-kselftest-16k_pages-6960ef86… - dashboard: https://d.kernelci.org/build/maestro:6960ef86cbfd84c3cde53e8e ## defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm64-chromebook-6960efc1cbfd84c3c… - dashboard: https://d.kernelci.org/build/maestro:6960efc1cbfd84c3cde53eec ## defconfig+lab-setup+kselftest on (arm64): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm64-6960ef82cbfd84c3cde53e8b/.co… - dashboard: https://d.kernelci.org/build/maestro:6960ef82cbfd84c3cde53e8b ## imx_v6_v7_defconfig on (arm): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm-imx_v6_v7_defconfig-6960ef72cb… - dashboard: https://d.kernelci.org/build/maestro:6960ef72cbfd84c3cde53e7f ## multi_v5_defconfig on (arm): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm-multi_v5_defconfig-6960ef76cbf… - dashboard: https://d.kernelci.org/build/maestro:6960ef76cbfd84c3cde53e82 ## multi_v7_defconfig on (arm): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm-6960ef6ecbfd84c3cde53e7b/.conf… - dashboard: https://d.kernelci.org/build/maestro:6960ef6ecbfd84c3cde53e7b ## vexpress_defconfig on (arm): - compiler: gcc-14 - config: https://files.kernelci.org/kbuild-gcc-14-arm-vexpress_defconfig-6960ef7ecbf… - dashboard: https://d.kernelci.org/build/maestro:6960ef7ecbfd84c3cde53e88 #kernelci issue maestro:0c63e4dbb44c9b76d839bfeb8915e39be9e56566 -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

18 hours, 59 minutes

[REGRESSION] stable-rc/linux-5.15.y: (build) implicit declaration of function '__access_ok' [-Werror,-Wimplicit...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- implicit declaration of function '__access_ok' [-Werror,-Wimplicit-function-declaration] in mm/maccess.o (mm/maccess.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:87a3df1c8cb729c6fac33d91be47dcd67f9ee3ca - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0d9534c7d771ce08f816b189a8634517e0ccdb07 Please include the KernelCI tag when submitting a fix: Reported-by: kernelci.org bot <bot(a)kernelci.org> Log excerpt: ===================================================== mm/maccess.c:227:7: error: implicit declaration of function '__access_ok' [-Werror,-Wimplicit-function-declaration] 227 | if (!__access_ok(src, size)) | ^ 1 error generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig on (arm64): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-arm64-allmodconfig-6960ef5ecbfd8… - dashboard: https://d.kernelci.org/build/maestro:6960ef5ecbfd84c3cde53e57 #kernelci issue maestro:87a3df1c8cb729c6fac33d91be47dcd67f9ee3ca -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

18 hours, 59 minutes

[PATCH] HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()

by Günther Noack

Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be used to crash the kernel over USB. Cc: stable(a)vger.kernel.org Signed-off-by: Günther Noack <gnoack(a)google.com> --- drivers/hid/hid-logitech-hidpp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/hid/hid-logitech-hidpp.c b/drivers/hid/hid-logitech-hidpp.c index 9ced0e4d46ae..919ba9f50292 100644 --- a/drivers/hid/hid-logitech-hidpp.c +++ b/drivers/hid/hid-logitech-hidpp.c @@ -4316,6 +4316,9 @@ static int hidpp_get_report_length(struct hid_device *hdev, int id) if (!report) return 0; + if (!report->maxfield) + return 0; + return report->field[0]->report_count + 1; } -- 2.52.0.457.g6b5491de43-goog

19 hours, 17 minutes

[PATCH] ksmbd: smbd: fix dma_unmap_sg() nents

by Thomas Fourier

The dma_unmap_sg() functions should be called with the same nents as the dma_map_sg(), not the value the map function returned. Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> --- fs/smb/server/transport_rdma.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/fs/smb/server/transport_rdma.c b/fs/smb/server/transport_rdma.c index f585359684d4..8620690aa2ec 100644 --- a/fs/smb/server/transport_rdma.c +++ b/fs/smb/server/transport_rdma.c @@ -1353,14 +1353,12 @@ static int get_sg_list(void *buf, int size, struct scatterlist *sg_list, int nen static int get_mapped_sg_list(struct ib_device *device, void *buf, int size, struct scatterlist *sg_list, int nentries, - enum dma_data_direction dir) + enum dma_data_direction dir, int *npages) { - int npages; - - npages = get_sg_list(buf, size, sg_list, nentries); - if (npages < 0) + *npages = get_sg_list(buf, size, sg_list, nentries); + if (*npages < 0) return -EINVAL; - return ib_dma_map_sg(device, sg_list, npages, dir); + return ib_dma_map_sg(device, sg_list, *npages, dir); } static int post_sendmsg(struct smbdirect_socket *sc, @@ -1431,12 +1429,13 @@ static int smb_direct_post_send_data(struct smbdirect_socket *sc, for (i = 0; i < niov; i++) { struct ib_sge *sge; int sg_cnt; + int npages; sg_init_table(sg, SMBDIRECT_SEND_IO_MAX_SGE - 1); sg_cnt = get_mapped_sg_list(sc->ib.dev, iov[i].iov_base, iov[i].iov_len, sg, SMBDIRECT_SEND_IO_MAX_SGE - 1, - DMA_TO_DEVICE); + DMA_TO_DEVICE, &npages); if (sg_cnt <= 0) { pr_err("failed to map buffer\n"); ret = -ENOMEM; @@ -1444,7 +1443,7 @@ static int smb_direct_post_send_data(struct smbdirect_socket *sc, } else if (sg_cnt + msg->num_sge > SMBDIRECT_SEND_IO_MAX_SGE) { pr_err("buffer not fitted into sges\n"); ret = -E2BIG; - ib_dma_unmap_sg(sc->ib.dev, sg, sg_cnt, + ib_dma_unmap_sg(sc->ib.dev, sg, npages, DMA_TO_DEVICE); goto err; } -- 2.43.0

19 hours, 42 minutes

[PATCH v5 0/2] Enable 1GHz OPP am335x-bonegreen-eco

by Kory Maincent (TI.com)

The vdd_mpu regulator maximum voltage was previously limited to 1.2985V, which prevented the CPU from reaching the 1GHz operating point. This limitation was put in place because voltage changes were not working correctly, causing the board to stall when attempting higher frequencies. Increase the maximum voltage to 1.3515V to allow the full 1GHz OPP to be used. Add a TPS65219 PMIC driver fixes that properly implement the LOCK register handling, to make voltage transitions work reliably. Changes in v5: - Add a error message. - Link to v4: https://lore.kernel.org/r/20251112-fix_tps65219-v4-0-696a0f55d5d8@bootlin.c… Changes in v4: - Move the registers unlock in the probe instead of a custom regmap write operation. - Link to v3: https://lore.kernel.org/r/20251112-fix_tps65219-v3-0-e49bab4c01ce@bootlin.c… Changes in v3: - Remove an unused variable - Link to v2: https://lore.kernel.org/r/20251106-fix_tps65219-v2-0-a7d608c4272f@bootlin.c… Changes in v2: - Setup a custom regmap_bus only for the TPS65214 instead of checking the chip_id every time reg_write is called. - Add the am335x-bonegreen-eco devicetree change in the same patch series. Signed-off-by: Kory Maincent (TI.com) <kory.maincent(a)bootlin.com> --- Kory Maincent (TI.com) (2): mfd: tps65219: Implement LOCK register handling for TPS65214 ARM: dts: am335x-bonegreen-eco: Enable 1GHz OPP by increasing vdd_mpu voltage arch/arm/boot/dts/ti/omap/am335x-bonegreen-eco.dts | 2 +- drivers/mfd/tps65219.c | 9 +++++++++ include/linux/mfd/tps65219.h | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) --- base-commit: 2bb202416d33347102b12bbd1db4837fb6685617 change-id: 20251106-fix_tps65219-dd62141d22cf Best regards, -- Köry Maincent, Bootlin Embedded Linux and kernel engineering https://bootlin.com

20 hours, 46 minutes

[PATCH v5.10.y] bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself

by HarinadhD

From: Jakub Sitnicki <jakub(a)cloudflare.com> [ Upstream commit 5b4a79ba65a1ab479903fff2e604865d229b70a9 ] sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in favor of a resource leak. [1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/ Suggested-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Jakub Sitnicki <jakub(a)cloudflare.com> Acked-by: John Fastabend <john.fastabend(a)gmail.com> Link: https://lore.kernel.org/r/20230113-sockmap-fix-v2-1-1e0ee7ac2f90@cloudflare… Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [ Harinadh: Modified to apply on v5.10.y ] Signed-off-by: HarinadhD <Harinadh.Dommaraju(a)broadcom.com> --- net/core/sock_map.c | 53 +++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 3a9e0046a780..438bbef5ff75 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -1558,15 +1558,16 @@ void sock_map_unhash(struct sock *sk) psock = sk_psock(sk); if (unlikely(!psock)) { rcu_read_unlock(); - if (sk->sk_prot->unhash) - sk->sk_prot->unhash(sk); - return; + saved_unhash = READ_ONCE(sk->sk_prot)->unhash; + } else { + saved_unhash = psock->saved_unhash; + sock_map_remove_links(sk, psock); + rcu_read_unlock(); } - - saved_unhash = psock->saved_unhash; - sock_map_remove_links(sk, psock); - rcu_read_unlock(); - saved_unhash(sk); + if (WARN_ON_ONCE(saved_unhash == sock_map_unhash)) + return; + if (saved_unhash) + saved_unhash(sk); } void sock_map_destroy(struct sock *sk) @@ -1578,16 +1579,17 @@ void sock_map_destroy(struct sock *sk) psock = sk_psock_get(sk); if (unlikely(!psock)) { rcu_read_unlock(); - if (sk->sk_prot->destroy) - sk->sk_prot->destroy(sk); - return; + saved_destroy = READ_ONCE(sk->sk_prot)->destroy; + } else { + saved_destroy = psock->saved_destroy; + sock_map_remove_links(sk, psock); + rcu_read_unlock(); + sk_psock_put(sk, psock); } - - saved_destroy = psock->saved_destroy; - sock_map_remove_links(sk, psock); - rcu_read_unlock(); - sk_psock_put(sk, psock); - saved_destroy(sk); + if (WARN_ON_ONCE(saved_destroy == sock_map_destroy)) + return; + if (saved_destroy) + saved_destroy(sk); } EXPORT_SYMBOL_GPL(sock_map_destroy); @@ -1602,13 +1604,18 @@ void sock_map_close(struct sock *sk, long timeout) if (unlikely(!psock)) { rcu_read_unlock(); release_sock(sk); - return sk->sk_prot->close(sk, timeout); + saved_close = READ_ONCE(sk->sk_prot)->close; + } else { + saved_close = psock->saved_close; + sock_map_remove_links(sk, psock); + rcu_read_unlock(); + release_sock(sk); } - - saved_close = psock->saved_close; - sock_map_remove_links(sk, psock); - rcu_read_unlock(); - release_sock(sk); + /* Make sure we do not recurse. This is a bug. + * Leak the socket instead of crashing on a stack overflow. + */ + if (WARN_ON_ONCE(saved_close == sock_map_close)) + return; saved_close(sk, timeout); } -- 2.43.7

20 hours, 48 minutes

[PATCH] HID: prodikeys: Check presence of pm->input_ep82

by Günther Noack

Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, pm->input_ep82 stays NULL, which leads to a crash later. This does not happen with the real device, but can be provoked by imposing as one. Cc: stable(a)vger.kernel.org Signed-off-by: Günther Noack <gnoack(a)google.com> --- drivers/hid/hid-prodikeys.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/hid/hid-prodikeys.c b/drivers/hid/hid-prodikeys.c index 74bddb2c3e82..6e413df38358 100644 --- a/drivers/hid/hid-prodikeys.c +++ b/drivers/hid/hid-prodikeys.c @@ -378,6 +378,10 @@ static int pcmidi_handle_report4(struct pcmidi_snd *pm, u8 *data) bit_mask = (bit_mask << 8) | data[2]; bit_mask = (bit_mask << 8) | data[3]; + /* robustness in case input_mapping hook does not get called */ + if (!pm->input_ep82) + return 0; + /* break keys */ for (bit_index = 0; bit_index < 24; bit_index++) { if (!((0x01 << bit_index) & bit_mask)) { -- 2.52.0.457.g6b5491de43-goog

21 hours

[PATCH] HID: magicmouse: Do not crash on missing msc->input

by Günther Noack

Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, msc->input stays NULL, leading to a crash at a later time. Detect this condition in the input_configured() hook and reject the device. This is not supposed to happen with actual magic mouse devices, but can be provoked by imposing as a magic mouse USB device. Cc: stable(a)vger.kernel.org Signed-off-by: Günther Noack <gnoack(a)google.com> --- drivers/hid/hid-magicmouse.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c index 6e7c189f4d1d..b8932f02b6ee 100644 --- a/drivers/hid/hid-magicmouse.c +++ b/drivers/hid/hid-magicmouse.c @@ -726,6 +726,11 @@ static int magicmouse_input_configured(struct hid_device *hdev, struct magicmouse_sc *msc = hid_get_drvdata(hdev); int ret; + if (!msc->input) { + hid_err(hdev, "magicmouse setup input failed (no input)"); + return -EINVAL; + } + ret = magicmouse_setup_input(msc->input, hdev); if (ret) { hid_err(hdev, "magicmouse setup input failed (%d)\n", ret); -- 2.52.0.457.g6b5491de43-goog

21 hours, 1 minute

[PATCH 6/8] drm/sysfb: Remove duplicate declarations

by Thomas Zimmermann

Commit 6046b49bafff ("drm/sysfb: Share helpers for integer validation") and commit e8c086880b2b ("drm/sysfb: Share helpers for screen_info validation") added duplicate function declarations. Remove the latter ones. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: e8c086880b2b ("drm/sysfb: Share helpers for screen_info validation") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.16+ --- drivers/gpu/drm/sysfb/drm_sysfb_helper.h | 9 --------- 1 file changed, 9 deletions(-) diff --git a/drivers/gpu/drm/sysfb/drm_sysfb_helper.h b/drivers/gpu/drm/sysfb/drm_sysfb_helper.h index da670d7eeb2e..de96bfe7562c 100644 --- a/drivers/gpu/drm/sysfb/drm_sysfb_helper.h +++ b/drivers/gpu/drm/sysfb/drm_sysfb_helper.h @@ -54,15 +54,6 @@ const struct drm_format_info *drm_sysfb_get_format_si(struct drm_device *dev, const struct screen_info *si); #endif -/* - * Input parsing - */ - -int drm_sysfb_get_validated_int(struct drm_device *dev, const char *name, - u64 value, u32 max); -int drm_sysfb_get_validated_int0(struct drm_device *dev, const char *name, - u64 value, u32 max); - /* * Display modes */ -- 2.52.0

21 hours, 28 minutes

← Newer
1
2
3
4
5
6
7
8
...
12412
Older →

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror