- Linux-stable-mirror - lists.linaro.org

[PATCH] drm: sti: fix device leaks at component probe

by Johan Hovold

Make sure to drop the references taken to the vtg devices by of_find_device_by_node() when looking up their driver data during component probe. Note that holding a reference to a platform device does not prevent its driver data from going away so there is no point in keeping the reference after the lookup helper returns. Fixes: cc6b741c6f63 ("drm: sti: remove useless fields from vtg structure") Cc: stable(a)vger.kernel.org # 4.16 Cc: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/sti/sti_vtg.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/sti/sti_vtg.c b/drivers/gpu/drm/sti/sti_vtg.c index ee81691b3203..ce6bc7e7b135 100644 --- a/drivers/gpu/drm/sti/sti_vtg.c +++ b/drivers/gpu/drm/sti/sti_vtg.c @@ -143,12 +143,17 @@ struct sti_vtg { struct sti_vtg *of_vtg_find(struct device_node *np) { struct platform_device *pdev; + struct sti_vtg *vtg; pdev = of_find_device_by_node(np); if (!pdev) return NULL; - return (struct sti_vtg *)platform_get_drvdata(pdev); + vtg = platform_get_drvdata(pdev); + + put_device(&pdev->dev); + + return vtg; } static void vtg_reset(struct sti_vtg *vtg) -- 2.49.1

1 week, 6 days

3
7
0 0

[RESEND] [PATCH] nvme-tcp: fix usage of page_frag_cache

by Dmitry Bogdanov

nvme uses page_frag_cache to preallocate PDU for each preallocated request of block device. Block devices are created in parallel threads, consequently page_frag_cache is used in not thread-safe manner. That leads to incorrect refcounting of backstore pages and premature free. That can be catched by !sendpage_ok inside network stack: WARNING: CPU: 7 PID: 467 at ../net/core/skbuff.c:6931 skb_splice_from_iter+0xfa/0x310. tcp_sendmsg_locked+0x782/0xce0 tcp_sendmsg+0x27/0x40 sock_sendmsg+0x8b/0xa0 nvme_tcp_try_send_cmd_pdu+0x149/0x2a0 Then random panic may occur. Fix that by serializing the usage of page_frag_cache. Cc: stable(a)vger.kernel.org # 6.12 Fixes: 4e893ca81170 ("nvme_core: scan namespaces asynchronously") Signed-off-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> --- drivers/nvme/host/tcp.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c index 1413788ca7d52..823e07759e0d3 100644 --- a/drivers/nvme/host/tcp.c +++ b/drivers/nvme/host/tcp.c @@ -145,6 +145,7 @@ struct nvme_tcp_queue { struct mutex queue_lock; struct mutex send_mutex; + struct mutex pf_cache_lock; struct llist_head req_list; struct list_head send_list; @@ -556,9 +557,11 @@ static int nvme_tcp_init_request(struct blk_mq_tag_set *set, struct nvme_tcp_queue *queue = &ctrl->queues[queue_idx]; u8 hdgst = nvme_tcp_hdgst_len(queue); + mutex_lock(&queue->pf_cache_lock); req->pdu = page_frag_alloc(&queue->pf_cache, sizeof(struct nvme_tcp_cmd_pdu) + hdgst, GFP_KERNEL | __GFP_ZERO); + mutex_unlock(&queue->pf_cache_lock); if (!req->pdu) return -ENOMEM; @@ -1420,9 +1423,11 @@ static int nvme_tcp_alloc_async_req(struct nvme_tcp_ctrl *ctrl) struct nvme_tcp_request *async = &ctrl->async_req; u8 hdgst = nvme_tcp_hdgst_len(queue); + mutex_lock(&queue->pf_cache_lock); async->pdu = page_frag_alloc(&queue->pf_cache, sizeof(struct nvme_tcp_cmd_pdu) + hdgst, GFP_KERNEL | __GFP_ZERO); + mutex_unlock(&queue->pf_cache_lock); if (!async->pdu) return -ENOMEM; @@ -1450,6 +1455,7 @@ static void nvme_tcp_free_queue(struct nvme_ctrl *nctrl, int qid) kfree(queue->pdu); mutex_destroy(&queue->send_mutex); mutex_destroy(&queue->queue_lock); + mutex_destroy(&queue->pf_cache_lock); } static int nvme_tcp_init_connection(struct nvme_tcp_queue *queue) @@ -1772,6 +1778,7 @@ static int nvme_tcp_alloc_queue(struct nvme_ctrl *nctrl, int qid, INIT_LIST_HEAD(&queue->send_list); mutex_init(&queue->send_mutex); INIT_WORK(&queue->io_work, nvme_tcp_io_work); + mutex_init(&queue->pf_cache_lock); if (qid > 0) queue->cmnd_capsule_len = nctrl->ioccsz * 16; @@ -1903,6 +1910,7 @@ static int nvme_tcp_alloc_queue(struct nvme_ctrl *nctrl, int qid, err_destroy_mutex: mutex_destroy(&queue->send_mutex); mutex_destroy(&queue->queue_lock); + mutex_destroy(&queue->pf_cache_lock); return ret; } -- 2.25.1

2 weeks

3
3
0 0

[PATCH] ksmbd: fix leak of transform buffer on encrypt_resp() failure

by Qianchang Zhao

When encrypt_resp() fails at the send path, we only set STATUS_DATA_ERROR but leave the transform buffer allocated (work->tr_buf in this tree). Repeating this path leaks kernel memory and can lead to OOM (DoS) when encryption is required. Reproduced on: Linux v6.18-rc2 (self-built test kernel) Fix by freeing the transform buffer and forcing plaintext error reply. Reported-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Reported-by: Zhitong Liu <liuzhitong1993(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Qianchang Zhao <pioooooooooip(a)gmail.com> --- fs/smb/server/server.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/fs/smb/server/server.c b/fs/smb/server/server.c index 7b01c7589..15dd13e76 100644 --- a/fs/smb/server/server.c +++ b/fs/smb/server/server.c @@ -246,11 +246,11 @@ static void __handle_ksmbd_work(struct ksmbd_work *work, rc = conn->ops->encrypt_resp(work); if (rc < 0) { conn->ops->set_rsp_status(work, STATUS_DATA_ERROR); - work->encrypted = false; - if (work->tr_buf) { - kvfree(work->tr_buf); - work->tr_buf = NULL; - } + work->encrypted = false; + if (work->tr_buf) { + kvfree(work->tr_buf); + work->tr_buf = NULL; + } } } if (work->sess) -- 2.34.1

2 weeks

1
0
0 0

[PATCH v1] Bluetooth: hci_qca: Fix SSR unable to wake up bug

by Shuai Zhang

During SSR data collection period, the processing of hw_error events must wait until SSR data Collected or the timeout before it can proceed. The wake_up_bit function has been added to address the issue where hw_error events could only be processed after the timeout. The timeout unit has been changed from jiffies to milliseconds (ms). Cc: stable(a)vger.kernel.org Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> --- drivers/bluetooth/hci_qca.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 888176b0f..a2e3c97a8 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1105,6 +1105,7 @@ static void qca_controller_memdump(struct work_struct *work) cancel_delayed_work(&qca->ctrl_memdump_timeout); clear_bit(QCA_MEMDUMP_COLLECTION, &qca->flags); clear_bit(QCA_IBS_DISABLED, &qca->flags); + wake_up_bit(&qca->flags, QCA_MEMDUMP_COLLECTION); mutex_unlock(&qca->hci_memdump_lock); return; } @@ -1182,6 +1183,7 @@ static void qca_controller_memdump(struct work_struct *work) qca->qca_memdump = NULL; qca->memdump_state = QCA_MEMDUMP_COLLECTED; clear_bit(QCA_MEMDUMP_COLLECTION, &qca->flags); + wake_up_bit(&qca->flags, QCA_MEMDUMP_COLLECTION); } mutex_unlock(&qca->hci_memdump_lock); @@ -1602,7 +1604,7 @@ static void qca_wait_for_dump_collection(struct hci_dev *hdev) struct qca_data *qca = hu->priv; wait_on_bit_timeout(&qca->flags, QCA_MEMDUMP_COLLECTION, - TASK_UNINTERRUPTIBLE, MEMDUMP_TIMEOUT_MS); + TASK_UNINTERRUPTIBLE, msecs_to_jiffies(MEMDUMP_TIMEOUT_MS)); clear_bit(QCA_MEMDUMP_COLLECTION, &qca->flags); } -- 2.34.1

2 weeks

1
0
0 0

[PATCH v3 1/1] Bluetooth: btusb: add default nvm file

by Shuai Zhang

If no NVM file matches the board_id, load the default NVM file. Cc: stable(a)vger.kernel.org Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> --- drivers/bluetooth/btusb.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index dcbff7641..020dbb0ab 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -3482,15 +3482,14 @@ static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, } static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, - const struct qca_version *ver) + const struct qca_version *ver, + u16 board_id) { u32 rom_version = le32_to_cpu(ver->rom_version); const char *variant, *fw_subdir; int len; - u16 board_id; fw_subdir = qca_get_fw_subdirectory(ver); - board_id = qca_extract_board_id(ver); switch (le32_to_cpu(ver->ram_version)) { case WCN6855_2_0_RAM_VERSION_GF: @@ -3517,14 +3516,14 @@ static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, struct qca_version *ver, - const struct qca_device_info *info) + const struct qca_device_info *info, + u16 board_id) { const struct firmware *fw; char fwname[80]; int err; - btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver); - + btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver, board_id); err = request_firmware(&fw, fwname, &hdev->dev); if (err) { bt_dev_err(hdev, "failed to request NVM file: %s (%d)", @@ -3606,10 +3605,19 @@ static int btusb_setup_qca(struct hci_dev *hdev) btdata->qca_dump.controller_id = le32_to_cpu(ver.rom_version); if (!(status & QCA_SYSCFG_UPDATED)) { - err = btusb_setup_qca_load_nvm(hdev, &ver, info); - if (err < 0) - return err; + u16 board_id = qca_extract_board_id(&ver); + err = btusb_setup_qca_load_nvm(hdev, &ver, info, board_id); + if (err < 0) { + // set baord_id to 0,and load default nvm file + if (err == -ENOENT && board_id != 0) { + err = btusb_setup_qca_load_nvm(hdev, &ver, info, 0); + if (err < 0) + return err; + } else { + return err; + } + } /* WCN6855 2.1 and later will reset to apply firmware downloaded here, so * wait ~100ms for reset Done then go ahead, otherwise, it maybe * cause potential enable failure. -- 2.34.1

2 weeks

1
0
0 0

[PATCH 6.6.y] usb: gadget: f_fs: Fix epfile null pointer access after ep enable.

by guhuinan

From: Owen Gu <guhuinan(a)xiaomi.com> [ Upstream commit cfd6f1a7b42f ("usb: gadget: f_fs: Fix epfile null pointer access after ep enable.") ] A race condition occurs when ffs_func_eps_enable() runs concurrently with ffs_data_reset(). The ffs_data_clear() called in ffs_data_reset() sets ffs->epfiles to NULL before resetting ffs->eps_count to 0, leading to a NULL pointer dereference when accessing epfile->ep in ffs_func_eps_enable() after successful usb_ep_enable(). The ffs->epfiles pointer is set to NULL in both ffs_data_clear() and ffs_data_close() functions, and its modification is protected by the spinlock ffs->eps_lock. And the whole ffs_func_eps_enable() function is also protected by ffs->eps_lock. Thus, add NULL pointer handling for ffs->epfiles in the ffs_func_eps_enable() function to fix issues Signed-off-by: Owen Gu <guhuinan(a)xiaomi.com> Link: https://lore.kernel.org/r/20250915092907.17802-1-guhuinan@xiaomi.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/function/f_fs.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 08a251df20c4..04058261cdd0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -2407,7 +2407,12 @@ static int ffs_func_eps_enable(struct ffs_function *func) ep = func->eps; epfile = ffs->epfiles; count = ffs->eps_count; - while(count--) { + if (!epfile) { + ret = -ENOMEM; + goto done; + } + + while (count--) { ep->ep->driver_data = ep; ret = config_ep_by_speed(func->gadget, &func->function, ep->ep); @@ -2431,6 +2436,7 @@ static int ffs_func_eps_enable(struct ffs_function *func) } wake_up_interruptible(&ffs->wait); +done: spin_unlock_irqrestore(&func->ffs->eps_lock, flags); return ret; -- 2.43.0

2 weeks

1
0
0 0

[PATCH v3 1/1] Bluetooth: btusb: add default nvm file

by Shuai Zhang

If no NVM file matches the board_id, load the default NVM file. Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> Cc: stable(a)vger.kernel.org --- drivers/bluetooth/btusb.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index dcbff7641..18f83131c 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -3482,15 +3482,14 @@ static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, } static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, - const struct qca_version *ver) + const struct qca_version *ver, + u16 board_id) { u32 rom_version = le32_to_cpu(ver->rom_version); const char *variant, *fw_subdir; int len; - u16 board_id; fw_subdir = qca_get_fw_subdirectory(ver); - board_id = qca_extract_board_id(ver); switch (le32_to_cpu(ver->ram_version)) { case WCN6855_2_0_RAM_VERSION_GF: @@ -3517,14 +3516,14 @@ static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, struct qca_version *ver, - const struct qca_device_info *info) + const struct qca_device_info *info, + u16 board_id) { const struct firmware *fw; char fwname[80]; int err; - btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver); - + btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver, board_id); err = request_firmware(&fw, fwname, &hdev->dev); if (err) { bt_dev_err(hdev, "failed to request NVM file: %s (%d)", @@ -3606,10 +3605,21 @@ static int btusb_setup_qca(struct hci_dev *hdev) btdata->qca_dump.controller_id = le32_to_cpu(ver.rom_version); if (!(status & QCA_SYSCFG_UPDATED)) { - err = btusb_setup_qca_load_nvm(hdev, &ver, info); - if (err < 0) - return err; + u16 board_id = qca_extract_board_id(&ver); + err = btusb_setup_qca_load_nvm(hdev, &ver, info, board_id); + if (err < 0) { + if (err == -EINVAL) + return err; + + if (err == -ENOENT && board_id != 0) { + board_id = 0; + err = btusb_setup_qca_load_nvm(hdev, &ver, info, board_id); + if (err < 0) + return err; + } + return err; + } /* WCN6855 2.1 and later will reset to apply firmware downloaded here, so * wait ~100ms for reset Done then go ahead, otherwise, it maybe * cause potential enable failure. -- 2.34.1

2 weeks

1
0
0 0

[PATCH v3 1/1] Bluetooth: btusb: add default nvm file

by Shuai Zhang

If no NVM file matches the board_id, load the default NVM file. Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> Cc: stable(a)vger.kernel.org Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> --- drivers/bluetooth/btusb.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index dcbff7641..18f83131c 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -3482,15 +3482,14 @@ static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, } static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, - const struct qca_version *ver) + const struct qca_version *ver, + u16 board_id) { u32 rom_version = le32_to_cpu(ver->rom_version); const char *variant, *fw_subdir; int len; - u16 board_id; fw_subdir = qca_get_fw_subdirectory(ver); - board_id = qca_extract_board_id(ver); switch (le32_to_cpu(ver->ram_version)) { case WCN6855_2_0_RAM_VERSION_GF: @@ -3517,14 +3516,14 @@ static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, struct qca_version *ver, - const struct qca_device_info *info) + const struct qca_device_info *info, + u16 board_id) { const struct firmware *fw; char fwname[80]; int err; - btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver); - + btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver, board_id); err = request_firmware(&fw, fwname, &hdev->dev); if (err) { bt_dev_err(hdev, "failed to request NVM file: %s (%d)", @@ -3606,10 +3605,21 @@ static int btusb_setup_qca(struct hci_dev *hdev) btdata->qca_dump.controller_id = le32_to_cpu(ver.rom_version); if (!(status & QCA_SYSCFG_UPDATED)) { - err = btusb_setup_qca_load_nvm(hdev, &ver, info); - if (err < 0) - return err; + u16 board_id = qca_extract_board_id(&ver); + err = btusb_setup_qca_load_nvm(hdev, &ver, info, board_id); + if (err < 0) { + if (err == -EINVAL) + return err; + + if (err == -ENOENT && board_id != 0) { + board_id = 0; + err = btusb_setup_qca_load_nvm(hdev, &ver, info, board_id); + if (err < 0) + return err; + } + return err; + } /* WCN6855 2.1 and later will reset to apply firmware downloaded here, so * wait ~100ms for reset Done then go ahead, otherwise, it maybe * cause potential enable failure. -- 2.34.1

2 weeks

1
0
0 0

+ mm-damon-tests-sysfs-kunit-handle-alloc-failures-on-damon_sysfs_test_add_targets.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets() has been added to the -mm mm-new branch. Its filename is mm-damon-tests-sysfs-kunit-handle-alloc-failures-on-damon_sysfs_test_add_targets.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets() Date: Sat, 1 Nov 2025 11:20:14 -0700 damon_sysfs_test_add_targets() is assuming all dynamic memory allocation in it will succeed. Those are indeed likely in the real use cases since those allocations are too small to fail, but theoretically those could fail. In the case, inappropriate memory access can happen. Fix it by appropriately cleanup pre-allocated memory and skip the execution of the remaining tests in the failure cases. Link: https://lkml.kernel.org/r/20251101182021.74868-21-sj@kernel.org Fixes: b8ee5575f763 ("mm/damon/sysfs-test: add a unit test for damon_sysfs_set_targets()") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Brendan Higgins <brendan.higgins(a)linux.dev> Cc: David Gow <davidgow(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.7+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/tests/sysfs-kunit.h | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) --- a/mm/damon/tests/sysfs-kunit.h~mm-damon-tests-sysfs-kunit-handle-alloc-failures-on-damon_sysfs_test_add_targets +++ a/mm/damon/tests/sysfs-kunit.h @@ -45,16 +45,41 @@ static void damon_sysfs_test_add_targets struct damon_ctx *ctx; sysfs_targets = damon_sysfs_targets_alloc(); + if (!sysfs_targets) + kunit_skip(test, "sysfs_targets alloc fail"); sysfs_targets->nr = 1; sysfs_targets->targets_arr = kmalloc_array(1, sizeof(*sysfs_targets->targets_arr), GFP_KERNEL); + if (!sysfs_targets->targets_arr) { + kfree(sysfs_targets); + kunit_skip(test, "targets_arr alloc fail"); + } sysfs_target = damon_sysfs_target_alloc(); + if (!sysfs_target) { + kfree(sysfs_targets->targets_arr); + kfree(sysfs_targets); + kunit_skip(test, "sysfs_target alloc fail"); + } sysfs_target->pid = __damon_sysfs_test_get_any_pid(12, 100); sysfs_target->regions = damon_sysfs_regions_alloc(); + if (!sysfs_target->regions) { + kfree(sysfs_targets->targets_arr); + kfree(sysfs_targets); + kfree(sysfs_target); + kunit_skip(test, "sysfs_regions alloc fail"); + } + sysfs_targets->targets_arr[0] = sysfs_target; ctx = damon_new_ctx(); + if (!ctx) { + kfree(sysfs_targets->targets_arr); + kfree(sysfs_targets); + kfree(sysfs_target); + kfree(sysfs_target->regions); + kunit_skip(test, "ctx alloc fail"); + } damon_sysfs_add_targets(ctx, sysfs_targets); KUNIT_EXPECT_EQ(test, 1u, nr_damon_targets(ctx)); _ Patches currently in -mm which might be from sj(a)kernel.org are mm-zswap-remove-unnecessary-dlen-writes-for-incompressible-pages.patch mm-zswap-fix-typos-s-zwap-zswap.patch mm-zswap-s-red-black-tree-xarray.patch docs-admin-guide-mm-zswap-s-red-black-tree-xarray.patch mm-damon-document-damos_quota_goal-nid-use-case.patch mm-damon-add-damos-quota-goal-type-for-per-memcg-per-node-memory-usage.patch mm-damon-core-implement-damos_quota_node_memcg_used_bp.patch mm-damon-sysfs-schemes-implement-path-file-under-quota-goal-directory.patch mm-damon-sysfs-schemes-support-damos_quota_node_memcg_used_bp.patch mm-damon-core-add-damos-quota-gaol-metric-for-per-memcg-per-numa-free-memory.patch mm-damon-sysfs-schemes-support-damos_quota_node_memcg_free_bp.patch docs-mm-damon-design-document-damos_quota_node_memcg_usedfree_bp.patch docs-admin-guide-mm-damon-usage-document-damos-quota-goal-path-file.patch docs-abi-damon-document-damos-quota-goal-path-file.patch mm-damon-core-fix-wrong-comment-of-damon_call-return-timing.patch docs-mm-damon-design-fix-wrong-link-to-intervals-goal-section.patch docs-admin-guide-mm-damon-stat-fix-a-typo-s-sampling-events-sampling-interval.patch docs-admin-guide-mm-damon-usage-document-empty-target-regions-commit-behavior.patch docs-admin-guide-mm-damon-reclaim-document-addr_unit-parameter.patch docs-admin-guide-mm-damon-lru_sort-document-addr_unit-parameter.patch docs-admin-guide-mm-damon-stat-document-aggr_interval_us-parameter.patch docs-admin-guide-mm-damon-stat-document-negative-idle-time.patch mm-damon-core-add-damon_target-obsolete-for-pin-point-removal.patch mm-damon-sysfs-test-commit-input-against-realistic-destination.patch mm-damon-sysfs-implement-obsolete_target-file.patch docs-admin-guide-mm-damon-usage-document-obsolete_target-file.patch docs-abi-damon-document-obsolete_target-sysfs-file.patch selftests-damon-_damon_sysfs-support-obsolete_target-file.patch drgn_dump_damon_status-dump-damon_target-obsolete.patch sysfspy-extend-assert_ctx_committed-for-monitoring-targets.patch selftests-damon-sysfs-add-obsolete_target-test.patch mm-damon-tests-core-kunit-fix-memory-leak-in-damon_test_set_filters_default_reject.patch mm-damon-tests-core-kunit-handle-allocation-failures-in-damon_test_regions.patch mm-damon-tests-core-kunit-handle-memory-failure-from-damon_test_target.patch mm-damon-tests-core-kunit-handle-memory-alloc-failure-from-damon_test_aggregate.patch mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_split_at.patch mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_merge_two.patch mm-damon-tests-core-kunit-handle-alloc-failures-on-dasmon_test_merge_regions_of.patch mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_split_regions_of.patch mm-damon-tests-core-kunit-handle-alloc-failures-in-damon_test_ops_registration.patch mm-damon-tests-core-kunit-handle-alloc-failures-in-damon_test_set_regions.patch mm-damon-tests-core-kunit-handle-alloc-failures-in-damon_test_update_monitoring_result.patch mm-damon-tests-core-kunit-handle-alloc-failure-on-damon_test_set_attrs.patch mm-damon-tests-core-kunit-handle-alloc-failres-in-damon_test_new_filter.patch mm-damon-tests-core-kunit-handle-alloc-failure-on-damos_test_commit_filter.patch mm-damon-tests-core-kunit-handle-alloc-failures-on-damos_test_filter_out.patch mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_set_filters_default_reject.patch mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_do_test_apply_three_regions.patch mm-damon-tests-vaddr-kunit-handle-alloc-failures-in-damon_test_split_evenly_fail.patch mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_test_split_evenly_succ.patch mm-damon-tests-sysfs-kunit-handle-alloc-failures-on-damon_sysfs_test_add_targets.patch mm-damon-tests-core-kunit-remove-unnecessary-damon_ctx-variable-on-damon_test_split_at.patch mm-damon-tests-core-kunit-remove-unused-ctx-in-damon_test_split_regions_of.patch

2 weeks

1
0
0 0

+ mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_test_split_evenly_succ.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() has been added to the -mm mm-new branch. Its filename is mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_test_split_evenly_succ.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() Date: Sat, 1 Nov 2025 11:20:13 -0700 damon_test_split_evenly_succ() is assuming all dynamic memory allocation in it will succeed. Those are indeed likely in the real use cases since those allocations are too small to fail, but theoretically those could fail. In the case, inappropriate memory access can happen. Fix it by appropriately cleanup pre-allocated memory and skip the execution of the remaining tests in the failure cases. Link: https://lkml.kernel.org/r/20251101182021.74868-20-sj@kernel.org Fixes: 17ccae8bb5c9 ("mm/damon: add kunit tests") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Brendan Higgins <brendan.higgins(a)linux.dev> Cc: David Gow <davidgow(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> [5.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/tests/vaddr-kunit.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) --- a/mm/damon/tests/vaddr-kunit.h~mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_test_split_evenly_succ +++ a/mm/damon/tests/vaddr-kunit.h @@ -284,10 +284,17 @@ static void damon_test_split_evenly_succ unsigned long start, unsigned long end, unsigned int nr_pieces) { struct damon_target *t = damon_new_target(); - struct damon_region *r = damon_new_region(start, end); + struct damon_region *r; unsigned long expected_width = (end - start) / nr_pieces; unsigned long i = 0; + if (!t) + kunit_skip(test, "target alloc fail"); + r = damon_new_region(start, end); + if (!r) { + damon_free_target(t); + kunit_skip(test, "region alloc fail"); + } damon_add_region(r, t); KUNIT_EXPECT_EQ(test, damon_va_evenly_split_region(t, r, nr_pieces), 0); _ Patches currently in -mm which might be from sj(a)kernel.org are mm-zswap-remove-unnecessary-dlen-writes-for-incompressible-pages.patch mm-zswap-fix-typos-s-zwap-zswap.patch mm-zswap-s-red-black-tree-xarray.patch docs-admin-guide-mm-zswap-s-red-black-tree-xarray.patch mm-damon-document-damos_quota_goal-nid-use-case.patch mm-damon-add-damos-quota-goal-type-for-per-memcg-per-node-memory-usage.patch mm-damon-core-implement-damos_quota_node_memcg_used_bp.patch mm-damon-sysfs-schemes-implement-path-file-under-quota-goal-directory.patch mm-damon-sysfs-schemes-support-damos_quota_node_memcg_used_bp.patch mm-damon-core-add-damos-quota-gaol-metric-for-per-memcg-per-numa-free-memory.patch mm-damon-sysfs-schemes-support-damos_quota_node_memcg_free_bp.patch docs-mm-damon-design-document-damos_quota_node_memcg_usedfree_bp.patch docs-admin-guide-mm-damon-usage-document-damos-quota-goal-path-file.patch docs-abi-damon-document-damos-quota-goal-path-file.patch mm-damon-core-fix-wrong-comment-of-damon_call-return-timing.patch docs-mm-damon-design-fix-wrong-link-to-intervals-goal-section.patch docs-admin-guide-mm-damon-stat-fix-a-typo-s-sampling-events-sampling-interval.patch docs-admin-guide-mm-damon-usage-document-empty-target-regions-commit-behavior.patch docs-admin-guide-mm-damon-reclaim-document-addr_unit-parameter.patch docs-admin-guide-mm-damon-lru_sort-document-addr_unit-parameter.patch docs-admin-guide-mm-damon-stat-document-aggr_interval_us-parameter.patch docs-admin-guide-mm-damon-stat-document-negative-idle-time.patch mm-damon-core-add-damon_target-obsolete-for-pin-point-removal.patch mm-damon-sysfs-test-commit-input-against-realistic-destination.patch mm-damon-sysfs-implement-obsolete_target-file.patch docs-admin-guide-mm-damon-usage-document-obsolete_target-file.patch docs-abi-damon-document-obsolete_target-sysfs-file.patch selftests-damon-_damon_sysfs-support-obsolete_target-file.patch drgn_dump_damon_status-dump-damon_target-obsolete.patch sysfspy-extend-assert_ctx_committed-for-monitoring-targets.patch selftests-damon-sysfs-add-obsolete_target-test.patch mm-damon-tests-core-kunit-fix-memory-leak-in-damon_test_set_filters_default_reject.patch mm-damon-tests-core-kunit-handle-allocation-failures-in-damon_test_regions.patch mm-damon-tests-core-kunit-handle-memory-failure-from-damon_test_target.patch mm-damon-tests-core-kunit-handle-memory-alloc-failure-from-damon_test_aggregate.patch mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_split_at.patch mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_merge_two.patch mm-damon-tests-core-kunit-handle-alloc-failures-on-dasmon_test_merge_regions_of.patch mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_split_regions_of.patch mm-damon-tests-core-kunit-handle-alloc-failures-in-damon_test_ops_registration.patch mm-damon-tests-core-kunit-handle-alloc-failures-in-damon_test_set_regions.patch mm-damon-tests-core-kunit-handle-alloc-failures-in-damon_test_update_monitoring_result.patch mm-damon-tests-core-kunit-handle-alloc-failure-on-damon_test_set_attrs.patch mm-damon-tests-core-kunit-handle-alloc-failres-in-damon_test_new_filter.patch mm-damon-tests-core-kunit-handle-alloc-failure-on-damos_test_commit_filter.patch mm-damon-tests-core-kunit-handle-alloc-failures-on-damos_test_filter_out.patch mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_set_filters_default_reject.patch mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_do_test_apply_three_regions.patch mm-damon-tests-vaddr-kunit-handle-alloc-failures-in-damon_test_split_evenly_fail.patch mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_test_split_evenly_succ.patch mm-damon-tests-sysfs-kunit-handle-alloc-failures-on-damon_sysfs_test_add_targets.patch mm-damon-tests-core-kunit-remove-unnecessary-damon_ctx-variable-on-damon_test_split_at.patch mm-damon-tests-core-kunit-remove-unused-ctx-in-damon_test_split_regions_of.patch

2 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror