Linaro-mm-sig

linaro-mm-sig@lists.linaro.org

86 participants
6551 discussions

[PATCH] dma-buf: fix UAF in dma_buf_fd() tracepoint

by David Carlier

Once FD_ADD() returns, the fd is live in the file descriptor table and a thread sharing that table can close() it before DMA_BUF_TRACE() runs. The close drops the last reference, __fput() frees the dma_buf, and the tracepoint then dereferences dmabuf to take dmabuf->name_lock -- slab-use-after-free. Split FD_ADD() back into get_unused_fd_flags() + fd_install() and emit the tracepoint between them. While the fdtable slot is reserved with a NULL file pointer, a racing close() returns -EBADF without entering __fput(), so the dma_buf stays alive across the trace. Same approach as commit 2d76319c4cbb ("dma-buf: fix UAF in dma_buf_put() tracepoint"). This undoes the FD_ADD() conversion done in commit 34dfce523c90 ("dma: convert dma_buf_fd() to FD_ADD()"); FD_ADD() has no place to hook the tracepoint safely. Reported-by: syzbot+7f4987d0afb97dd090cb(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=7f4987d0afb97dd090cb Fixes: 281a22631423 ("dma-buf: add some tracepoints to debug.") Cc: stable(a)vger.kernel.org # 7.0.x Signed-off-by: David Carlier <devnexen(a)gmail.com> --- drivers/dma-buf/dma-buf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 71f37544a5c6..d504c636dc29 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -792,9 +792,13 @@ int dma_buf_fd(struct dma_buf *dmabuf, int flags) if (!dmabuf || !dmabuf->file) return -EINVAL; - fd = FD_ADD(flags, dmabuf->file); + fd = get_unused_fd_flags(flags); + if (fd < 0) + return fd; + DMA_BUF_TRACE(trace_dma_buf_fd, dmabuf, fd); + fd_install(fd, dmabuf->file); return fd; } EXPORT_SYMBOL_NS_GPL(dma_buf_fd, "DMA_BUF"); -- 2.53.0

7 hours, 3 minutes

[PATCH v3 00/10] Add dmabuf read/write via io_uring

by Pavel Begunkov

The patch set allows to register a dmabuf to an io_uring instance for a specified file and use it with io_uring read / write requests. The infrastructure is not tied to io_uring and there could be more users in the future. A similar idea was attempted some years ago by Keith [1], from where I borrowed a good number of changes, and later was brough up by Tushar and Vishal from Intel. It's an opt-in feature for files, and they need to implement a new file operation to use it. Only NVMe block devices are supported in this series. The user API is built on top of io_uring's "registered buffers", where a dmabuf is registered in a special way, but after it can be used as any other "registered buffer" with IORING_OP_{READ,WRITE}_FIXED requests. It's created via a new file operation and the resulted map is then passed through the I/O stack in a new iterator type. There is some additional infrastructure to bind it all, which also counts requests using a dmabuf map and managing lifetimes, which is used to implement map invalidation. It was tested for GPU <-> NVMe transfers. Also, as it maintains a long-term dma mapping, it helps with the IOMMU cost. The numbers below are for udmabuf reads previously run by Anuj for different IOMMU modes: - STRICT: before = 570 KIOPS, after = 5.01 MIOPS - LAZY: before = 1.93 MIOPS, after = 5.01 MIOPS - PASSTHROUGH: before = 5.01 MIOPS, after = 5.01 MIOPS There are some liburing tests that can serve as an example: git: https://github.com/isilence/liburing.git rw-dmabuf-tests-v3 url: https://github.com/isilence/liburing/tree/rw-dmabuf-tests-v3 [1] https://lore.kernel.org/io-uring/20220805162444.3985535-1-kbusch@fb.com/ v3: - Rework io_uring registration - Move token/map infrastructure code out of blk-mq - Simplify callbacks: remove a separate blk-mq table, which was mostly just forwarding calls (to nvme). - Don't skip dma sync depending on request direction - Fix a couple of hangs - Rename s/dma/dmabuf/ - Other small changes v2: - Don't pass raw dma addresses, wrap it into a driver specific object - Split into two objects: token and map - Implement move_notify Pavel Begunkov (10): file: add callback for creating long-term dmabuf maps iov_iter: add iterator type for dmabuf maps block: move bvec init into __bio_clone block: introduce dma map backed bio type lib: add dmabuf token infrastructure block: forward create_dmabuf_token to drivers nvme-pci: implement dma_token backed requests io_uring/rsrc: introduce buf registration structure io_uring/rsrc: extend buffer update io_uring/rsrc: add dmabuf backed registered buffers block/bio.c | 28 +++- block/blk-merge.c | 14 ++ block/blk.h | 3 +- block/fops.c | 16 ++ drivers/nvme/host/pci.c | 282 ++++++++++++++++++++++++++++++++ include/linux/bio.h | 19 ++- include/linux/blk-mq.h | 9 + include/linux/blk_types.h | 8 +- include/linux/fs.h | 2 + include/linux/io_dmabuf_token.h | 92 +++++++++++ include/linux/io_uring_types.h | 5 + include/linux/uio.h | 11 ++ include/uapi/linux/io_uring.h | 31 +++- io_uring/io_uring.c | 3 +- io_uring/rsrc.c | 266 +++++++++++++++++++++++++----- io_uring/rsrc.h | 30 +++- io_uring/rw.c | 4 +- lib/Kconfig | 4 + lib/Makefile | 2 + lib/io_dmabuf_token.c | 272 ++++++++++++++++++++++++++++++ lib/iov_iter.c | 29 +++- 21 files changed, 1071 insertions(+), 59 deletions(-) create mode 100644 include/linux/io_dmabuf_token.h create mode 100644 lib/io_dmabuf_token.c -- 2.53.0

18 hours, 29 minutes

[PATCH v2 0/2] arm64: tegra: Enable DMA Support on Tegra194 QSPI

by Aaron Kling via B4 Relay

The reason for this is to properly support the spi nor chip on the Jetson Xavier NX module. Prior to this, it would time out on all transfers and sometimes even trigger a cbb fault, locking up the entire unit. With this, reading and writing to the flash memory works as expected. This also fixes the tegra210-quad spi driver to properly use the dma memory space instead of the spi controllers. Without this, enabling dma on the controllers results in mmu faults. The driver change has only been tested on tegra210 / p3450 and tegra194 / p3518 as that is the only available test platforms. Tegra234 and Tegra241 should also be verified. I have p3766 for tegra234, but the qspi flash memory is firewalled by mb1 on all publicly available bootloaders, and no other spi devices are part of the devkit. --- Changes in v2: - Drop bindings patches - Add patch to use dma memory space instead of the spi controllers when dma is enabled. - Drop iommu properties from final patch - Link to v1: https://lore.kernel.org/r/20260515-tegra194-qspi-iommu-v1-0-57dfb63cd3d6@gm… --- Aaron Kling (2): spi: tegra210-quad: Allocate DMA memory for DMA engine arm64: tegra: Enable DMA Support on Tegra194 QSPI arch/arm64/boot/dts/nvidia/tegra194.dtsi | 4 ++++ drivers/spi/spi-tegra210-quad.c | 29 ++++++++++++++++++----------- 2 files changed, 22 insertions(+), 11 deletions(-) --- base-commit: c1ecb239fa3456529a32255359fc78b69eb9d847 change-id: 20260515-tegra194-qspi-iommu-e4e4644d5fdf Best regards, -- Aaron Kling <webgeek1234(a)gmail.com>

19 hours, 11 minutes

[PATCH v2] dma-buf: set SB_I_NOEXEC and SB_I_NODEV on the pseudo filesystem

by John Hubbard

The dma-buf pseudo filesystem dispenses S_ANON_INODE inodes via alloc_anon_inode() but never sets SB_I_NOEXEC on its superblock. Since commit 1e7ab6f67824 ("anon_inode: rework assertions") in 6.17, path_noexec() warns on exactly that combination, so an mmap() on any dma-buf fd trips the warning: WARNING: CPU: 11 PID: 121813 at fs/exec.c:118 path_noexec+0x47/0x50 do_mmap+0x2b5/0x680 vm_mmap_pgoff+0x129/0x210 ksys_mmap_pgoff+0x177/0x240 __x64_sys_mmap+0x33/0x70 dma-bufs have no business being executable, which is the invariant that the new assertion is enforcing. Set SB_I_NOEXEC. Also set SB_I_NODEV, since the pseudo filesystem creates no device nodes. Reproducer on a CONFIG_DEBUG_VFS=y kernel: make -C tools/testing/selftests/dmabuf-heaps sudo ./tools/testing/selftests/dmabuf-heaps/dmabuf-heap -t system The selftest allocates from /dev/dma_heap/system and mmaps the returned fd, which trips the warning without this patch. Fixes: 1e7ab6f67824 ("anon_inode: rework assertions") Cc: stable(a)vger.kernel.org Reviewed-by: Christian Brauner (Amutable) <brauner(a)kernel.org> Signed-off-by: John Hubbard <jhubbard(a)nvidia.com> --- Changes since v1: * Also set SB_I_NODEV (suggested by Christian Brauner). * Added Christian Brauner's Reviewed-by tag (thanks!) drivers/dma-buf/dma-buf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 71f37544a5c6..ea1ddd4293b2 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -216,6 +216,8 @@ static int dma_buf_fs_init_context(struct fs_context *fc) if (!ctx) return -ENOMEM; ctx->dops = &dma_buf_dentry_ops; + fc->s_iflags |= SB_I_NOEXEC; + fc->s_iflags |= SB_I_NODEV; return 0; } base-commit: 6779b50faa562e6cca1aa6a4649a4d764c6c7e28 -- 2.54.0

20 hours, 3 minutes

Cybersecurity Experts Helping You Stay One Step Ahead Lee Ultimate Hacker

by ludolftom64＠gmail.com

Leeultimatehacker @ a o l . c o m) whatspp +1 ( 7 1 5 ) 3 1 4 - 9 2 4 8 Lee Ultimate Hacker is a professional cybersecurity platform specializing in advanced digital protection, ethical hacking services, cyber risk assessment, and online security solutions for businesses, entrepreneurs, and individuals seeking stronger protection against modern cyber threats. As cybercrime continues to rise globally, securing websites, networks, databases, and online accounts has become a critical priority. Lee Ultimate Hacker delivers reliable cybersecurity services designed to help clients strengthen their digital infrastructure, prevent unauthorized access, and protect valuable information from hackers, malware, phishing attacks, ransomware, and data breaches. With a strong reputation for professionalism and technical expertise, Lee Ultimate Hacker provides customized cybersecurity solutions tailored to the needs of each client. The platform focuses on ethical hacking practices, vulnerability testing, penetration testing, and cybersecurity consulting to identify weaknesses before cybercriminals can exploit them. By using modern security techniques and industry-standard methodologies, clients receive effective protection strategies that improve online safety and long-term digital resilience. Businesses today depend heavily on digital technology for communication, e-commerce, financial transactions, and customer engagement. Without proper cybersecurity protection, organizations face serious risks that can lead to financial losses, damaged reputations, and operational disruptions. Lee Ultimate Hacker helps businesses reduce these risks through proactive cybersecurity measures, security monitoring, and strategic defense planning. From website security optimization to network protection and cyber threat analysis, every solution is designed to maintain secure and stable digital operations. Lee Ultimate Hacker also supports individuals who want stronger personal cybersecurity and privacy protection. Cybercriminals often target personal accounts, online wallets, and private information through scams, phishing emails, and malicious software. Through cybersecurity consultation and digital protection guidance, clients can improve password security, strengthen account protection, and reduce exposure to online threats. The platform promotes cybersecurity awareness and encourages safer online practices to help users protect their digital identity and sensitive information. What sets Lee Ultimate Hacker apart is a commitment to confidentiality, ethical standards, and customer satisfaction. Every project is handled with professionalism, discretion, and attention to detail to ensure clients receive trustworthy cybersecurity support. The platform continuously stays updated with the latest cybersecurity trends, hacking techniques, and threat intelligence to provide modern and effective security solutions in a constantly evolving digital landscape. Search engines value websites that provide authoritative, relevant, and high-quality cybersecurity content. Lee Ultimate Hacker is focused on delivering informative and reliable cybersecurity services that align with modern digital protection standards. By combining technical expertise with practical security solutions, the platform continues to build credibility as a dependable source for ethical hacking, cyber defense, and online security consulting. Whether you are looking for website security services, vulnerability assessment, penetration testing, ethical hacking consultation, network security support, or advanced digital protection, Lee Ultimate Hacker provides professional cybersecurity solutions designed to protect your online presence and secure your digital assets. The goal is to help businesses and individuals operate with greater confidence, knowing their systems and information are protected by modern cybersecurity strategies.

1 day, 4 hours

UncertainRouteCanvas

by wernerkatherine77＠proton.me

Thermal Logic: Why Gambling Ended Up at the Heart of the German Resort Economy Thermal resorts in the 18th and 19th centuries http://auslaendische-online-casinos.de/ needed a way to keep wealthy visitors entertained past dinner. Concerts helped. Theater helped more. But nothing extended the stay — and the spending — quite like a well-appointed room where money could change hands in a socially acceptable setting. Baden-Baden understood this before most. The Kurhaus became a model not because it was unique but because it made the interdependence visible. A guest who came for the waters stayed for the tables, spent on the hotel, bought things in the shops, and left having funded an entire local economy for several days. The logic was circular and deliberately so. Civic planners in spa towns across what would become Germany replicated it, which is why the origins of casinos in Germany are not found in any single invention but in a distributed experiment conducted across dozens of small resort towns competing for the same aristocratic clientele throughout the 1800s. Bad Homburg refined the roulette wheel. Wiesbaden attracted the Russian literary crowd. Aachen positioned itself for the Belgian and French market. Each town adapted the model to its geography and its visitors, and the result was a casino culture embedded in regional identity rather than sitting apart from it. Prussia's 1868 ban interrupted that trajectory sharply. The decades that followed pushed gambling into legal ambiguity across German territories, and the post-war reconstruction of the industry happened unevenly — shaped more by which states had surviving spa infrastructure than by any coherent national policy. That patchwork is still visible today in the distribution of licensed land-based establishments, clustered around the same historic resort towns that invented the format in the first place. The digital era forced a reckoning with this geography. Online platforms do not have a location in any meaningful sense, which made the old state-by-state regulatory model collapse under its own inconsistencies. The 2021 Glücksspielstaatsvertrag addressed this by creating a unified federal framework and, critically, establishing the conditions under which providers could obtain a casino Germany EU license — a mechanism bringing domestic law into functional alignment with the internal market principles Brussels had been pressing for years. The treaty imposed strict behavioral constraints: mandatory deposit limits, real-time transaction monitoring, advertising watersheds, and a hard prohibition on certain product categories that had flourished in the unregulated online space. For operators already holding licenses in Malta or Gibraltar, the German market became accessible in theory and expensive in practice. Compliance infrastructure, local tax obligations, and the administrative requirements of the new framework made entry calculations difficult for anyone below a certain scale. Consolidation followed, as it tends to. The broader European picture remains deliberately fragmented. France runs its online market through a state-backed monopoly logic. The Netherlands introduced licensing in 2021 under its own Remote Gambling Act, with a different set of consumer protection priorities. Sweden liberalized in 2019 and has spent the years since managing the gap between projected and actual outcomes in problem gambling rates. Germany sits somewhere in this spectrum — more open than its pre-2021 self, more restrictive than the offshore destinations its residents had been using freely for years before the law caught up.

2 days, 7 hours

Re: DEPT (the dependency tracker) as AI review prompt?

by Yunseong Kim

Hi Harry, On 5/23/26 16:34, Harry Yoo wrote: > > > On 5/23/26 11:00 PM, Yunseong Kim wrote: >> I've previously experimented with running DEPT alongside syzkaller fuzzing, >> and many hung tasks missed by lockdep are caught by DEPT, but the resulting >> high volume of reports makes it easy for issues to get lost in the massive >> log output. Sorting through that output manually is a huge bottleneck, so >> leveraging a well-crafted AI prompt to triage the warnings and filter out >> the false positives would be incredibly valuable. > > I mean both 1) detection of deadlock issues AND 2) false positive elimination with AI. I completely agree. Implanting DEPT's model into an AI review prompt is a great idea. As you suggested, the patterns we develop for the AI could provide valuable feedback to enhance DEPT's itself. > If the review prompt is only used to eliminate DEPT's false positives, I think that would be quite hard to get broad use. > > Someone would have to build out-of-tree DEPT, collect the reports, and then feed those back into the AI. I don't think building that kind of pipeline would actually work well in practice. I also have a huge dept report of DEPT reports, and manually reviewing all of them is makes me sigh. The constant kernel rebuilds required for lockup testing every time are also quite expensive. Thanks for the summary! Best Regards, Yunseong

2 days, 10 hours

How to Hire a Hacker to remove unwanted information & files from all search engines linked on the internet

by lenarichmond49＠gmail.com

Have you been a victim of scams, fake investments, romance fraud, or online job scams? Losing your hard-earned money can be devastating, but you don't have to accept defeat! Recovery is 95% possible. Hire Digital Light Solutions messages E m ai l: digital,light,solution@ quality,service.c om & Telegram —digitallightsolution

2 days, 14 hours

How to Hire a Hacker to remove unwanted information & files from all search engines linked on the internet

by lenarichmond49＠gmail.com

2 days, 16 hours

How to Hire a Hacker to remove unwanted information & files from all search engines linked on the internet

by lenarichmond49＠gmail.com

2 days, 16 hours

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig