DMA_HEAP_IOCTL_ALLOC allocates a dma-buf and installs an fd into the
caller's fd table via fd_install() before dma_heap_ioctl() copies the
result back to userspace. If the trailing copy_to_user() fails, the
ioctl returns -EFAULT and userspace never learns the fd number, but
the fd (and the underlying dma-buf reference) remain in the caller's
fd table and are leaked for the lifetime of the process.
The failure is easily reachable from userspace: pass a struct
dma_heap_allocation_data that lives in a page whose protection is
flipped to PROT_READ between copy_from_user() and copy_to_user()
(e.g. via mprotect()). Each such ioctl leaks one dmabuf fd; repeating
the call quickly fills /proc/<pid>/fd with anonymous "/dmabuf:"
entries that only go away when the process exits.
Fix it by closing the installed fd (and clearing the fd field of the
kernel-side copy) when copy_to_user() fails after a successful
allocation, so the error path matches what userspace observes: no fd
was returned, therefore no fd is left behind.
Fixes: c02a81fba74f ("dma-buf: Add dma-buf heaps framework")
Cc: stable(a)vger.kernel.org
Signed-off-by: Baineng Shou <shoubaineng(a)gmail.com>
---
Reproducer (full source, gcc -o poc poc.c; run as root):
// poc.c -- leak one dma-buf fd per DMA_HEAP_IOCTL_ALLOC
// when copy_to_user() fails
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <sys/mman.h>
#include <linux/dma-heap.h>
int main(int argc, char **argv)
{
int n = argc > 1 ? atoi(argv[1]) : 100;
long ps = sysconf(_SC_PAGESIZE);
int heap = open("/dev/dma_heap/system", O_RDWR | O_CLOEXEC);
if (heap < 0)
return perror("open"), 1;
for (int i = 0; i < n; i++) {
/* Put a valid request in a page, then make the page
* read-only: copy_from_user() still succeeds and the
* dma-buf is allocated and fd_install()'d, but the
* trailing copy_to_user() fails and the fd, never
* returned to us, is leaked.
*/
struct dma_heap_allocation_data *req =
mmap(NULL, ps, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
memset(req, 0, sizeof(*req));
req->len = ps;
req->fd_flags = O_RDWR | O_CLOEXEC;
mprotect(req, ps, PROT_READ);
ioctl(heap, DMA_HEAP_IOCTL_ALLOC, req); /* -EFAULT */
munmap(req, ps);
}
printf("done: check ls -l /proc/%d/fd for %d leaked fds\n",
getpid(), n);
pause();
return 0;
}
Before the fix, ./poc 10 leaves 10 anonymous dmabuf fds in the
caller's fd table:
# ls -l /proc/$(pgrep poc)/fd
lrwx------ 1 root root 64 Jan 1 00:03 3 -> /dev/dma_heap/system
lrwx------ 1 root root 64 Jan 1 00:03 4 -> /dmabuf:
lrwx------ 1 root root 64 Jan 1 00:03 5 -> /dmabuf:
lrwx------ 1 root root 64 Jan 1 00:03 6 -> /dmabuf:
lrwx------ 1 root root 64 Jan 1 00:03 7 -> /dmabuf:
lrwx------ 1 root root 64 Jan 1 00:03 8 -> /dmabuf:
lrwx------ 1 root root 64 Jan 1 00:03 9 -> /dmabuf:
lrwx------ 1 root root 64 Jan 1 00:03 10 -> /dmabuf:
lrwx------ 1 root root 64 Jan 1 00:03 11 -> /dmabuf:
lrwx------ 1 root root 64 Jan 1 00:03 12 -> /dmabuf:
lrwx------ 1 root root 64 Jan 1 00:03 13 -> /dmabuf:
After the fix, only /dev/dma_heap/system remains open; the
anonymous "/dmabuf:" entries are gone.
drivers/dma-buf/dma-heap.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/dma-buf/dma-heap.c b/drivers/dma-buf/dma-heap.c
index a76bf3f8b071..0dd7a84b06bf 100644
--- a/drivers/dma-buf/dma-heap.c
+++ b/drivers/dma-buf/dma-heap.c
@@ -18,6 +18,7 @@
#include <linux/uaccess.h>
#include <linux/xarray.h>
#include <uapi/linux/dma-heap.h>
+#include <linux/fdtable.h>
#define DEVNAME "dma_heap"
@@ -181,8 +182,16 @@ static long dma_heap_ioctl(struct file *file, unsigned int ucmd,
goto err;
}
- if (copy_to_user((void __user *)arg, kdata, out_size) != 0)
+ if (copy_to_user((void __user *)arg, kdata, out_size) != 0) {
+ if (kcmd == DMA_HEAP_IOCTL_ALLOC && ret == 0) {
+ struct dma_heap_allocation_data *h = (void *)kdata;
+
+ close_fd(h->fd);
+ h->fd = -1;
+ }
ret = -EFAULT;
+ }
+
err:
if (kdata != stack_kdata)
kfree(kdata);
--
2.34.1
Hi Linus and folks,
DEPT(DEPendency Tracker) is a runtime deadlock detection framework that
sees what lockdep cannot.
I'm thrilled to share that DEPT has moved beyond theory and is now
catching real deadlocks in the wild:
https://lore.kernel.org/lkml/6383cde5-cf4b-facf-6e07-1378a485657d@I-love.SA…https://lore.kernel.org/lkml/1674268856-31807-1-git-send-email-byungchul.pa…https://lore.kernel.org/all/b6e00e77-4a8c-4e05-ab79-266bf05fcc2d@igalia.com/
I've added comprehensive documentation explaining DEPT's design and usage.
Getting started is as simple as enabling CONFIG_DEPT and watching dmesg.
THE PROBLEM LOCKDEP CANNOT SOLVE
--------------------------------
Lockdep has been our trusted deadlock detector for two decades, but it
has a fundamental blind spot: it tracks lock acquisition order, not the
actual waits and events that cause deadlocks. This means lockdep misses:
* Deadlocks involving folio locks (not released within the context)
* Cross-context synchronization like wait_for_completion()/complete()
* DMA fence waits, RCU waits, and general waitqueue patterns
* Any synchronization primitive outside the classic lock/unlock model
Consider this real deadlock pattern that lockdep cannot detect:
context X context Y context Z
mutex_lock A
folio_lock B
folio_lock B <- DEADLOCK
mutex_lock A <- DEADLOCK
folio_unlock B
folio_unlock B
mutex_unlock A
mutex_unlock A
Lockdep sees lock acquisitions. DEPT sees the actual dependency:
"mutex_unlock A in context Y cannot happen until folio_lock B is
awakened by the owner's folio_unlock B, and vice versa in context Z."
It's a circular dependency that means deadlock.
THE DEPT APPROACH
-----------------
DEPT asks a simpler question: "What is this context waiting for, and
what event will wake it up?"
Every deadlock is fundamentally about unreachable events. DEPT tracks:
[S] Where an event context begins (the code path that will trigger
an event)
[W] Where a wait for another event apears between [S] and [E]
[E] Where the event for [S] occurs
By building a dependency graph of "[E] cannot occur until the event that
[W] waits for occurs", DEPT detects circular dependencies regardless of
the underlying synchronization primitives involved.
WHAT DEPT BRINGS TO THE TABLE
-----------------------------
* Universal coverage: Works with any wait/event-based synchronization,
not just locks
* Correct read-lock handling: No more blind spots for read-side
dependencies
* Continuous operation: Unlike lockdep, DEPT keeps running after
reports, catching multiple deadlocks in a single session
* Clean annotation API: Simple, intuitive interfaces for subsystem
maintainers to refine detection
* Battle-tested: Already catching real deadlocks as the links above
demonstrate
FALSE POSITIVES: THE HONEST CONVERSATION
----------------------------------------
Like any powerful detection tool, DEPT faces the false positive
challenge. This is not unique to DEPT — lockdep spent years building its
annotation infrastructure (lock classes, subclasses, lockdep_map) to
separate real bugs from intentional patterns.
DEPT is on the same journey. We have:
* Event site recovery: Declare when an event has fallback paths
* Subclass-based classification: Distinguish per-CPU, per-device,
and modality-specific waits
* Page usage tracking: Separate block device mappings from regular
file mappings to avoid spurious reports (currently being worked on)
But comprehensive annotation requires subsystem maintainer expertise.
This is where I need your help.
THE PATH TO MAINLINE
--------------------
DEPT is marked EXPERIMENTAL in Kconfig for a reason. Like lockdep, it
will mature through collaboration:
1. Core framework: Stabilized and ready for review
2. Subsystem pilots: Working with maintainers to add annotations
where they matter most (mm, block, drm, networking, ...)
3. Gradual enablement: DEPT and lockdep coexist; DEPT takes over
dependency checking when ready
I am not proposing to replace lockdep. Lockdep's lock usage validation
remains invaluable. The vision is:
LOCKDEP: Validates correct lock usage
|
v
DEPT: Performs dependency checking with full wait/event coverage
WHY MERGE NOW?
--------------
Some might suggest: "Fix all false positives out-of-tree first." But
the affected subsystems span the entire kernel. Like lockdep's
two-decade annotation journey, DEPT needs mainline visibility for:
* Proper annotation placement (maintainers know their code best)
* Real-world testing across configurations and workloads
* Incremental improvement through community feedback
CONFIG_DEPT is opt-in. It won't affect your default kernel build. But
for those debugging complex synchronization issues, DEPT is ready to
help today.
ACKNOWLEDGMENTS
---------------
This work would not be possible without:
Harry Yoo <harry.yoo(a)oracle.com>
Gwan-gyeong Mun <gwan-gyeong.mun(a)intel.com>
Yunseong Kim <ysk(a)kzalloc.com>
Yeoreum Yun <yeoreum.yun(a)arm.com>
And the countless kernel developers whose lockdep annotations over two
decades showed us the path forward.
FAQ
---
Q. Isn't this the cross-release feature that got reverted?
A. Cross-release (commit b09be676e0ff2) attempted to extend lockdep
with wait/event tracking. It found real bugs but introduced false
positives that masked further issues. DEPT learns from that
experience with a cleaner design and flexible reporting that makes
false positives less disruptive.
Q. Why not build DEPT into lockdep?
A. Lockdep is stable, battle-tested code. I chose separation because
while DEPT borrows BFS and hashing ideas, the wait/event model
requires rebuilding from scratch. Lockdep was designed for lock
acquisition order — retrofitting it would risk its stability.
Q. Will DEPT replace lockdep?
A. No. Lockdep validates correct lock usage — that's not going away.
DEPT supersedes only the dependency-checking logic when mature.
Q. Should we merge DEPT now or wait for more annotations out-of-tree?
A. Now. The annotation journey requires mainline collaboration. Lockdep
didn't become useful overnight — it grew through maintainer
contributions. DEPT needs the same path.
Q. What if I enable DEPT and get false positives?
A. That's the point — report them. Work with us to add annotations that
distinguish your intentional patterns from real deadlocks. This is
how lockdep became indispensable, and it's how DEPT will too.
GETTING STARTED
---------------
1. Enable CONFIG_DEPT (EXPERIMENTAL)
2. Boot your kernel
3. Check dmesg for DEPT reports
4. Read Documentation/dev-tools/dept.rst for interpretation
DEPT is a tool for understanding your code's synchronization behavior.
Even if you never see a deadlock report, the visibility it provides
is invaluable.
I look forward to your feedback, patches, and collaboration. Let's make
DEPT as indispensable to kernel developers as lockdep has been.
---
Changes from v18:
1. Rebase on v7.0.
2. Add 'Reviewed-by: Jeff Layton <jlayton(a)kernel.org>' on 37th
patch, 'SUNRPC: relocate struct rcu_head to the first field
of struct rpc_xprt'. (thanks to Jeff Layton)
3. Refine and supplement dept documents and comments, and fix
typos. (feedbacked by Bagas Sanjaya and Yunseong Kim)
4. Add __rust_helper to rust_helper_wait_for_completion().
(feedbacked by Dirk Behme)
5. Remove the part supporting recover events tracking - I will
keep maintaining it out of tree tho - as it unnecessarily
complicates the initial DEPT patchset and significantly
increases the review burden.
6. Get rid of 'extern' keyword with function declarations.
(feedbacked by Petr Pavlu)
Changes from v17:
1. Rebase on the mainline as of 2025 Dec 5.
2. Convert the documents' format from txt to rst. (feedbacked
by Jonathan Corbet and Bagas Sanjaya)
3. Move the documents from 'Documentation/dependency' to
'Documentation/dev-tools'. (feedbakced by Jonathan Corbet)
4. Improve the documentation. (feedbacked by NeilBrown)
5. Use a common function, enter_from_user_mode(), instead of
arch specific code, to notice context switch from user mode.
(feedbacked by Dave Hansen, Mark Rutland, and Mark Brown)
6. Resolve the header dependency issue by using dept's internal
header, instead of relocating 'struct llist_{head,node}' to
another header. (feedbacked by Greg KH)
7. Improve page(or folio) usage type APIs.
8. Add rust helper for wait_for_completion(). (feedbacked by
Guangbo Cui, Boqun Feng, and Danilo Krummrich)
9. Refine some commit messages.
Changes from v16:
1. Rebase on v6.17.
2. Fix a false positive from rcu (by Yunseong Kim)
3. Introduce APIs to set page's usage, dept_set_page_usage() and
dept_reset_page_usage() to avoid false positives.
4. Consider lock_page() as a potential wait unconditionally.
5. Consider folio_lock_killable() as a potential wait
unconditionally.
6. Add support for tracking PG_writeback waits and events.
7. Fix two build errors due to the additional debug information
added by dept. (by Yunseong Kim)
Changes from v15:
1. Fix typo and improve comments and commit messages (feedbacked
by ALOK TIWARI, Waiman Long, and kernel test robot).
2. Do not stop dept on detection of cicular dependency of
recover event, allowing to keep reporting.
3. Add SK hynix to copyright.
4. Consider folio_lock() as a potential wait unconditionally.
5. Fix Kconfig dependency bug (feedbacked by kernel test rebot).
6. Do not suppress reports that involve classes even that have
already involved in other reports, allowing to keep
reporting.
Changes from v14:
1. Rebase on the current latest, v6.15-rc6.
2. Refactor dept code.
3. With multi event sites for a single wait, even if an event
forms a circular dependency, the event can be recovered by
other event(or wake up) paths. Even though informing the
circular dependency is worthy but it should be suppressed
once informing it, if it doesn't lead an actual deadlock. So
introduce APIs to annotate the relationship between event
site and recover site, that are, event_site() and
dept_recover_event().
4. wait_for_completion() worked with dept map embedded in struct
completion. However, it generates a few false positves since
all the waits using the instance of struct completion, share
the map and key. To avoid the false positves, make it not to
share the map and key but each wait_for_completion() caller
have its own key by default. Of course, external maps also
can be used if needed.
5. Fix a bug about hardirq on/off tracing.
6. Implement basic unit test for dept.
7. Add more supports for dma fence synchronization.
8. Add emergency stop of dept e.g. on panic().
9. Fix false positives by mmu_notifier_invalidate_*().
10. Fix recursive call bug by DEPT_WARN_*() and DEPT_STOP().
11. Fix trivial bugs in DEPT_WARN_*() and DEPT_STOP().
12. Fix a bug that a spin lock, dept_pool_spin, is used in
both contexts of irq disabled and enabled without irq
disabled.
13. Suppress reports with classes, any of that already have
been reported, even though they have different chains but
being barely meaningful.
14. Print stacktrace of the wait that an event is now waking up,
not only stacktrace of the event.
15. Make dept aware of lockdep_cmp_fn() that is used to avoid
false positives in lockdep so that dept can also avoid them.
16. Do do_event() only if there are no ecxts have been
delimited.
17. Fix a bug that was not synchronized for stage_m in struct
dept_task, using a spin lock, dept_task()->stage_lock.
18. Fix a bug that dept didn't handle the case that multiple
ttwus for a single waiter can be called at the same time
e.i. a race issue.
19. Distinguish each kernel context from others, not only by
system call but also by user oriented fault so that dept can
work with more accuracy information about kernel context.
That helps to avoid a few false positives.
20. Limit dept's working to x86_64 and arm64.
Changes from v13:
1. Rebase on the current latest version, v6.9-rc7.
2. Add 'dept' documentation describing dept APIs.
Changes from v12:
1. Refine the whole document for dept.
2. Add 'Interpret dept report' section in the document, using a
deadlock report obtained in practice. Hope this version of
document helps guys understand dept better.
https://lore.kernel.org/lkml/6383cde5-cf4b-facf-6e07-1378a485657d@I-love.SA…https://lore.kernel.org/lkml/1674268856-31807-1-git-send-email-byungchul.pa…
Changes from v11:
1. Add 'dept' documentation describing the concept of dept.
2. Rewrite the commit messages of the following commits for
using weaker lockdep annotation, for better description.
fs/jbd2: Use a weaker annotation in journal handling
cpu/hotplug: Use a weaker annotation in AP thread
(feedbacked by Thomas Gleixner)
Changes from v10:
1. Fix noinstr warning when building kernel source.
2. dept has been reporting some false positives due to the folio
lock's unfairness. Reflect it and make dept work based on
dept annotaions instead of just wait and wake up primitives.
3. Remove the support for PG_writeback while working on 2. I
will add the support later if needed.
4. dept didn't print stacktrace for [S] if the participant of a
deadlock is not lock mechanism but general wait and event.
However, it made hard to interpret the report in that case.
So add support to print stacktrace of the requestor who asked
the event context to run - usually a waiter of the event does
it just before going to wait state.
5. Give up tracking raw_local_irq_{disable,enable}() since it
totally messed up dept's irq tracking. So make it work in the
same way as lockdep does. I will consider it once any false
positives by those are observed again.
6. Change the manual rwsem_acquire_read(->j_trans_commit_map)
annotation in fs/jbd2/transaction.c to the try version so
that it works as much as it exactly needs.
7. Remove unnecessary 'inline' keyword in dept.c and add
'__maybe_unused' to a needed place.
Changes from v9:
1. Fix a bug. SDT tracking didn't work well because of my big
mistake that I should've used waiter's map to indentify its
class but it had been working with waker's one. FYI,
PG_locked and PG_writeback weren't affected. They still
worked well. (reported by YoungJun)
Changes from v8:
1. Fix build error by adding EXPORT_SYMBOL(PG_locked_map) and
EXPORT_SYMBOL(PG_writeback_map) for kernel module build -
appologize for that. (reported by kernel test robot)
2. Fix build error by removing header file's circular dependency
that was caused by "atomic.h", "kernel.h" and "irqflags.h",
which I introduced - appolgize for that. (reported by kernel
test robot)
Changes from v7:
1. Fix a bug that cannot track rwlock dependency properly,
introduced in v7. (reported by Boqun and lockdep selftest)
2. Track wait/event of PG_{locked,writeback} more aggressively
assuming that when a bit of PG_{locked,writeback} is cleared
there might be waits on the bit. (reported by Linus, Hillf
and syzbot)
3. Fix and clean bad style code e.i. unnecessarily introduced
a randome pattern and so on. (pointed out by Linux)
4. Clean code for applying dept to wait_for_completion().
Changes from v6:
1. Tie to task scheduler code to track sleep and try_to_wake_up()
assuming sleeps cause waits, try_to_wake_up()s would be the
events that those are waiting for, of course with proper dept
annotations, sdt_might_sleep_weak(), sdt_might_sleep_strong()
and so on. For these cases, class is classified at sleep
entrance rather than the synchronization initialization code.
Which would extremely reduce false alarms.
2. Remove the dept associated instance in each page struct for
tracking dependencies by PG_locked and PG_writeback thanks to
the 1. work above.
3. Introduce CONFIG_dept_AGGRESIVE_TIMEOUT_WAIT to suppress
reports that waits with timeout set are involved, for those
who don't like verbose reporting.
4. Add a mechanism to refill the internal memory pools on
running out so that dept could keep working as long as free
memory is available in the system.
5. Re-enable tracking hashed-waitqueue wait. That's going to no
longer generate false positives because class is classified
at sleep entrance rather than the waitqueue initailization.
6. Refactor to make it easier to port onto each new version of
the kernel.
7. Apply dept to dma fence.
8. Do trivial optimizaitions.
Changes from v5:
1. Use just pr_warn_once() rather than WARN_ONCE() on the lack
of internal resources because WARN_*() printing stacktrace is
too much for informing the lack. (feedback from Ted, Hyeonggon)
2. Fix trivial bugs like missing initializing a struct before
using it.
3. Assign a different class per task when handling onstack
variables for waitqueue or the like. Which makes dept
distinguish between onstack variables of different tasks so
as to prevent false positives. (reported by Hyeonggon)
4. Make dept aware of even raw_local_irq_*() to prevent false
positives. (reported by Hyeonggon)
5. Don't consider dependencies between the events that might be
triggered within __schedule() and the waits that requires
__schedule(), real ones. (reported by Hyeonggon)
6. Unstage the staged wait that has prepare_to_wait_event()'ed
*and* yet to get to __schedule(), if we encounter __schedule()
in-between for another sleep, which is possible if e.g. a
mutex_lock() exists in 'condition' of ___wait_event().
7. Turn on CONFIG_PROVE_LOCKING when CONFIG_DEPT is on, to rely
on the hardirq and softirq entrance tracing to make dept more
portable for now.
Changes from v4:
1. Fix some bugs that produce false alarms.
2. Distinguish each syscall context from another *for arm64*.
3. Make it not warn it but just print it in case dept ring
buffer gets exhausted. (feedback from Hyeonggon)
4. Explicitely describe "EXPERIMENTAL" and "dept might produce
false positive reports" in Kconfig. (feedback from Ted)
Changes from v3:
1. dept shouldn't create dependencies between different depths
of a class that were indicated by *_lock_nested(). dept
normally doesn't but it does once another lock class comes
in. So fixed it. (feedback from Hyeonggon)
2. dept considered a wait as a real wait once getting to
__schedule() even if it has been set to TASK_RUNNING by wake
up sources in advance. Fixed it so that dept doesn't consider
the case as a real wait. (feedback from Jan Kara)
3. Stop tracking dependencies with a map once the event
associated with the map has been handled. dept will start to
work with the map again, on the next sleep.
Changes from v2:
1. Disable dept on bit_wait_table[] in sched/wait_bit.c
reporting a lot of false positives, which is my fault.
Wait/event for bit_wait_table[] should've been tagged in a
higher layer for better work, which is a future work.
(feedback from Jan Kara)
2. Disable dept on crypto_larval's completion to prevent a false
positive.
Changes from v1:
1. Fix coding style and typo. (feedback from Steven)
2. Distinguish each work context from another in workqueue.
3. Skip checking lock acquisition with nest_lock, which is about
correct lock usage that should be checked by lockdep.
Changes from RFC(v0):
1. Prevent adding a wait tag at prepare_to_wait() but __schedule().
(feedback from Linus and Matthew)
2. Use try version at lockdep_acquire_cpus_lock() annotation.
3. Distinguish each syscall context from another.
Byungchul Park (39):
dept: implement DEPT(DEPendency Tracker)
dept: add single event dependency tracker APIs
dept: add lock dependency tracker APIs
dept: tie to lockdep and IRQ tracing
dept: add proc knobs to show stats and dependency graph
dept: distinguish each kernel context from another
dept: distinguish each work from another
dept: add a mechanism to refill the internal memory pools on running
out
dept: record the latest one out of consecutive waits of the same class
dept: apply sdt_might_sleep_{start,end}() to
wait_for_completion()/complete()
dept: apply sdt_might_sleep_{start,end}() to swait
dept: apply sdt_might_sleep_{start,end}() to waitqueue wait
dept: apply sdt_might_sleep_{start,end}() to hashed-waitqueue wait
dept: apply sdt_might_sleep_{start,end}() to dma fence
dept: track timeout waits separately with a new Kconfig
dept: apply timeout consideration to wait_for_completion()/complete()
dept: apply timeout consideration to swait
dept: apply timeout consideration to waitqueue wait
dept: apply timeout consideration to hashed-waitqueue wait
dept: apply timeout consideration to dma fence wait
dept: make dept able to work with an external wgen
dept: track PG_locked with dept
dept: print staged wait's stacktrace on report
locking/lockdep: prevent various lockdep assertions when
lockdep_off()'ed
dept: add documents for dept
cpu/hotplug: use a weaker annotation in AP thread
dept: assign dept map to mmu notifier invalidation synchronization
dept: assign unique dept_key to each distinct dma fence caller
dept: make dept aware of lockdep_set_lock_cmp_fn() annotation
dept: make dept stop from working on debug_locks_off()
dept: assign unique dept_key to each distinct wait_for_completion()
caller
completion, dept: introduce init_completion_dmap() API
dept: call dept_hardirqs_off() in local_irq_*() regardless of irq
state
dept: introduce APIs to set page usage and use subclasses_evt for the
usage
dept: track PG_writeback with dept
SUNRPC: relocate struct rcu_head to the first field of struct rpc_xprt
mm: percpu: increase PERCPU_DYNAMIC_SIZE_SHIFT on DEPT and large
PAGE_SIZE
rust: completion: Add __rust_helper to
rust_helper_wait_for_completion()
dept: implement a basic unit test for dept
Yunseong Kim (1):
rcu/update: fix same dept key collision between various types of RCU
Documentation/dev-tools/dept.rst | 905 ++++++++
Documentation/dev-tools/dept_api.rst | 124 +
Documentation/dev-tools/index.rst | 2 +
drivers/dma-buf/dma-fence.c | 23 +-
include/linux/completion.h | 124 +-
include/linux/dept.h | 267 +++
include/linux/dept_ldt.h | 78 +
include/linux/dept_sdt.h | 68 +
include/linux/dept_unit_test.h | 61 +
include/linux/dma-fence.h | 74 +-
include/linux/hardirq.h | 3 +
include/linux/irq-entry-common.h | 4 +
include/linux/irqflags.h | 21 +-
include/linux/local_lock_internal.h | 1 +
include/linux/lockdep.h | 105 +-
include/linux/lockdep_types.h | 3 +
include/linux/mm_types.h | 4 +
include/linux/mmu_notifier.h | 26 +
include/linux/mutex.h | 1 +
include/linux/page-flags.h | 217 +-
include/linux/pagemap.h | 37 +-
include/linux/percpu-rwsem.h | 2 +-
include/linux/percpu.h | 4 +
include/linux/rcupdate_wait.h | 13 +-
include/linux/rtmutex.h | 1 +
include/linux/rwlock_types.h | 1 +
include/linux/rwsem.h | 1 +
include/linux/sched.h | 111 +
include/linux/seqlock.h | 2 +-
include/linux/spinlock_types_raw.h | 3 +
include/linux/srcu.h | 2 +-
include/linux/sunrpc/xprt.h | 9 +-
include/linux/swait.h | 3 +
include/linux/wait.h | 3 +
include/linux/wait_bit.h | 3 +
init/init_task.c | 2 +
init/main.c | 2 +
kernel/Makefile | 1 +
kernel/cpu.c | 2 +-
kernel/dependency/Makefile | 5 +
kernel/dependency/dept.c | 3222 ++++++++++++++++++++++++++
kernel/dependency/dept_hash.h | 10 +
kernel/dependency/dept_internal.h | 314 +++
kernel/dependency/dept_object.h | 13 +
kernel/dependency/dept_proc.c | 94 +
kernel/dependency/dept_unit_test.c | 149 ++
kernel/exit.c | 1 +
kernel/fork.c | 2 +
kernel/locking/lockdep.c | 33 +
kernel/module/main.c | 2 +
kernel/rcu/rcu.h | 1 +
kernel/rcu/update.c | 5 +-
kernel/sched/completion.c | 62 +-
kernel/sched/core.c | 9 +
kernel/workqueue.c | 3 +
lib/Kconfig.debug | 48 +
lib/debug_locks.c | 2 +
lib/locking-selftest.c | 2 +
mm/filemap.c | 38 +
mm/mm_init.c | 3 +
mm/mmu_notifier.c | 31 +-
rust/helpers/completion.c | 5 +
62 files changed, 6247 insertions(+), 120 deletions(-)
create mode 100644 Documentation/dev-tools/dept.rst
create mode 100644 Documentation/dev-tools/dept_api.rst
create mode 100644 include/linux/dept.h
create mode 100644 include/linux/dept_ldt.h
create mode 100644 include/linux/dept_sdt.h
create mode 100644 include/linux/dept_unit_test.h
create mode 100644 kernel/dependency/Makefile
create mode 100644 kernel/dependency/dept.c
create mode 100644 kernel/dependency/dept_hash.h
create mode 100644 kernel/dependency/dept_internal.h
create mode 100644 kernel/dependency/dept_object.h
create mode 100644 kernel/dependency/dept_proc.c
create mode 100644 kernel/dependency/dept_unit_test.c
base-commit: 028ef9c96e96197026887c0f092424679298aae8
--
2.17.1
Life, as they say, throws a lot at us. From demanding deadlines to unexpected annoyances, it’s easy to feel the pressure build. Sometimes, what we need isn’t a complex strategy game or a deeply engrossing narrative; it’s just a simple, satisfying outlet for that pent-up energy. And that’s where games like kick the buddy come in – a delightfully straightforward experience designed for pure, unadulterated stress relief.
https://kickthebuddy.lol/
"Kick the Buddy" isn't about high scores or intricate mechanics; it's about embracing a bit of playful destruction. Imagine a virtual ragdoll, a friendly, if somewhat resilient, dummy named Buddy, who patiently awaits your creative (and often absurd) methods of interaction. It’s a game that understands the primal satisfaction of knocking things around, even if those things are digital.
The Art of Playful Punishment: Understanding the Gameplay Loop
At its core, "Kick the Buddy" is incredibly simple. You are presented with Buddy, a cheerful, often bandaged character, suspended in a room. Your objective? To unleash a wide array of tools and weapons upon him. The beauty lies in the sheer variety and the freedom to experiment.
Upon launching the game, you'll be greeted by Buddy and a UI that, while initially packed with icons, quickly becomes intuitive. Along the bottom or sides of the screen, you'll find categories of weapons: explosives, firearms, sharp objects, heavy objects, and even more bizarre options like elemental powers or exotic creatures. Tapping on a category reveals a carousel of specific items. Want to toss a grenade? Select the explosives category, then pick your boom-maker. Prefer to pepper Buddy with bullets? Head to firearms and choose your weapon of choice, be it a pistol, an assault rifle, or even a mini-gun.
The interaction is purely touch-based. Drag your chosen weapon onto Buddy, and it will interact with him in its intended way. Firearms will shoot, bombs will explode, and melee weapons will, well, kick and punch. Buddy reacts to every impact with comical animations and sound effects, his limbs flailing and his body bouncing around the environment. There's no "game over" screen, no health bar to meticulously manage for Buddy (though he does take on more damage and visual wear and tear). The goal isn't to defeat him in a traditional sense, but to simply engage in the cathartic act of unleashing digital mayhem.
Beyond the basic weaponry, the game often features special environmental hazards or interactive elements. Perhaps a giant fan you can activate to send Buddy swirling, or a portal that teleports him across the room. These elements add another layer of playful chaos, encouraging you to think creatively about how to maximize Buddy's suffering (in the most lighthearted way possible).
What truly sets games like this apart is the sheer variety of tools at your disposal. From conventional firearms like pistols and shotguns to the wonderfully absurd, like a black hole gun that sucks Buddy into oblivion or a rubber duck that somehow inflicts comical damage, the developers clearly revel in imagination. This constant influx of new, often ridiculous, ways to interact with Buddy keeps the experience fresh and encourages repeated play sessions.
Beyond the Bang: Tips for Optimal Stress Relief
While the game is wonderfully straightforward, a few tips can enhance your stress-busting experience:
Embrace the Absurd: Don't limit yourself to conventional weapons. Some of the most satisfying interactions come from the most outlandish items. Experiment with everything – you might be surprised by the sheer hilarity of a giant rubber band or a flock of angry birds.
Combine and Conquer:Â Many weapons have interesting synergies. Try freezing Buddy with an ice gun, then shattering him with a heavy object. Or pepper him with bullets before dropping an explosive on him. The more creative your combinations, the more entertaining the outcome.
Sound On, Volume Up: A significant part of the game's charm comes from its sound design. Buddy's comical yelps, the satisfying thwacks of impact, and the explosive roars all contribute to the overall catharsis. Don't be afraid to crank up the volume and fully immerse yourself in the chaotic symphony.
Short Bursts are Key:Â "Kick the Buddy" isn't designed for marathon sessions. Its strength lies in its ability to provide quick, satisfying bursts of stress relief. When you feel a bit overwhelmed or just need a mental break, a few minutes of playful destruction can do wonders.
No Right or Wrong Way: There's no leaderboard, no competitive element. The only "goal" is your own enjoyment. Feel free to be as chaotic or as precise as you wish. It’s your sandbox, and Buddy is your patient (and perpetually recovering) subject.
A Concluding Whack
In a world often filled with complexity, the simplicity and pure, unadulterated fun of "Kick the Buddy" is a refreshing antidote. It's a game that doesn't demand much from you, except a willingness to let go and embrace a bit of lighthearted destruction. So the next time you feel the need to let off some steam, consider giving Buddy a good kicking (or exploding, or freezing, or zapping). You might just find it to be the most satisfying stress reliever you never knew you needed.
Hi Logan,
On 02/07/2026 21:34, Logan Gunthorpe wrote:
>
>
> On 2026-07-02 10:44 a.m., Matt Evans wrote:
>>> So maybe at this point it's fine to enable this on 32bit systems and we
>>> can remove this requirement. However, I think we should do that
>>> explicitly in its own patch, not hide it in this refactoring patch.
>>
>> Your question does prove it's too stealthy as-is. :) PCI_P2PDMA still
>> can't be enabled on 32-bit systems because of its ZONE_DEVICE ->
>> MEMORY_HOTPLUG -> 64BIT dependency. So we're not enabling 32-bit
>> support for PCI_P2PDMA here, but it's not obvious and so I'll re-add the
>> `depends on 64BIT`. At least then it won't be enabled without intention
>> if someone enables ZONE_DEVICE on 32-bit systems...
>
> Ok, that all makes sense to me. I would be good with removing the 64BIT
> dependency (as it is is a bit confusing as is) but I think adding
> another patch would be appropriate with some of the commit message notes
> you mentioned in your emails.
>
> Besides that, I think you can add to this patch:
>
> Reviewed-by: Logan Gunthorpe <logang(a)deltatee.com>
Thanks for that. On second reading, just want to check with you:
I'm intending to repost _retaining_ the 64BIT dependency (i.e. revert
its removal) for simplicity's sake. Then we can follow up separatey
(outside this series) with a cleanup patch to remove 64BIT, explain,
examine other dependencies etc. as you suggest. Works for you?
(I want to reduce the diff in this series, and revert since this isn't
truly necessary && wasn't entirely obvious.)
Cheers,
Matt
On 08.07.2026 10:35, David Hildenbrand (Arm) wrote:
> On 7/7/26 12:02, Marek Szyprowski wrote:
>> On 01.07.2026 18:08, Thierry Reding wrote:
>>> From: Thierry Reding <treding(a)nvidia.com>
>>>
>>> There is no technical reason why there should be a limited number of CMA
>>> regions, so extract some code into helpers and use them to create extra
>>> functions (cma_create() and cma_free()) that allow creating and freeing,
>>> respectively, CMA regions dynamically at runtime.
>>
>> Well, the technical reason for not creating cma regions dynamically at
>> runtime is that on some architectures (like 32bit ARM) the early fixup
>> for the region is needed to make it functional for DMA.
> Can you point me at the code that does that? Thanks!
Check dma_contiguous_early_fixup() and dma_contiguous_remap() inÂ
arch/arm/mm/dma-mapping.c. Those functions ensures that the CPU mappings for
the CMA reserved region in linear map are remapped with 4k pages instead
of the 1M sections, so later, it will be possible to alter the mappings and
change them to coherent when needed (altering 1M sections is not possible,
because each process has it's own level-1 array even for the kernel linear
mapping).
However, in the use case in this patchset the reserved region is only shared
with buddy allocator by using the CMA infrastructure, not registered to the
regular DMA-mapping API, so it would work fine. I'm not convinced that this
is the right API to use for this though.
Best regards
--
Marek Szyprowski, PhD
Samsung R&D Institute Poland
Have you ever felt the exhilarating rush of speed, the focus demanded by precision, and the utter satisfaction of overcoming a seemingly impossible challenge? If so, then you might just be ready to tackle Slope. This deceptively simple online game has captivated players with its addictive gameplay and endless potential for improvement. It's a perfect little escape for a quick break or a dedicated practice session. Let's dive into how to play and, more importantly, how to experience the thrill of Slope.
Introduction: What is Slope?
At its core, Slope is a rolling ball game. You control a ball that’s constantly moving downhill, navigating a procedurally generated landscape of interconnected platforms. Sounds straightforward, right? Don’t be fooled! The platforms narrow, the speed increases relentlessly, and the gaps between platforms widen as you progress. One wrong move and you’re plummeting into the abyss.
https://slopegame-online.com
The brilliance of Slope lies in its accessibility and its learning curve. It's incredibly easy to pick up and play, yet fiendishly difficult to master. You don't need complicated controllers or extensive tutorials. Just a keyboard, a steady hand, and a determined spirit. It's a perfect example of a simple concept executed brilliantly.
Gameplay: Navigating the Perilous Path
The controls are as minimal as the aesthetic: the left and right arrow keys are all you need to guide your ball. Use the left arrow key to steer the ball left, and the right arrow key to steer it right. That's it! But mastering those two keys is the key to survival.
Your objective is to stay on the platforms for as long as possible. As you roll further down the slope, your speed increases, and the environment becomes increasingly challenging. Red blocks appear, acting as obstacles that instantly end your run if touched. The platforms themselves will start to shift and move, adding another layer of complexity to the game.
The game ends when your ball falls off the platform. Your score is determined by the distance you travelled before your demise. The higher the score, the better! The goal is to constantly improve your score, pushing yourself to see just how far you can go.
Tips and Tricks for Conquering the Slope
While the controls are simple, mastering Slope requires practice and a good understanding of the game's mechanics. Here are a few tips to help you improve your game:
Smooth Movements Are Key: Avoid jerky, panicked movements. Small, controlled adjustments are far more effective than large, sweeping ones. Think less about reacting and more about anticipating.
Look Ahead: Try to focus a little further down the slope. Anticipating the next turn or gap will give you more time to react and adjust your trajectory. This is easier said than done when the speed is high, but it's a crucial skill to develop.
Embrace the Momentum: Understand how your ball's momentum affects its movement. Learn how to use the slight curve of the platforms to your advantage, especially when approaching tight turns.
Don't Fear the Edges: Sometimes, the safest route is to ride along the edge of the platform. This allows you to make small corrections and avoid potential obstacles in the center.
Practice, Practice, Practice: There's no substitute for practice. The more you play, the better you'll become at anticipating the challenges and reacting accordingly. Don't get discouraged by early failures. Everyone starts somewhere. You can visit Slope to begin practicing!
Learn from Your Mistakes: Analyze your failures. What caused you to fall off the platform? Were you too slow to react? Did you misjudge the turn? Understanding your mistakes will help you avoid them in the future.
Conclusion: The Enduring Appeal of an Endless Game
Slope isn't about complicated storylines, stunning graphics, or intricate controls. It's about the pure, unadulterated challenge of pushing your skills to the limit. It's about the satisfaction of mastering a seemingly impossible task. It's about the addictive loop of playing, failing, learning, and improving. And its accessible nature means anyone can jump in and experience that thrill. So, go ahead, give it a try. You might just find yourself hooked on the endless decline. The simple controls and challenging gameplay make it a strangely addictive experience. It's a testament to the idea that sometimes, the simplest games are the most engaging.
On Thu, Jul 2, 2026 at 7:58 AM Thierry Reding <thierry.reding(a)kernel.org> wrote:
>
> On Wed, Jul 01, 2026 at 02:53:10PM -0500, Rob Herring (Arm) wrote:
> >
> > On Wed, 01 Jul 2026 18:08:12 +0200, Thierry Reding wrote:
> > > From: Thierry Reding <treding(a)nvidia.com>
> > >
> > > The Video Protection Region (VPR) found on NVIDIA Tegra chips is a
> > > region of memory that is protected from CPU accesses. It is used to
> > > decode and play back DRM protected content.
> > >
> > > It is a standard reserved memory region that can exist in two forms:
> > > static VPR where the base address and size are fixed (uses the "reg"
> > > property to describe the memory) and a resizable VPR where only the
> > > size is known upfront and the OS can allocate it wherever it can be
> > > accomodated.
> > >
> > > Reviewed-by: Rob Herring (Arm) <robh(a)kernel.org>
> > > Signed-off-by: Thierry Reding <treding(a)nvidia.com>
> > > ---
> > > Changes in v2:
> > > - add examples for fixed and resizable VPR
> > > ---
> > > .../nvidia,tegra-video-protection-region.yaml | 76 ++++++++++++++++++++++
> > > 1 file changed, 76 insertions(+)
> > >
> >
> > My bot found errors running 'make dt_binding_check' on your patch:
> >
> > yamllint warnings/errors:
> >
> > dtschema/dtc warnings/errors:
> > /builds/robherring/dt-review-ci/linux/Documentation/devicetree/bindings/reserved-memory/nvidia,tegra-video-protection-region.example.dtb: protected@2a8000000 (nvidia,tegra-video-protection-region): reg: [[2, 2818572288], [0, 1879048192]] is too long
> > from schema $id: http://devicetree.org/schemas/reserved-memory/nvidia,tegra-video-protection…
> > /builds/robherring/dt-review-ci/linux/Documentation/devicetree/bindings/reserved-memory/nvidia,tegra-video-protection-region.example.dtb: protected@2a8000000 (nvidia,tegra-video-protection-region): Unevaluated properties are not allowed ('no-map', 'reg' were unexpected)
> > from schema $id: http://devicetree.org/schemas/reserved-memory/nvidia,tegra-video-protection…
>
> Any ideas why that second error shows up? It turns out that it goes away
> when the first one is fixed (which admittedly is a stupid mistake), but
> I spent quite a bit of time looking for a fix before realizing that it's
> only a side-effect of the first.
If a property fails validation in a referenced schema, then everything
in that referenced schema is considered not evaluated. So then
unevaluatedProperties is applied to the properties only in the
referenced schema. That's why 'no-map' is also unevaluated. Just a
quirk of how json-schema works...
Rob