October 2025 - Linux-stable-mirror

by lists.linaro.org

Hello, I want a quote and I would like to know your availability so that i can send you the necessary documents as well as drawings and specification. Best regards Tony

3 weeks, 5 days

1
0
0 0

[PATCH] commit 6b080c4e815ceba3c08ffa980c858595c07e786a upstream

by Zhichuang Sun

iommu/amd: fix amd iotlb flush range in unmap This was fixed in mainline in 6b080c4e815ceba3c08ffa980c858595c07e786a, but do not backport the full refactor. Targeting branch lts linux-5.15.y. AMD IOMMU driver supports power of 2 KB page size, it can be 4K, 8K, 16K, etc. So when VFIO driver ask AMD IOMMU driver to unmap a IOVA with a page_size 4K, it actually can unmap a page_size of 8K, depending on the page used during mapping. However, the iotlb gather function use the page_size as the range of unmap range, instead of the real unmapped page size r. This miscalculation of iotlb flush range will make the unflushed IOTLB entry stale. It triggered hard-to-debug silent data corruption issue as DMA engine who used the stale IOTLB entry will DMA into unmapped memory region. The upstream commit aims at changing API from map/unmap_page() to map/unmap_pages() and changed the gather range calculation along with it. It accidentally fixed this bug in the mainline since 6.1. For this backport, we don't backport the API change, only port the gather range calculation to fix the bug. Cc: Nadav Amit <namit(a)vmware.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: Will Deacon <will(a)kernel.org> Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: Lu Baolu <baolu.lu(a)linux.intel.com> Cc: iommu(a)lists.linux-foundation.org Fixes: fc65d0acaf23179b94de399c204328fa259acb90 Signed-off-by: Zhichuang Sun <zhichuang(a)google.com> --- drivers/iommu/amd/iommu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c index 714c78bf69db..d3a11be8d1dd 100644 --- a/drivers/iommu/amd/iommu.c +++ b/drivers/iommu/amd/iommu.c @@ -2121,7 +2121,8 @@ static size_t amd_iommu_unmap(struct iommu_domain *dom, unsigned long iova, r = (ops->unmap) ? ops->unmap(ops, iova, page_size, gather) : 0; - amd_iommu_iotlb_gather_add_page(dom, gather, iova, page_size); + if (r) + amd_iommu_iotlb_gather_add_page(dom, gather, iova, r); return r; } -- 2.51.0.618.g983fd99d29-goog

3 weeks, 5 days

2
2
0 0

[PATCH 00/19 5.15.y] Backport minmax.h updates from v6.17-rc7

by Eliav Farber

This series backports 19 patches to update minmax.h in the 5.15.y branch, aligning it with v6.17-rc7. The ultimate goal is to synchronize all longterm branches so that they include the full set of minmax.h changes (6.12.y and 6.6.y were already backported by me and are now aligned, 6.1.y is in progress). The key motivation is to bring in commit d03eba99f5bf ("minmax: allow min()/max()/clamp() if the arguments have the same signedness"), which is missing in kernel 5.10.y. In mainline, this change enables min()/max()/clamp() to accept mixed argument types, provided both have the same signedness. Without it, backported patches that use these forms may trigger compiler warnings, which escalate to build failures when -Werror is enabled. Andy Shevchenko (1): minmax: deduplicate __unconst_integer_typeof() David Laight (8): minmax: fix indentation of __cmp_once() and __clamp_once() minmax.h: add whitespace around operators and after commas minmax.h: update some comments minmax.h: reduce the #define expansion of min(), max() and clamp() minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() minmax.h: move all the clamp() definitions after the min/max() ones minmax.h: simplify the variants of clamp() minmax.h: remove some #defines that are only expanded once Herve Codina (1): minmax: Introduce {min,max}_array() Linus Torvalds (8): minmax: avoid overly complicated constant expressions in VM code minmax: make generic MIN() and MAX() macros available everywhere minmax: add a few more MIN_T/MAX_T users minmax: simplify and clarify min_t()/max_t() implementation minmax: simplify min()/max()/clamp() implementation minmax: don't use max() in situations that want a C constant expression minmax: improve macro expansion and type checking minmax: fix up min3() and max3() too Matthew Wilcox (Oracle) (1): minmax: add in_range() macro arch/arm/mm/pageattr.c | 6 +- arch/um/drivers/mconsole_user.c | 2 + arch/x86/mm/pgtable.c | 2 +- drivers/edac/sb_edac.c | 4 +- drivers/edac/skx_common.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + .../drm/amd/display/modules/hdcp/hdcp_ddc.c | 2 + .../drm/amd/pm/powerplay/hwmgr/ppevvmath.h | 14 +- .../amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 2 + .../drm/arm/display/include/malidp_utils.h | 2 +- .../display/komeda/komeda_pipeline_state.c | 24 +- drivers/gpu/drm/drm_color_mgmt.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 6 - drivers/gpu/drm/radeon/evergreen_cs.c | 2 + drivers/hwmon/adt7475.c | 24 +- drivers/input/touchscreen/cyttsp4_core.c | 2 +- drivers/irqchip/irq-sun6i-r.c | 2 +- drivers/md/dm-integrity.c | 4 +- drivers/media/dvb-frontends/stv0367_priv.h | 3 + .../net/ethernet/chelsio/cxgb3/cxgb3_main.c | 18 +- .../net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/fjes/fjes_main.c | 4 +- drivers/nfc/pn544/i2c.c | 2 - drivers/platform/x86/sony-laptop.c | 1 - drivers/scsi/isci/init.c | 6 +- .../pci/hive_isp_css_include/math_support.h | 5 - drivers/virt/acrn/ioreq.c | 4 +- fs/btrfs/misc.h | 2 - fs/btrfs/tree-checker.c | 2 +- fs/ext2/balloc.c | 2 - fs/ext4/ext4.h | 2 - fs/ufs/util.h | 6 - include/linux/compiler.h | 9 + include/linux/minmax.h | 264 +++++++++++++----- kernel/trace/preemptirq_delay_test.c | 2 - lib/btree.c | 1 - lib/decompress_unlzma.c | 2 + lib/logic_pio.c | 3 - lib/vsprintf.c | 2 +- lib/zstd/zstd_internal.h | 2 - mm/zsmalloc.c | 1 - net/ipv4/proc.c | 2 +- net/ipv6/proc.c | 2 +- net/netfilter/nf_nat_core.c | 6 +- net/tipc/core.h | 2 +- net/tipc/link.c | 10 +- tools/testing/selftests/vm/mremap_test.c | 2 + 47 files changed, 289 insertions(+), 183 deletions(-) -- 2.47.3

3 weeks, 5 days

1
19
0 0

[PATCH 6.1.y] selftests: mptcp: connect: fix build regression caused by backport

by Kenta Akagi

Since v6.1.154, mptcp selftests have failed to build with the following errors: mptcp_connect.c: In function ‘main_loop_s’: mptcp_connect.c:1040:59: error: ‘winfo’ undeclared (first use in this function) 1040 | err = copyfd_io(fd, remotesock, 1, true, &winfo); | ^~~~~ mptcp_connect.c:1040:59: note: each undeclared identifier is reported only once for each function it appears in mptcp_connect.c:1040:23: error: too many arguments to function ‘copyfd_io’; expected 4, have 5 1040 | err = copyfd_io(fd, remotesock, 1, true, &winfo); | ^~~~~~~~~ ~~~~~~ mptcp_connect.c:845:12: note: declared here 845 | static int copyfd_io(int infd, int peerfd, int outfd, bool close_peerfd) | ^~~~~~~~~ This is caused by commit ff160500c499 ("selftests: mptcp: connect: catch IO errors on listen side"), a backport of upstream 14e22b43df25, which attempts to use the undeclared variable 'winfo' and passes too many arguments to copyfd_io(). Both the winfo variable and the updated copyfd_io() function were introduced in upstream commit ca7ae8916043 ("selftests: mptcp: mptfo Initiator/Listener"), which is not present in v6.1.y. The goal of the backport is to stop on errors from copyfd_io. Therefore, the backport does not depend on the changes in upstream commit ca7ae8916043 ("selftests: mptcp: mptfo Initiator/Listener"). This commit simply removes ', &winfo' to fix a build failure. Fixes: ff160500c499 ("selftests: mptcp: connect: catch IO errors on listen side") Signed-off-by: Kenta Akagi <k(a)mgml.me> --- commit 14e22b43df25 ("selftests: mptcp: connect: catch IO errors on listen side") has only been backported to >=v6.1.y, and commit ca7ae8916043 ("selftests: mptcp: mptfo Initiator/Listener") exists from v6.2. so, only v6.1.y requires this fix. --- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/testing/selftests/net/mptcp/mptcp_connect.c index 0d49b6753011..0b253c133f06 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.c +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c @@ -1037,7 +1037,7 @@ int main_loop_s(int listensock) SOCK_TEST_TCPULP(remotesock, 0); - err = copyfd_io(fd, remotesock, 1, true, &winfo); + err = copyfd_io(fd, remotesock, 1, true); } else { perror("accept"); return 1; -- 2.50.1

3 weeks, 5 days

2
1
0 0

[PATCH RESEND] PCI/AER: Check for NULL aer_info before ratelimiting in pci_print_aer()

by Breno Leitao

Similarly to pci_dev_aer_stats_incr(), pci_print_aer() may be called when dev->aer_info is NULL. Add a NULL check before proceeding to avoid calling aer_ratelimit() with a NULL aer_info pointer, returning 1, which does not rate limit, given this is fatal. This prevents a kernel crash triggered by dereferencing a NULL pointer in aer_ratelimit(), ensuring safer handling of PCI devices that lack AER info. This change aligns pci_print_aer() with pci_dev_aer_stats_incr() which already performs this NULL check. Cc: stable(a)vger.kernel.org Fixes: a57f2bfb4a5863 ("PCI/AER: Ratelimit correctable and non-fatal error logging") Signed-off-by: Breno Leitao <leitao(a)debian.org> --- - This problem is still happening in upstream, and unfortunately no action was done in the previous discussion. - Link to previous post: https://lore.kernel.org/r/20250804-aer_crash_2-v1-1-fd06562c18a4@debian.org --- drivers/pci/pcie/aer.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pci/pcie/aer.c b/drivers/pci/pcie/aer.c index e286c197d7167..55abc5e17b8b1 100644 --- a/drivers/pci/pcie/aer.c +++ b/drivers/pci/pcie/aer.c @@ -786,6 +786,9 @@ static void pci_rootport_aer_stats_incr(struct pci_dev *pdev, static int aer_ratelimit(struct pci_dev *dev, unsigned int severity) { + if (!dev->aer_info) + return 1; + switch (severity) { case AER_NONFATAL: return __ratelimit(&dev->aer_info->nonfatal_ratelimit); --- base-commit: e5f0a698b34ed76002dc5cff3804a61c80233a7a change-id: 20250801-aer_crash_2-b21cc2ef0d00 Best regards, -- Breno Leitao <leitao(a)debian.org>

3 weeks, 5 days

5
7
0 0

[PATCH v3 00/11 6.1.y] Backport minmax.h updates from v6.17-rc7

by Eliav Farber

This series backports 13 patches to update minmax.h in the 6.1.y branch, aligning it with v6.17-rc7. The ultimate goal is to synchronize all longterm branches so that they include the full set of minmax.h changes (6.12.y and 6.6.y were already backported by me and are now ligned). The key motivation is to bring in commit d03eba99f5bf ("minmax: allow min()/max()/clamp() if the arguments have the same signedness"), which is missing in older kernels. In mainline, this change enables min()/max()/clamp() to accept mixed argument types, provided both have the same signedness. Without it, backported patches that use these forms may trigger compiler warnings, which escalate to build failures when -Werror is enabled. Changes in v3: - v2 included 13 patches: https://lore.kernel.org/stable/20250929183358.18982-1-farbere@amazon.com/ - First 2 were accepted and are part of 6.1.155. - 3rd caused build in drivers/md/ to fail: In file included from ./include/linux/container_of.h:5, from ./include/linux/list.h:5, from ./include/linux/wait.h:7, from ./include/linux/mempool.h:8, from ./include/linux/bio.h:8, from drivers/md/dm-bio-record.h:10, from drivers/md/dm-integrity.c:9: drivers/md/dm-integrity.c: In function ‘integrity_metadata’: drivers/md/dm-integrity.c:131:105: error: ISO C90 forbids variable length array ‘checksums_onstack’ [-Werror=vla] 131 | #define MAX_TAG_SIZE (JOURNAL_SECTOR_DATA - JOURNAL_MAC_PER_SECTOR - offsetof(struct journal_entry, last_bytes[MAX_SECTORS_PER_BLOCK])) | ^~~~~~~~~~~~~ ./include/linux/build_bug.h:78:56: note: in definition of macro ‘__static_assert’ 78 | #define __static_assert(expr, msg, ...) _Static_assert(expr, msg) | ^~~~ ./include/linux/minmax.h:56:9: note: in expansion of macro ‘static_assert’ 56 | static_assert(__types_ok(x, y, ux, uy), \ | ^~~~~~~~~~~~~ ./include/linux/minmax.h:41:31: note: in expansion of macro ‘__is_noneg_int’ 41 | __is_noneg_int(x) || __is_noneg_int(y)) | ^~~~~~~~~~~~~~ ./include/linux/minmax.h:56:23: note: in expansion of macro ‘__types_ok’ 56 | static_assert(__types_ok(x, y, ux, uy), \ | ^~~~~~~~~~ ./include/linux/minmax.h:61:9: note: in expansion of macro ‘__careful_cmp_once’ 61 | __careful_cmp_once(op, x, y, __UNIQUE_ID(x_), __UNIQUE_ID(y_)) | ^~~~~~~~~~~~~~~~~~ ./include/linux/minmax.h:92:25: note: in expansion of macro ‘__careful_cmp’ 92 | #define max(x, y) __careful_cmp(max, x, y) | ^~~~~~~~~~~~~ drivers/md/dm-integrity.c:1797:40: note: in expansion of macro ‘max’ 1797 | char checksums_onstack[max((size_t)HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)]; | ^~~ drivers/md/dm-integrity.c:131:89: note: in expansion of macro ‘offsetof’ 131 | #define MAX_TAG_SIZE (JOURNAL_SECTOR_DATA - JOURNAL_MAC_PER_SECTOR - offsetof(struct journal_entry, last_bytes[MAX_SECTORS_PER_BLOCK])) | ^~~~~~~~ drivers/md/dm-integrity.c:1797:73: note: in expansion of macro ‘MAX_TAG_SIZE’ 1797 | char checksums_onstack[max((size_t)HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)]; | ^~~~~~~~~~~~ - The build was fixed in the second patch of this series. Changes in v2: - v1 included 19 patches: https://lore.kernel.org/stable/20250924202320.32333-1-farbere@amazon.com/ - First 6 were pushed to the stable-tree. - 7th cauded amd driver's build to fail. - This change fixes it. - Modified files: drivers/gpu/drm/amd/amdgpu/amdgpu.h drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c David Laight (7): minmax.h: add whitespace around operators and after commas minmax.h: update some comments minmax.h: reduce the #define expansion of min(), max() and clamp() minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() minmax.h: move all the clamp() definitions after the min/max() ones minmax.h: simplify the variants of clamp() minmax.h: remove some #defines that are only expanded once Linus Torvalds (4): minmax: simplify min()/max()/clamp() implementation minmax: don't use max() in situations that want a C constant expression minmax: improve macro expansion and type checking minmax: fix up min3() and max3() too drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 +- drivers/input/touchscreen/cyttsp4_core.c | 2 +- drivers/irqchip/irq-sun6i-r.c | 2 +- drivers/md/dm-integrity.c | 2 +- fs/btrfs/tree-checker.c | 2 +- include/linux/compiler.h | 9 + include/linux/minmax.h | 222 +++++++++++++---------- lib/vsprintf.c | 2 +- 8 files changed, 143 insertions(+), 100 deletions(-) -- 2.47.3

3 weeks, 5 days

1
11
0 0

Elpat Loan Promotional Offer at 5% interest rate Apply now!!

by Elpat Financial Loan

Good Day, Elpat Financial Services is here to support the SME market across South Africa with fast, affordable funding— no credit checks required. We offer: 1. Business Loans – Up to R10 million, approved within 72 hours. 2. Personal Loans – Up to R5 million, approved within 48 hours. 3. Home, Farmers & Construction Loans – Up to R20 million, approved within 3–5 working days. As a trusted financial partner, we have already helped many businesses—whether you’re self-employed, a contractor, retailer, restaurant owner, engineer, cleaning service, child-care provider, or web designer. Your time is valuable, and our goal is to provide flexible finance that works with your cash flow needs. That’s why we cut out the red tape: no branches, no queues, no endless paperwork. Just quick, reliable access to the funding you need to grow. How to Apply: * Prepare the required documents * Please submit your application via email to apply(a)elpatfinanceloan.co.za . For a quicker response, you may also send it directly to [ mailto:helpdeskelephantloan@outlook.com | helpdeskelephantloan(a)outlook.com ] TO APPLY KINDLY SEND 1. A clear copy of your valid ID 2. Pay Slip OR 3 Months Bank Statement 3. Cell No. / Office No................... 4. Whatsapp No (Optional).................. 5. Email............... 6. Loan Amount........................ ...... NOTE : (minimum loan amount R50,000.00 to R50,000,000.00 ) only. 7. Loan Repayment Duration............... 8. Loan Type.......................... .... 5% Repayment Schedule Table for Guide to Application Loan Amount Duration (Year) Repayment Period Loan Amount Duration (Year) Repayment Period Loan Amount Duration (Year) Repayment Period R 50,000 2 R2, 193.57 R 50,000 3 R1, 498.54 R 50,000 5 R 943.56 R 100,000 3 R2, 997.09 R 100,000 4 R2, 302.93 R 100,000 6 R1,610.49 R 150,000 3 R 4,495.63 R150,000 5 R2, 830.69 R150,000 7 R2,120.09 R 300,000 4 R 6,908.79 R 300,000 6 R 4,831.48 R 300,000 8 R3,797.98 R 400,000 5 R 7,548.49 R 400,000 7 R 5,653.56 R 400,000 9 R4,606.91 R 600,000 6 R9, 662.96 R 600,000 8 R 7,595.95 R 600,000 10 R6,363.93 R 800,000 7 R11,307.13 R 800,000 9 R 9,213.82 R 800,000 11 R7,891.59 R1,000,000 8 R12,659.92 R1,000,000 10 R10,606.55 R1,000,000 12 R9,248.90 Please Note: * Loan amounts range from R50,000.00 to R20,000,000.00 . Kindly indicate the amount you are applying for in your application. * Credit decision within 24–48 hours. * Funds available in your account within 24–48 hours of approval. * Fast and hassle-free process. * Free monthly statements sent directly to your email. * Customer Protection Insurance included for your peace of mind. * Immediate access to funds once transferred. For quick assistance, you can reach us via WhatsApp: +27 (0)63 348 1211 Or call us directly on +27 (0)635725001 for more information. Thanks for Choosing Direct Elpat Financial Services Elpat Financial Services Loan adviser Louw Anita (Mrs) apply(a)elpatfinanceloan.co.za Tel: +27 (0) 61015588 Elpat Financial Services - 43 Long street, cape town city centre cape town 800 south Africa, Cape Town. And Our Direct Connection to Financial Services. Registered Credit Provider. Elpat Financial Services SA (Pty) Ltd (Registration No 2015/085124/07 / NCRCP/119387 is an authorised Financial Services Provider. © Copyright 2025

3 weeks, 5 days

1
0
0 0

[PATCH v3 0/3] ASoC: SOF: ipc4/Intel: Fix the host buffer constraint

by Peter Ujfalusi

Hi, CHanges since v2: - SHA fix for the last commit, tripple checked them Changes since v1: - SHAs for Fixes tag corrected (sorry) The size of the DSP host buffer was incorrectly defined as 2ms while it is 4ms and the ChainDMA PCMs are using 5ms as host facing buffer. The constraint will be set against the period time rather than the buffer time to make sure that application will not face with xruns when the DMA bursts to refill the host buffer. The minimal period size will be also used by Pipewire in case of SOF cards to set the headroom to a length which will avoid the cases when the hw_ptr jumps over the appl_ptr because of a burst. Iow, it will make Pipewire to keep a safe distance from the hw_ptr. https://github.com/thesofproject/linux/issues/5284 https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/740 https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/2548 Regards, Peter --- Peter Ujfalusi (3): ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time sound/soc/sof/intel/hda-pcm.c | 29 +++++++++++++++++++++-------- sound/soc/sof/ipc4-topology.c | 9 +++++++-- sound/soc/sof/ipc4-topology.h | 7 +++++-- 3 files changed, 33 insertions(+), 12 deletions(-) -- 2.51.0

3 weeks, 5 days

2
4
0 0

[PATCH 0/3] ASoC: SOF: ipc4/Intel: Fix the host buffer constraint

by Peter Ujfalusi

Hi, The size of the DSP host buffer was incorrectly defined as 2ms while it is 4ms and the ChainDMA PCMs are using 5ms as host facing buffer. The constraint will be set against the period time rather than the buffer time to make sure that application will not face with xruns when the DMA bursts to refill the host buffer. The minimal period size will be also used by Pipewire in case of SOF cards to set the headroom to a length which will avoid the cases when the hw_ptr jumps over the appl_ptr because of a burst. Iow, it will make Pipewire to keep a safe distance from the hw_ptr. https://github.com/thesofproject/linux/issues/5284 https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/740 https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/2548 Regards, Peter --- Peter Ujfalusi (3): ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time sound/soc/sof/intel/hda-pcm.c | 29 +++++++++++++++++++++-------- sound/soc/sof/ipc4-topology.c | 9 +++++++-- sound/soc/sof/ipc4-topology.h | 7 +++++-- 3 files changed, 33 insertions(+), 12 deletions(-) -- 2.51.0

3 weeks, 5 days

3
6
0 0

[PATCH v2] stable: crypto: sha256 - fix crash at kexec

by Breno Leitao

Loading a large (~2.1G) files with kexec crashes the host with when running: # kexec --load kernel --initrd initrd_with_2G_or_more UBSAN: signed-integer-overflow in ./include/crypto/sha256_base.h:64:19 34152083 * 64 cannot be represented in type 'int' ... BUG: unable to handle page fault for address: ff9fffff83b624c0 sha256_update (lib/crypto/sha256.c:137) crypto_sha256_update (crypto/sha256_generic.c:40) kexec_calculate_store_digests (kernel/kexec_file.c:769) __se_sys_kexec_file_load (kernel/kexec_file.c:397 kernel/kexec_file.c:332) ... (Line numbers based on commit da274362a7bd9 ("Linux 6.12.49") This started happening after commit f4da7afe07523f ("kexec_file: increase maximum file size to 4G") that landed in v6.0, which increased the file size for kexec. This is not happening upstream (v6.16+), given that `block` type was upgraded from "int" to "size_t" in commit 74a43a2cf5e8 ("crypto: lib/sha256 - Move partial block handling out") Upgrade the block type similar to the commit above, avoiding hitting the overflow. This patch is only suitable for the stable tree, and before 6.16, which got commit 74a43a2cf5e8 ("crypto: lib/sha256 - Move partial block handling out"). This is not required before f4da7afe07523f ("kexec_file: increase maximum file size to 4G"). In other words, this fix is required between versions v6.0 and v6.16. Signed-off-by: Breno Leitao <leitao(a)debian.org> Fixes: f4da7afe07523f ("kexec_file: increase maximum file size to 4G") # Before v6.16 Reported-by: Michael van der Westhuizen <rmikey(a)meta.com> Reported-by: Tobias Fleig <tfleig(a)meta.com> --- Changes in v2: - s/size_t/unsigned int/ as suggested by Eric - Tag the commit that introduce the problem as Fixes, making backport easier. - Link to v1: https://lore.kernel.org/r/20251001-stable_crash-v1-1-3071c0bd795e@debian.org --- include/crypto/sha256_base.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/crypto/sha256_base.h b/include/crypto/sha256_base.h index e0418818d63c8..e3e610cfe8d30 100644 --- a/include/crypto/sha256_base.h +++ b/include/crypto/sha256_base.h @@ -44,7 +44,7 @@ static inline int lib_sha256_base_do_update(struct sha256_state *sctx, sctx->count += len; if (unlikely((partial + len) >= SHA256_BLOCK_SIZE)) { - int blocks; + unsigned int blocks; if (partial) { int p = SHA256_BLOCK_SIZE - partial; --- base-commit: da274362a7bd9ab3a6e46d15945029145ebce672 change-id: 20251001-stable_crash-f2151baf043b Best regards, -- Breno Leitao <leitao(a)debian.org>

3 weeks, 5 days

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2025