February 2025 - Linux-stable-mirror

[PATCH 6.6 0/1] Fix CVE-2024-56647

by vgiraud.opensource＠witekio.com

In-Reply-To:

6 months, 1 week

2
1
0 0

[PATCH 5.10/5.15] tty: n_gsm: Fix use-after-free in gsm_cleanup_mux

by Alexey Panov

commit 9462f4ca56e7d2430fdb6dcc8498244acbfc4489 upstream. BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: <TASK> gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm] __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389 update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500 __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846 __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161 gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm] _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107 __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm] ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195 ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79 __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338 __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805 tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818 Allocated by task 65: gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm] gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm] gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm] gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm] tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391 tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39 flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445 process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229 worker_thread+0x3dc/0x950 kernel/workqueue.c:3391 kthread+0x2a3/0x370 kernel/kthread.c:389 ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257 Freed by task 3367: kfree+0x126/0x420 mm/slub.c:4580 gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm] tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818 [Analysis] gsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux can be freed by multi threads through ioctl,which leads to the occurrence of uaf. Protect it by gsm tx lock. Signed-off-by: Longlong Xia <xialonglong(a)kylinos.cn> Cc: stable <stable(a)kernel.org> Suggested-by: Jiri Slaby <jirislaby(a)kernel.org> Link: https://lore.kernel.org/r/20240926130213.531959-1-xialonglong@kylinos.cn Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [ Alexey: Replace guard macro with spin_lock_irqsave due to its unavailability in pre-6.1 kernels. Based on a v1 patch from Longlong Xia [1]. ] Link: https://lore.kernel.org/all/20240924093519.767036-1-xialonglong@kylinos.cn/ [1] Signed-off-by: Alexey Panov <apanov(a)astralinux.ru> --- Backport fix for CVE-2024-50073 drivers/tty/n_gsm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index aae9f73585bd..1becbdf7c470 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -2443,6 +2443,7 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc) int i; struct gsm_dlci *dlci; struct gsm_msg *txq, *ntxq; + unsigned long flags; gsm->dead = true; mutex_lock(&gsm->mutex); @@ -2471,9 +2472,12 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc) mutex_unlock(&gsm->mutex); /* Now wipe the queues */ tty_ldisc_flush(gsm->tty); + + spin_lock_irqsave(&gsm->tx_lock, flags); list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list) kfree(txq); INIT_LIST_HEAD(&gsm->tx_list); + spin_unlock_irqrestore(&gsm->tx_lock, flags); } /** -- 2.30.2

6 months, 1 week

1
1
0 0

[PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()

by Jiasheng Jiang

Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being used/freed. Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Cc: <stable(a)vger.kernel.org> # v5.10+ Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com> --- drivers/scsi/qedf/qedf_io.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index fcfc3bed02c6..d52057b97a4f 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf) } /* Allocate pool of io_bdts - one for each qedf_ioreq */ - cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *), - GFP_KERNEL); - + cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL); if (!cmgr->io_bdt_pool) { QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n"); goto mem_err; -- 2.25.1

6 months, 1 week

2
8
0 0

[stable] please apply media: cxd2841er: fix 64-bit division on gcc-9

by Dan Carpenter

Hi Greg and Sasha, Could you please apply commit 8d46603eeeb4 ("media: cxd2841er: fix 64-bit division on gcc-9") on v6.13.y? It fixes the build with gcc-8 on arm32. It applies cleanly to older kernels as well, but it's only required for v6.13.y. regards, dan carpenter

6 months, 1 week

1
0
0 0

Re: Patch "hostfs: convert hostfs to use the new mount API" has been added to the 6.6-stable tree

by Hongbo Li

On 2025/2/4 0:27, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > hostfs: convert hostfs to use the new mount API > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > Hi Sasha, If this, the fix : ef9ca17ca458 ("hostfs: fix the host directory parse when mounting.") also should be added. It fixes the mounting bug when pass the host directory. Thanks, Hongbo > The filename of the patch is: > hostfs-convert-hostfs-to-use-the-new-mount-api.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 6f2433956e6ade80d59bd673d4062ec2c1bacc3e > Author: Hongbo Li <lihongbo22(a)huawei.com> > Date: Thu May 30 20:01:11 2024 +0800 > > hostfs: convert hostfs to use the new mount API > > [ Upstream commit cd140ce9f611a5e9d2a5989a282b75e55c71dab3 ] > > Convert the hostfs filesystem to the new internal mount API as the old > one will be obsoleted and removed. This allows greater flexibility in > communication of mount parameters between userspace, the VFS and the > filesystem. > > See Documentation/filesystems/mount_api.txt for more information. > > Signed-off-by: Hongbo Li <lihongbo22(a)huawei.com> > Link: https://lore.kernel.org/r/20240530120111.3794664-1-lihongbo22@huawei.com > Signed-off-by: Christian Brauner <brauner(a)kernel.org> > Stable-dep-of: 60a600243244 ("hostfs: fix string handling in __dentry_name()") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/hostfs/hostfs_kern.c b/fs/hostfs/hostfs_kern.c > index ff201753fd181..1fb8eacb9817f 100644 > --- a/fs/hostfs/hostfs_kern.c > +++ b/fs/hostfs/hostfs_kern.c > @@ -16,11 +16,16 @@ > #include <linux/seq_file.h> > #include <linux/writeback.h> > #include <linux/mount.h> > +#include <linux/fs_context.h> > #include <linux/namei.h> > #include "hostfs.h" > #include <init.h> > #include <kern.h> > > +struct hostfs_fs_info { > + char *host_root_path; > +}; > + > struct hostfs_inode_info { > int fd; > fmode_t mode; > @@ -90,8 +95,10 @@ static char *__dentry_name(struct dentry *dentry, char *name) > char *p = dentry_path_raw(dentry, name, PATH_MAX); > char *root; > size_t len; > + struct hostfs_fs_info *fsi; > > - root = dentry->d_sb->s_fs_info; > + fsi = dentry->d_sb->s_fs_info; > + root = fsi->host_root_path; > len = strlen(root); > if (IS_ERR(p)) { > __putname(name); > @@ -196,8 +203,10 @@ static int hostfs_statfs(struct dentry *dentry, struct kstatfs *sf) > long long f_bavail; > long long f_files; > long long f_ffree; > + struct hostfs_fs_info *fsi; > > - err = do_statfs(dentry->d_sb->s_fs_info, > + fsi = dentry->d_sb->s_fs_info; > + err = do_statfs(fsi->host_root_path, > &sf->f_bsize, &f_blocks, &f_bfree, &f_bavail, &f_files, > &f_ffree, &sf->f_fsid, sizeof(sf->f_fsid), > &sf->f_namelen); > @@ -245,7 +254,11 @@ static void hostfs_free_inode(struct inode *inode) > > static int hostfs_show_options(struct seq_file *seq, struct dentry *root) > { > - const char *root_path = root->d_sb->s_fs_info; > + struct hostfs_fs_info *fsi; > + const char *root_path; > + > + fsi = root->d_sb->s_fs_info; > + root_path = fsi->host_root_path; > size_t offset = strlen(root_ino) + 1; > > if (strlen(root_path) > offset) > @@ -924,10 +937,11 @@ static const struct inode_operations hostfs_link_iops = { > .get_link = hostfs_get_link, > }; > > -static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent) > +static int hostfs_fill_super(struct super_block *sb, struct fs_context *fc) > { > + struct hostfs_fs_info *fsi = sb->s_fs_info; > struct inode *root_inode; > - char *host_root_path, *req_root = d; > + char *host_root = fc->source; > int err; > > sb->s_blocksize = 1024; > @@ -941,15 +955,15 @@ static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent) > return err; > > /* NULL is printed as '(null)' by printf(): avoid that. */ > - if (req_root == NULL) > - req_root = ""; > + if (fc->source == NULL) > + host_root = ""; > > - sb->s_fs_info = host_root_path = > - kasprintf(GFP_KERNEL, "%s/%s", root_ino, req_root); > - if (host_root_path == NULL) > + fsi->host_root_path = > + kasprintf(GFP_KERNEL, "%s/%s", root_ino, host_root); > + if (fsi->host_root_path == NULL) > return -ENOMEM; > > - root_inode = hostfs_iget(sb, host_root_path); > + root_inode = hostfs_iget(sb, fsi->host_root_path); > if (IS_ERR(root_inode)) > return PTR_ERR(root_inode); > > @@ -957,7 +971,7 @@ static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent) > char *name; > > iput(root_inode); > - name = follow_link(host_root_path); > + name = follow_link(fsi->host_root_path); > if (IS_ERR(name)) > return PTR_ERR(name); > > @@ -974,11 +988,38 @@ static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent) > return 0; > } > > -static struct dentry *hostfs_read_sb(struct file_system_type *type, > - int flags, const char *dev_name, > - void *data) > +static int hostfs_fc_get_tree(struct fs_context *fc) > { > - return mount_nodev(type, flags, data, hostfs_fill_sb_common); > + return get_tree_nodev(fc, hostfs_fill_super); > +} > + > +static void hostfs_fc_free(struct fs_context *fc) > +{ > + struct hostfs_fs_info *fsi = fc->s_fs_info; > + > + if (!fsi) > + return; > + > + kfree(fsi->host_root_path); > + kfree(fsi); > +} > + > +static const struct fs_context_operations hostfs_context_ops = { > + .get_tree = hostfs_fc_get_tree, > + .free = hostfs_fc_free, > +}; > + > +static int hostfs_init_fs_context(struct fs_context *fc) > +{ > + struct hostfs_fs_info *fsi; > + > + fsi = kzalloc(sizeof(*fsi), GFP_KERNEL); > + if (!fsi) > + return -ENOMEM; > + > + fc->s_fs_info = fsi; > + fc->ops = &hostfs_context_ops; > + return 0; > } > > static void hostfs_kill_sb(struct super_block *s) > @@ -988,11 +1029,11 @@ static void hostfs_kill_sb(struct super_block *s) > } > > static struct file_system_type hostfs_type = { > - .owner = THIS_MODULE, > - .name = "hostfs", > - .mount = hostfs_read_sb, > - .kill_sb = hostfs_kill_sb, > - .fs_flags = 0, > + .owner = THIS_MODULE, > + .name = "hostfs", > + .init_fs_context = hostfs_init_fs_context, > + .kill_sb = hostfs_kill_sb, > + .fs_flags = 0, > }; > MODULE_ALIAS_FS("hostfs"); >

6 months, 1 week

2
5
0 0

[PATCH v2] mtd: Add check and kfree() for kcalloc()

by Jiasheng Jiang

Add a check for kcalloc() to ensure successful allocation. Moreover, add kfree() in the error-handling path to prevent memory leaks. Fixes: 78c08247b9d3 ("mtd: Support kmsg dumper based on pstore/blk") Cc: <stable(a)vger.kernel.org> # v5.10+ Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)gmail.com> --- Changelog: v1 -> v2: 1. Remove redundant logging. 2. Add kfree() in the error-handling path. --- drivers/mtd/mtdpstore.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/mtdpstore.c b/drivers/mtd/mtdpstore.c index 7ac8ac901306..2d8e330dd215 100644 --- a/drivers/mtd/mtdpstore.c +++ b/drivers/mtd/mtdpstore.c @@ -418,10 +418,17 @@ static void mtdpstore_notify_add(struct mtd_info *mtd) longcnt = BITS_TO_LONGS(div_u64(mtd->size, info->kmsg_size)); cxt->rmmap = kcalloc(longcnt, sizeof(long), GFP_KERNEL); + if (!cxt->rmmap) + goto end; + cxt->usedmap = kcalloc(longcnt, sizeof(long), GFP_KERNEL); + if (!cxt->usedmap) + goto free_rmmap; longcnt = BITS_TO_LONGS(div_u64(mtd->size, mtd->erasesize)); cxt->badmap = kcalloc(longcnt, sizeof(long), GFP_KERNEL); + if (!cxt->badmap) + goto free_usedmap; /* just support dmesg right now */ cxt->dev.flags = PSTORE_FLAGS_DMESG; @@ -435,10 +442,20 @@ static void mtdpstore_notify_add(struct mtd_info *mtd) if (ret) { dev_err(&mtd->dev, "mtd%d register to psblk failed\n", mtd->index); - return; + goto free_badmap; } cxt->mtd = mtd; dev_info(&mtd->dev, "Attached to MTD device %d\n", mtd->index); + goto end; + +free_badmap: + kfree(cxt->badmap); +free_usedmap: + kfree(cxt->usedmap); +free_rmmap: + kfree(cxt->rmmap); +end: + return; } static int mtdpstore_flush_removed_do(struct mtdpstore_context *cxt, -- 2.25.1

6 months, 1 week

4
9
0 0

[PATCH RFC] soc: qcom: pmic_glink: Fix device access from worker during suspend

by Abel Vesa

The pmic_glink_altmode_worker() currently gets scheduled on the system_wq. When the system is suspended (s2idle), the fact that the worker can be scheduled to run while devices are still suspended provesto be a problem when a Type-C retimer, switch or mux that is controlled over a bus like I2C, because the I2C controller is suspended. This has been proven to be the case on the X Elite boards where such retimers (ParadeTech PS8830) are used in order to handle Type-C orientation and altmode configuration. The following warning is thrown: [ 35.134876] i2c i2c-4: Transfer while suspended [ 35.143865] WARNING: CPU: 0 PID: 99 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xb4/0x57c [i2c_core] [ 35.352879] Workqueue: events pmic_glink_altmode_worker [pmic_glink_altmode] [ 35.360179] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 35.455242] Call trace: [ 35.457826] __i2c_transfer+0xb4/0x57c [i2c_core] (P) [ 35.463086] i2c_transfer+0x98/0xf0 [i2c_core] [ 35.467713] i2c_transfer_buffer_flags+0x54/0x88 [i2c_core] [ 35.473502] regmap_i2c_write+0x20/0x48 [regmap_i2c] [ 35.478659] _regmap_raw_write_impl+0x780/0x944 [ 35.483401] _regmap_bus_raw_write+0x60/0x7c [ 35.487848] _regmap_write+0x134/0x184 [ 35.491773] regmap_write+0x54/0x78 [ 35.495418] ps883x_set+0x58/0xec [ps883x] [ 35.499688] ps883x_sw_set+0x60/0x84 [ps883x] [ 35.504223] typec_switch_set+0x48/0x74 [typec] [ 35.508952] pmic_glink_altmode_worker+0x44/0x1fc [pmic_glink_altmode] [ 35.515712] process_scheduled_works+0x1a0/0x2d0 [ 35.520525] worker_thread+0x2a8/0x3c8 [ 35.524449] kthread+0xfc/0x184 [ 35.527749] ret_from_fork+0x10/0x20 The solution here is to schedule the altmode worker on the system_freezable_wq instead of the system_wq. This will result in the altmode worker not being scheduled to run until the devices are resumed first, which will give the controllers like I2C a chance to resume before the transfer is requested. Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") Cc: stable(a)vger.kernel.org # 6.3 Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- drivers/soc/qcom/pmic_glink_altmode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c index bd06ce16180411059e9efb14d9aeccda27744280..bde129aa7d90a39becaa720376c0539bcaa492fb 100644 --- a/drivers/soc/qcom/pmic_glink_altmode.c +++ b/drivers/soc/qcom/pmic_glink_altmode.c @@ -295,7 +295,7 @@ static void pmic_glink_altmode_sc8180xp_notify(struct pmic_glink_altmode *altmod alt_port->mode = mode; alt_port->hpd_state = hpd_state; alt_port->hpd_irq = hpd_irq; - schedule_work(&alt_port->work); + queue_work(system_freezable_wq, &alt_port->work); } #define SC8280XP_DPAM_MASK 0x3f @@ -338,7 +338,7 @@ static void pmic_glink_altmode_sc8280xp_notify(struct pmic_glink_altmode *altmod alt_port->mode = mode; alt_port->hpd_state = hpd_state; alt_port->hpd_irq = hpd_irq; - schedule_work(&alt_port->work); + queue_work(system_freezable_wq, &alt_port->work); } static void pmic_glink_altmode_callback(const void *data, size_t len, void *priv) --- base-commit: 2b88851f583d3c4e40bcd40cfe1965241ec229dd change-id: 20250110-soc-qcom-pmic-glink-fix-device-access-on-worker-while-suspended-af54c5e43ed6 Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

6 months, 1 week

5
9
0 0

[PATCH v2 0/3] mtd: rawnand: cadence: improvement and fixes

by niravkumar.l.rabara＠intel.com

From: Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> This patchset introduces improvements and fixes for cadence nand driver. The changes include: 1. Support deferred prob mechanism when DMA driver is not probed yet. 2. Map the slave DMA address using dma_map_resource. When ARM SMMU is enabled, using a direct physical address of SDMA results in DMA transaction failure. 3. Fixed the incorrect device context used for dma_unmap_single. v2 changes:- - Added the missing Fixes and Cc: stable tags to the patches. Niravkumar L Rabara (3): mtd: rawnand: cadence: support deferred prob when DMA is not ready mtd: rawnand: cadence: use dma_map_resource for sdma address mtd: rawnand: cadence: fix incorrect dev context in dma_unmap_single .../mtd/nand/raw/cadence-nand-controller.c | 35 +++++++++++++++---- 1 file changed, 28 insertions(+), 7 deletions(-) -- 2.25.1

6 months, 1 week

3
22
0 0

[PATCH v2] serial: 8250: Fix fifo underflow on flush

by John Keeping

When flushing the serial port's buffer, uart_flush_buffer() calls kfifo_reset() but if there is an outstanding DMA transfer then the completion function will consume data from the kfifo via uart_xmit_advance(), underflowing and leading to ongoing DMA as the driver tries to transmit another 2^32 bytes. This is readily reproduced with serial-generic and amidi sending even short messages as closing the device on exit will wait for the fifo to drain and in the underflow case amidi hangs for 30 seconds on exit in tty_wait_until_sent(). A trace of that gives: kworker/1:1-84 [001] 51.769423: bprint: serial8250_tx_dma: tx_size=3 fifo_len=3 amidi-763 [001] 51.769460: bprint: uart_flush_buffer: resetting fifo irq/21-fe530000-76 [000] 51.769474: bprint: __dma_tx_complete: tx_size=3 irq/21-fe530000-76 [000] 51.769479: bprint: serial8250_tx_dma: tx_size=4096 fifo_len=4294967293 irq/21-fe530000-76 [000] 51.781295: bprint: __dma_tx_complete: tx_size=4096 irq/21-fe530000-76 [000] 51.781301: bprint: serial8250_tx_dma: tx_size=4096 fifo_len=4294963197 irq/21-fe530000-76 [000] 51.793131: bprint: __dma_tx_complete: tx_size=4096 irq/21-fe530000-76 [000] 51.793135: bprint: serial8250_tx_dma: tx_size=4096 fifo_len=4294959101 irq/21-fe530000-76 [000] 51.804949: bprint: __dma_tx_complete: tx_size=4096 Since the port lock is held in when the kfifo is reset in uart_flush_buffer() and in __dma_tx_complete(), adding a flush_buffer hook to adjust the outstanding DMA byte count is sufficient to avoid the kfifo underflow. Fixes: 9ee4b83e51f74 ("serial: 8250: Add support for dmaengine") Cc: stable(a)vger.kernel.org Signed-off-by: John Keeping <jkeeping(a)inmusicbrands.com> --- Changes in v2: - Add Fixes: tag - Return early to reduce indentation in serial8250_tx_dma_flush() drivers/tty/serial/8250/8250.h | 1 + drivers/tty/serial/8250/8250_dma.c | 16 ++++++++++++++++ drivers/tty/serial/8250/8250_port.c | 9 +++++++++ 3 files changed, 26 insertions(+) diff --git a/drivers/tty/serial/8250/8250.h b/drivers/tty/serial/8250/8250.h index 11e05aa014e54..8ef45622e4363 100644 --- a/drivers/tty/serial/8250/8250.h +++ b/drivers/tty/serial/8250/8250.h @@ -374,6 +374,7 @@ static inline int is_omap1510_8250(struct uart_8250_port *pt) #ifdef CONFIG_SERIAL_8250_DMA extern int serial8250_tx_dma(struct uart_8250_port *); +extern void serial8250_tx_dma_flush(struct uart_8250_port *); extern int serial8250_rx_dma(struct uart_8250_port *); extern void serial8250_rx_dma_flush(struct uart_8250_port *); extern int serial8250_request_dma(struct uart_8250_port *); diff --git a/drivers/tty/serial/8250/8250_dma.c b/drivers/tty/serial/8250/8250_dma.c index d215c494ee24c..f245a84f4a508 100644 --- a/drivers/tty/serial/8250/8250_dma.c +++ b/drivers/tty/serial/8250/8250_dma.c @@ -149,6 +149,22 @@ int serial8250_tx_dma(struct uart_8250_port *p) return ret; } +void serial8250_tx_dma_flush(struct uart_8250_port *p) +{ + struct uart_8250_dma *dma = p->dma; + + if (!dma->tx_running) + return; + + /* + * kfifo_reset() has been called by the serial core, avoid + * advancing and underflowing in __dma_tx_complete(). + */ + dma->tx_size = 0; + + dmaengine_terminate_async(dma->rxchan); +} + int serial8250_rx_dma(struct uart_8250_port *p) { struct uart_8250_dma *dma = p->dma; diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index d7976a21cca9c..442967a6cd52d 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -2555,6 +2555,14 @@ static void serial8250_shutdown(struct uart_port *port) serial8250_do_shutdown(port); } +static void serial8250_flush_buffer(struct uart_port *port) +{ + struct uart_8250_port *up = up_to_u8250p(port); + + if (up->dma) + serial8250_tx_dma_flush(up); +} + static unsigned int serial8250_do_get_divisor(struct uart_port *port, unsigned int baud, unsigned int *frac) @@ -3244,6 +3252,7 @@ static const struct uart_ops serial8250_pops = { .break_ctl = serial8250_break_ctl, .startup = serial8250_startup, .shutdown = serial8250_shutdown, + .flush_buffer = serial8250_flush_buffer, .set_termios = serial8250_set_termios, .set_ldisc = serial8250_set_ldisc, .pm = serial8250_pm, -- 2.48.1

6 months, 1 week

2
1
0 0

[PATCH v3] arm64: Handle .ARM.attributes section in linker scripts

by Nathan Chancellor

A recent LLVM commit [1] started generating an .ARM.attributes section similar to the one that exists for 32-bit, which results in orphan section warnings (or errors if CONFIG_WERROR is enabled) from the linker because it is not handled in the arm64 linker scripts. ld.lld: error: arch/arm64/kernel/vdso/vgettimeofday.o:(.ARM.attributes) is being placed in '.ARM.attributes' ld.lld: error: arch/arm64/kernel/vdso/vgetrandom.o:(.ARM.attributes) is being placed in '.ARM.attributes' ld.lld: error: vmlinux.a(lib/vsprintf.o):(.ARM.attributes) is being placed in '.ARM.attributes' ld.lld: error: vmlinux.a(lib/win_minmax.o):(.ARM.attributes) is being placed in '.ARM.attributes' ld.lld: error: vmlinux.a(lib/xarray.o):(.ARM.attributes) is being placed in '.ARM.attributes' Discard the new sections in the necessary linker scripts to resolve the warnings, as the kernel and vDSO do not need to retain it, similar to the .note.gnu.property section. Cc: stable(a)vger.kernel.org Fixes: b3e5d80d0c48 ("arm64/build: Warn on orphan section placement") Link: https://github.com/llvm/llvm-project/commit/ee99c4d4845db66c4daa2373352133f… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- Changes in v3: - Update location of section discard in vDSO to align with .note.gnu.property discard since the sectionss are similar in nature (Will). - Link to v2: https://lore.kernel.org/r/20250204-arm64-handle-arm-attributes-in-linker-sc… Changes in v2: - Discard the section instead of adding it to the final artifacts to mirror the .note.gnu.property section handling (Will). - Link to v1: https://lore.kernel.org/r/20250124-arm64-handle-arm-attributes-in-linker-sc… --- arch/arm64/kernel/vdso/vdso.lds.S | 1 + arch/arm64/kernel/vmlinux.lds.S | 1 + 2 files changed, 2 insertions(+) diff --git a/arch/arm64/kernel/vdso/vdso.lds.S b/arch/arm64/kernel/vdso/vdso.lds.S index 4ec32e86a8da..47ad6944f9f0 100644 --- a/arch/arm64/kernel/vdso/vdso.lds.S +++ b/arch/arm64/kernel/vdso/vdso.lds.S @@ -41,6 +41,7 @@ SECTIONS */ /DISCARD/ : { *(.note.GNU-stack .note.gnu.property) + *(.ARM.attributes) } .note : { *(.note.*) } :text :note diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index f84c71f04d9e..e73326bd3ff7 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -162,6 +162,7 @@ SECTIONS /DISCARD/ : { *(.interp .dynamic) *(.dynsym .dynstr .hash .gnu.hash) + *(.ARM.attributes) } . = KIMAGE_VADDR; --- base-commit: 1dd3393696efba1598aa7692939bba99d0cffae3 change-id: 20250123-arm64-handle-arm-attributes-in-linker-script-82aee25313ac Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

6 months, 1 week

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2025