February 2025 - Linux-stable-mirror

[PATCH v5.10/v5.15/v6.1] x86/i8253: Disable PIT timer 0 when not in use

by Jay Wang

commit 70e6b7d9ae3c63df90a7bba7700e8d5c300c3c60 upstream Leaving the PIT interrupt running can cause noticeable steal time for virtual guests. The VMM generally has a timer which toggles the IRQ input to the PIC and I/O APIC, which takes CPU time away from the guest. Even on real hardware, running the counter may use power needlessly (albeit not much). Make sure it's turned off if it isn't going to be used. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Michael Kelley <mhkelley(a)outlook.com> Link: https://lore.kernel.org/all/20240802135555.564941-1-dwmw2@infradead.org Signed-off-by: Jay Wang <wanjay(a)amazon.com> Cc: stable(a)vger.kernel.org #v5.10/v5.15/v6.1 --- arch/x86/kernel/i8253.c | 11 +++++++++-- drivers/clocksource/i8253.c | 13 +++++++++---- include/linux/i8253.h | 1 + 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/i8253.c b/arch/x86/kernel/i8253.c index 2b7999a1a50a..80e262bb627f 100644 --- a/arch/x86/kernel/i8253.c +++ b/arch/x86/kernel/i8253.c @@ -8,6 +8,7 @@ #include <linux/timex.h> #include <linux/i8253.h> +#include <asm/hypervisor.h> #include <asm/apic.h> #include <asm/hpet.h> #include <asm/time.h> @@ -39,9 +40,15 @@ static bool __init use_pit(void) bool __init pit_timer_init(void) { - if (!use_pit()) + if (!use_pit()) { + /* + * Don't just ignore the PIT. Ensure it's stopped, because + * VMMs otherwise steal CPU time just to pointlessly waggle + * the (masked) IRQ. + */ + clockevent_i8253_disable(); return false; - + } clockevent_i8253_init(true); global_clock_event = &i8253_clockevent; return true; diff --git a/drivers/clocksource/i8253.c b/drivers/clocksource/i8253.c index d4350bb10b83..cb215e6f2e83 100644 --- a/drivers/clocksource/i8253.c +++ b/drivers/clocksource/i8253.c @@ -108,11 +108,8 @@ int __init clocksource_i8253_init(void) #endif #ifdef CONFIG_CLKEVT_I8253 -static int pit_shutdown(struct clock_event_device *evt) +void clockevent_i8253_disable(void) { - if (!clockevent_state_oneshot(evt) && !clockevent_state_periodic(evt)) - return 0; - raw_spin_lock(&i8253_lock); outb_p(0x30, PIT_MODE); @@ -123,6 +120,14 @@ static int pit_shutdown(struct clock_event_device *evt) } raw_spin_unlock(&i8253_lock); +} + +static int pit_shutdown(struct clock_event_device *evt) +{ + if (!clockevent_state_oneshot(evt) && !clockevent_state_periodic(evt)) + return 0; + + clockevent_i8253_disable(); return 0; } diff --git a/include/linux/i8253.h b/include/linux/i8253.h index 8336b2f6f834..bf169cfef7f1 100644 --- a/include/linux/i8253.h +++ b/include/linux/i8253.h @@ -24,6 +24,7 @@ extern raw_spinlock_t i8253_lock; extern bool i8253_clear_counter_on_shutdown; extern struct clock_event_device i8253_clockevent; extern void clockevent_i8253_init(bool oneshot); +extern void clockevent_i8253_disable(void); extern void setup_pit_timer(void); -- 2.47.1

6 months, 1 week

2
2
0 0

[PATCH] scsi: message: fusion: Fix out-of-bounds shift in phy bitmask calculation

by Fedor Pchelkin

In mptsas_setup_wide_ports() the calculation of phy bitmask is a subject to undefined behavior when phy index exceeds the width of type 'int', but is still less than 64. Utilize BIT_ULL macro to fix this. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool. Fixes: 547f9a218436 ("[SCSI] mptsas: wide port support") Cc: stable(a)vger.kernel.org Co-developed-by: Aleksandr Mishin <amishin(a)t-argos.ru> Signed-off-by: Aleksandr Mishin <amishin(a)t-argos.ru> Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- struct mptsas_portinfo_details::phy_bitmask is used only in various logging printks throughout the driver. Another option would be to drop this field completely if it is considered a more appropriate solution.. drivers/message/fusion/mptsas.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c index 7e79da9684ed..cd95655f1592 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -43,6 +43,7 @@ */ /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ +#include <linux/bits.h> #include <linux/module.h> #include <linux/kernel.h> #include <linux/slab.h> @@ -880,7 +881,7 @@ mptsas_setup_wide_ports(MPT_ADAPTER *ioc, struct mptsas_portinfo *port_info) "%s: [%p]: deleting phy = %d\n", ioc->name, __func__, port_details, i)); port_details->num_phys--; - port_details->phy_bitmask &= ~ (1 << phy_info->phy_id); + port_details->phy_bitmask &= ~BIT_ULL(phy_info->phy_id); memset(&phy_info->attached, 0, sizeof(struct mptsas_devinfo)); if (phy_info->phy) { devtprintk(ioc, dev_printk(KERN_DEBUG, @@ -915,7 +916,7 @@ mptsas_setup_wide_ports(MPT_ADAPTER *ioc, struct mptsas_portinfo *port_info) port_details->port_info = port_info; if (phy_info->phy_id < 64 ) port_details->phy_bitmask |= - (1 << phy_info->phy_id); + BIT_ULL(phy_info->phy_id); phy_info->sas_port_add_phy=1; dsaswideprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\t\tForming port\n\t\t" "phy_id=%d sas_address=0x%018llX\n", @@ -957,7 +958,7 @@ mptsas_setup_wide_ports(MPT_ADAPTER *ioc, struct mptsas_portinfo *port_info) phy_info_cmp->port_details = port_details; if (phy_info_cmp->phy_id < 64 ) port_details->phy_bitmask |= - (1 << phy_info_cmp->phy_id); + BIT_ULL(phy_info_cmp->phy_id); port_details->num_phys++; } } -- 2.48.1

6 months, 1 week

1
0
0 0

[PATCH net v3] nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

by Haoxiang Li

Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. Fixes: ff3d43f7568c ("nfp: bpf: implement helpers for FW map ops") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v3: - modify a spell error. Thanks, Kalesh! Changes in v2: - remove the bracket for one single-statement. Thanks, Guru! --- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c index 2ec62c8d86e1..59486fe2ad18 100644 --- a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c +++ b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c @@ -20,6 +20,8 @@ nfp_bpf_cmsg_alloc(struct nfp_app_bpf *bpf, unsigned int size) struct sk_buff *skb; skb = nfp_app_ctrl_msg_alloc(bpf->app, size, GFP_KERNEL); + if (!skb) + return NULL; skb_put(skb, size); return skb; -- 2.25.1

6 months, 1 week

3
2
0 0

Re: [PATCH 0/2] vsock: fix use-after free and null-ptr-deref

by Luigi Leonardi

<qh6envvnuw45w2omvpufqtbq5k5343ymdzswxrxmczwoe64d6g@a4z5wjdbdw6w> Reply-To: In-Reply-To: <ah4qm66q5q7we7ykhl3uywgrexi7izdxrmfyn2zm3jhswitebt@cz2ipkdgr6yf> On Tue, Feb 18, 2025 at 05:01:31PM +0100, Stefano Garzarella wrote: >> >>No, nothing I can think of. >> >>Note however that the comment above vsock_close() ("Dummy callback >>required >>by sockmap. See unconditional call of saved_close() in >>sock_map_close().") >>becomes somewhat misleading :) >> > >Yeah, we can mention in the commit description of the backport that we >backport it just to reduce conflicts but sockmap features are not >backported. I'd touch as less as possibile in the patch, otherwise IMHO >is better to just fix the conflicts in the 2 patches. > >Thanks, >Stefano > Totally agree with you, will send the backport in a couple of days if nobody has any objections. Luigi

6 months, 1 week

1
0
0 0

[PATCH 5.10] f2fs: fix shift-out-of-bounds in parse_options()

by Denis Arefev

No upstream commit exists for this commit. Using an arbitrary value that does not fall into the required range as an argument of the shift operator when outputting an error is wrong in itself. Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 lib/ubsan.c:321 parse_options+0x4ad6/0x4ae0 fs/f2fs/super.c:919 f2fs_fill_super+0x321b/0x7c40 fs/f2fs/super.c:4214 mount_bdev+0x2c9/0x3f0 fs/super.c:1443 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x2ba/0xb40 fs/namespace.c:3051 do_mount fs/namespace.c:3394 [inline] __do_sys_mount fs/namespace.c:3602 [inline] __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3579 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 There is a commit 87161a2b0aed ("f2fs: deprecate io_bits") that completely removes these strings, but it's not practical to backport it. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Link: syzbot+410500002694f3ff65b1(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=410500002694f3ff65b1 Fixes: ec91538dccd4 ("f2fs: get io size bit from mount option") Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- fs/f2fs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 9afbb51bd678..5fd64bc35f31 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -722,8 +722,8 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount) if (args->from && match_int(args, &arg)) return -EINVAL; if (arg <= 0 || arg > __ilog2_u32(BIO_MAX_PAGES)) { - f2fs_warn(sbi, "Not support %d, larger than %d", - 1 << arg, BIO_MAX_PAGES); + f2fs_warn(sbi, "Not support 2^%d, invalid argument %d", + arg, BIO_MAX_PAGES); return -EINVAL; } F2FS_OPTION(sbi).write_io_size_bits = arg; -- 2.43.0

6 months, 1 week

1
0
0 0

[PATCH 5.15] f2fs: fix shift-out-of-bounds in parse_options()

by Denis Arefev

No upstream commit exists for this commit. Using an arbitrary value that does not fall into the required range as an argument of the shift operator when outputting an error is wrong in itself. Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 lib/ubsan.c:321 parse_options+0x4ad6/0x4ae0 fs/f2fs/super.c:919 f2fs_fill_super+0x321b/0x7c40 fs/f2fs/super.c:4214 mount_bdev+0x2c9/0x3f0 fs/super.c:1443 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x2ba/0xb40 fs/namespace.c:3051 do_mount fs/namespace.c:3394 [inline] __do_sys_mount fs/namespace.c:3602 [inline] __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3579 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 There is a commit 87161a2b0aed ("f2fs: deprecate io_bits") that completely removes these strings, but it's not practical to backport it. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Link: syzbot+410500002694f3ff65b1(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=410500002694f3ff65b1 Fixes: ec91538dccd4 ("f2fs: get io size bit from mount option") Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- fs/f2fs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index f8aaff9b1784..c0fa7d785f3c 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -891,8 +891,8 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount) if (args->from && match_int(args, &arg)) return -EINVAL; if (arg <= 0 || arg > __ilog2_u32(BIO_MAX_VECS)) { - f2fs_warn(sbi, "Not support %d, larger than %d", - 1 << arg, BIO_MAX_VECS); + f2fs_warn(sbi, "Not support 2^%d, invalid argument %d", + arg, BIO_MAX_VECS); return -EINVAL; } F2FS_OPTION(sbi).write_io_size_bits = arg; -- 2.43.0

6 months, 1 week

1
0
0 0

[PATCH 6.1] f2fs: fix shift-out-of-bounds in parse_options()

by Denis Arefev

No upstream commit exists for this commit. Using an arbitrary value that does not fall into the required range as an argument of the shift operator when outputting an error is wrong in itself. Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 lib/ubsan.c:321 parse_options+0x4ad6/0x4ae0 fs/f2fs/super.c:919 f2fs_fill_super+0x321b/0x7c40 fs/f2fs/super.c:4214 mount_bdev+0x2c9/0x3f0 fs/super.c:1443 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x2ba/0xb40 fs/namespace.c:3051 do_mount fs/namespace.c:3394 [inline] __do_sys_mount fs/namespace.c:3602 [inline] __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3579 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 There is a commit 87161a2b0aed ("f2fs: deprecate io_bits") that completely removes these strings, but it's not practical to backport it. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Link: syzbot+410500002694f3ff65b1(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=410500002694f3ff65b1 Fixes: ec91538dccd4 ("f2fs: get io size bit from mount option") Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- fs/f2fs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 72160b906f4b..7d7766761fe4 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -916,8 +916,8 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount) if (args->from && match_int(args, &arg)) return -EINVAL; if (arg <= 0 || arg > __ilog2_u32(BIO_MAX_VECS)) { - f2fs_warn(sbi, "Not support %ld, larger than %d", - BIT(arg), BIO_MAX_VECS); + f2fs_warn(sbi, "Not support 2^%d, invalid argument %d", + arg, BIO_MAX_VECS); return -EINVAL; } F2FS_OPTION(sbi).write_io_size_bits = arg; -- 2.43.0

6 months, 1 week

1
0
0 0

[PATCH v2] soc: loongson: loongson2_guts: Add check for devm_kstrdup()

by Haoxiang Li

Add check for the return value of devm_kstrdup() in loongson2_guts_probe() to catch potential exception. Fixes: b82621ac8450 ("soc: loongson: add GUTS driver for loongson-2 platforms") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v2: - modify the check position. Thanks, Binbin! - modify the title description. --- drivers/soc/loongson/loongson2_guts.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/soc/loongson/loongson2_guts.c b/drivers/soc/loongson/loongson2_guts.c index ae42e3a9127f..16913c3ef65c 100644 --- a/drivers/soc/loongson/loongson2_guts.c +++ b/drivers/soc/loongson/loongson2_guts.c @@ -114,8 +114,11 @@ static int loongson2_guts_probe(struct platform_device *pdev) if (of_property_read_string(root, "model", &machine)) of_property_read_string_index(root, "compatible", 0, &machine); of_node_put(root); - if (machine) + if (machine) { soc_dev_attr.machine = devm_kstrdup(dev, machine, GFP_KERNEL); + if (!soc_dev_attr.machine) + return -ENOMEM; + } svr = loongson2_guts_get_svr(); soc_die = loongson2_soc_die_match(svr, loongson2_soc_die); -- 2.25.1

6 months, 1 week

1
0
0 0

[PATCH v3 3/5] misc: pci_endpoint_test: Fix irq_type to convey the correct type

by Kunihiko Hayashi

There are two variables that indicate the interrupt type to be used in the next test execution, "irq_type" as global and test->irq_type. The global is referenced from pci_endpoint_test_get_irq() to preserve the current type for ioctl(PCITEST_GET_IRQTYPE). The type set in this function isn't reflected in the global "irq_type", so ioctl(PCITEST_GET_IRQTYPE) returns the previous type. As a result, the wrong type will be displayed in "pcitest" as follows: # pcitest -i 0 SET IRQ TYPE TO LEGACY: OKAY # pcitest -I GET IRQ TYPE: MSI Fix this issue by propagating the current type to the global "irq_type". Cc: stable(a)vger.kernel.org Fixes: b2ba9225e031 ("misc: pci_endpoint_test: Avoid using module parameter to determine irqtype") Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> --- drivers/misc/pci_endpoint_test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index f13fa32ef91a..6a0972e7674f 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -829,6 +829,7 @@ static int pci_endpoint_test_set_irq(struct pci_endpoint_test *test, return ret; } + irq_type = test->irq_type; return 0; } -- 2.25.1

6 months, 1 week

3
6
0 0

[PATCH v2 2/5] ftrace: Do not add duplicate entries in subops manager ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Check if a function is already in the manager ops of a subops. A manager ops contains multiple subops, and if two or more subops are tracing the same function, the manager ops only needs a single entry in its hash. Cc: stable(a)vger.kernel.org Fixes: 4f554e955614f ("ftrace: Add ftrace_set_filter_ips function") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 03b35a05808c..189eb0a12f4b 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -5717,6 +5717,9 @@ __ftrace_match_addr(struct ftrace_hash *hash, unsigned long ip, int remove) return -ENOENT; free_hash_entry(hash, entry); return 0; + } else if (__ftrace_lookup_ip(hash, ip) != NULL) { + /* Already exists */ + return 0; } entry = add_hash_entry(hash, ip); -- 2.47.2

6 months, 1 week

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2025