July 2025 - Linux-stable-mirror

[PATCH 6.1.y] arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 register

by Roy, Patrick

From: Nianyao Tang <tangnianyao(a)huawei.com> [ upstream commit e8cde32f111f7f5681a7bad3ec747e9e697569a9 ] Enable ECBHB bits in ID_AA64MMFR1 register as per ARM DDI 0487K.a specification. When guest OS read ID_AA64MMFR1_EL1, kvm emulate this reg using ftr_id_aa64mmfr1 and always return ID_AA64MMFR1_EL1.ECBHB=0 to guest. It results in guest syscall jump to tramp ventry, which is not needed in implementation with ID_AA64MMFR1_EL1.ECBHB=1. Let's make the guest syscall process the same as the host. This fixes performance regressions introduced by commit a53b3599d9bf ("arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists") for guests running on neoverse v2 hardware, which supports ECBHB. Signed-off-by: Nianyao Tang <tangnianyao(a)huawei.com> Link: https://lore.kernel.org/r/20240611122049.2758600-1-tangnianyao@huawei.com Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Patrick Roy <roypat(a)amazon.co.uk> --- arch/arm64/kernel/cpufeature.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 840cc48b5147..5d2322eeee47 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -343,6 +343,7 @@ static const struct arm64_ftr_bits ftr_id_aa64mmfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64mmfr1[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_EL1_ECBHB_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_EL1_TIDCP1_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_EL1_AFP_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_EL1_ETS_SHIFT, 4, 0), -- 2.50.1

2 weeks, 5 days

1
0
0 0

[PATCH 6.6] arm64: kaslr: fix nokaslr cmdline parsing

by Chen Ridong

From: Chen Ridong <chenridong(a)huawei.com> Currently, when the command line contains "nokaslrxxx", it was incorrectly treated as a request to disable KASLR virtual memory. However, the behavior is different from physical address handling. This issue exists before the commit af73b9a2dd39 ("arm64: kaslr: Use feature override instead of parsing the cmdline again"). This patch fixes the parsing logic for the 'nokaslr' command line argument. Only the exact strings, 'nokaslr', will disable KASLR. Other inputs such as 'xxnokaslr', 'xxnokaslrxx', or 'xxnokaslr=xx' will not disable KASLR. Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR") Signed-off-by: Chen Ridong <chenridong(a)huawei.com> --- arch/arm64/kernel/pi/kaslr_early.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/pi/kaslr_early.c b/arch/arm64/kernel/pi/kaslr_early.c index 17bff6e399e4..731d0a3f1a89 100644 --- a/arch/arm64/kernel/pi/kaslr_early.c +++ b/arch/arm64/kernel/pi/kaslr_early.c @@ -35,9 +35,14 @@ static char *__strstr(const char *s1, const char *s2) static bool cmdline_contains_nokaslr(const u8 *cmdline) { const u8 *str; + size_t len = strlen("nokaslr"); + const char *after = cmdline + len; str = __strstr(cmdline, "nokaslr"); - return str == cmdline || (str > cmdline && *(str - 1) == ' '); + if ((str == cmdline || (str > cmdline && *(str - 1) == ' ')) && + (*after == ' ' || *after == '\0')) + return true; + return false; } static bool is_kaslr_disabled_cmdline(void *fdt) -- 2.34.1

2 weeks, 5 days

3
2
0 0

stable: queue/* branches no longer updated

by Matthieu Baerts

Hi Sasha, Thank you for maintaining the stable versions with Greg! If I remember well, you run some scripts on your side to maintain the queue/* branches in the linux-stable-rc Git tree [1], is that correct? These branches have not been updated for a bit more than 3 weeks. Is it normal? Personally, I find them useful. But if it is just me, I can work without them. [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… Cheers, Matt -- Sponsored by the NGI0 Core fund.

2 weeks, 5 days

2
2
0 0

[PATCH v3] mm: slub: avoid deref of free pointer in sanity checks if object is invalid

by Li Qiong

For debugging, object_err() prints free pointer of the object. However, if check_valid_pointer() returns false for a object, dereferncing `object + s->offset` can lead to a crash. Therefore, print the object's address in such cases. Fixes: bb192ed9aa71 ("mm/slub: Convert most struct page to struct slab by spatch") Cc: <stable(a)vger.kernel.org> Signed-off-by: Li Qiong <liqiong(a)nfschina.com> --- v2: - rephrase the commit message, add comment for object_err(). v3: - check object pointer in object_err(). --- mm/slub.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 31e11ef256f9..d3abae5a2193 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1104,7 +1104,11 @@ static void object_err(struct kmem_cache *s, struct slab *slab, return; slab_bug(s, reason); - print_trailer(s, slab, object); + if (!check_valid_pointer(s, slab, object)) { + print_slab_info(slab); + pr_err("invalid object 0x%p\n", object); + } else + print_trailer(s, slab, object); add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); WARN_ON(1); @@ -1587,7 +1591,7 @@ static inline int alloc_consistency_checks(struct kmem_cache *s, return 0; if (!check_valid_pointer(s, slab, object)) { - object_err(s, slab, object, "Freelist Pointer check fails"); + slab_err(s, slab, "Freelist Pointer(0x%p) check fails", object); return 0; } -- 2.30.2

2 weeks, 5 days

3
4
0 0

"stack state/frame" and "jump dest instruction" errors (was Re: Linux 6.16)

by Alan J. Wylie

#regzbot introduced: 6.15.8..6.16 Linus Torvalds <torvalds(a)linux-foundation.org> writes: > It's Sunday afternoon, and the release cycle has come to an end. Last > week was nice and calm, and there were no big show-stopper surprises > to keep us from the regular schedule, so I've tagged and pushed out > 6.16 as planned. Even after a "make mrproper" and "git clean -fxd" I'm seeing lots of warnings and errors. can't find jump dest instruction stack state mismatch return with modified stack frame objtool: can't decode instruction can't find starting instruction gcc (Gentoo Hardened 14.3.0 p8) 14.3.0 I selected "Y" to the new config option "X86_NATIVE_CPU" CPU is AMD FX-8350 .config attached The build is fine on a cross-compile of a minimal kernel for an Intel Atom server. Possibly related to https://lore.kernel.org/lkml/5263a182e608408bf42dc1ed12bc43dee9598ac9.17509… LD [M] arch/x86/events/amd/amd-uncore.o arch/x86/events/amd/amd-uncore.o: warning: objtool: amd_uncore_df_ctx_scan+0x54: can't find jump dest instruction at .text+0x1b6 make[5]: *** [scripts/Makefile.build:502: arch/x86/events/amd/amd-uncore.o] Error 255 make[5]: *** Deleting file 'arch/x86/events/amd/amd-uncore.o' make[4]: *** [scripts/Makefile.build:555: arch/x86/events/amd] Error 2 make[3]: *** [scripts/Makefile.build:555: arch/x86/events] Error 2 make[3]: *** Waiting for unfinished jobs.... CC fs/pidfs.o crypto/cmac.o: warning: objtool: crypto_cmac_digest_setkey+0xc2: stack state mismatch: cfa1=4+32 cfa2=4+24 CC [M] sound/core/device.o crypto/md4.o: warning: objtool: md4_final+0xd1: return with modified stack frame LD [M] block/bfq.o block/bfq.o: warning: objtool: bfq_timeout_sync_store+0x42: can't find jump dest instruction at .text+0x10f9 make[3]: *** [scripts/Makefile.build:502: block/bfq.o] Error 255 make[3]: *** Deleting file 'block/bfq.o' make[2]: *** [scripts/Makefile.build:555: block] Error 2 make[2]: *** Waiting for unfinished jobs.... CC arch/x86/kernel/acpi/madt_wakeup.o crypto/wp512.o: warning: objtool: wp512_init+0x58: return with modified stack frame crypto/wp512.o: warning: objtool: wp512_process_buffer+0x149: stack state mismatch: cfa1=4+288 cfa2=4-352 CC [M] sound/core/vmaster.o crypto/blake2b_generic.o: warning: objtool: crypto_blake2b_setkey+0x68: return with modified stack frame crypto/blake2b_generic.o: warning: objtool: crypto_blake2b_finup.constprop.0.isra.0+0x132: return with modified stack frame CC drivers/pci/pcie/err.o crypto/ccm.o: warning: objtool: crypto_ccm_init_crypt+0x1b6: stack state mismatch: cfa1=4+56 cfa2=4+48 crypto/ccm.o: warning: objtool: crypto_ccm_auth+0x45e: return with modified stack frame CC drivers/pci/pcie/pme.o crypto/cryptd.o: warning: objtool: cryptd_enqueue_request+0x89: can't find jump dest instruction at .text+0x94c make[3]: *** [scripts/Makefile.build:287: crypto/cryptd.o] Error 255 make[3]: *** Deleting file 'crypto/cryptd.o' make[2]: *** [scripts/Makefile.build:555: crypto] Error 2 LD [M] sound/core/snd.o sound/core/snd.o: warning: objtool: snd_ctl_open+0x10c: can't find jump dest instruction at .text+0x47c6 make[4]: *** [scripts/Makefile.build:502: sound/core/snd.o] Error 255 make[4]: *** Deleting file 'sound/core/snd.o' make[4]: *** Waiting for unfinished jobs.... LD [M] sound/core/oss/snd-mixer-oss.o sound/core/oss/snd-mixer-oss.o: warning: objtool: mixer_slot_clear+0x4c: return with modified stack frame CC lib/crypto/mpi/mpi-mod.o sound/core/oss/snd-pcm-oss.o: warning: objtool: mulaw_decode+0xf9: can't find jump dest instruction at .text+0x722b make[5]: *** [scripts/Makefile.build:502: sound/core/oss/snd-pcm-oss.o] Error 255 make[5]: *** Deleting file 'sound/core/oss/snd-pcm-oss.o' make[4]: *** [scripts/Makefile.build:555: sound/core/oss] Error 2 CC arch/x86/kernel/smpboot.o drivers/char/ipmi/ipmi_msghandler.o: warning: objtool: ipmi_set_gets_events+0x155: can't find jump dest instruction at .text+0x21c8 make[4]: *** [scripts/Makefile.build:287: drivers/char/ipmi/ipmi_msghandler.o] Error 255 make[4]: *** Deleting file 'drivers/char/ipmi/ipmi_msghandler.o' make[3]: *** [scripts/Makefile.build:555: drivers/char/ipmi] Error 2 make[3]: *** Waiting for unfinished jobs.... CC kernel/entry/kvm.o lib/crypto/gf128mul.o: warning: objtool: gf128mul_init_64k_bbe+0x94: stack state mismatch: cfa1=5+16 cfa2=4+8 CC [M] sound/core/seq/oss/seq_oss_event.o make[2]: *** [scripts/Makefile.build:555: drivers] Error 2 LD [M] sound/core/seq/snd-seq.o sound/core/seq/snd-seq.o: warning: objtool: snd_seq_open+0xd7: can't find jump dest instruction at .text+0x2224 make[5]: *** [scripts/Makefile.build:502: sound/core/seq/snd-seq.o] Error 255 make[5]: *** Deleting file 'sound/core/seq/snd-seq.o' make[5]: *** Waiting for unfinished jobs.... LD [M] lib/crypto/libdes.o lib/crypto/libdes.o: warning: objtool: des3_ede_encrypt+0x86: can't find jump dest instruction at .text+0xcb8 make[4]: *** [scripts/Makefile.build:502: lib/crypto/libdes.o] Error 255 make[4]: *** Deleting file 'lib/crypto/libdes.o' make[3]: *** [scripts/Makefile.build:555: lib/crypto] Error 2 make[2]: *** [scripts/Makefile.build:555: lib] Error 2 LD [M] sound/core/seq/oss/snd-seq-oss.o sound/core/seq/oss/snd-seq-oss.o: warning: objtool: alloc_seq_queue+0xc7: return with modified stack frame sound/core/seq/oss/snd-seq-oss.o: warning: objtool: delete_seq_queue.isra.0+0xb5: return with modified stack frame sound/core/seq/oss/snd-seq-oss.o: warning: objtool: snd_seq_oss_synth_info_user+0xb7: return with modified stack frame sound/core/seq/oss/snd-seq-oss.o: warning: objtool: snd_seq_oss_midi_info_user+0xa5: return with modified stack frame sound/core/seq/oss/snd-seq-oss.o: warning: objtool: snd_seq_oss_process_event+0x73c: stack state mismatch: cfa1=4+72 cfa2=4+64 sound/core/seq/oss/snd-seq-oss.o: warning: objtool: snd_seq_oss_write+0x77: stack state mismatch: cfa1=4+120 cfa2=4+112 sound/core/seq/oss/snd-seq-oss.o: warning: objtool: snd_seq_oss_synth_setup+0x14c: return with modified stack frame sound/core/seq/oss/snd-seq-oss.o: warning: objtool: snd_seq_oss_synth_make_info+0x17d: stack state mismatch: cfa1=4+160 cfa2=4+152 make[4]: *** [scripts/Makefile.build:555: sound/core/seq] Error 2 make[3]: *** [scripts/Makefile.build:555: sound/core] Error 2 make[3]: *** Waiting for unfinished jobs.... LD [M] sound/pci/hda/snd-hda-codec.o sound/pci/hda/snd-hda-codec.o: error: objtool: can't decode instruction at .text:0xbf1c make[5]: *** [scripts/Makefile.build:502: sound/pci/hda/snd-hda-codec.o] Error 255 make[5]: *** Deleting file 'sound/pci/hda/snd-hda-codec.o' make[4]: *** [scripts/Makefile.build:555: sound/pci/hda] Error 2 make[3]: *** [scripts/Makefile.build:555: sound/pci] Error 2 make[2]: *** [scripts/Makefile.build:555: sound] Error 2 CC fs/ext4/mballoc.o fs/binfmt_misc.o: warning: objtool: load_misc_binary+0xf4: can't find jump dest instruction at .text+0xf07 make[3]: *** [scripts/Makefile.build:287: fs/binfmt_misc.o] Error 255 make[3]: *** Deleting file 'fs/binfmt_misc.o' make[3]: *** Waiting for unfinished jobs.... LD [M] fs/cramfs/cramfs.o fs/cramfs/cramfs.o: warning: objtool: cramfs_blkdev_fill_super+0x2b2: return with modified stack frame AR arch/x86/kernel/built-in.a make[2]: *** [scripts/Makefile.build:555: arch/x86] Error 2 LD [M] fs/configfs/configfs.o fs/configfs/configfs.o: error: objtool: configfs_create_link(): can't find starting instruction make[4]: *** [scripts/Makefile.build:502: fs/configfs/configfs.o] Error 255 make[4]: *** Deleting file 'fs/configfs/configfs.o' make[3]: *** [scripts/Makefile.build:555: fs/configfs] Error 2 AR fs/ext4/built-in.a make[2]: *** [scripts/Makefile.build:555: fs] Error 2 AR kernel/built-in.a make[1]: *** [/work/src.git/linux/Makefile:2003: .] Error 2 make: *** [Makefile:248: __sub-make] Error 2 -- Alan J. Wylie https://www.wylie.me.uk/ mailto:<alan(a)wylie.me.uk> Dance like no-one's watching. / Encrypt like everyone is. Security is inversely proportional to convenience

2 weeks, 5 days

4
4
0 0

[PATCH 6.12.y] mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma

by Jakub Acs

From: Liu Shixin <liushixin2(a)huawei.com> commit f1897f2f08b28ae59476d8b73374b08f856973af upstream. syzkaller reported such a BUG_ON(): ------------[ cut here ]------------ kernel BUG at mm/khugepaged.c:1835! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP ... CPU: 6 UID: 0 PID: 8009 Comm: syz.15.106 Kdump: loaded Tainted: G W 6.13.0-rc6 #22 Tainted: [W]=WARN Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : collapse_file+0xa44/0x1400 lr : collapse_file+0x88/0x1400 sp : ffff80008afe3a60 ... Call trace: collapse_file+0xa44/0x1400 (P) hpage_collapse_scan_file+0x278/0x400 madvise_collapse+0x1bc/0x678 madvise_vma_behavior+0x32c/0x448 madvise_walk_vmas.constprop.0+0xbc/0x140 do_madvise.part.0+0xdc/0x2c8 __arm64_sys_madvise+0x68/0x88 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x34/0x128 el0t_64_sync_handler+0xc8/0xd0 el0t_64_sync+0x190/0x198 This indicates that the pgoff is unaligned. After analysis, I confirm the vma is mapped to /dev/zero. Such a vma certainly has vm_file, but it is set to anonymous by mmap_zero(). So even if it's mmapped by 2m-unaligned, it can pass the check in thp_vma_allowable_order() as it is an anonymous-mmap, but then be collapsed as a file-mmap. It seems the problem has existed for a long time, but actually, since we have khugepaged_max_ptes_none check before, we will skip collapse it as it is /dev/zero and so has no present page. But commit d8ea7cc8547c limit the check for only khugepaged, so the BUG_ON() can be triggered by madvise_collapse(). Add vma_is_anonymous() check to make such vma be processed by hpage_collapse_scan_pmd(). Link: https://lkml.kernel.org/r/20250111034511.2223353-1-liushixin2@huawei.com Fixes: d8ea7cc8547c ("mm/khugepaged: add flag to predicate khugepaged-only behavior") Signed-off-by: Liu Shixin <liushixin2(a)huawei.com> Reviewed-by: Yang Shi <yang(a)os.amperecomputing.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mattew Wilcox <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> [acsjakub: backport, clean apply] Cc: Jakub Acs <acsjakub(a)amazon.de> Cc: linux-mm(a)kvack.org --- Ran into the crash with syzkaller, backporting this patch works - the reproducer no longer crashes. Please let me know if there was a reason not to backport. mm/khugepaged.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/khugepaged.c b/mm/khugepaged.c index b538c3d48386..abd5764e4864 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -2404,7 +2404,7 @@ static unsigned int khugepaged_scan_mm_slot(unsigned int pages, int *result, VM_BUG_ON(khugepaged_scan.address < hstart || khugepaged_scan.address + HPAGE_PMD_SIZE > hend); - if (IS_ENABLED(CONFIG_SHMEM) && vma->vm_file) { + if (IS_ENABLED(CONFIG_SHMEM) && !vma_is_anonymous(vma)) { struct file *file = get_file(vma->vm_file); pgoff_t pgoff = linear_page_index(vma, khugepaged_scan.address); @@ -2750,7 +2750,7 @@ int madvise_collapse(struct vm_area_struct *vma, struct vm_area_struct **prev, mmap_assert_locked(mm); memset(cc->node_load, 0, sizeof(cc->node_load)); nodes_clear(cc->alloc_nmask); - if (IS_ENABLED(CONFIG_SHMEM) && vma->vm_file) { + if (IS_ENABLED(CONFIG_SHMEM) && !vma_is_anonymous(vma)) { struct file *file = get_file(vma->vm_file); pgoff_t pgoff = linear_page_index(vma, addr); -- 2.47.3 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

2 weeks, 5 days

3
3
0 0

[PATCH v2 6.1.y] mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma

by Jakub Acs

From: Liu Shixin <liushixin2(a)huawei.com> commit f1897f2f08b28ae59476d8b73374b08f856973af upstream. syzkaller reported such a BUG_ON(): ------------[ cut here ]------------ kernel BUG at mm/khugepaged.c:1835! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP ... CPU: 6 UID: 0 PID: 8009 Comm: syz.15.106 Kdump: loaded Tainted: G W 6.13.0-rc6 #22 Tainted: [W]=WARN Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : collapse_file+0xa44/0x1400 lr : collapse_file+0x88/0x1400 sp : ffff80008afe3a60 ... Call trace: collapse_file+0xa44/0x1400 (P) hpage_collapse_scan_file+0x278/0x400 madvise_collapse+0x1bc/0x678 madvise_vma_behavior+0x32c/0x448 madvise_walk_vmas.constprop.0+0xbc/0x140 do_madvise.part.0+0xdc/0x2c8 __arm64_sys_madvise+0x68/0x88 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x34/0x128 el0t_64_sync_handler+0xc8/0xd0 el0t_64_sync+0x190/0x198 This indicates that the pgoff is unaligned. After analysis, I confirm the vma is mapped to /dev/zero. Such a vma certainly has vm_file, but it is set to anonymous by mmap_zero(). So even if it's mmapped by 2m-unaligned, it can pass the check in thp_vma_allowable_order() as it is an anonymous-mmap, but then be collapsed as a file-mmap. It seems the problem has existed for a long time, but actually, since we have khugepaged_max_ptes_none check before, we will skip collapse it as it is /dev/zero and so has no present page. But commit d8ea7cc8547c limit the check for only khugepaged, so the BUG_ON() can be triggered by madvise_collapse(). Add vma_is_anonymous() check to make such vma be processed by hpage_collapse_scan_pmd(). Link: https://lkml.kernel.org/r/20250111034511.2223353-1-liushixin2@huawei.com Fixes: d8ea7cc8547c ("mm/khugepaged: add flag to predicate khugepaged-only behavior") Signed-off-by: Liu Shixin <liushixin2(a)huawei.com> Reviewed-by: Yang Shi <yang(a)os.amperecomputing.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mattew Wilcox <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> [acsjakub: backport, clean apply] Signed-off-by: Jakub Acs <acsjakub(a)amazon.de> Cc: linux-mm(a)kvack.org --- v1 -> v2: fix missing sign-off Ran into the crash with syzkaller, backporting this patch works - the reproducer no longer crashes. Please let me know if there was a reason not to backport. mm/khugepaged.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/khugepaged.c b/mm/khugepaged.c index b538c3d48386..abd5764e4864 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -2404,7 +2404,7 @@ static unsigned int khugepaged_scan_mm_slot(unsigned int pages, int *result, VM_BUG_ON(khugepaged_scan.address < hstart || khugepaged_scan.address + HPAGE_PMD_SIZE > hend); - if (IS_ENABLED(CONFIG_SHMEM) && vma->vm_file) { + if (IS_ENABLED(CONFIG_SHMEM) && !vma_is_anonymous(vma)) { struct file *file = get_file(vma->vm_file); pgoff_t pgoff = linear_page_index(vma, khugepaged_scan.address); @@ -2750,7 +2750,7 @@ int madvise_collapse(struct vm_area_struct *vma, struct vm_area_struct **prev, mmap_assert_locked(mm); memset(cc->node_load, 0, sizeof(cc->node_load)); nodes_clear(cc->alloc_nmask); - if (IS_ENABLED(CONFIG_SHMEM) && vma->vm_file) { + if (IS_ENABLED(CONFIG_SHMEM) && !vma_is_anonymous(vma)) { struct file *file = get_file(vma->vm_file); pgoff_t pgoff = linear_page_index(vma, addr); -- 2.47.3 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

2 weeks, 5 days

1
0
0 0

[PATCH] media: s5p-mfc: Always pass NULL to s5p_mfc_cmd_host2risc_v6()

by Nathan Chancellor

A new warning in clang [1] points out a few places in s5p_mfc_cmd_v6.c where an uninitialized variable is passed as a const pointer: drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c:45:7: error: variable 'h2r_args' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 45 | &h2r_args); | ^~~~~~~~ drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c:133:7: error: variable 'h2r_args' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 133 | &h2r_args); | ^~~~~~~~ drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c:148:7: error: variable 'h2r_args' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 148 | &h2r_args); | ^~~~~~~~ The args parameter in s5p_mfc_cmd_host2risc_v6() is never actually used, so just pass NULL to it in the places where h2r_args is currently passed, clearing up the warning and not changing the functionality of the code. Cc: stable(a)vger.kernel.org Fixes: f96f3cfa0bb8 ("[media] s5p-mfc: Update MFC v4l2 driver to support MFC6.x") Link: https://github.com/llvm/llvm-project/commit/00dacf8c22f065cb52efb14cd091d44… [1] Closes: https://github.com/ClangBuiltLinux/linux/issues/2103 Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- From what I can tell, it seems like ->cmd_host2risc() is only ever called from v6 code, which always passes NULL? It seems like it should be possible to just drop .cmd_host2risc on the v5 side, then update .cmd_host2risc to only take two parameters? If so, I can send a follow up as a clean up, so that this can go back relatively conflict free. --- .../platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c index 47bc3014b5d8..735471c50dbb 100644 --- a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c +++ b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c @@ -31,7 +31,6 @@ static int s5p_mfc_cmd_host2risc_v6(struct s5p_mfc_dev *dev, int cmd, static int s5p_mfc_sys_init_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; const struct s5p_mfc_buf_size_v6 *buf_size = dev->variant->buf_size->priv; int ret; @@ -41,33 +40,23 @@ static int s5p_mfc_sys_init_cmd_v6(struct s5p_mfc_dev *dev) mfc_write(dev, dev->ctx_buf.dma, S5P_FIMV_CONTEXT_MEM_ADDR_V6); mfc_write(dev, buf_size->dev_ctx, S5P_FIMV_CONTEXT_MEM_SIZE_V6); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SYS_INIT_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SYS_INIT_V6, NULL); } static int s5p_mfc_sleep_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; - - memset(&h2r_args, 0, sizeof(struct s5p_mfc_cmd_args)); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SLEEP_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SLEEP_V6, NULL); } static int s5p_mfc_wakeup_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; - - memset(&h2r_args, 0, sizeof(struct s5p_mfc_cmd_args)); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_WAKEUP_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_WAKEUP_V6, NULL); } /* Open a new instance and get its number */ static int s5p_mfc_open_inst_cmd_v6(struct s5p_mfc_ctx *ctx) { struct s5p_mfc_dev *dev = ctx->dev; - struct s5p_mfc_cmd_args h2r_args; int codec_type; mfc_debug(2, "Requested codec mode: %d\n", ctx->codec_mode); @@ -130,14 +119,13 @@ static int s5p_mfc_open_inst_cmd_v6(struct s5p_mfc_ctx *ctx) mfc_write(dev, 0, S5P_FIMV_D_CRC_CTRL_V6); /* no crc */ return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_OPEN_INSTANCE_V6, - &h2r_args); + NULL); } /* Close instance */ static int s5p_mfc_close_inst_cmd_v6(struct s5p_mfc_ctx *ctx) { struct s5p_mfc_dev *dev = ctx->dev; - struct s5p_mfc_cmd_args h2r_args; int ret = 0; dev->curr_ctx = ctx->num; @@ -145,7 +133,7 @@ static int s5p_mfc_close_inst_cmd_v6(struct s5p_mfc_ctx *ctx) mfc_write(dev, ctx->inst_no, S5P_FIMV_INSTANCE_ID_V6); ret = s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_CLOSE_INSTANCE_V6, - &h2r_args); + NULL); } else { ret = -EINVAL; } --- base-commit: 347e9f5043c89695b01e66b3ed111755afcf1911 change-id: 20250715-media-s5p-mfc-fix-uninit-const-pointer-cbf944ae4b4b Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

2 weeks, 5 days

3
3
0 0

[PATCH 1/2] ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx

by edip＠medip.dev

From: Edip Hazuri <edip(a)medip.dev> The mute led on this laptop is using ALC245 but requires a quirk to work This patch enables the existing quirk for the device. Tested on Victus 16-S0063NT Laptop. The LED behaviour works as intended. Cc: <stable(a)vger.kernel.org> Signed-off-by: Edip Hazuri <edip(a)medip.dev> --- sound/hda/codecs/realtek/alc269.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/hda/codecs/realtek/alc269.c b/sound/hda/codecs/realtek/alc269.c index 05019fa732..77322ff8a6 100644 --- a/sound/hda/codecs/realtek/alc269.c +++ b/sound/hda/codecs/realtek/alc269.c @@ -6528,6 +6528,7 @@ static const struct hda_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x103c, 0x8bbe, "HP Victus 16-r0xxx (MB 8BBE)", ALC245_FIXUP_HP_MUTE_LED_COEFBIT), SND_PCI_QUIRK(0x103c, 0x8bc8, "HP Victus 15-fa1xxx", ALC245_FIXUP_HP_MUTE_LED_COEFBIT), SND_PCI_QUIRK(0x103c, 0x8bcd, "HP Omen 16-xd0xxx", ALC245_FIXUP_HP_MUTE_LED_V1_COEFBIT), + SND_PCI_QUIRK(0x103c, 0x8bd4, "HP Victus 16-s0xxx (MB 8BD4)", ALC245_FIXUP_HP_MUTE_LED_COEFBIT), SND_PCI_QUIRK(0x103c, 0x8bdd, "HP Envy 17", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x103c, 0x8bde, "HP Envy 17", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x103c, 0x8bdf, "HP Envy 15", ALC287_FIXUP_CS35L41_I2C_2), -- 2.50.1

2 weeks, 5 days

2
2
0 0

[PATCH 5.4.y 0/3] Backport series: "permit write-sealed memfd read-only shared mappings"

by Isaac J. Manjarres

Hello, Until kernel version 6.7, a write-sealed memfd could not be mapped as shared and read-only. This was clearly a bug, and was not inline with the description of F_SEAL_WRITE in the man page for fcntl()[1]. Lorenzo's series [2] fixed that issue and was merged in kernel version 6.7, but was not backported to older kernels. So, this issue is still present on kernels 5.4, 5.10, 5.15, 6.1, and 6.6. This series backports Lorenzo's series to the 5.4 kernel. [1] https://man7.org/linux/man-pages/man2/fcntl.2.html [2] https://lore.kernel.org/all/913628168ce6cce77df7d13a63970bae06a526e0.169711… Lorenzo Stoakes (3): mm: drop the assumption that VM_SHARED always implies writable mm: update memfd seal write check to include F_SEAL_WRITE mm: perform the mapping_map_writable() check after call_mmap() fs/hugetlbfs/inode.c | 2 +- include/linux/fs.h | 4 ++-- include/linux/mm.h | 26 +++++++++++++++++++------- kernel/fork.c | 2 +- mm/filemap.c | 2 +- mm/madvise.c | 2 +- mm/mmap.c | 26 ++++++++++++++++---------- mm/shmem.c | 2 +- 8 files changed, 42 insertions(+), 24 deletions(-) -- 2.50.1.552.g942d659e1b-goog

2 weeks, 5 days

4
8
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror July 2025