Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

222 participants
124048 discussions

FAILED: patch "[PATCH] ASoC: cs4271: Disable regulators in component_probe() error" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 1e5351ba60f5355809f30c61bbd27e97611d2be9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026010516-flavoring-kilowatt-a67a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e5351ba60f5355809f30c61bbd27e97611d2be9 Mon Sep 17 00:00:00 2001 From: Herve Codina <herve.codina(a)bootlin.com> Date: Wed, 29 Oct 2025 10:39:18 +0100 Subject: [PATCH] ASoC: cs4271: Disable regulators in component_probe() error path The commit 9a397f473657 ("ASoC: cs4271: add regulator consumer support") has introduced regulators in the driver. Regulators are enabled at the beginning of component_probe() but they are not disabled on errors. This can lead to unbalanced enable/disable. Fix the error path to disable regulators on errors. Fixes: 9a397f473657 ("ASoC: cs4271: add regulator consumer support") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> Reviewed-by: Alexander Sverdlin <alexander.sverdlin(a)gmail.com> Link: https://patch.msgid.link/20251029093921.624088-3-herve.codina@bootlin.com Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/codecs/cs4271.c b/sound/soc/codecs/cs4271.c index 0ed73ba3625c..f636900e0c1a 100644 --- a/sound/soc/codecs/cs4271.c +++ b/sound/soc/codecs/cs4271.c @@ -581,17 +581,17 @@ static int cs4271_component_probe(struct snd_soc_component *component) ret = regcache_sync(cs4271->regmap); if (ret < 0) - return ret; + goto err_disable_regulators; ret = regmap_update_bits(cs4271->regmap, CS4271_MODE2, CS4271_MODE2_PDN | CS4271_MODE2_CPEN, CS4271_MODE2_PDN | CS4271_MODE2_CPEN); if (ret < 0) - return ret; + goto err_disable_regulators; ret = regmap_update_bits(cs4271->regmap, CS4271_MODE2, CS4271_MODE2_PDN, 0); if (ret < 0) - return ret; + goto err_disable_regulators; /* Power-up sequence requires 85 uS */ udelay(85); @@ -601,6 +601,10 @@ static int cs4271_component_probe(struct snd_soc_component *component) CS4271_MODE2_MUTECAEQUB); return 0; + +err_disable_regulators: + regulator_bulk_disable(ARRAY_SIZE(cs4271->supplies), cs4271->supplies); + return ret; } static void cs4271_component_remove(struct snd_soc_component *component)

2 days, 9 hours

FAILED: patch "[PATCH] ASoC: cs4271: Disable regulators in component_probe() error" failed to apply to 6.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.18.y git checkout FETCH_HEAD git cherry-pick -x 1e5351ba60f5355809f30c61bbd27e97611d2be9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026010516-affluent-submitter-f7b0@gregkh' --subject-prefix 'PATCH 6.18.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e5351ba60f5355809f30c61bbd27e97611d2be9 Mon Sep 17 00:00:00 2001 From: Herve Codina <herve.codina(a)bootlin.com> Date: Wed, 29 Oct 2025 10:39:18 +0100 Subject: [PATCH] ASoC: cs4271: Disable regulators in component_probe() error path The commit 9a397f473657 ("ASoC: cs4271: add regulator consumer support") has introduced regulators in the driver. Regulators are enabled at the beginning of component_probe() but they are not disabled on errors. This can lead to unbalanced enable/disable. Fix the error path to disable regulators on errors. Fixes: 9a397f473657 ("ASoC: cs4271: add regulator consumer support") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> Reviewed-by: Alexander Sverdlin <alexander.sverdlin(a)gmail.com> Link: https://patch.msgid.link/20251029093921.624088-3-herve.codina@bootlin.com Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/codecs/cs4271.c b/sound/soc/codecs/cs4271.c index 0ed73ba3625c..f636900e0c1a 100644 --- a/sound/soc/codecs/cs4271.c +++ b/sound/soc/codecs/cs4271.c @@ -581,17 +581,17 @@ static int cs4271_component_probe(struct snd_soc_component *component) ret = regcache_sync(cs4271->regmap); if (ret < 0) - return ret; + goto err_disable_regulators; ret = regmap_update_bits(cs4271->regmap, CS4271_MODE2, CS4271_MODE2_PDN | CS4271_MODE2_CPEN, CS4271_MODE2_PDN | CS4271_MODE2_CPEN); if (ret < 0) - return ret; + goto err_disable_regulators; ret = regmap_update_bits(cs4271->regmap, CS4271_MODE2, CS4271_MODE2_PDN, 0); if (ret < 0) - return ret; + goto err_disable_regulators; /* Power-up sequence requires 85 uS */ udelay(85); @@ -601,6 +601,10 @@ static int cs4271_component_probe(struct snd_soc_component *component) CS4271_MODE2_MUTECAEQUB); return 0; + +err_disable_regulators: + regulator_bulk_disable(ARRAY_SIZE(cs4271->supplies), cs4271->supplies); + return ret; } static void cs4271_component_remove(struct snd_soc_component *component)

2 days, 9 hours

FAILED: patch "[PATCH] ASoC: stm32: sai: fix OF node leak on probe" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 23261f0de09427367e99f39f588e31e2856a690e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026010552-cork-bulgur-cbe9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 23261f0de09427367e99f39f588e31e2856a690e Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Mon, 24 Nov 2025 11:49:07 +0100 Subject: [PATCH] ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the set_sync() callback fails during DAI probe. Make sure to drop the reference on platform probe failures (e.g. probe deferral) and on driver unbind. This also avoids a potential use-after-free in case the DAI is ever reprobed without first rebinding the platform driver. Fixes: 5914d285f6b7 ("ASoC: stm32: sai: Add synchronization support") Fixes: d4180b4c02e7 ("ASoC: stm32: sai: fix set_sync service") Cc: Olivier Moysan <olivier.moysan(a)st.com> Cc: stable(a)vger.kernel.org # 4.16: d4180b4c02e7 Signed-off-by: Johan Hovold <johan(a)kernel.org> Reviewed-by: olivier moysan <olivier.moysan(a)foss.st.com> Link: https://patch.msgid.link/20251124104908.15754-4-johan@kernel.org Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/stm/stm32_sai.c b/sound/soc/stm/stm32_sai.c index 7065aeb0e524..00cf24ceca2d 100644 --- a/sound/soc/stm/stm32_sai.c +++ b/sound/soc/stm/stm32_sai.c @@ -138,7 +138,6 @@ static int stm32_sai_set_sync(struct stm32_sai_data *sai_client, if (!pdev) { dev_err(&sai_client->pdev->dev, "Device not found for node %pOFn\n", np_provider); - of_node_put(np_provider); return -ENODEV; } @@ -147,21 +146,16 @@ static int stm32_sai_set_sync(struct stm32_sai_data *sai_client, if (!sai_provider) { dev_err(&sai_client->pdev->dev, "SAI sync provider data not found\n"); - ret = -EINVAL; - goto error; + return -EINVAL; } /* Configure sync client */ ret = stm32_sai_sync_conf_client(sai_client, synci); if (ret < 0) - goto error; + return ret; /* Configure sync provider */ - ret = stm32_sai_sync_conf_provider(sai_provider, synco); - -error: - of_node_put(np_provider); - return ret; + return stm32_sai_sync_conf_provider(sai_provider, synco); } static int stm32_sai_get_parent_clk(struct stm32_sai_data *sai) diff --git a/sound/soc/stm/stm32_sai_sub.c b/sound/soc/stm/stm32_sai_sub.c index 7a005b4ad304..5ae4d2577f28 100644 --- a/sound/soc/stm/stm32_sai_sub.c +++ b/sound/soc/stm/stm32_sai_sub.c @@ -1586,7 +1586,8 @@ static int stm32_sai_sub_parse_of(struct platform_device *pdev, dev_err(&pdev->dev, "External synchro not supported\n"); of_node_put(args.np); - return -EINVAL; + ret = -EINVAL; + goto err_put_sync_provider; } sai->sync = SAI_SYNC_EXTERNAL; @@ -1595,7 +1596,8 @@ static int stm32_sai_sub_parse_of(struct platform_device *pdev, (sai->synci > (SAI_GCR_SYNCIN_MAX + 1))) { dev_err(&pdev->dev, "Wrong SAI index\n"); of_node_put(args.np); - return -EINVAL; + ret = -EINVAL; + goto err_put_sync_provider; } if (of_property_match_string(args.np, "compatible", @@ -1609,7 +1611,8 @@ static int stm32_sai_sub_parse_of(struct platform_device *pdev, if (!sai->synco) { dev_err(&pdev->dev, "Unknown SAI sub-block\n"); of_node_put(args.np); - return -EINVAL; + ret = -EINVAL; + goto err_put_sync_provider; } } @@ -1619,13 +1622,15 @@ static int stm32_sai_sub_parse_of(struct platform_device *pdev, of_node_put(args.np); sai->sai_ck = devm_clk_get(&pdev->dev, "sai_ck"); - if (IS_ERR(sai->sai_ck)) - return dev_err_probe(&pdev->dev, PTR_ERR(sai->sai_ck), - "Missing kernel clock sai_ck\n"); + if (IS_ERR(sai->sai_ck)) { + ret = dev_err_probe(&pdev->dev, PTR_ERR(sai->sai_ck), + "Missing kernel clock sai_ck\n"); + goto err_put_sync_provider; + } ret = clk_prepare(sai->pdata->pclk); if (ret < 0) - return ret; + goto err_put_sync_provider; if (STM_SAI_IS_F4(sai->pdata)) return 0; @@ -1647,6 +1652,8 @@ static int stm32_sai_sub_parse_of(struct platform_device *pdev, err_unprepare_pclk: clk_unprepare(sai->pdata->pclk); +err_put_sync_provider: + of_node_put(sai->np_sync_provider); return ret; } @@ -1720,6 +1727,7 @@ static int stm32_sai_sub_probe(struct platform_device *pdev) err_unprepare_pclk: clk_unprepare(sai->pdata->pclk); + of_node_put(sai->np_sync_provider); return ret; } @@ -1732,6 +1740,7 @@ static void stm32_sai_sub_remove(struct platform_device *pdev) snd_dmaengine_pcm_unregister(&pdev->dev); snd_soc_unregister_component(&pdev->dev); pm_runtime_disable(&pdev->dev); + of_node_put(sai->np_sync_provider); } static int stm32_sai_sub_suspend(struct device *dev)

2 days, 9 hours

[PATCH v2 0/6] platform/raspberrypi: Add Broadcom Videocore shared memory support

by Jai Luthra

Hi, The vc-sm-cma driver allows contiguous memory blocks to be imported into the VideoCore VPU memory map. This series adds support for this driver and changes to VCHIQ MMAL layer required to get it functional. These changes have lived in the staging directory of the downstream Raspberry Pi tree since quite some time, but are necessary for getting the VCHIQ based peripherals like the ISP and codec functional in mainline. Thanks, Jai Signed-off-by: Jai Luthra <jai.luthra(a)ideasonboard.com> --- Changes in v2: - Drop patches that are not related to vc-sm-cma, or used for codec and not ISP, so that is v1 PATCH 1, 2, 4, 5, 6, 7, 8, 12 - Move v1 PATCH 11 to the top, adding a Fixes tag - Don't use global singletons for storing `struct vchiq_device` in VCHIQ, instead converting the existing device drivers (audio) to be stored inside `struct vchiq_drv_mgmt` - Update the vc-sm-cma driver to latest standards, like: - Replace MODULE_ALIAS call with a proper device id_table - Add kernel-doc comments for exported functions - Move exported functions to a header under include/linux for use in MMAL (and later V4L2 ISP and codec drivers) - Use xarray instead of deprecated idr to map an integer ID to imported/allocated buffer pointers - Drop unnecessary pr_debug calls - Replacing pr_xxx use with dev_xxx wherever possible - Clean up stray comments - Link to v1: https://lore.kernel.org/r/20251031-b4-vc-sm-cma-v1-0-0dd5c0ec3f5c@ideasonbo… --- Dave Stevenson (5): platform/raspberrypi: vchiq-mmal: Reset buffers_with_vpu on port_enable platform/raspberrypi: Add VideoCore shared memory support platform/raspberrypi: vchiq-mmal: Use vc-sm-cma to support zero copy platform/raspberrypi: vchiq-mmal: Support sending data to MMAL ports platform/raspberrypi: vchiq: Register vc-sm-cma as a platform driver Jai Luthra (1): platform/raspberrypi: vchiq: Store audio device in driver management struct MAINTAINERS | 7 + drivers/platform/raspberrypi/Kconfig | 2 + drivers/platform/raspberrypi/Makefile | 1 + drivers/platform/raspberrypi/vc-sm-cma/Kconfig | 9 + drivers/platform/raspberrypi/vc-sm-cma/Makefile | 5 + drivers/platform/raspberrypi/vc-sm-cma/vc_sm.c | 1571 ++++++++++++++++++++ drivers/platform/raspberrypi/vc-sm-cma/vc_sm.h | 83 ++ .../raspberrypi/vc-sm-cma/vc_sm_cma_vchi.c | 507 +++++++ .../raspberrypi/vc-sm-cma/vc_sm_cma_vchi.h | 63 + .../platform/raspberrypi/vc-sm-cma/vc_sm_defs.h | 298 ++++ .../raspberrypi/vchiq-interface/vchiq_arm.c | 13 +- drivers/platform/raspberrypi/vchiq-mmal/Kconfig | 3 +- .../platform/raspberrypi/vchiq-mmal/mmal-common.h | 4 + .../platform/raspberrypi/vchiq-mmal/mmal-vchiq.c | 85 +- .../platform/raspberrypi/vchiq-mmal/mmal-vchiq.h | 1 + include/linux/raspberrypi/vc_sm_cma_ioctl.h | 110 ++ include/linux/raspberrypi/vc_sm_knl.h | 75 + include/linux/raspberrypi/vchiq_arm.h | 9 + 18 files changed, 2827 insertions(+), 19 deletions(-) --- base-commit: 3e7f562e20ee87a25e104ef4fce557d39d62fa85 change-id: 20251030-b4-vc-sm-cma-f6727c39cd25 Best regards, -- Jai Luthra <jai.luthra(a)ideasonboard.com>

2 days, 10 hours

[PATCH v2] tcpm: allow looking for role_sw device in the main node

by Arnaud Ferraris

If ports are defined in the tcpc main node, fwnode_usb_role_switch_get() returns an error, meaning usb_role_switch_get() (which would succeed) never gets a chance to run as port->role_sw isn't NULL, causing a regression on devices where this is the case. Fix this by turning the NULL check into IS_ERR_OR_NULL(), so usb_role_switch_get() can actually run and the device get properly probed. Fixes: 2d8713f807a4 ("tcpm: switch check for role_sw device with fw_node") Cc: stable(a)vger.kernel.org Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Dragan Simic <dsimic(a)manjaro.org> Signed-off-by: Arnaud Ferraris <arnaud.ferraris(a)collabora.com> --- Changes in v2: - Apply suggestions improving commit message - Link to v1: https://lore.kernel.org/r/20251127-fix-ppp-power-v1-1-52cdd74c0ee6@collabor… --- drivers/usb/typec/tcpm/tcpm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 4ca2746ce16bc..be49a976428fc 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -7890,7 +7890,7 @@ struct tcpm_port *tcpm_register_port(struct device *dev, struct tcpc_dev *tcpc) port->partner_desc.identity = &port->partner_ident; port->role_sw = fwnode_usb_role_switch_get(tcpc->fwnode); - if (!port->role_sw) + if (IS_ERR_OR_NULL(port->role_sw)) port->role_sw = usb_role_switch_get(port->dev); if (IS_ERR(port->role_sw)) { err = PTR_ERR(port->role_sw); --- base-commit: 3609fa95fb0f2c1b099e69e56634edb8fc03f87c change-id: 20251127-fix-ppp-power-6d47f3a746f8 Best regards, -- Arnaud Ferraris <arnaud.ferraris(a)collabora.com>

2 days, 10 hours

[5.15.y BACKPORT] selftests: net: test_vxlan_under_vrf: fix HV connectivity test

by caojiaqiang 00593155

From: Andrea Righi <andrea.righi(a)canonical.com> It looks like test_vxlan_under_vrf.sh is always failing to verify the connectivity test during the ping between the two simulated VMs. This is due to the fact that veth-hv in each VM should have a distinct MAC address. Fix by setting a unique MAC address on each simulated VM interface. Without this fix: $ sudo ./tools/testing/selftests/net/test_vxlan_under_vrf.sh Checking HV connectivity [ OK ] Check VM connectivity through VXLAN (underlay in the default VRF) [FAIL] With this fix applied: $ sudo ./tools/testing/selftests/net/test_vxlan_under_vrf.sh Checking HV connectivity [ OK ] Check VM connectivity through VXLAN (underlay in the default VRF) [ OK ] Check VM connectivity through VXLAN (underlay in a VRF) [FAIL] NOTE: the connectivity test with the underlay VRF is still failing; it seems that ARP requests are blocked at the simulated hypervisor level, probably due to some missing ARP forwarding rules. This requires more investigation (in the meantime we may consider to set that test as expected failure - XFAIL). Signed-off-by: Andrea Righi <andrea.righi(a)canonical.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Cao Jiaqiang <caojiaqiang(a)huawei.com> --- tools/testing/selftests/net/test_vxlan_under_vrf.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/net/test_vxlan_under_vrf.sh b/tools/testing/selftests/net/test_vxlan_under_vrf.sh index 6fadc8e2f116..1fd1250ebc66 100755 --- a/tools/testing/selftests/net/test_vxlan_under_vrf.sh +++ b/tools/testing/selftests/net/test_vxlan_under_vrf.sh @@ -101,6 +101,8 @@ setup-vm() { ip -netns hv-$id link set veth-tap master br0 ip -netns hv-$id link set veth-tap up + ip link set veth-hv address 02:1d:8d:dd:0c:6$id + ip link set veth-hv netns vm-$id ip -netns vm-$id addr add 10.0.0.$id/24 dev veth-hv ip -netns vm-$id link set veth-hv up -- 2.22.0

2 days, 12 hours

Re:Jordan recommend me get in touch

by Seven

Hi, Glad to know you and your company from Jordan. I‘m Seven CTO of STHL We are a one-stop service provider for PCBA. We can help you with production from PCB to finished product assembly. Why Partner With Us? ✅ One-Stop Expertise: From PCB fabrication, PCBA (SMT & Through-Hole), custom cable harnesses, , to final product assembly – we eliminate multi-vendor coordination risks. ✅ Cost Efficiency: 40%+ clients reduce logistics/QC costs through our integrated service model (ISO 9001:2015 certified). ✅ Speed-to-Market: Average 15% faster lead times achieved via in-house vertical integration. Recent Success Case: Helped a German IoT startup scale from prototype to 50K-unit/month production within 6 months through our: PCB Design-for-Manufacturing (DFM) optimization Automated PCBA with 99.98% first-pass yield Mechanical housing CNC machining & IP67-rated assembly Seven Marcus CTO Shenzhen STHL Technology Co,Ltd +8618569002840 Seven(a)pcba-china.com 在2025-06-04，Seven <seven(a)ems-sthi.com> 写道:-----原始邮件----- 发件人： Seven <seven(a)ems-sthi.com> 发件时间: 2025年06月04日周三收件人： [Linux-stable-mirror <linux-stable-mirror(a)lists.linaro.org>] 主题： Re:Jordan recommend me get in touch Hi, Glad to know you and your company from Jordan. I‘m Seven CTO of STHL We are a one-stop service provider for PCBA. We can help you with production from PCB to finished product assembly. Why Partner With Us? ✅ One-Stop Expertise: From PCB fabrication, PCBA (SMT & Through-Hole), custom cable harnesses, , to final product assembly – we eliminate multi-vendor coordination risks. ✅ Cost Efficiency: 40%+ clients reduce logistics/QC costs through our integrated service model (ISO 9001:2015 certified). ✅ Speed-to-Market: Average 15% faster lead times achieved via in-house vertical integration. Recent Success Case: Helped a German IoT startup scale from prototype to 50K-unit/month production within 6 months through our: PCB Design-for-Manufacturing (DFM) optimization Automated PCBA with 99.98% first-pass yield Mechanical housing CNC machining & IP67-rated assembly Seven Marcus CTO Shenzhen STHL Technology Co,Ltd +8618569002840 Seven(a)pcba-china.com

2 days, 13 hours

[PATCH] docs: rust: rbtree: fix incorrect description for `peek_next`

by WeiKang Guo

The documentation for `Cursor::peek_next` incorrectly describes it as "Access the previous node without moving the cursor" when it actually accesses the next node. Update the description to correctly state "Access the next node without moving the cursor" to match the function name and implementation. Reported-by: Miguel Ojeda <ojeda(a)kernel.org> Closes: https://github.com/Rust-for-Linux/linux/issues/1205 Fixes: 98c14e40e07a0 ("rust: rbtree: add cursor") Cc: stable(a)vger.kernel.org Signed-off-by: WeiKang Guo <guoweikang.kernel(a)outlook.com> --- rust/kernel/rbtree.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/kernel/rbtree.rs b/rust/kernel/rbtree.rs index 4729eb56827a..cd187e2ca328 100644 --- a/rust/kernel/rbtree.rs +++ b/rust/kernel/rbtree.rs @@ -985,7 +985,7 @@ pub fn peek_prev(&self) -> Option<(&K, &V)> { self.peek(Direction::Prev) } - /// Access the previous node without moving the cursor. + /// Access the next node without moving the cursor. pub fn peek_next(&self) -> Option<(&K, &V)> { self.peek(Direction::Next) } -- 2.52.0

2 days, 20 hours

+ mm-kmsan-fix-poisoning-of-high-order-non-compound-pages.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm: kmsan: fix poisoning of high-order non-compound pages has been added to the -mm mm-new branch. Its filename is mm-kmsan-fix-poisoning-of-high-order-non-compound-pages.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. The mm-new branch of mm.git is not included in linux-next Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via various branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there most days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: kmsan: fix poisoning of high-order non-compound pages Date: Sun, 4 Jan 2026 13:43:47 +0000 kmsan_free_page() is called by the page allocator's free_pages_prepare() during page freeing. Its job is to poison all the memory covered by the page. It can be called with an order-0 page, a compound high-order page or a non-compound high-order page. But page_size() only works for order-0 and compound pages. For a non-compound high-order page it will incorrectly return PAGE_SIZE. The implication is that the tail pages of a high-order non-compound page do not get poisoned at free, so any invalid access while they are free could go unnoticed. It looks like the pages will be poisoned again at allocation time, so that would bookend the window. Fix this by using the order parameter to calculate the size. Link: https://lkml.kernel.org/r/20260104134348.3544298-1-ryan.roberts@arm.com Fixes: b073d7f8aee4 ("mm: kmsan: maintain KMSAN metadata for page operations") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Marco Elver <elver(a)google.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kmsan/shadow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/kmsan/shadow.c~mm-kmsan-fix-poisoning-of-high-order-non-compound-pages +++ a/mm/kmsan/shadow.c @@ -207,7 +207,7 @@ void kmsan_free_page(struct page *page, if (!kmsan_enabled || kmsan_in_runtime()) return; kmsan_enter_runtime(); - kmsan_internal_poison_memory(page_address(page), page_size(page), + kmsan_internal_poison_memory(page_address(page), PAGE_SIZE << order, GFP_KERNEL & ~(__GFP_RECLAIM), KMSAN_POISON_CHECK | KMSAN_POISON_FREE); kmsan_leave_runtime(); _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-kmsan-fix-poisoning-of-high-order-non-compound-pages.patch

3 days, 1 hour

[PATCH v1] mm: kmsan: Fix poisoning of high-order non-compound pages

by Ryan Roberts

kmsan_free_page() is called by the page allocator's free_pages_prepare() during page freeing. It's job is to poison all the memory covered by the page. It can be called with an order-0 page, a compound high-order page or a non-compound high-order page. But page_size() only works for order-0 and compound pages. For a non-compound high-order page it will incorrectly return PAGE_SIZE. The implication is that the tail pages of a high-order non-compound page do not get poisoned at free, so any invalid access while they are free could go unnoticed. It looks like the pages will be poisoned again at allocaiton time, so that would bookend the window. Fix this by using the order parameter to calculate the size. Fixes: b073d7f8aee4 ("mm: kmsan: maintain KMSAN metadata for page operations") Cc: stable(a)vger.kernel.org Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- Hi, I noticed this during code review, so perhaps I've just misunderstood the intent of the code. I don't have the means to compile and run on x86 with KMSAN enabled though, so punting this out hoping someone might be able to validate/test. I guess there is a small chance this could lead to KMSAN finding some new issues? Applies against today's mm-unstable (344d3580dacd). Thanks, Ryan mm/kmsan/shadow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/kmsan/shadow.c b/mm/kmsan/shadow.c index e7f554a31bb4..9e1c5f2b7a41 100644 --- a/mm/kmsan/shadow.c +++ b/mm/kmsan/shadow.c @@ -207,7 +207,7 @@ void kmsan_free_page(struct page *page, unsigned int order) if (!kmsan_enabled || kmsan_in_runtime()) return; kmsan_enter_runtime(); - kmsan_internal_poison_memory(page_address(page), page_size(page), + kmsan_internal_poison_memory(page_address(page), PAGE_SIZE << order, GFP_KERNEL & ~(__GFP_RECLAIM), KMSAN_POISON_CHECK | KMSAN_POISON_FREE); kmsan_leave_runtime(); -- 2.43.0

3 days, 1 hour

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror