- Kernel - mailweb.openeuler.org

[PATCH OLK-6.6] spi: spi-imx: Add check for spi_imx_setupxfer()
by Zhao Yipeng 21 Aug '25

21 Aug '25

From: Tamura Dai <kirinode0(a)gmail.com> stable inclusion from stable-v6.6.89 commit 2b4479eb462ecb39001b38dfb331fc6028dedac8 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IC8J7I Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- [ Upstream commit 951a04ab3a2db4029debfa48d380ef834b93207e ] Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx function pointer can be NULL when spi_imx_setupxfer() return error, and make NULL pointer dereference. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: 0x0 spi_imx_pio_transfer+0x50/0xd8 spi_imx_transfer_one+0x18c/0x858 spi_transfer_one_message+0x43c/0x790 __spi_pump_transfer_message+0x238/0x5d4 __spi_sync+0x2b0/0x454 spi_write_then_read+0x11c/0x200 Signed-off-by: Tamura Dai <kirinode0(a)gmail.com> Reviewed-by: Carlos Song <carlos.song(a)nxp.com> Link: https://patch.msgid.link/20250417011700.14436-1-kirinode0@gmail.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Zhao Yipeng <zhaoyipeng5(a)huawei.com> --- drivers/spi/spi-imx.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c index daa32bde6155..da4442954375 100644 --- a/drivers/spi/spi-imx.c +++ b/drivers/spi/spi-imx.c @@ -1614,10 +1614,13 @@ static int spi_imx_transfer_one(struct spi_controller *controller, struct spi_device *spi, struct spi_transfer *transfer) { + int ret; struct spi_imx_data *spi_imx = spi_controller_get_devdata(spi->controller); unsigned long hz_per_byte, byte_limit; - spi_imx_setupxfer(spi, transfer); + ret = spi_imx_setupxfer(spi, transfer); + if (ret < 0) + return ret; transfer->effective_speed_hz = spi_imx->spi_bus_clk; /* flush rxfifo before transfer */ -- 2.34.1

2 1

[PATCH OLK-6.6 0/13] cpufreq: Exit governor when failed to start old governor
by Lifeng Zheng 21 Aug '25

21 Aug '25

From: linhongye <linhongye(a)h-partners.com> driver inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/ICTP7R ---------------------------------------------------------------------- Lifeng Zheng (12): cpufreq: cppc: Fix invalid return value in hisi_cppc_cpufreq_get_rate() cpufreq: CPPC: Remove forward declaration of hisi_cppc_cpufreq_get_rate() cpufreq: CPPC: Remove cpu_data_list cpufreq: CPPC: Do not return a value from populate_efficiency_class() cpufreq: CPPC: Remove forward declaration of cppc_cpufreq_register_em() cpufreq: Contain scaling_cur_freq.attr in cpufreq_attrs cpufreq: Remove duplicate check in __cpufreq_offline() cpufreq: Hold cpufreq_driver_lock when assigning cpufreq_driver->set_boost cpufreq: Initialize cpufreq-based frequency-invariance later cpufreq: Init policy->rwsem before it may be possibly used cpufreq: Move the check of cpufreq_driver->get into cpufreq_verify_current_freq() cpufreq: Exit governor when failed to start old governor Marc Zyngier (1): cpufreq: cppc: Fix invalid return value in .get() callback drivers/cpufreq/cppc_cpufreq.c | 66 ++++++++++------------------------ drivers/cpufreq/cpufreq.c | 56 +++++++++++++++-------------- include/acpi/cppc_acpi.h | 1 - 3 files changed, 48 insertions(+), 75 deletions(-) -- 2.33.0

2 14

[PATCH] mm/util: make memdup_user_nul() similar to memdup_user()
by Zhang Yuwei 21 Aug '25

21 Aug '25

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> mainline inclusion from mainline-v6.13-rc6 commit dd2a5b5514ab0e690f018595e34dd1fcb981d345 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ICU1K5 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Since the string data to copy from userspace is likely less than PAGE_SIZE bytes, replace GFP_KERNEL with GFP_USER like commit 6c2c97a24f09 ("memdup_user(): switch to GFP_USER") does and add __GFP_NOWARN like commit 6c8fcc096be9 ("mm: don't let userspace spam allocations warnings") does. Also, use dedicated slab buckets like commit d73778e4b867 ("mm/util: Use dedicated slab buckets for memdup_user()") does. Fixes: e9d408e107db ("new helper: memdup_user_nul()") Link: https://lkml.kernel.org/r/014cd694-cc27-4a07-a34a-2ae95d744515@I-love.SAKUR… Reported-by: syzbot+7e12e97b36154c54414b(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=7e12e97b36154c54414b Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Conflicts: mm/util.c [Comflicts with mainline commit b32801d1255be ("mm/slab: Introduce kmem_buckets_create() and family").] Signed-off-by: Zhang Yuwei <zhangyuwei20(a)huawei.com> --- mm/util.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/mm/util.c b/mm/util.c index f3d6751b2f2a..7a5eed15c98f 100644 --- a/mm/util.c +++ b/mm/util.c @@ -278,12 +278,7 @@ void *memdup_user_nul(const void __user *src, size_t len) { char *p; - /* - * Always use GFP_KERNEL, since copy_from_user() can sleep and - * cause pagefault, which makes it pointless to use GFP_NOFS - * or GFP_ATOMIC. - */ - p = kmalloc_track_caller(len + 1, GFP_KERNEL); + p = kmalloc_track_caller(len + 1, GFP_USER | __GFP_NOWARN); if (!p) return ERR_PTR(-ENOMEM); -- 2.22.0

1 0

[PATCH OLK-5.10 0/2] two bugfix for arm64 support HVO
by Nanyong Sun 21 Aug '25

21 Aug '25

two bugfix for arm64 support HVO Nanyong Sun (2): mm: HVO: fix hard lockup in split_vmemmap_huge_pmd under x86 arm64: mm: HVO: fix deadlock in split vmemmap pmd arch/arm64/include/asm/pgtable.h | 2 ++ mm/sparse-vmemmap.c | 18 ++++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) -- 2.34.1

2 3

[PATCH OLK-5.10 0/2] two bugfix for arm64 support HVO
by Nanyong Sun 21 Aug '25

21 Aug '25

two bugfix for arm64 support HVO Nanyong Sun (2): mm: HVO: fix hard lockup in split_vmemmap_huge_pmd under x86 arm64: mm: HVO: fix deadlock in split vmemmap pmd arch/arm64/include/asm/pgtable.h | 2 ++ mm/sparse-vmemmap.c | 18 ++++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) -- 2.34.1

2 3

[PATCH OLK-6.6 0/2] two bugfix for arm64 support HVO
by Nanyong Sun 21 Aug '25

21 Aug '25

two bugfix for arm64 support HVO Nanyong Sun (2): mm: HVO: fix hard lockup in split_vmemmap_huge_pmd under x86 arm64: mm: HVO: fix deadlock in split vmemmap pmd arch/arm64/include/asm/pgtable.h | 2 ++ mm/hugetlb_vmemmap.c | 18 ++++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) -- 2.34.1

2 3

[PATCH OLK-6.6wq] mm/util: make memdup_user_nul() similar to memdup_user()
by Zhang Yuwei 21 Aug '25

21 Aug '25

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> mainline inclusion from mainline-v6.13-rc6 commit dd2a5b5514ab0e690f018595e34dd1fcb981d345 category: bugfix bugzilla: http://hulk.rnd.huawei.com/issue/info/26193 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Since the string data to copy from userspace is likely less than PAGE_SIZE bytes, replace GFP_KERNEL with GFP_USER like commit 6c2c97a24f09 ("memdup_user(): switch to GFP_USER") does and add __GFP_NOWARN like commit 6c8fcc096be9 ("mm: don't let userspace spam allocations warnings") does. Also, use dedicated slab buckets like commit d73778e4b867 ("mm/util: Use dedicated slab buckets for memdup_user()") does. Fixes: e9d408e107db ("new helper: memdup_user_nul()") Link: https://lkml.kernel.org/r/014cd694-cc27-4a07-a34a-2ae95d744515@I-love.SAKUR… Reported-by: syzbot+7e12e97b36154c54414b(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=7e12e97b36154c54414b Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Conflicts: mm/util.c [Comflicts with mainline commit b32801d1255be ("mm/slab: Introduce kmem_buckets_create() and family").] Signed-off-by: Zhang Yuwei <zhangyuwei20(a)huawei.com> --- mm/util.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/mm/util.c b/mm/util.c index f3d6751b2f2a..7a5eed15c98f 100644 --- a/mm/util.c +++ b/mm/util.c @@ -278,12 +278,7 @@ void *memdup_user_nul(const void __user *src, size_t len) { char *p; - /* - * Always use GFP_KERNEL, since copy_from_user() can sleep and - * cause pagefault, which makes it pointless to use GFP_NOFS - * or GFP_ATOMIC. - */ - p = kmalloc_track_caller(len + 1, GFP_KERNEL); + p = kmalloc_track_caller(len + 1, GFP_USER | __GFP_NOWARN); if (!p) return ERR_PTR(-ENOMEM); -- 2.22.0

1 0

[openeuler:OLK-6.6 2697/2697] kernel/dma/phytium/pswiotlb-mapping.c:400:30: warning: no previous prototype for function 'pswiotlb_clone_orig_dma_ops'
by kernel test robot 21 Aug '25

21 Aug '25

tree: https://gitee.com/openeuler/kernel.git OLK-6.6 head: 86390838db4d0ee205e00d4069a8fdb3e6f0d1d1 commit: b0023ec2484f4561c552979b944b208422ba75ea [2697/2697] dma: pswiotlb: Move pswiotlb dma functions behind dma_map_ops config: arm64-allmodconfig (https://download.01.org/0day-ci/archive/20250821/202508211208.pMTZ4FXY-lkp@…) compiler: clang version 19.1.7 (https://github.com/llvm/llvm-project cd708029e0b2869e80abe31ddb175f7c35361f90) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250821/202508211208.pMTZ4FXY-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202508211208.pMTZ4FXY-lkp@intel.com/ All warnings (new ones prefixed by >>): >> kernel/dma/phytium/pswiotlb-mapping.c:400:30: warning: no previous prototype for function 'pswiotlb_clone_orig_dma_ops' [-Wmissing-prototypes] 400 | struct pswiotlb_dma_map_ops *pswiotlb_clone_orig_dma_ops(struct device *dev, | ^ kernel/dma/phytium/pswiotlb-mapping.c:400:1: note: declare 'static' if the function is not intended to be used outside of this translation unit 400 | struct pswiotlb_dma_map_ops *pswiotlb_clone_orig_dma_ops(struct device *dev, | ^ | static 1 warning generated. Kconfig warnings: (for reference only) WARNING: unmet direct dependencies detected for DEBUG_FEATURE_BYPASS Depends on [n]: (FAST_SYSCALL [=y] || FAST_IRQ [=y]) && !LOCKDEP [=y] Selected by [y]: - FAST_SYSCALL [=y] - FAST_IRQ [=y] && ARM_GIC_V3 [=y] WARNING: unmet direct dependencies detected for SECURITY_FEATURE_BYPASS Depends on [n]: !ARM64_MTE [=y] && !KASAN_HW_TAGS [=n] && (FAST_SYSCALL [=y] || FAST_IRQ [=y]) Selected by [y]: - FAST_SYSCALL [=y] - FAST_IRQ [=y] && ARM_GIC_V3 [=y] vim +/pswiotlb_clone_orig_dma_ops +400 kernel/dma/phytium/pswiotlb-mapping.c 373 374 static const struct dma_map_ops pswiotlb_noiommu_dma_ops = { 375 .flags = DMA_F_PCI_P2PDMA_SUPPORTED, 376 .alloc = pswiotlb_dma_alloc_distribute, 377 .free = pswiotlb_dma_free_distribute, 378 .alloc_pages = pswiotlb_dma_common_alloc_pages_distribute, 379 .free_pages = pswiotlb_dma_common_free_pages_distribute, 380 .alloc_noncontiguous = pswiotlb_dma_alloc_noncontiguous_distribute, 381 .free_noncontiguous = pswiotlb_dma_free_noncontiguous_distribute, 382 .mmap = pswiotlb_dma_mmap_distribute, 383 .get_sgtable = pswiotlb_dma_get_sgtable_distribute, 384 .map_page = pswiotlb_dma_map_page_attrs_distribute, 385 .unmap_page = pswiotlb_dma_unmap_page_attrs_distribute, 386 .map_sg = pswiotlb_dma_map_sg_attrs_distribute, 387 .unmap_sg = pswiotlb_dma_unmap_sg_attrs_distribute, 388 .sync_single_for_cpu = pswiotlb_dma_sync_single_for_cpu_distribute, 389 .sync_single_for_device = pswiotlb_dma_sync_single_for_device_distribute, 390 .sync_sg_for_cpu = pswiotlb_dma_sync_sg_for_cpu_distribute, 391 .sync_sg_for_device = pswiotlb_dma_sync_sg_for_device_distribute, 392 .map_resource = pswiotlb_dma_map_resource_distribute, 393 .unmap_resource = NULL, 394 .get_merge_boundary = pswiotlb_dma_get_merge_boundary_distribute, 395 .get_required_mask = pswiotlb_dma_get_required_mask_distribute, 396 .dma_supported = pswiotlb_dma_supported_distribute, 397 .max_mapping_size = pswiotlb_dma_max_mapping_size_distribute, 398 .opt_mapping_size = pswiotlb_dma_opt_mapping_size_distribute, 399 }; > 400 struct pswiotlb_dma_map_ops *pswiotlb_clone_orig_dma_ops(struct device *dev, 401 const struct dma_map_ops *ops) 402 { 403 struct pswiotlb_dma_map_ops *new_dma_ops = kmalloc(sizeof(struct pswiotlb_dma_map_ops), 404 GFP_KERNEL); 405 if (!new_dma_ops) 406 return NULL; 407 408 memcpy(new_dma_ops, ops, sizeof(struct pswiotlb_dma_map_ops)); 409 410 return new_dma_ops; 411 } 412 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[PATCH OLK-5.10 0/2] two bugfix for arm64 support HVO
by Nanyong Sun 21 Aug '25

21 Aug '25

two bugfix for arm64 support HVO Nanyong Sun (2): mm: HVO: fix hard lockup in split_vmemmap_huge_pmd under x86 arm64: mm: HVO: fix deadlock in split vmemmap pmd arch/arm64/include/asm/pgtable.h | 2 ++ mm/sparse-vmemmap.c | 18 ++++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) -- 2.34.1

2 3

[PATCH OLK-6.6 0/2] two bugfix for arm64 support HVO
by Nanyong Sun 21 Aug '25

21 Aug '25

two bugfix for arm64 support HVO Nanyong Sun (2): mm: HVO: fix hard lockup in split_vmemmap_huge_pmd under x86 arm64: mm: HVO: fix deadlock in split vmemmap pmd arch/arm64/include/asm/pgtable.h | 2 ++ mm/hugetlb_vmemmap.c | 18 ++++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) -- 2.34.1

2 3