Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0-rc7 2026-02-22T01:09:51+00:00 2026-02-22T01:09:51+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-22T00:37:42+00:00 urn:sha1:bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43 This was done entirely with mindless brute force, using git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' | xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/' to convert the new alloc_obj() users that had a simple GFP_KERNEL argument to just drop that argument. Note that due to the extreme simplicity of the scripting, any slightly more complex cases spread over multiple lines would not be triggered: they definitely exist, but this covers the vast bulk of the cases, and the resulting diff is also then easier to check automatically. For the same reason the 'flex' versions will be done as a separate conversion. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-21T09:02:28+00:00 Kees Cook kees@kernel.org 2026-02-21T07:49:23+00:00 urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org> 2024-10-03T16:19:52+00:00 Uros Bizjak ubizjak@gmail.com 2024-09-30T12:33:17+00:00 urn:sha1:84b241ab4f6139fbe03eb6c460098b25b5fc7c9b Substitute the inclusion of <linux/random.h> header with <linux/prandom.h> to allow the removal of legacy inclusion of <linux/prandom.h> from <linux/random.h>. Signed-off-by: Uros Bizjak <ubizjak@gmail.com> Acked-by: Miquel Raynal <miquel.raynal@bootlin.com> Cc: Richard Weinberger <richard@nod.at> Cc: Vignesh Raghavendra <vigneshr@ti.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2024-07-01T09:56:25+00:00 Arnd Bergmann arnd@arndb.de 2024-05-29T09:50:39+00:00 urn:sha1:a5cf054d325e6f362e82fe6d124a1871a4af8174 This file gets linked into nine different modules, which causes a warning: scripts/Makefile.build:236: drivers/mtd/tests/Makefile: mtd_test.o is added to multiple modules: mtd_nandbiterrs mtd_oobtest mtd_pagetest mtd_readtest mtd_speedtest mtd_stresstest mtd_subpagetest mtd_torturetest Make it a separate module instead. Fixes: a995c792280d ("mtd: tests: rename sources in order to link a helper object") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20240529095049.1915393-1-arnd@kernel.org 2022-11-18T01:15:15+00:00 Jason A. Donenfeld Jason@zx2c4.com 2022-10-10T02:44:02+00:00 urn:sha1:8032bf1233a74627ce69b803608e650f3f35971c This is a simple mechanical transformation done by: @@ expression E; @@ - prandom_u32_max + get_random_u32_below (E) Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Darrick J. Wong <djwong@kernel.org> # for xfs Reviewed-by: SeongJae Park <sj@kernel.org> # for damon Reviewed-by: Jason Gunthorpe <jgg@nvidia.com> # for infiniband Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> # for arm Acked-by: Ulf Hansson <ulf.hansson@linaro.org> # for mmc Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2022-10-11T23:42:58+00:00 Jason A. Donenfeld Jason@zx2c4.com 2022-10-05T15:49:46+00:00 urn:sha1:197173db990cad244221ba73c43b1df6170ae278 The prandom_bytes() function has been a deprecated inline wrapper around get_random_bytes() for several releases now, and compiles down to the exact same code. Replace the deprecated wrapper with a direct call to the real function. This was done as a basic find and replace. Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Yury Norov <yury.norov@gmail.com> Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu> # powerpc Acked-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2022-10-11T23:42:55+00:00 Jason A. Donenfeld Jason@zx2c4.com 2022-10-05T14:43:38+00:00 urn:sha1:81895a65ec63ee1daec3255dc1a06675d2fbe915 Rather than incurring a division or requesting too many random bytes for the given range, use the prandom_u32_max() function, which only takes the minimum required bytes from the RNG and avoids divisions. This was done mechanically with this coccinelle script: @basic@ expression E; type T; identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32"; typedef u64; @@ ( - ((T)get_random_u32() % (E)) + prandom_u32_max(E) | - ((T)get_random_u32() & ((E) - 1)) + prandom_u32_max(E * XXX_MAKE_SURE_E_IS_POW2) | - ((u64)(E) * get_random_u32() >> 32) + prandom_u32_max(E) | - ((T)get_random_u32() & ~PAGE_MASK) + prandom_u32_max(PAGE_SIZE) ) @multi_line@ identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32"; identifier RAND; expression E; @@ - RAND = get_random_u32(); ... when != RAND - RAND %= (E); + RAND = prandom_u32_max(E); // Find a potential literal @literal_mask@ expression LITERAL; type T; identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32"; position p; @@ ((T)get_random_u32()@p & (LITERAL)) // Add one to the literal. @script:python add_one@ literal << literal_mask.LITERAL; RESULT; @@ value = None if literal.startswith('0x'): value = int(literal, 16) elif literal[0] in '123456789': value = int(literal, 10) if value is None: print("I don't know how to handle %s" % (literal)) cocci.include_match(False) elif value == 2**32 - 1 or value == 2**31 - 1 or value == 2**24 - 1 or value == 2**16 - 1 or value == 2**8 - 1: print("Skipping 0x%x for cleanup elsewhere" % (value)) cocci.include_match(False) elif value & (value + 1) != 0: print("Skipping 0x%x because it's not a power of two minus one" % (value)) cocci.include_match(False) elif literal.startswith('0x'): coccinelle.RESULT = cocci.make_expr("0x%x" % (value + 1)) else: coccinelle.RESULT = cocci.make_expr("%d" % (value + 1)) // Replace the literal mask with the calculated result. @plus_one@ expression literal_mask.LITERAL; position literal_mask.p; expression add_one.RESULT; identifier FUNC; @@ - (FUNC()@p & (LITERAL)) + prandom_u32_max(RESULT) @collapse_ret@ type T; identifier VAR; expression E; @@ { - T VAR; - VAR = (E); - return VAR; + return E; } @drop_var@ type T; identifier VAR; @@ { - T VAR; ... when != VAR } Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Yury Norov <yury.norov@gmail.com> Reviewed-by: KP Singh <kpsingh@kernel.org> Reviewed-by: Jan Kara <jack@suse.cz> # for ext4 and sbitmap Reviewed-by: Christoph Böhmwalder <christoph.boehmwalder@linbit.com> # for drbd Acked-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Heiko Carstens <hca@linux.ibm.com> # for s390 Acked-by: Ulf Hansson <ulf.hansson@linaro.org> # for mmc Acked-by: Darrick J. Wong <djwong@kernel.org> # for xfs Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2022-09-21T08:38:07+00:00 Michał Kępień kernel@kempniu.pl 2022-06-29T12:57:35+00:00 urn:sha1:745df17906029cc683b8b5ac8bcb08f82860baff As the 'stats' field in struct mtd_oob_ops is used in conditional expressions, ensure it is always zero-initialized in all such structures to prevent random stack garbage from being interpreted as a pointer. Strictly speaking, this problem currently only needs to be fixed for struct mtd_oob_ops structures subsequently passed to mtd_read_oob(). However, this commit goes a step further and makes all instances of struct mtd_oob_ops in the tree zero-initialized, in hope of preventing future problems, e.g. if struct mtd_req_stats gets extended with write statistics at some point. Signed-off-by: Michał Kępień <kernel@kempniu.pl> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20220629125737.14418-3-kernel@kempniu.pl 2022-03-14T16:01:47+00:00 Amit Kumar Mahapatra amit.kumar-mahapatra@xilinx.com 2022-02-08T10:39:05+00:00 urn:sha1:ceef4cf97bec31403a73bd2facff8651a2ae4369 While calculating speed during mtd_speedtest, the time interval (i.e., start - finish) is rounded off to the nearest milliseconds by ignoring the fractional part. This leads to miscalculation of speed. The miscalculation is more visible while running speed test on small partition sizes(i.e., when partition size is equal to eraseblock size or twice the eraseblock size) at higher spi frequencies. For e.g., while calculating eraseblock read speed for a mtd partition with size equal to the eraseblock size(i.e., 64KiB) the eraseblock read time interval comes out to be 966490 nanosecond. This is then converted to millisecond(i.e., 0.966 msec.). The integer part (i.e., 0 msec) of the value is considered and the fractional part (i.e., 0.966) is ignored,for calculating the eraseblock read speed. So the reported eraseblock read speed is 0 KiB/s, which is incorrect. There are two approaches to fix this issue. First approach will be to keep the time interval in millisecond. and round up the integer value, with this approach the 0.966msec time interval in the above example will be rounded up to 1msec and this value is used for calculating the speed. Downside of this approach is that the reported speed is still not accurate. Second approach will be to convert the time interval to microseconds instead of milliseconds, with this approach the 966490 nanosecond time interval in the above example will be converted t0 966.490usec and this value is used for calculating the speed. As compared to the current implementation and the suggested First approach, this approach will report a more accurate speed. Downside of this approach is that, in future if the mtd size is too large then the u64 variable, that holds the number of bytes, might overflow. In this patch we have gone with the second approach as this reports a more accurate speed. With this approach the eraseblock read speed in the above example comes out to be 132505 KiB/s when the spi clock is configured at 150Mhz. Signed-off-by: Amit Kumar Mahapatra <amit.kumar-mahapatra@xilinx.com> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20220208103905.13354-1-amit.kumar-mahapatra@xilinx.com 2021-05-10T10:48:35+00:00 Yang Li yang.lee@linux.alibaba.com 2021-04-28T10:02:22+00:00 urn:sha1:063deb31ae902b510e57af17a45151baf5057a61 Variable 'err' is set to 0 but this value is never read as it is overwritten with a new value later on, hence it is a redundant assignment and can be removed. Cleans up the following clang-analyzer warning: drivers/mtd/tests/torturetest.c:233:2: warning: Value stored to 'err' is never read [clang-analyzer-deadcode.DeadStores] Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/1619604142-119891-1-git-send-email-yang.lee@linux.alibaba.com