From 938b95f658b7d88ac59db4397c1021956a22e5f2 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 3 Dec 2024 11:08:41 +0100 Subject: [PATCH] 4.19-stable patches added patches: jffs2-prevent-rtime-decompress-memory-corruption.patch serial-8250-omap-move-pm_runtime_get_sync.patch sh-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch ubi-wl-put-source-peb-into-correct-list-if-trying-locking-leb-failed.patch um-net-do-not-use-drvdata-in-release.patch um-ubd-do-not-use-drvdata-in-release.patch um-vector-do-not-use-drvdata-in-release.patch --- ...t-rtime-decompress-memory-corruption.patch | 34 ++++++++ ...l-8250-omap-move-pm_runtime_get_sync.patch | 48 ++++++++++++ queue-4.19/series | 7 ++ ...-warning-for-config_cpumask_offstack.patch | 64 +++++++++++++++ ...ct-list-if-trying-locking-leb-failed.patch | 61 +++++++++++++++ ...um-net-do-not-use-drvdata-in-release.patch | 74 ++++++++++++++++++ ...um-ubd-do-not-use-drvdata-in-release.patch | 78 +++++++++++++++++++ ...vector-do-not-use-drvdata-in-release.patch | 75 ++++++++++++++++++ 8 files changed, 441 insertions(+) create mode 100644 queue-4.19/jffs2-prevent-rtime-decompress-memory-corruption.patch create mode 100644 queue-4.19/serial-8250-omap-move-pm_runtime_get_sync.patch create mode 100644 queue-4.19/sh-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch create mode 100644 queue-4.19/ubi-wl-put-source-peb-into-correct-list-if-trying-locking-leb-failed.patch create mode 100644 queue-4.19/um-net-do-not-use-drvdata-in-release.patch create mode 100644 queue-4.19/um-ubd-do-not-use-drvdata-in-release.patch create mode 100644 queue-4.19/um-vector-do-not-use-drvdata-in-release.patch diff --git a/queue-4.19/jffs2-prevent-rtime-decompress-memory-corruption.patch b/queue-4.19/jffs2-prevent-rtime-decompress-memory-corruption.patch new file mode 100644 index 00000000000..078df2a6d66 --- /dev/null +++ b/queue-4.19/jffs2-prevent-rtime-decompress-memory-corruption.patch @@ -0,0 +1,34 @@ +From fe051552f5078fa02d593847529a3884305a6ffe Mon Sep 17 00:00:00 2001 +From: Kinsey Moore +Date: Tue, 23 Jul 2024 15:58:05 -0500 +Subject: jffs2: Prevent rtime decompress memory corruption + +From: Kinsey Moore + +commit fe051552f5078fa02d593847529a3884305a6ffe upstream. + +The rtime decompression routine does not fully check bounds during the +entirety of the decompression pass and can corrupt memory outside the +decompression buffer if the compressed data is corrupted. This adds the +required check to prevent this failure mode. + +Cc: stable@vger.kernel.org +Signed-off-by: Kinsey Moore +Signed-off-by: Richard Weinberger +Signed-off-by: Greg Kroah-Hartman +--- + fs/jffs2/compr_rtime.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/jffs2/compr_rtime.c ++++ b/fs/jffs2/compr_rtime.c +@@ -95,6 +95,9 @@ static int jffs2_rtime_decompress(unsign + + positions[value]=outpos; + if (repeat) { ++ if ((outpos + repeat) >= destlen) { ++ return 1; ++ } + if (backoffs + repeat >= outpos) { + while(repeat) { + cpage_out[outpos++] = cpage_out[backoffs++]; diff --git a/queue-4.19/serial-8250-omap-move-pm_runtime_get_sync.patch b/queue-4.19/serial-8250-omap-move-pm_runtime_get_sync.patch new file mode 100644 index 00000000000..24947c4a390 --- /dev/null +++ b/queue-4.19/serial-8250-omap-move-pm_runtime_get_sync.patch @@ -0,0 +1,48 @@ +From bcc7ba668818dcadd2f1db66b39ed860a63ecf97 Mon Sep 17 00:00:00 2001 +From: Bin Liu +Date: Thu, 31 Oct 2024 12:23:15 -0500 +Subject: serial: 8250: omap: Move pm_runtime_get_sync + +From: Bin Liu + +commit bcc7ba668818dcadd2f1db66b39ed860a63ecf97 upstream. + +Currently in omap_8250_shutdown, the dma->rx_running flag is +set to zero in omap_8250_rx_dma_flush. Next pm_runtime_get_sync +is called, which is a runtime resume call stack which can +re-set the flag. When the call omap_8250_shutdown returns, the +flag is expected to be UN-SET, but this is not the case. This +is causing issues the next time UART is re-opened and +omap_8250_rx_dma is called. Fix by moving pm_runtime_get_sync +before the omap_8250_rx_dma_flush. + +cc: stable@vger.kernel.org +Fixes: 0e31c8d173ab ("tty: serial: 8250_omap: add custom DMA-RX callback") +Signed-off-by: Bin Liu +[Judith: Add commit message] +Signed-off-by: Judith Mendez +Reviewed-by: Kevin Hilman +Tested-by: Kevin Hilman +Link: https://lore.kernel.org/r/20241031172315.453750-1-jm@ti.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/8250/8250_omap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/tty/serial/8250/8250_omap.c ++++ b/drivers/tty/serial/8250/8250_omap.c +@@ -643,12 +643,12 @@ static void omap_8250_shutdown(struct ua + struct uart_8250_port *up = up_to_u8250p(port); + struct omap8250_priv *priv = port->private_data; + ++ pm_runtime_get_sync(port->dev); ++ + flush_work(&priv->qos_work); + if (up->dma) + omap_8250_rx_dma_flush(up); + +- pm_runtime_get_sync(port->dev); +- + serial_out(up, UART_OMAP_WER, 0); + + up->ier = 0; diff --git a/queue-4.19/series b/queue-4.19/series index 23440711bc5..ebef1315b31 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -110,3 +110,10 @@ serial-sh-sci-clean-sci_ports-after-at-earlycon-exit.patch revert-serial-sh-sci-clean-sci_ports-after-at-earlycon-exit.patch netfilter-ipset-add-missing-range-check-in-bitmap_ip_uadt.patch spi-fix-acpi-deferred-irq-probe.patch +ubi-wl-put-source-peb-into-correct-list-if-trying-locking-leb-failed.patch +um-ubd-do-not-use-drvdata-in-release.patch +um-net-do-not-use-drvdata-in-release.patch +serial-8250-omap-move-pm_runtime_get_sync.patch +jffs2-prevent-rtime-decompress-memory-corruption.patch +um-vector-do-not-use-drvdata-in-release.patch +sh-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch diff --git a/queue-4.19/sh-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch b/queue-4.19/sh-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch new file mode 100644 index 00000000000..1c678bb3352 --- /dev/null +++ b/queue-4.19/sh-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch @@ -0,0 +1,64 @@ +From 3c891f7c6a4e90bb1199497552f24b26e46383bc Mon Sep 17 00:00:00 2001 +From: Huacai Chen +Date: Thu, 14 Jul 2022 16:41:36 +0800 +Subject: sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK + +From: Huacai Chen + +commit 3c891f7c6a4e90bb1199497552f24b26e46383bc upstream. + +When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected, +cpu_max_bits_warn() generates a runtime warning similar as below when +showing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) +instead of NR_CPUS to iterate CPUs. + +[ 3.052463] ------------[ cut here ]------------ +[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 +[ 3.070072] Modules linked in: efivarfs autofs4 +[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052 +[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 +[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 +[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff +[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 +[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa +[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000 +[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 +[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000 +[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 +[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c +[ 3.195868] ... +[ 3.199917] Call Trace: +[ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c +[ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88 +[ 3.217625] [<900000000023d268>] __warn+0xd0/0x100 +[ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc +[ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0 +[ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4 +[ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4 +[ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0 +[ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100 +[ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94 +[ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160 +[ 3.281824] ---[ end trace 8b484262b4b8c24c ]--- + +Cc: stable@vger.kernel.org +Signed-off-by: Huacai Chen +Reviewed-by: John Paul Adrian Glaubitz +Tested-by: John Paul Adrian Glaubitz +Signed-off-by: John Paul Adrian Glaubitz +Signed-off-by: Greg Kroah-Hartman +--- + arch/sh/kernel/cpu/proc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/sh/kernel/cpu/proc.c ++++ b/arch/sh/kernel/cpu/proc.c +@@ -133,7 +133,7 @@ static int show_cpuinfo(struct seq_file + + static void *c_start(struct seq_file *m, loff_t *pos) + { +- return *pos < NR_CPUS ? cpu_data + *pos : NULL; ++ return *pos < nr_cpu_ids ? cpu_data + *pos : NULL; + } + static void *c_next(struct seq_file *m, void *v, loff_t *pos) + { diff --git a/queue-4.19/ubi-wl-put-source-peb-into-correct-list-if-trying-locking-leb-failed.patch b/queue-4.19/ubi-wl-put-source-peb-into-correct-list-if-trying-locking-leb-failed.patch new file mode 100644 index 00000000000..aa3d728e133 --- /dev/null +++ b/queue-4.19/ubi-wl-put-source-peb-into-correct-list-if-trying-locking-leb-failed.patch @@ -0,0 +1,61 @@ +From d610020f030bec819f42de327c2bd5437d2766b3 Mon Sep 17 00:00:00 2001 +From: Zhihao Cheng +Date: Mon, 19 Aug 2024 11:26:21 +0800 +Subject: ubi: wl: Put source PEB into correct list if trying locking LEB failed + +From: Zhihao Cheng + +commit d610020f030bec819f42de327c2bd5437d2766b3 upstream. + +During wear-leveing work, the source PEB will be moved into scrub list +when source LEB cannot be locked in ubi_eba_copy_leb(), which is wrong +for non-scrub type source PEB. The problem could bring extra and +ineffective wear-leveing jobs, which makes more or less negative effects +for the life time of flash. Specifically, the process is divided 2 steps: +1. wear_leveling_worker // generate false scrub type PEB + ubi_eba_copy_leb // MOVE_RETRY is returned + leb_write_trylock // trylock failed + scrubbing = 1; + e1 is put into ubi->scrub +2. wear_leveling_worker // schedule false scrub type PEB for wl + scrubbing = 1 + e1 = rb_entry(rb_first(&ubi->scrub)) + +The problem can be reproduced easily by running fsstress on a small +UBIFS partition(<64M, simulated by nandsim) for 5~10mins +(CONFIG_MTD_UBI_FASTMAP=y,CONFIG_MTD_UBI_WL_THRESHOLD=50). Following +message is shown: + ubi0: scrubbed PEB 66 (LEB 0:10), data moved to PEB 165 + +Since scrub type source PEB has set variable scrubbing as '1', and +variable scrubbing is checked before variable keep, so the problem can +be fixed by setting keep variable as 1 directly if the source LEB cannot +be locked. + +Fixes: e801e128b220 ("UBI: fix missing scrub when there is a bit-flip") +CC: stable@vger.kernel.org +Signed-off-by: Zhihao Cheng +Signed-off-by: Richard Weinberger +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mtd/ubi/wl.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/drivers/mtd/ubi/wl.c ++++ b/drivers/mtd/ubi/wl.c +@@ -810,7 +810,14 @@ static int wear_leveling_worker(struct u + goto out_not_moved; + } + if (err == MOVE_RETRY) { +- scrubbing = 1; ++ /* ++ * For source PEB: ++ * 1. The scrubbing is set for scrub type PEB, it will ++ * be put back into ubi->scrub list. ++ * 2. Non-scrub type PEB will be put back into ubi->used ++ * list. ++ */ ++ keep = 1; + dst_leb_clean = 1; + goto out_not_moved; + } diff --git a/queue-4.19/um-net-do-not-use-drvdata-in-release.patch b/queue-4.19/um-net-do-not-use-drvdata-in-release.patch new file mode 100644 index 00000000000..849ac9e0c2b --- /dev/null +++ b/queue-4.19/um-net-do-not-use-drvdata-in-release.patch @@ -0,0 +1,74 @@ +From d1db692a9be3b4bd3473b64fcae996afaffe8438 Mon Sep 17 00:00:00 2001 +From: Tiwei Bie +Date: Tue, 5 Nov 2024 00:32:02 +0800 +Subject: um: net: Do not use drvdata in release + +From: Tiwei Bie + +commit d1db692a9be3b4bd3473b64fcae996afaffe8438 upstream. + +The drvdata is not available in release. Let's just use container_of() +to get the uml_net instance. Otherwise, removing a network device will +result in a crash: + +RIP: 0033:net_device_release+0x10/0x6f +RSP: 00000000e20c7c40 EFLAGS: 00010206 +RAX: 000000006002e4e7 RBX: 00000000600f1baf RCX: 00000000624074e0 +RDX: 0000000062778000 RSI: 0000000060551c80 RDI: 00000000627af028 +RBP: 00000000e20c7c50 R08: 00000000603ad594 R09: 00000000e20c7b70 +R10: 000000000000135a R11: 00000000603ad422 R12: 0000000000000000 +R13: 0000000062c7af00 R14: 0000000062406d60 R15: 00000000627700b6 +Kernel panic - not syncing: Segfault with no mm +CPU: 0 UID: 0 PID: 29 Comm: kworker/0:2 Not tainted 6.12.0-rc6-g59b723cd2adb #1 +Workqueue: events mc_work_proc +Stack: + 627af028 62c7af00 e20c7c80 60276fcd + 62778000 603f5820 627af028 00000000 + e20c7cb0 603a2bcd 627af000 62770010 +Call Trace: + [<60276fcd>] device_release+0x70/0xba + [<603a2bcd>] kobject_put+0xba/0xe7 + [<60277265>] put_device+0x19/0x1c + [<60281266>] platform_device_put+0x26/0x29 + [<60281e5f>] platform_device_unregister+0x2c/0x2e + [<6002ec9c>] net_remove+0x63/0x69 + [<60031316>] ? mconsole_reply+0x0/0x50 + [<600310c8>] mconsole_remove+0x160/0x1cc + [<60087d40>] ? __remove_hrtimer+0x38/0x74 + [<60087ff8>] ? hrtimer_try_to_cancel+0x8c/0x98 + [<6006b3cf>] ? dl_server_stop+0x3f/0x48 + [<6006b390>] ? dl_server_stop+0x0/0x48 + [<600672e8>] ? dequeue_entities+0x327/0x390 + [<60038fa6>] ? um_set_signals+0x0/0x43 + [<6003070c>] mc_work_proc+0x77/0x91 + [<60057664>] process_scheduled_works+0x1b3/0x2dd + [<60055f32>] ? assign_work+0x0/0x58 + [<60057f0a>] worker_thread+0x1e9/0x293 + [<6005406f>] ? set_pf_worker+0x0/0x64 + [<6005d65d>] ? arch_local_irq_save+0x0/0x2d + [<6005d748>] ? kthread_exit+0x0/0x3a + [<60057d21>] ? worker_thread+0x0/0x293 + [<6005dbf1>] kthread+0x126/0x12b + [<600219c5>] new_thread_handler+0x85/0xb6 + +Cc: stable@vger.kernel.org +Signed-off-by: Tiwei Bie +Acked-By: Anton Ivanov +Link: https://patch.msgid.link/20241104163203.435515-4-tiwei.btw@antgroup.com +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman +--- + arch/um/drivers/net_kern.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/um/drivers/net_kern.c ++++ b/arch/um/drivers/net_kern.c +@@ -349,7 +349,7 @@ static struct platform_driver uml_net_dr + + static void net_device_release(struct device *dev) + { +- struct uml_net *device = dev_get_drvdata(dev); ++ struct uml_net *device = container_of(dev, struct uml_net, pdev.dev); + struct net_device *netdev = device->dev; + struct uml_net_private *lp = netdev_priv(netdev); + diff --git a/queue-4.19/um-ubd-do-not-use-drvdata-in-release.patch b/queue-4.19/um-ubd-do-not-use-drvdata-in-release.patch new file mode 100644 index 00000000000..624060a7bd7 --- /dev/null +++ b/queue-4.19/um-ubd-do-not-use-drvdata-in-release.patch @@ -0,0 +1,78 @@ +From 5bee35e5389f450a7eea7318deb9073e9414d3b1 Mon Sep 17 00:00:00 2001 +From: Tiwei Bie +Date: Tue, 5 Nov 2024 00:32:01 +0800 +Subject: um: ubd: Do not use drvdata in release + +From: Tiwei Bie + +commit 5bee35e5389f450a7eea7318deb9073e9414d3b1 upstream. + +The drvdata is not available in release. Let's just use container_of() +to get the ubd instance. Otherwise, removing a ubd device will result +in a crash: + +RIP: 0033:blk_mq_free_tag_set+0x1f/0xba +RSP: 00000000e2083bf0 EFLAGS: 00010246 +RAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00 +RDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348 +RBP: 00000000e2083c10 R08: 0000000062414010 R09: 00000000601603f7 +R10: 000000000000133a R11: 000000006038c4bd R12: 0000000000000000 +R13: 0000000060213a5c R14: 0000000062405d20 R15: 00000000604f7aa0 +Kernel panic - not syncing: Segfault with no mm +CPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 6.8.0-rc3-00107-gba3f67c11638 #1 +Workqueue: events mc_work_proc +Stack: + 00000000 604f7ef0 62c5d000 62405d20 + e2083c30 6002c776 6002c755 600e47ff + e2083c60 6025ffe3 04208060 603d36e0 +Call Trace: + [<6002c776>] ubd_device_release+0x21/0x55 + [<6002c755>] ? ubd_device_release+0x0/0x55 + [<600e47ff>] ? kfree+0x0/0x100 + [<6025ffe3>] device_release+0x70/0xba + [<60381d6a>] kobject_put+0xb5/0xe2 + [<6026027b>] put_device+0x19/0x1c + [<6026a036>] platform_device_put+0x26/0x29 + [<6026ac5a>] platform_device_unregister+0x2c/0x2e + [<6002c52e>] ubd_remove+0xb8/0xd6 + [<6002bb74>] ? mconsole_reply+0x0/0x50 + [<6002b926>] mconsole_remove+0x160/0x1cc + [<6002bbbc>] ? mconsole_reply+0x48/0x50 + [<6003379c>] ? um_set_signals+0x3b/0x43 + [<60061c55>] ? update_min_vruntime+0x14/0x70 + [<6006251f>] ? dequeue_task_fair+0x164/0x235 + [<600620aa>] ? update_cfs_group+0x0/0x40 + [<603a0e77>] ? __schedule+0x0/0x3ed + [<60033761>] ? um_set_signals+0x0/0x43 + [<6002af6a>] mc_work_proc+0x77/0x91 + [<600520b4>] process_scheduled_works+0x1af/0x2c3 + [<6004ede3>] ? assign_work+0x0/0x58 + [<600527a1>] worker_thread+0x2f7/0x37a + [<6004ee3b>] ? set_pf_worker+0x0/0x64 + [<6005765d>] ? arch_local_irq_save+0x0/0x2d + [<60058e07>] ? kthread_exit+0x0/0x3a + [<600524aa>] ? worker_thread+0x0/0x37a + [<60058f9f>] kthread+0x130/0x135 + [<6002068e>] new_thread_handler+0x85/0xb6 + +Cc: stable@vger.kernel.org +Signed-off-by: Tiwei Bie +Acked-By: Anton Ivanov +Link: https://patch.msgid.link/20241104163203.435515-3-tiwei.btw@antgroup.com +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman +--- + arch/um/drivers/ubd_kern.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/um/drivers/ubd_kern.c ++++ b/arch/um/drivers/ubd_kern.c +@@ -854,7 +854,7 @@ static int ubd_open_dev(struct ubd *ubd_ + + static void ubd_device_release(struct device *dev) + { +- struct ubd *ubd_dev = dev_get_drvdata(dev); ++ struct ubd *ubd_dev = container_of(dev, struct ubd, pdev.dev); + + blk_cleanup_queue(ubd_dev->queue); + *ubd_dev = ((struct ubd) DEFAULT_UBD); diff --git a/queue-4.19/um-vector-do-not-use-drvdata-in-release.patch b/queue-4.19/um-vector-do-not-use-drvdata-in-release.patch new file mode 100644 index 00000000000..07f486e7dd0 --- /dev/null +++ b/queue-4.19/um-vector-do-not-use-drvdata-in-release.patch @@ -0,0 +1,75 @@ +From 51b39d741970742a5c41136241a9c48ac607cf82 Mon Sep 17 00:00:00 2001 +From: Tiwei Bie +Date: Tue, 5 Nov 2024 00:32:03 +0800 +Subject: um: vector: Do not use drvdata in release + +From: Tiwei Bie + +commit 51b39d741970742a5c41136241a9c48ac607cf82 upstream. + +The drvdata is not available in release. Let's just use container_of() +to get the vector_device instance. Otherwise, removing a vector device +will result in a crash: + +RIP: 0033:vector_device_release+0xf/0x50 +RSP: 00000000e187bc40 EFLAGS: 00010202 +RAX: 0000000060028f61 RBX: 00000000600f1baf RCX: 00000000620074e0 +RDX: 000000006220b9c0 RSI: 0000000060551c80 RDI: 0000000000000000 +RBP: 00000000e187bc50 R08: 00000000603ad594 R09: 00000000e187bb70 +R10: 000000000000135a R11: 00000000603ad422 R12: 00000000623ae028 +R13: 000000006287a200 R14: 0000000062006d30 R15: 00000000623700b6 +Kernel panic - not syncing: Segfault with no mm +CPU: 0 UID: 0 PID: 16 Comm: kworker/0:1 Not tainted 6.12.0-rc6-g59b723cd2adb #1 +Workqueue: events mc_work_proc +Stack: + 60028f61 623ae028 e187bc80 60276fcd + 6220b9c0 603f5820 623ae028 00000000 + e187bcb0 603a2bcd 623ae000 62370010 +Call Trace: + [<60028f61>] ? vector_device_release+0x0/0x50 + [<60276fcd>] device_release+0x70/0xba + [<603a2bcd>] kobject_put+0xba/0xe7 + [<60277265>] put_device+0x19/0x1c + [<60281266>] platform_device_put+0x26/0x29 + [<60281e5f>] platform_device_unregister+0x2c/0x2e + [<60029422>] vector_remove+0x52/0x58 + [<60031316>] ? mconsole_reply+0x0/0x50 + [<600310c8>] mconsole_remove+0x160/0x1cc + [<603b19f4>] ? strlen+0x0/0x15 + [<60066611>] ? __dequeue_entity+0x1a9/0x206 + [<600666a7>] ? set_next_entity+0x39/0x63 + [<6006666e>] ? set_next_entity+0x0/0x63 + [<60038fa6>] ? um_set_signals+0x0/0x43 + [<6003070c>] mc_work_proc+0x77/0x91 + [<60057664>] process_scheduled_works+0x1b3/0x2dd + [<60055f32>] ? assign_work+0x0/0x58 + [<60057f0a>] worker_thread+0x1e9/0x293 + [<6005406f>] ? set_pf_worker+0x0/0x64 + [<6005d65d>] ? arch_local_irq_save+0x0/0x2d + [<6005d748>] ? kthread_exit+0x0/0x3a + [<60057d21>] ? worker_thread+0x0/0x293 + [<6005dbf1>] kthread+0x126/0x12b + [<600219c5>] new_thread_handler+0x85/0xb6 + +Cc: stable@vger.kernel.org +Signed-off-by: Tiwei Bie +Acked-By: Anton Ivanov +Link: https://patch.msgid.link/20241104163203.435515-5-tiwei.btw@antgroup.com +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman +--- + arch/um/drivers/vector_kern.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/um/drivers/vector_kern.c ++++ b/arch/um/drivers/vector_kern.c +@@ -797,7 +797,8 @@ static struct platform_driver uml_net_dr + + static void vector_device_release(struct device *dev) + { +- struct vector_device *device = dev_get_drvdata(dev); ++ struct vector_device *device = ++ container_of(dev, struct vector_device, pdev.dev); + struct net_device *netdev = device->dev; + + list_del(&device->list); -- 2.47.3