git.ipfire.org Git - thirdparty/openwrt.git/commit

author	Mieczyslaw Nalewaj <namiltd@yahoo.com>
	Tue, 28 Oct 2025 23:23:02 +0000 (00:23 +0100)
committer	Robert Marko <robimarko@gmail.com>
	Tue, 24 Feb 2026 13:40:39 +0000 (14:40 +0100)
commit	22ccb445e611018ede702e6c0798640353632cce
tree	71126ee8cfafc502e0b6a6c8b4c32c15514cfc0f	tree \| snapshot
parent	dfbaf846501b1f17d4ac916bb87ad84773414ed8	commit \| diff

mt7620: workaround jal imm26 and redundant PAGE_ALIGN

On MT7620-class platforms (CONFIG_NET_RALINK_MT7620) we observe sporadic
wrong-jump-targets, kernel oopses, hanging, corrupted backtraces or even
"half-written" instructions when the compiler emits a direct 'jal imm26'
call.
This is triggered in:
  - the small random helpers inside get_random_u32_below(), and
  - the blkcg_maybe_throttle_current() call in resume_user_mode_work().

This patch forces those two call sites to use an indirect call via
a volatile function pointer (load into register + jalr) when building
for MT7620, avoiding embedding a 26-bit immediate jump target.

Additionally, on MT7620 builds the exec path in fs/exec.c is modified:
  - skip arch_align_stack() + PAGE_ALIGN() in setup_arg_pages()
    because the micro-randomization (< PAGE_SIZE) implemented by many
    ports (including MT7620) is negated immediately by PAGE_ALIGN().
    Skipping the redundant PAGE_ALIGN() reduces exposure to the
    problematic code pattern.

These changes are targeted workarounds for MT7620; behavioral logic is unchanged.

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/20553
Signed-off-by: Robert Marko <robimarko@gmail.com>

target/linux/ramips/patches-6.12/330-mt7620-avoid-direct-jal-in-random-helper.patch	[new file with mode: 0644]	blob
target/linux/ramips/patches-6.12/331-mt7620-avoid-direct-jal-in-resume_user_mode_work.patch	[new file with mode: 0644]	blob
target/linux/ramips/patches-6.12/332-mt7620-conditional-stack-align.patch	[new file with mode: 0644]	blob