Linux-ARM-Kernel Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] Documentation: parport-lowlevel: Fix curly bracket
From: Manuel Ebner @ 2026-06-27  9:24 UTC (permalink / raw)
  To: Sudip Mukherjee, Jonathan Corbet, Shuah Khan, Andreas Faerber,
	Manivannan Sadhasivam, open list:DOCUMENTATION,
	moderated list:ARM/ACTIONS SEMI ARCHITECTURE,
	moderated list:ARM/ACTIONS SEMI ARCHITECTURE, open list,
	Randy Dunlap
  Cc: Manuel Ebner

Remove needless '}'

Signed-off-by: Manuel Ebner <manuelebner@mailbox.org>
---
 Documentation/driver-api/parport-lowlevel.rst | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Documentation/driver-api/parport-lowlevel.rst b/Documentation/driver-api/parport-lowlevel.rst
index a907e279f509..af73741289c9 100644
--- a/Documentation/driver-api/parport-lowlevel.rst
+++ b/Documentation/driver-api/parport-lowlevel.rst
@@ -341,7 +341,6 @@ EXAMPLE
 			/* Try to detect a device on the port... */
 			...
 		}
-		}
 
 		...
 	}
-- 
2.54.0



^ permalink raw reply related

* Re: [PATCH] clk: rockchip: rk3588: don't disable unused I2S MCLK output gates
From: Ricardo Pardini @ 2026-06-27  7:30 UTC (permalink / raw)
  To: Daniele Briguglio, Michael Turquette, Stephen Boyd,
	Heiko Stuebner
  Cc: linux-clk, linux-arm-kernel, linux-rockchip, linux-kernel,
	Diederik de Haas, Nicolas Frattaroli
In-Reply-To: <20260624123914.1767374-1-hello@superkali.me>

On 24/06/2026 14:39, Daniele Briguglio wrote:
> No in-tree board references these gates yet. Boards drive the codec
> MCLK through the parent I2S*_8CH_MCLKOUT, and now that the gates are
> managed clocks, clk_disable_unused() turns them off at boot. On a board
> that relied on firmware leaving the output enabled, that cuts the MCLK
> and analog audio stops working.
> 
> Mark the four gates CLK_IGNORE_UNUSED so an unreferenced gate keeps the
> state firmware left. A board that wants the kernel to own the gate can
> reference I2S*_8CH_MCLKOUT_TO_IO from DT instead.
> 
> Fixes: 02b9b0bb6269 ("clk: rockchip: rk3588: add GATE_GRF clocks for I2S MCLK output to IO")
> Reported-by: Diederik de Haas <diederik@cknow-tech.com>
> Closes: https://lore.kernel.org/linux-rockchip/DJGDSS875DDO.22TYPVYK5X8KZ@cknow-tech.com/
> Tested-by: Diederik de Haas <diederik@cknow-tech.com>
> Signed-off-by: Daniele Briguglio <hello@superkali.me>

I've reproduced the failure reported by Diederik on the NanoPC-T6-LTS 
(indirect I2S0_8CH_MCLKOUT) without this patch, then with this patch 
(which fixes it), and re-tested the R58X-Pro (out-of-tree explicit 
I2S0_8CH_MCLKOUT_TO_IO consumer); it all works for me now.

Tested-by: Ricardo Pardini <ricardo@pardini.net> # on R58X-Pro+NanoPC-T6

Thanks,

-- Ricardo

> ---
>   drivers/clk/rockchip/clk-rk3588.c | 8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/clk/rockchip/clk-rk3588.c b/drivers/clk/rockchip/clk-rk3588.c
> index 2ba9976654c..86953f9ffee 100644
> --- a/drivers/clk/rockchip/clk-rk3588.c
> +++ b/drivers/clk/rockchip/clk-rk3588.c
> @@ -895,7 +895,7 @@ static struct rockchip_clk_branch rk3588_early_clk_branches[] __initdata = {
>   	MUX(I2S2_2CH_MCLKOUT, "i2s2_2ch_mclkout", i2s2_2ch_mclkout_p, CLK_SET_RATE_PARENT,
>   			RK3588_CLKSEL_CON(30), 2, 1, MFLAGS),
>   	GATE_GRF(I2S2_2CH_MCLKOUT_TO_IO, "i2s2_2ch_mclkout_to_io", "i2s2_2ch_mclkout",
> -			0, RK3588_SYSGRF_SOC_CON6, 2, GFLAGS, grf_type_sys),
> +			CLK_IGNORE_UNUSED, RK3588_SYSGRF_SOC_CON6, 2, GFLAGS, grf_type_sys),
>   
>   	COMPOSITE(CLK_I2S3_2CH_SRC, "clk_i2s3_2ch_src", gpll_aupll_p, 0,
>   			RK3588_CLKSEL_CON(30), 8, 1, MFLAGS, 3, 5, DFLAGS,
> @@ -912,7 +912,7 @@ static struct rockchip_clk_branch rk3588_early_clk_branches[] __initdata = {
>   	MUX(I2S3_2CH_MCLKOUT, "i2s3_2ch_mclkout", i2s3_2ch_mclkout_p, CLK_SET_RATE_PARENT,
>   			RK3588_CLKSEL_CON(32), 2, 1, MFLAGS),
>   	GATE_GRF(I2S3_2CH_MCLKOUT_TO_IO, "i2s3_2ch_mclkout_to_io", "i2s3_2ch_mclkout",
> -			0, RK3588_SYSGRF_SOC_CON6, 7, GFLAGS, grf_type_sys),
> +			CLK_IGNORE_UNUSED, RK3588_SYSGRF_SOC_CON6, 7, GFLAGS, grf_type_sys),
>   	GATE(PCLK_ACDCDIG, "pclk_acdcdig", "pclk_audio_root", 0,
>   			RK3588_CLKGATE_CON(7), 11, GFLAGS),
>   	GATE(HCLK_I2S0_8CH, "hclk_i2s0_8ch", "hclk_audio_root", 0,
> @@ -942,7 +942,7 @@ static struct rockchip_clk_branch rk3588_early_clk_branches[] __initdata = {
>   	MUX(I2S0_8CH_MCLKOUT, "i2s0_8ch_mclkout", i2s0_8ch_mclkout_p, CLK_SET_RATE_PARENT,
>   			RK3588_CLKSEL_CON(28), 2, 2, MFLAGS),
>   	GATE_GRF(I2S0_8CH_MCLKOUT_TO_IO, "i2s0_8ch_mclkout_to_io", "i2s0_8ch_mclkout",
> -			0, RK3588_SYSGRF_SOC_CON6, 0, GFLAGS, grf_type_sys),
> +			CLK_IGNORE_UNUSED, RK3588_SYSGRF_SOC_CON6, 0, GFLAGS, grf_type_sys),
>   
>   	GATE(HCLK_PDM1, "hclk_pdm1", "hclk_audio_root", 0,
>   			RK3588_CLKGATE_CON(9), 6, GFLAGS),
> @@ -2229,7 +2229,7 @@ static struct rockchip_clk_branch rk3588_early_clk_branches[] __initdata = {
>   	MUX(I2S1_8CH_MCLKOUT, "i2s1_8ch_mclkout", i2s1_8ch_mclkout_p, CLK_SET_RATE_PARENT,
>   			RK3588_PMU_CLKSEL_CON(9), 2, 2, MFLAGS),
>   	GATE_GRF(I2S1_8CH_MCLKOUT_TO_IO, "i2s1_8ch_mclkout_to_io", "i2s1_8ch_mclkout",
> -			0, RK3588_SYSGRF_SOC_CON6, 1, GFLAGS, grf_type_sys),
> +			CLK_IGNORE_UNUSED, RK3588_SYSGRF_SOC_CON6, 1, GFLAGS, grf_type_sys),
>   	GATE(PCLK_PMU1, "pclk_pmu1", "pclk_pmu0_root", CLK_IS_CRITICAL,
>   			RK3588_PMU_CLKGATE_CON(1), 0, GFLAGS),
>   	GATE(CLK_DDR_FAIL_SAFE, "clk_ddr_fail_safe", "clk_pmu0", CLK_IGNORE_UNUSED,
> 
> base-commit: 7edfb7fb58ee058298e18fde76a6077ef17d19d8



^ permalink raw reply

* [PATCH 2/2] media: meson: vdec: guard against NULL prev_frame in codec_vp9_set_mpred_mv()
From: Doruk Tan Ozturk @ 2026-06-27  6:55 UTC (permalink / raw)
  To: Neil Armstrong, Greg Kroah-Hartman
  Cc: Dan Carpenter, Mauro Carvalho Chehab, Hans Verkuil, Kevin Hilman,
	Jerome Brunet, Martin Blumenstingl, linux-media, linux-amlogic,
	linux-staging, linux-arm-kernel, linux-kernel, Doruk Tan Ozturk
In-Reply-To: <20260627065534.88527-1-doruk@0sec.ai>

codec_vp9_set_mpred_mv() dereferences vp9->prev_frame unconditionally,
both when computing use_prev_frame_mvs (prev_frame->width, ->height,
->intra_only, ->show, ->type) and when programming the previous-frame
MV read registers via codec_vp9_get_frame_mv_paddr(vp9, vp9->prev_frame)
(HEVC_MPRED_MV_RD_START_ADDR, HEVC_MPRED_MV_RPTR and the RD_END_ADDR
computation).

vp9->prev_frame is only assigned (= vp9->cur_frame) after a frame has
been processed, and is NULL after allocation and after a flush. The
caller, codec_vp9_process_frame(), reaches codec_vp9_set_mpred_mv()
whenever the frame is a non-key, non-intra-only frame, without checking
that a previous frame exists. A stream whose first decoded frame is an
inter frame (malformed/adversarial input, or the first frame after a
drain) therefore triggers a NULL pointer dereference.

Disable previous-frame MV use (clear HEVC_MPRED_CTRL4 BIT(6), which the
function already does up front) and return early when prev_frame is
NULL, before any dereference. There are no previous-frame motion
vectors to consume in that case, so this is the correct behaviour as
well as the safe one.

Found by 0sec's autonomous vulnerability analysis (https://0sec.ai).
Found by static analysis; not yet runtime-reproduced (Amlogic Meson
hardware required).

Fixes: 00c43088aa68 ("media: meson: vdec: add VP9 decoder support")
Signed-off-by: Doruk Tan Ozturk <doruk@0sec.ai>
---
 drivers/staging/media/meson/vdec/codec_vp9.c | 27 +++++++++++++++-----
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/drivers/staging/media/meson/vdec/codec_vp9.c b/drivers/staging/media/meson/vdec/codec_vp9.c
index 5ca27930239f..1df641202687 100644
--- a/drivers/staging/media/meson/vdec/codec_vp9.c
+++ b/drivers/staging/media/meson/vdec/codec_vp9.c
@@ -993,19 +993,32 @@ static void codec_vp9_set_mpred_mv(struct amvdec_core *core,
 				   struct codec_vp9 *vp9)
 {
 	int mpred_mv_rd_end_addr;
-	int use_prev_frame_mvs = vp9->prev_frame->width ==
-					vp9->cur_frame->width &&
-				 vp9->prev_frame->height ==
-					vp9->cur_frame->height &&
-				 !vp9->prev_frame->intra_only &&
-				 vp9->prev_frame->show &&
-				 vp9->prev_frame->type != KEY_FRAME;
+	int use_prev_frame_mvs;
 
 	amvdec_write_dos(core, HEVC_MPRED_CTRL3, 0x24122412);
 	amvdec_write_dos(core, HEVC_MPRED_ABV_START_ADDR,
 			 vp9->workspace_paddr + MPRED_ABV_OFFSET);
 
 	amvdec_clear_dos_bits(core, HEVC_MPRED_CTRL4, BIT(6));
+
+	/*
+	 * prev_frame is NULL when an inter frame is the first frame decoded
+	 * (e.g. a stream starting on a non-key frame, or the first frame
+	 * after a flush). There are no previous-frame motion vectors to use
+	 * and every read below would dereference a NULL pointer, so leave
+	 * prev-MV use disabled (BIT(6) already cleared) and bail out.
+	 */
+	if (!vp9->prev_frame)
+		return;
+
+	use_prev_frame_mvs = vp9->prev_frame->width ==
+				vp9->cur_frame->width &&
+			     vp9->prev_frame->height ==
+				vp9->cur_frame->height &&
+			     !vp9->prev_frame->intra_only &&
+			     vp9->prev_frame->show &&
+			     vp9->prev_frame->type != KEY_FRAME;
+
 	if (use_prev_frame_mvs)
 		amvdec_write_dos_bits(core, HEVC_MPRED_CTRL4, BIT(6));
 
-- 
2.53.0



^ permalink raw reply related

* [PATCH 1/2] media: meson: vdec: clear stale prev_frame/cur_frame on flush
From: Doruk Tan Ozturk @ 2026-06-27  6:55 UTC (permalink / raw)
  To: Neil Armstrong, Greg Kroah-Hartman
  Cc: Dan Carpenter, Mauro Carvalho Chehab, Hans Verkuil, Kevin Hilman,
	Jerome Brunet, Martin Blumenstingl, linux-media, linux-amlogic,
	linux-staging, linux-arm-kernel, linux-kernel, Doruk Tan Ozturk
In-Reply-To: <20260627065534.88527-1-doruk@0sec.ai>

codec_vp9_flush_output() (the .drain callback) walks ref_frames_list
and kfree()s every vp9_frame node, but never clears vp9->prev_frame
or vp9->cur_frame, which alias nodes that were just freed.

If decoding resumes after a flush with an inter (non-key) frame,
codec_vp9_process_frame() calls codec_vp9_set_mpred_mv(), which
dereferences vp9->prev_frame->{width,height,intra_only,show,type}
and feeds vp9->prev_frame to codec_vp9_get_frame_mv_paddr(). With
prev_frame still pointing at freed memory this is a use-after-free.

Clear both cached pointers once the list has been freed so a resumed
decode starts from a clean state.

Found by 0sec's autonomous vulnerability analysis (https://0sec.ai).
Found by static analysis; not yet runtime-reproduced (Amlogic Meson
hardware required).

Fixes: 00c43088aa68 ("media: meson: vdec: add VP9 decoder support")
Signed-off-by: Doruk Tan Ozturk <doruk@0sec.ai>
---
 drivers/staging/media/meson/vdec/codec_vp9.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/drivers/staging/media/meson/vdec/codec_vp9.c b/drivers/staging/media/meson/vdec/codec_vp9.c
index 8e80ecf84193..5ca27930239f 100644
--- a/drivers/staging/media/meson/vdec/codec_vp9.c
+++ b/drivers/staging/media/meson/vdec/codec_vp9.c
@@ -681,6 +681,16 @@ static void codec_vp9_flush_output(struct amvdec_session *sess)
 		list_del(&tmp->list);
 		kfree(tmp);
 	}
+
+	/*
+	 * All ref_frames_list nodes have been freed above. Drop the cached
+	 * pointers so a decode resuming after the flush (e.g. an inter frame
+	 * following a drain) cannot dereference freed vp9_frame memory in
+	 * codec_vp9_set_mpred_mv().
+	 */
+	vp9->prev_frame = NULL;
+	vp9->cur_frame = NULL;
+
 	mutex_unlock(&vp9->lock);
 }
 
-- 
2.53.0



^ permalink raw reply related

* [PATCH 0/2] media: meson: vdec: fix two more VP9 reference-frame lifetime bugs
From: Doruk Tan Ozturk @ 2026-06-27  6:55 UTC (permalink / raw)
  To: Neil Armstrong, Greg Kroah-Hartman
  Cc: Dan Carpenter, Mauro Carvalho Chehab, Hans Verkuil, Kevin Hilman,
	Jerome Brunet, Martin Blumenstingl, linux-media, linux-amlogic,
	linux-staging, linux-arm-kernel, linux-kernel, Doruk Tan Ozturk

While reviewing the earlier VP9 prev_frame use-after-free fix, a
Sashiko AI review of that change surfaced two further reference-frame
lifetime bugs in the same decoder, both rooted in vp9->prev_frame /
vp9->cur_frame not being managed across all decode entry points.

Patch 1 clears the cached prev_frame/cur_frame pointers in the .drain
flush path, which frees every ref_frames_list node but left those two
pointers aliasing freed memory; a decode resuming with an inter frame
would then dereference freed vp9_frame storage in
codec_vp9_set_mpred_mv() (use-after-free).

Patch 2 guards codec_vp9_set_mpred_mv() against vp9->prev_frame being
NULL, which happens when the first decoded frame is an inter frame
(malformed/adversarial input, or the first frame after a flush). The
function dereferences prev_frame unconditionally, both for the
use_prev_frame_mvs computation and for the previous-frame MV read
register programming, so the NULL case is a NULL pointer dereference.

Both issues were found by static analysis and are not yet runtime-
reproduced (Amlogic Meson hardware required).

Found by 0sec's autonomous vulnerability analysis (https://0sec.ai).

Doruk Tan Ozturk (2):
  media: meson: vdec: clear stale prev_frame/cur_frame on flush
  media: meson: vdec: guard against NULL prev_frame in
    codec_vp9_set_mpred_mv()

 drivers/staging/media/meson/vdec/codec_vp9.c | 37 ++++++++++++++++----
 1 file changed, 30 insertions(+), 7 deletions(-)

-- 
2.53.0



^ permalink raw reply

* Re: [PATCH] drm/sun4i: Remove dependency on DRM simple helpers
From: Jernej Škrabec @ 2026-06-27  6:55 UTC (permalink / raw)
  To: Chen-Yu Tsai, Maarten Lankhorst, Maxime Ripard, Thomas Zimmermann,
	David Airlie, Simona Vetter, Samuel Holland, Diogo Silva
  Cc: dri-devel, linux-arm-kernel, linux-sunxi, linux-kernel,
	Diogo Silva
In-Reply-To: <20260623-sun4i_simple-v1-1-fa6696df1fad@gmail.com>

Dne torek, 23. junij 2026 ob 22:34:40 Srednjeevropski poletni čas je Diogo Silva napisal(a):
> Simple KMS helper are deprecated since they only add an intermediate
> layer between drivers and the atomic modesetting.
> This patch removes the dependency on drm simple helpers from sun4i
> DRM drivers.
> 
> Signed-off-by: Diogo Silva <diogompaissilva@gmail.com>

This doesn't look as useful change. Is this tree-wide attempt? If so, it
should be done in one go in one patch series, coordinated with DRM
maintainers.

Best regards,
Jernej




^ permalink raw reply

* Re: [PATCH] bus: sunxi-rsb: fail hardware init on soft-reset timeout
From: Jernej Škrabec @ 2026-06-27  6:40 UTC (permalink / raw)
  To: Chen-Yu Tsai, Pengpeng Hou
  Cc: pengpeng, Samuel Holland, Philipp Zabel, linux-arm-kernel,
	linux-sunxi, linux-kernel
In-Reply-To: <20260625003416.15841-1-pengpeng@iscas.ac.cn>

Dne četrtek, 25. junij 2026 ob 02:34:16 Srednjeevropski poletni čas je Pengpeng Hou napisal(a):
> sunxi_rsb_hw_init() issues a controller soft reset and waits for the reset
> bit to clear, but it ignores readl_poll_timeout()'s return value.
> 
> If the controller never leaves reset, probe can continue to publish child
> devices and system resume can report success without a usable RSB
> controller.
> 
> Return the timeout error, assert reset again, and disable the clock before
> leaving the hardware-init path.
> 
> Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>

Acked-by: Jernej Skrabec <jernej.skrabec@gmail.com>

Best regards,
Jernej




^ permalink raw reply

* [PATCH v2] media: meson: vdec: fix use-after-free of in-use frames in codec_vp9_rm_noshow_frame()
From: Doruk Tan Ozturk @ 2026-06-27  6:39 UTC (permalink / raw)
  To: Neil Armstrong, Greg Kroah-Hartman
  Cc: Dan Carpenter, Mauro Carvalho Chehab, Hans Verkuil, Kevin Hilman,
	Jerome Brunet, Martin Blumenstingl, linux-media, linux-amlogic,
	linux-staging, linux-arm-kernel, linux-kernel, Doruk Tan Ozturk

codec_vp9_rm_noshow_frame() frees the first non-shown reference frame on
ref_frames_list without excluding frames that are still in use. When the
previously decoded frame was a non-show (alt-ref) frame and the current
frame is a non-show inter frame, the freed object is the one
vp9->prev_frame still points to; codec_vp9_set_mpred_mv() then
dereferences the stale pointer (use_prev_frame_mvs and
codec_vp9_get_frame_mv_paddr()), a use-after-free. Freeing a frame that
is still an active reference (codec_vp9_is_ref()) or the current frame
has the same in-use-then-free shape and additionally desyncs the
reference bookkeeping in codec_vp9_sync_ref().

The sibling cleanup codec_vp9_show_frame() already guards exactly these
cases before freeing:

	if (codec_vp9_is_ref(vp9, tmp) || tmp == vp9->prev_frame)
		continue;

rm_noshow_frame() simply omits the same check. Add it, also skipping
cur_frame, so both cleanup paths agree on which frames are safe to free.

The fields that drive this path (show_frame, frame_type, intra_only) are
parsed from the VP9 bitstream, so a crafted stream fed to the stateless
decoder can trigger the free-then-use.

Found by 0sec's autonomous vulnerability analysis (https://0sec.ai).
Found by static analysis; not yet runtime-reproduced (Amlogic Meson
hardware required).

Fixes: 00c43088aa68 ("media: meson: vdec: add VP9 decoder support")
Signed-off-by: Doruk Tan Ozturk <doruk@0sec.ai>
---
v2: Per Dan Carpenter's review, also skip active reference frames
    (codec_vp9_is_ref()) and cur_frame, matching codec_vp9_show_frame()
    exactly — freeing an in-use altref/reference frame here also caused a
    codec_vp9_sync_ref() desync, not just the prev_frame UAF.

 drivers/staging/media/meson/vdec/codec_vp9.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/drivers/staging/media/meson/vdec/codec_vp9.c b/drivers/staging/media/meson/vdec/codec_vp9.c
index 8e80ecf84193..dad75950933c 100644
--- a/drivers/staging/media/meson/vdec/codec_vp9.c
+++ b/drivers/staging/media/meson/vdec/codec_vp9.c
@@ -1238,6 +1238,8 @@ static void codec_vp9_show_existing_frame(struct codec_vp9 *vp9)
 	pr_debug("showing frame %u\n", param->p.frame_to_show_idx);
 }
 
+static bool codec_vp9_is_ref(struct codec_vp9 *vp9, struct vp9_frame *frame);
+
 static void codec_vp9_rm_noshow_frame(struct amvdec_session *sess)
 {
 	struct codec_vp9 *vp9 = sess->priv;
@@ -1247,6 +1249,18 @@ static void codec_vp9_rm_noshow_frame(struct amvdec_session *sess)
 		if (tmp->show)
 			continue;
 
+		/*
+		 * Mirror codec_vp9_show_frame(): never free an active
+		 * reference frame, the previously decoded frame, or the
+		 * current frame here. prev_frame is still dereferenced by the
+		 * MV predictor in codec_vp9_set_mpred_mv(), and freeing an
+		 * in-use altref/reference also desyncs codec_vp9_sync_ref();
+		 * either is a use-after-free of an in-use frame.
+		 */
+		if (codec_vp9_is_ref(vp9, tmp) || tmp == vp9->prev_frame ||
+		    tmp == vp9->cur_frame)
+			continue;
+
 		pr_debug("rm noshow: %u\n", tmp->index);
 		v4l2_m2m_buf_queue(sess->m2m_ctx, tmp->vbuf);
 		list_del(&tmp->list);
-- 
2.53.0



^ permalink raw reply related

* Re: [PATCH] media: cedrus: fix memory leak in cedrus_init_ctrls()
From: Jernej Škrabec @ 2026-06-27  6:38 UTC (permalink / raw)
  To: mripard, Dawei Feng
  Cc: paulk, mchehab, gregkh, wens, samuel, hverkuil, linux-media,
	linux-staging, linux-arm-kernel, linux-sunxi, linux-kernel,
	jianhao.xu, zilin, Dawei Feng, stable
In-Reply-To: <20260624085920.578446-1-dawei.feng@seu.edu.cn>

Dne sreda, 24. junij 2026 ob 10:59:20 Srednjeevropski poletni čas je Dawei Feng napisal(a):
> In cedrus_init_ctrls(), the V4L2 control handler is initialized before
> allocating memory for ctx->ctrls. If this allocation fails, the function
> returns -ENOMEM without freeing the previously allocated handler
> resources, leading to a memory leak.
> 
> Fix this by calling v4l2_ctrl_handler_free() on the ctx->ctrls allocation
> failure path.
> 
> The bug was first flagged by an experimental analysis tool we are
> developing for kernel memory-management bugs while analyzing
> v6.13-rc1. The tool is still under development and is not yet publicly
> available. Manual inspection confirms that the bug is still
> present in v7.1.1.
> 
> An x86_64 allyesconfig build showed no new warnings. As we do not have an
> Allwinner SoC or board with a Cedrus VPU available to test with, no
> runtime testing was able to be performed.
> 
> Fixes: 50e761516f2b ("media: platform: Add Cedrus VPU decoder driver")
> Cc: stable@vger.kernel.org
> Signed-off-by: Dawei Feng <dawei.feng@seu.edu.cn>

Acked-by: Jernej Skrabec <jernej.skrabec@gmail.com>

Best regards,
Jernej




^ permalink raw reply

* Re: [PATCH] drm/sun4i: mixer: Check clock enable failures
From: Jernej Škrabec @ 2026-06-27  6:36 UTC (permalink / raw)
  To: Chen-Yu Tsai, Maarten Lankhorst, Maxime Ripard, Thomas Zimmermann,
	David Airlie, Simona Vetter, Samuel Holland, dri-devel,
	Pengpeng Hou
  Cc: linux-arm-kernel, linux-sunxi, linux-kernel, Pengpeng Hou
In-Reply-To: <20260624055123.26769-1-pengpeng@iscas.ac.cn>

Dne sreda, 24. junij 2026 ob 07:51:23 Srednjeevropski poletni čas je Pengpeng Hou napisal(a):
> sun8i_mixer_bind() acquires the required bus and module clocks, but
> ignores clk_prepare_enable() failures before adding the mixer engine to
> the DRM pipeline.
> 
> Check both clock enable operations and use the existing unwind labels
> when a required clock cannot be enabled.
> 
> Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>

Acked-by: Jernej Skrabec <jernej.skrabec@gmail.com>

Best regards,
Jernej




^ permalink raw reply

* [PATCH v1] ARM: dts: aspeed: g6: Use KCS AST2600 compatible string
From: Haiyue Wang @ 2026-06-27  5:27 UTC (permalink / raw)
  To: devicetree, Andrew Jeffery
  Cc: Haiyue Wang, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
	Joel Stanley, moderated list:ARM/ASPEED MACHINE SUPPORT,
	moderated list:ARM/ASPEED MACHINE SUPPORT, open list

As the commit 2596f6b93a60 ("ipmi: kcs: aspeed: Add AST2600 compatible
string") does, change the AST2600 DTS file to use kcs ast2600 compatible
string.

Signed-off-by: Haiyue Wang <haiyuewa@163.com>
---
 arch/arm/boot/dts/aspeed/aspeed-g6.dtsi | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/arm/boot/dts/aspeed/aspeed-g6.dtsi b/arch/arm/boot/dts/aspeed/aspeed-g6.dtsi
index 56bb3b0444f7..774d5af495fb 100644
--- a/arch/arm/boot/dts/aspeed/aspeed-g6.dtsi
+++ b/arch/arm/boot/dts/aspeed/aspeed-g6.dtsi
@@ -585,7 +585,7 @@ lpc: lpc@1e789000 {
 				ranges = <0x0 0x1e789000 0x1000>;
 
 				kcs1: kcs@24 {
-					compatible = "aspeed,ast2500-kcs-bmc-v2";
+					compatible = "aspeed,ast2600-kcs-bmc";
 					reg = <0x24 0x1>, <0x30 0x1>, <0x3c 0x1>;
 					interrupts = <GIC_SPI 138 IRQ_TYPE_LEVEL_HIGH>;
 					clocks = <&syscon ASPEED_CLK_GATE_LCLK>;
@@ -594,7 +594,7 @@ kcs1: kcs@24 {
 				};
 
 				kcs2: kcs@28 {
-					compatible = "aspeed,ast2500-kcs-bmc-v2";
+					compatible = "aspeed,ast2600-kcs-bmc";
 					reg = <0x28 0x1>, <0x34 0x1>, <0x40 0x1>;
 					interrupts = <GIC_SPI 139 IRQ_TYPE_LEVEL_HIGH>;
 					clocks = <&syscon ASPEED_CLK_GATE_LCLK>;
@@ -602,7 +602,7 @@ kcs2: kcs@28 {
 				};
 
 				kcs3: kcs@2c {
-					compatible = "aspeed,ast2500-kcs-bmc-v2";
+					compatible = "aspeed,ast2600-kcs-bmc";
 					reg = <0x2c 0x1>, <0x38 0x1>, <0x44 0x1>;
 					interrupts = <GIC_SPI 140 IRQ_TYPE_LEVEL_HIGH>;
 					clocks = <&syscon ASPEED_CLK_GATE_LCLK>;
@@ -610,7 +610,7 @@ kcs3: kcs@2c {
 				};
 
 				kcs4: kcs@114 {
-					compatible = "aspeed,ast2500-kcs-bmc-v2";
+					compatible = "aspeed,ast2600-kcs-bmc";
 					reg = <0x114 0x1>, <0x118 0x1>, <0x11c 0x1>;
 					interrupts = <GIC_SPI 141 IRQ_TYPE_LEVEL_HIGH>;
 					clocks = <&syscon ASPEED_CLK_GATE_LCLK>;
-- 
2.54.0



^ permalink raw reply related

* [PATCH v2 5.15.y] kselftest/arm64: signal: Skip SVE signal test if not enough VLs supported
From: Yijia Wang @ 2026-06-27  3:22 UTC (permalink / raw)
  To: stable, sashal, gregkh
  Cc: andre.przywara, linux-kernel, cristian.marussi, will,
	catalin.marinas, broonie, shuah, linux-arm-kernel,
	linux-kselftest, Yijia Wang
In-Reply-To: <stable-reply-item017-arm64-sve-resend-20260626@kernel.org>

[ Upstream commit 78c09c0f4df89fabdcfb3e5e53d3196cf67f64ef ]

On platform where SVE is supported but there are less than 2 VLs available
the signal SVE change test should be skipped instead of failing.

Reported-by: Andre Przywara <andre.przywara@arm.com>
Tested-by: Andre Przywara <andre.przywara@arm.com>
Cc: Mark Brown <broonie@kernel.org>
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220524103149.2802-1-cristian.marussi@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Yijia Wang <wangyijia.yeah@bytedance.com>
---
Changes in v2:
- Keep the commit message aligned with the upstream commit, as requested by
  Sasha.
- Link to v1:
  https://lore.kernel.org/r/20260626-b4-arm64-515-preview-clean-v1-1-ad19e286e322@bytedance.com

 .../arm64/signal/testcases/fake_sigreturn_sve_change_vl.c       | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c b/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c
index bb50b5adb..915821375 100644
--- a/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c
+++ b/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c
@@ -6,6 +6,7 @@
  * supported and is expected to segfault.
  */
 
+#include <kselftest.h>
 #include <signal.h>
 #include <ucontext.h>
 #include <sys/prctl.h>
@@ -40,6 +41,7 @@ static bool sve_get_vls(struct tdescr *td)
 	/* We need at least two VLs */
 	if (nvls < 2) {
 		fprintf(stderr, "Only %d VL supported\n", nvls);
+		td->result = KSFT_SKIP;
 		return false;
 	}
 
-- 
2.43.0


^ permalink raw reply related

* Re: [PATCH] ARM: entry: Convert IRQ handling to generic IRQ entry
From: Jinjie Ruan @ 2026-06-27  3:16 UTC (permalink / raw)
  To: Linus Walleij, Paul E. McKenney, Arnd Bergmann, Russell King,
	Oleg Nesterov, Thomas Gleixner
  Cc: linux-arm-kernel, linux-kernel
In-Reply-To: <20260623-arm-generic-irq-entry-v7-1-v1-1-f25ca7079e3b@kernel.org>



On 6/23/2026 6:52 AM, Linus Walleij wrote:
> Bring ARM to the same level of generic-ness as ARM64 by enabling
> GENERIC_IRQ_ENTRY.
> 
> Route ARM IRQ entry through C wrappers that use the generic IRQ entry
> helpers. Conversely put the FIQ entry under the generic NMI-style entry
> helpers.
> 
> Select GENERIC_IRQ_ENTRY, add the ARM entry prototypes, and provide
> regs_irqs_disabled() for the generic IRQ entry return path.
> 
> The kernel-mode IRQ return path relies on the generic IRQ entry
> preemption handling, matching the arm64 structure and avoiding the old
> assembly reschedule check.
> 
> The reschedule check is now done in raw_irqentry_exit_cond_resched()
> in kernel/entry/common.c.
> 
> User-mode IRQs __irq_usr is neither calling ct_user_exit/enter
> or asm_trace_hardirqs_off/on anymore. The corresponding calls happen on
> irqentry_enter/exit() call paths, e.g the irq-disabled C variants
> __ct_user_exit/enter() are called instead.
> 
> As __irq_usr no longer returns by jumping to ret_to_user_from_irq,
> the corresponding code has been inlined, except the slow_work_pending
> part, which is now also handled by generic entry. ret_to_user_from_irq
> is only called from v7m so it has been renamed accordingly.
> 
> arch_do_signal_or_restart() is required, but we only need a very small
> stub, since we keep the existing syscall restart code around in assembly.
> 
> Tested on with multi_v7_defconfig and qemu-system-arm vexpress-a15
> using vexpress-v2p-ca15-tc1.dtb and some different loads.
> 
> A note on V7M: the reason we cannot switch the V7M entry over to generic
> entry is that it raises a "pendable service call" ("pendv") exception to
> process deferred work at the end of the interrupt handler. This is done
> so higher priority work can come in. This has no corresponding structure
> in other ARM cores.
> 
> This is a reduced patch based on the earlier generic entry series avoiding
> all the syscall handling changes.
> 
> Link: https://lore.kernel.org/linux-arm-kernel/20250420-arm-generic-entry-v6-0-95f1fcdfeeb2@linaro.org/
> Signed-off-by: Linus Walleij <linusw@kernel.org>
> ---
>  arch/arm/Kconfig                    |  1 +
>  arch/arm/include/asm/entry-common.h |  7 ++++
>  arch/arm/include/asm/entry.h        | 10 +++++
>  arch/arm/include/asm/ptrace.h       |  7 +++-
>  arch/arm/kernel/Makefile            |  2 +-
>  arch/arm/kernel/entry-armv.S        | 75 ++++++++-----------------------------
>  arch/arm/kernel/entry-common.S      |  5 ++-
>  arch/arm/kernel/entry-header.S      |  7 +++-
>  arch/arm/kernel/entry-v7m.S         |  2 +-
>  arch/arm/kernel/entry.c             | 51 +++++++++++++++++++++++++
>  arch/arm/kernel/irq.c               |  6 +++
>  arch/arm/kernel/irq.h               |  2 +
>  arch/arm/kernel/signal.c            |  6 +++
>  13 files changed, 116 insertions(+), 65 deletions(-)
> 
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index 73e6647bea46..aad21d645ff3 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -71,6 +71,7 @@ config ARM
>  	select GENERIC_CPU_AUTOPROBE
>  	select GENERIC_CPU_DEVICES
>  	select GENERIC_EARLY_IOREMAP
> +	select GENERIC_IRQ_ENTRY if !CPU_V7M
>  	select GENERIC_IDLE_POLL_SETUP
>  	select GENERIC_IRQ_MULTI_HANDLER
>  	select GENERIC_IRQ_PROBE
> diff --git a/arch/arm/include/asm/entry-common.h b/arch/arm/include/asm/entry-common.h
> new file mode 100644
> index 000000000000..c017df5f39d5
> --- /dev/null
> +++ b/arch/arm/include/asm/entry-common.h
> @@ -0,0 +1,7 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef __ASM_ARM_ENTRY_COMMON_H
> +#define __ASM_ARM_ENTRY_COMMON_H
> +
> +#include <asm/stacktrace.h>
> +
> +#endif
> diff --git a/arch/arm/include/asm/entry.h b/arch/arm/include/asm/entry.h
> new file mode 100644
> index 000000000000..864c9b3abbf1
> --- /dev/null
> +++ b/arch/arm/include/asm/entry.h
> @@ -0,0 +1,10 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +#ifndef __ASM_ENTRY_H__
> +#define __ASM_ENTRY_H__
> +
> +struct pt_regs;
> +
> +void arm_irq_handler(struct pt_regs *regs, int mode);
> +void arm_fiq_handler(struct pt_regs *regs);
> +
> +#endif /* __ASM_ENTRY_H__ */
> diff --git a/arch/arm/include/asm/ptrace.h b/arch/arm/include/asm/ptrace.h
> index 6eb311fb2da0..88ddb9371a02 100644
> --- a/arch/arm/include/asm/ptrace.h
> +++ b/arch/arm/include/asm/ptrace.h
> @@ -46,8 +46,13 @@ struct svc_pt_regs {
>  #define processor_mode(regs) \
>  	((regs)->ARM_cpsr & MODE_MASK)
>  
> +static inline bool regs_irqs_disabled(const struct pt_regs *regs)
> +{
> +	return regs->ARM_cpsr & PSR_I_BIT;
> +}
> +
>  #define interrupts_enabled(regs) \
> -	(!((regs)->ARM_cpsr & PSR_I_BIT))
> +	(!regs_irqs_disabled(regs))
>  
>  #define fast_interrupts_enabled(regs) \
>  	(!((regs)->ARM_cpsr & PSR_F_BIT))
> diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile
> index b36cf0cfd4a7..3b8a62f6f54d 100644
> --- a/arch/arm/kernel/Makefile
> +++ b/arch/arm/kernel/Makefile
> @@ -17,7 +17,7 @@ CFLAGS_REMOVE_return_address.o = -pg
>  
>  # Object file lists.
>  
> -obj-y		:= elf.o entry-common.o irq.o opcodes.o \
> +obj-y		:= elf.o entry.o entry-common.o irq.o opcodes.o \
>  		   process.o ptrace.o reboot.o io.o \
>  		   setup.o signal.o sigreturn_codes.o \
>  		   stacktrace.o sys_arm.o time.o traps.o
> diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
> index a3d050ce9b79..8ac7f1512ee8 100644
> --- a/arch/arm/kernel/entry-armv.S
> +++ b/arch/arm/kernel/entry-armv.S
> @@ -36,35 +36,6 @@
>  #define RELOC_TEXT_NONE
>  #endif
>  
> -/*
> - * Interrupt handling.
> - */
> -	.macro	irq_handler, from_user:req
> -	mov	r1, sp
> -	ldr_this_cpu r2, irq_stack_ptr, r2, r3
> -	.if	\from_user == 0
> -	@
> -	@ If we took the interrupt while running in the kernel, we may already
> -	@ be using the IRQ stack, so revert to the original value in that case.
> -	@
> -	subs	r3, r2, r1		@ SP above bottom of IRQ stack?
> -	rsbscs	r3, r3, #THREAD_SIZE	@ ... and below the top?
> -#ifdef CONFIG_VMAP_STACK
> -	ldr_va	r3, high_memory, cc	@ End of the linear region
> -	cmpcc	r3, r1			@ Stack pointer was below it?
> -#endif
> -	bcc	0f			@ If not, switch to the IRQ stack
> -	mov	r0, r1
> -	bl	generic_handle_arch_irq
> -	b	1f
> -0:
> -	.endif
> -
> -	mov_l	r0, generic_handle_arch_irq
> -	bl	call_with_stack
> -1:
> -	.endm
> -
>  	.macro	pabt_helper
>  	@ PABORT handler takes pt_regs in r2, fault address in r4 and psr in r5
>  #ifdef MULTI_PABORT
> @@ -224,34 +195,17 @@ ENDPROC(__dabt_svc)
>  
>  	.align	5
>  __irq_svc:
> -	svc_entry
> -	irq_handler from_user=0
> -
> -#ifdef CONFIG_PREEMPTION
> -	ldr	r8, [tsk, #TI_PREEMPT]		@ get preempt count
> -	ldr	r0, [tsk, #TI_FLAGS]		@ get flags
> -	teq	r8, #0				@ if preempt count != 0
> -	movne	r0, #0				@ force flags to 0
> -	tst	r0, #_TIF_NEED_RESCHED
> -	blne	svc_preempt
> -#endif
> +	svc_entry trace=0
> +	mov	r0, sp				@ regs
> +	mov	r1, #0				@ from kernel mode
> +	bl	arm_irq_handler
>  
> -	svc_exit r5, irq = 1			@ return from exception
> +	svc_exit r5, irqentry = 1		@ return from exception
>   UNWIND(.fnend		)
>  ENDPROC(__irq_svc)
>  
>  	.ltorg
>  
> -#ifdef CONFIG_PREEMPTION
> -svc_preempt:
> -	mov	r8, lr
> -1:	bl	preempt_schedule_irq		@ irq en/disable is done inside
> -	ldr	r0, [tsk, #TI_FLAGS]		@ get new tasks TI_FLAGS
> -	tst	r0, #_TIF_NEED_RESCHED
> -	reteq	r8				@ go again
> -	b	1b
> -#endif
> -
>  __und_fault:
>  	@ Correct the PC such that it is pointing at the instruction
>  	@ which caused the fault.  If the faulting instruction was ARM
> @@ -302,7 +256,7 @@ ENDPROC(__pabt_svc)
>  __fiq_svc:
>  	svc_entry trace=0
>  	mov	r0, sp				@ struct pt_regs *regs
> -	bl	handle_fiq_as_nmi
> +	bl	arm_fiq_handler
>  	svc_exit_via_fiq
>   UNWIND(.fnend		)
>  ENDPROC(__fiq_svc)
> @@ -331,7 +285,7 @@ __fiq_abt:
>  	stmfd	sp!, {r1 - r2}
>  
>  	add	r0, sp, #8			@ struct pt_regs *regs
> -	bl	handle_fiq_as_nmi
> +	bl	arm_fiq_handler
>  
>  	ldmfd	sp!, {r1 - r2}
>   ARM(	msr	cpsr_c, #ABT_MODE | PSR_I_BIT | PSR_F_BIT )
> @@ -438,12 +392,15 @@ ENDPROC(__dabt_usr)
>  
>  	.align	5
>  __irq_usr:
> -	usr_entry
> +	usr_entry trace=0
>  	kuser_cmpxchg_check
> -	irq_handler from_user=1
> -	get_thread_info tsk
> -	mov	why, #0
> -	b	ret_to_user_from_irq
> +	mov	r0, sp				@ regs
> +	mov	r1, #1				@ from user mode
> +	bl	arm_irq_handler
> +#ifdef CONFIG_KSTACK_ERASE
> +	bl	stackleak_erase_on_task_stack
> +#endif
> +	restore_user_regs fast = 0, offset = 0
>   UNWIND(.fnend		)
>  ENDPROC(__irq_usr)
>  
> @@ -498,7 +455,7 @@ __fiq_usr:
>  	usr_entry trace=0
>  	kuser_cmpxchg_check
>  	mov	r0, sp				@ struct pt_regs *regs
> -	bl	handle_fiq_as_nmi
> +	bl	arm_fiq_handler
>  	get_thread_info tsk
>  	restore_user_regs fast = 0, offset = 0
>   UNWIND(.fnend		)
> diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
> index 88336a1292bb..d5fdb234c1d4 100644
> --- a/arch/arm/kernel/entry-common.S
> +++ b/arch/arm/kernel/entry-common.S
> @@ -110,7 +110,8 @@ ret_slow_syscall:
>  	bl	do_rseq_syscall
>  #endif
>  	disable_irq_notrace			@ disable interrupts
> -ENTRY(ret_to_user_from_irq)
> +ENTRY(v7m_ret_to_user_from_irq)
> +	/* Only the v7m jumps directly to v7m_ret_to_user_from_irq */
>  	ldr	r1, [tsk, #TI_FLAGS]
>  	movs	r1, r1, lsl #16
>  	bne	slow_work_pending
> @@ -123,7 +124,7 @@ no_work_pending:
>  	bl	stackleak_erase_on_task_stack
>  #endif
>  	restore_user_regs fast = 0, offset = 0
> -ENDPROC(ret_to_user_from_irq)
> +ENDPROC(v7m_ret_to_user_from_irq)
>  ENDPROC(ret_to_user)
>  
>  /*
> diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S
> index 99411fa91350..e83f2fb8a592 100644
> --- a/arch/arm/kernel/entry-header.S
> +++ b/arch/arm/kernel/entry-header.S
> @@ -199,7 +199,11 @@
>  	.endm
>  
>  
> -	.macro	svc_exit, rpsr, irq = 0
> +	.macro	svc_exit, rpsr, irq = 0, irqentry = 0
> +	.if	\irqentry != 0
> +	@ Generic IRQ entry already handled tracing and lockdep state.
> +	disable_irq_notrace
> +	.else
>  	.if	\irq != 0
>  	@ IRQs already off
>  #ifdef CONFIG_TRACE_IRQFLAGS
> @@ -216,6 +220,7 @@
>  	tst	\rpsr, #PSR_I_BIT
>  	blne	trace_hardirqs_off
>  #endif
> +	.endif
>  	.endif
>  	uaccess_exit tsk, r0, r1
>  
> diff --git a/arch/arm/kernel/entry-v7m.S b/arch/arm/kernel/entry-v7m.S
> index 52bacf07ba16..49a3a34e2913 100644
> --- a/arch/arm/kernel/entry-v7m.S
> +++ b/arch/arm/kernel/entry-v7m.S
> @@ -94,7 +94,7 @@ __pendsv_entry:
>  	@ execute the pending work, including reschedule
>  	get_thread_info tsk
>  	mov	why, #0
> -	b	ret_to_user_from_irq
> +	b	v7m_ret_to_user_from_irq
>  ENDPROC(__pendsv_entry)
>  
>  /*
> diff --git a/arch/arm/kernel/entry.c b/arch/arm/kernel/entry.c
> new file mode 100644
> index 000000000000..1142e418d161
> --- /dev/null
> +++ b/arch/arm/kernel/entry.c
> @@ -0,0 +1,51 @@
> +// SPDX-License-Identifier: GPL-2.0
> +#include <linux/hardirq.h>
> +#include <linux/irq-entry-common.h>
> +#include <linux/irq.h>
> +
> +#include <asm/entry.h>
> +#include <asm/stacktrace.h>
> +#include <asm/traps.h>
> +
> +#include "irq.h"
> +
> +static void noinstr handle_arm_irq(void *data)
> +{
> +	struct pt_regs *regs = data;
> +	struct pt_regs *old_regs;
> +
> +	irq_enter_rcu();
> +	old_regs = set_irq_regs(regs);
> +
> +	handle_arch_irq(regs);
> +
> +	set_irq_regs(old_regs);
> +	irq_exit_rcu();
> +}
> +
> +noinstr void arm_irq_handler(struct pt_regs *regs, int mode)
> +{
> +	irqentry_state_t state = irqentry_enter(regs);
> +
> +	/*
> +	 * mode == 1 means we came from userspace, and then we
> +	 * should just immediately switch to the irq stack.
> +	 * Then we check of we are on the thread stack. If we are
> +	 * not, then by definition we are already using the irq stack.
> +	 */
> +	if (mode == 1 || on_thread_stack())
> +		call_on_irq_stack(handle_arm_irq, regs);

It seems that the CONFIG_VMAP_STACK Overflow Protection is missing,
should we implement the C version of CONFIG_VMAP_STACK first, before
moving the IRQ handling to C?"

-       .macro  irq_handler, from_user:req
-#ifdef CONFIG_VMAP_STACK
-       ldr_va  r3, high_memory, cc     @ End of the linear region
-       cmpcc   r3, r1                  @ Stack pointer was below it?
-#endif


> +	else
> +		handle_arm_irq(regs);
> +
> +	irqentry_exit(regs, state);
> +}
> +
> +noinstr void arm_fiq_handler(struct pt_regs *regs)
> +{
> +	irqentry_state_t state = irqentry_nmi_enter(regs);
> +
> +	handle_fiq_as_nmi(regs);
> +
> +	irqentry_nmi_exit(regs, state);
> +}
> diff --git a/arch/arm/kernel/irq.c b/arch/arm/kernel/irq.c
> index e1993e28a9ec..f99d6b24d8ff 100644
> --- a/arch/arm/kernel/irq.c
> +++ b/arch/arm/kernel/irq.c
> @@ -43,6 +43,7 @@
>  #include <asm/mach/irq.h>
>  #include <asm/mach/time.h>
>  
> +#include "irq.h"
>  #include "reboot.h"
>  
>  unsigned long irq_err_count;
> @@ -71,6 +72,11 @@ static void __init init_irq_stacks(void)
>  	}
>  }
>  
> +void call_on_irq_stack(void (*fn)(void *), void *arg)
> +{
> +	call_with_stack(fn, arg, __this_cpu_read(irq_stack_ptr));
> +}
> +
>  #ifdef CONFIG_SOFTIRQ_ON_OWN_STACK
>  static void ____do_softirq(void *arg)
>  {
> diff --git a/arch/arm/kernel/irq.h b/arch/arm/kernel/irq.h
> new file mode 100644
> index 000000000000..80dd5bfe6403
> --- /dev/null
> +++ b/arch/arm/kernel/irq.h
> @@ -0,0 +1,2 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +void call_on_irq_stack(void (*fn)(void *), void *arg);
> diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
> index 7be9188d83d9..9084c04c07f7 100644
> --- a/arch/arm/kernel/signal.c
> +++ b/arch/arm/kernel/signal.c
> @@ -12,6 +12,7 @@
>  #include <linux/resume_user_mode.h>
>  #include <linux/uprobes.h>
>  #include <linux/syscalls.h>
> +#include <linux/irq-entry-common.h>
>  
>  #include <asm/elf.h>
>  #include <asm/cacheflush.h>
> @@ -599,6 +600,11 @@ static int do_signal(struct pt_regs *regs, int syscall)
>  	return 0;
>  }
>  
> +void arch_do_signal_or_restart(struct pt_regs *regs)
> +{
> +	do_signal(regs, 0);
> +}
> +
>  asmlinkage int
>  do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall)
>  {
> 
> ---
> base-commit: 8cd9520d35a6c38db6567e97dd93b1f11f185dc6
> change-id: 20260622-arm-generic-irq-entry-v7-1-ff6c1d6c9c48
> 
> Best regards,
> --  
> Linus Walleij <linusw@kernel.org>
> 
> 
> 



^ permalink raw reply

* Re: [PATCH] ARM: entry: Convert IRQ handling to generic IRQ entry
From: Jinjie Ruan @ 2026-06-27  2:57 UTC (permalink / raw)
  To: Linus Walleij, Paul E. McKenney, Arnd Bergmann, Russell King,
	Oleg Nesterov, Thomas Gleixner
  Cc: linux-arm-kernel, linux-kernel
In-Reply-To: <20260623-arm-generic-irq-entry-v7-1-v1-1-f25ca7079e3b@kernel.org>



On 6/23/2026 6:52 AM, Linus Walleij wrote:
> Bring ARM to the same level of generic-ness as ARM64 by enabling
> GENERIC_IRQ_ENTRY.
> 
> Route ARM IRQ entry through C wrappers that use the generic IRQ entry
> helpers. Conversely put the FIQ entry under the generic NMI-style entry
> helpers.
> 
> Select GENERIC_IRQ_ENTRY, add the ARM entry prototypes, and provide
> regs_irqs_disabled() for the generic IRQ entry return path.
> 
> The kernel-mode IRQ return path relies on the generic IRQ entry
> preemption handling, matching the arm64 structure and avoiding the old
> assembly reschedule check.
> 
> The reschedule check is now done in raw_irqentry_exit_cond_resched()
> in kernel/entry/common.c.
> 
> User-mode IRQs __irq_usr is neither calling ct_user_exit/enter
> or asm_trace_hardirqs_off/on anymore. The corresponding calls happen on
> irqentry_enter/exit() call paths, e.g the irq-disabled C variants
> __ct_user_exit/enter() are called instead.
> 
> As __irq_usr no longer returns by jumping to ret_to_user_from_irq,
> the corresponding code has been inlined, except the slow_work_pending
> part, which is now also handled by generic entry. ret_to_user_from_irq
> is only called from v7m so it has been renamed accordingly.
> 
> arch_do_signal_or_restart() is required, but we only need a very small
> stub, since we keep the existing syscall restart code around in assembly.
> 
> Tested on with multi_v7_defconfig and qemu-system-arm vexpress-a15
> using vexpress-v2p-ca15-tc1.dtb and some different loads.
> 
> A note on V7M: the reason we cannot switch the V7M entry over to generic
> entry is that it raises a "pendable service call" ("pendv") exception to
> process deferred work at the end of the interrupt handler. This is done
> so higher priority work can come in. This has no corresponding structure
> in other ARM cores.
> 
> This is a reduced patch based on the earlier generic entry series avoiding
> all the syscall handling changes.
> 
> Link: https://lore.kernel.org/linux-arm-kernel/20250420-arm-generic-entry-v6-0-95f1fcdfeeb2@linaro.org/
> Signed-off-by: Linus Walleij <linusw@kernel.org>
> ---
>  arch/arm/Kconfig                    |  1 +
>  arch/arm/include/asm/entry-common.h |  7 ++++
>  arch/arm/include/asm/entry.h        | 10 +++++
>  arch/arm/include/asm/ptrace.h       |  7 +++-
>  arch/arm/kernel/Makefile            |  2 +-
>  arch/arm/kernel/entry-armv.S        | 75 ++++++++-----------------------------
>  arch/arm/kernel/entry-common.S      |  5 ++-
>  arch/arm/kernel/entry-header.S      |  7 +++-
>  arch/arm/kernel/entry-v7m.S         |  2 +-
>  arch/arm/kernel/entry.c             | 51 +++++++++++++++++++++++++
>  arch/arm/kernel/irq.c               |  6 +++
>  arch/arm/kernel/irq.h               |  2 +
>  arch/arm/kernel/signal.c            |  6 +++
>  13 files changed, 116 insertions(+), 65 deletions(-)
> 
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index 73e6647bea46..aad21d645ff3 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -71,6 +71,7 @@ config ARM
>  	select GENERIC_CPU_AUTOPROBE
>  	select GENERIC_CPU_DEVICES
>  	select GENERIC_EARLY_IOREMAP
> +	select GENERIC_IRQ_ENTRY if !CPU_V7M
>  	select GENERIC_IDLE_POLL_SETUP
>  	select GENERIC_IRQ_MULTI_HANDLER
>  	select GENERIC_IRQ_PROBE
> diff --git a/arch/arm/include/asm/entry-common.h b/arch/arm/include/asm/entry-common.h
> new file mode 100644
> index 000000000000..c017df5f39d5
> --- /dev/null
> +++ b/arch/arm/include/asm/entry-common.h
> @@ -0,0 +1,7 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef __ASM_ARM_ENTRY_COMMON_H
> +#define __ASM_ARM_ENTRY_COMMON_H
> +
> +#include <asm/stacktrace.h>
> +
> +#endif
> diff --git a/arch/arm/include/asm/entry.h b/arch/arm/include/asm/entry.h
> new file mode 100644
> index 000000000000..864c9b3abbf1
> --- /dev/null
> +++ b/arch/arm/include/asm/entry.h
> @@ -0,0 +1,10 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +#ifndef __ASM_ENTRY_H__
> +#define __ASM_ENTRY_H__
> +
> +struct pt_regs;
> +
> +void arm_irq_handler(struct pt_regs *regs, int mode);
> +void arm_fiq_handler(struct pt_regs *regs);
> +
> +#endif /* __ASM_ENTRY_H__ */
> diff --git a/arch/arm/include/asm/ptrace.h b/arch/arm/include/asm/ptrace.h
> index 6eb311fb2da0..88ddb9371a02 100644
> --- a/arch/arm/include/asm/ptrace.h
> +++ b/arch/arm/include/asm/ptrace.h
> @@ -46,8 +46,13 @@ struct svc_pt_regs {
>  #define processor_mode(regs) \
>  	((regs)->ARM_cpsr & MODE_MASK)
>  
> +static inline bool regs_irqs_disabled(const struct pt_regs *regs)
> +{
> +	return regs->ARM_cpsr & PSR_I_BIT;
> +}

Hi Linus,

Thanks for the patch.

I have a small suggestion regarding the `interrupts_enabled` logic. If
arm32 could also implement `regs_irqs_disabled(regs)` (similar to what
arm64 and some other architectures already have), we might be able to
unify this across subsystems.

Specifically, we could then replace the custom `interrupts_enabled`
usage in both the arm64 architecture code and drivers like
`drivers/irqchip/irq-gic-v3.c`.

--- a/arch/arm64/include/asm/ptrace.h
+++ b/arch/arm64/include/asm/ptrace.h
@@ -215,8 +215,6 @@ static __always_inline bool regs_irqs_disabled(const
struct pt_regs *regs)
        return (regs->pstate & PSR_I_BIT) || !irqs_priority_unmasked(regs);
 }

-#define interrupts_enabled(regs)       (!regs_irqs_disabled(regs))
-
 static inline unsigned long user_stack_pointer(struct pt_regs *regs)
 {
        if (compat_user_mode(regs))
diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c
index 99444a1b2ffa..60fa6a60adce 100644
--- a/drivers/irqchip/irq-gic-v3.c
+++ b/drivers/irqchip/irq-gic-v3.c
@@ -914,7 +914,7 @@ static void __gic_handle_irq_from_irqsoff(struct
pt_regs *regs)

 static void __exception_irq_entry gic_handle_irq(struct pt_regs *regs)
 {
-       if (unlikely(gic_supports_nmi() && !interrupts_enabled(regs)))
+       if (unlikely(gic_supports_nmi() && regs_irqs_disabled(regs)))
                __gic_handle_irq_from_irqsoff(regs);
        else
                __gic_handle_irq_from_irqson(regs);

Best regards,
Jinjie


> +
>  #define interrupts_enabled(regs) \
> -	(!((regs)->ARM_cpsr & PSR_I_BIT))
> +	(!regs_irqs_disabled(regs))
>  
>  #define fast_interrupts_enabled(regs) \
>  	(!((regs)->ARM_cpsr & PSR_F_BIT))
> diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile
> index b36cf0cfd4a7..3b8a62f6f54d 100644
> --- a/arch/arm/kernel/Makefile
> +++ b/arch/arm/kernel/Makefile
> @@ -17,7 +17,7 @@ CFLAGS_REMOVE_return_address.o = -pg
>  
>  # Object file lists.
>  
> -obj-y		:= elf.o entry-common.o irq.o opcodes.o \
> +obj-y		:= elf.o entry.o entry-common.o irq.o opcodes.o \
>  		   process.o ptrace.o reboot.o io.o \
>  		   setup.o signal.o sigreturn_codes.o \
>  		   stacktrace.o sys_arm.o time.o traps.o
> diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
> index a3d050ce9b79..8ac7f1512ee8 100644
> --- a/arch/arm/kernel/entry-armv.S
> +++ b/arch/arm/kernel/entry-armv.S
> @@ -36,35 +36,6 @@
>  #define RELOC_TEXT_NONE
>  #endif
>  
> -/*
> - * Interrupt handling.
> - */
> -	.macro	irq_handler, from_user:req
> -	mov	r1, sp
> -	ldr_this_cpu r2, irq_stack_ptr, r2, r3
> -	.if	\from_user == 0
> -	@
> -	@ If we took the interrupt while running in the kernel, we may already
> -	@ be using the IRQ stack, so revert to the original value in that case.
> -	@
> -	subs	r3, r2, r1		@ SP above bottom of IRQ stack?
> -	rsbscs	r3, r3, #THREAD_SIZE	@ ... and below the top?
> -#ifdef CONFIG_VMAP_STACK
> -	ldr_va	r3, high_memory, cc	@ End of the linear region
> -	cmpcc	r3, r1			@ Stack pointer was below it?
> -#endif
> -	bcc	0f			@ If not, switch to the IRQ stack
> -	mov	r0, r1
> -	bl	generic_handle_arch_irq
> -	b	1f
> -0:
> -	.endif
> -
> -	mov_l	r0, generic_handle_arch_irq
> -	bl	call_with_stack
> -1:
> -	.endm
> -
>  	.macro	pabt_helper
>  	@ PABORT handler takes pt_regs in r2, fault address in r4 and psr in r5
>  #ifdef MULTI_PABORT
> @@ -224,34 +195,17 @@ ENDPROC(__dabt_svc)
>  
>  	.align	5
>  __irq_svc:
> -	svc_entry
> -	irq_handler from_user=0
> -
> -#ifdef CONFIG_PREEMPTION
> -	ldr	r8, [tsk, #TI_PREEMPT]		@ get preempt count
> -	ldr	r0, [tsk, #TI_FLAGS]		@ get flags
> -	teq	r8, #0				@ if preempt count != 0
> -	movne	r0, #0				@ force flags to 0
> -	tst	r0, #_TIF_NEED_RESCHED
> -	blne	svc_preempt
> -#endif
> +	svc_entry trace=0
> +	mov	r0, sp				@ regs
> +	mov	r1, #0				@ from kernel mode
> +	bl	arm_irq_handler
>  
> -	svc_exit r5, irq = 1			@ return from exception
> +	svc_exit r5, irqentry = 1		@ return from exception
>   UNWIND(.fnend		)
>  ENDPROC(__irq_svc)
>  
>  	.ltorg
>  
> -#ifdef CONFIG_PREEMPTION
> -svc_preempt:
> -	mov	r8, lr
> -1:	bl	preempt_schedule_irq		@ irq en/disable is done inside
> -	ldr	r0, [tsk, #TI_FLAGS]		@ get new tasks TI_FLAGS
> -	tst	r0, #_TIF_NEED_RESCHED
> -	reteq	r8				@ go again
> -	b	1b
> -#endif
> -
>  __und_fault:
>  	@ Correct the PC such that it is pointing at the instruction
>  	@ which caused the fault.  If the faulting instruction was ARM
> @@ -302,7 +256,7 @@ ENDPROC(__pabt_svc)
>  __fiq_svc:
>  	svc_entry trace=0
>  	mov	r0, sp				@ struct pt_regs *regs
> -	bl	handle_fiq_as_nmi
> +	bl	arm_fiq_handler
>  	svc_exit_via_fiq
>   UNWIND(.fnend		)
>  ENDPROC(__fiq_svc)
> @@ -331,7 +285,7 @@ __fiq_abt:
>  	stmfd	sp!, {r1 - r2}
>  
>  	add	r0, sp, #8			@ struct pt_regs *regs
> -	bl	handle_fiq_as_nmi
> +	bl	arm_fiq_handler
>  
>  	ldmfd	sp!, {r1 - r2}
>   ARM(	msr	cpsr_c, #ABT_MODE | PSR_I_BIT | PSR_F_BIT )
> @@ -438,12 +392,15 @@ ENDPROC(__dabt_usr)
>  
>  	.align	5
>  __irq_usr:
> -	usr_entry
> +	usr_entry trace=0
>  	kuser_cmpxchg_check
> -	irq_handler from_user=1
> -	get_thread_info tsk
> -	mov	why, #0
> -	b	ret_to_user_from_irq
> +	mov	r0, sp				@ regs
> +	mov	r1, #1				@ from user mode
> +	bl	arm_irq_handler
> +#ifdef CONFIG_KSTACK_ERASE
> +	bl	stackleak_erase_on_task_stack
> +#endif
> +	restore_user_regs fast = 0, offset = 0
>   UNWIND(.fnend		)
>  ENDPROC(__irq_usr)
>  
> @@ -498,7 +455,7 @@ __fiq_usr:
>  	usr_entry trace=0
>  	kuser_cmpxchg_check
>  	mov	r0, sp				@ struct pt_regs *regs
> -	bl	handle_fiq_as_nmi
> +	bl	arm_fiq_handler
>  	get_thread_info tsk
>  	restore_user_regs fast = 0, offset = 0
>   UNWIND(.fnend		)
> diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
> index 88336a1292bb..d5fdb234c1d4 100644
> --- a/arch/arm/kernel/entry-common.S
> +++ b/arch/arm/kernel/entry-common.S
> @@ -110,7 +110,8 @@ ret_slow_syscall:
>  	bl	do_rseq_syscall
>  #endif
>  	disable_irq_notrace			@ disable interrupts
> -ENTRY(ret_to_user_from_irq)
> +ENTRY(v7m_ret_to_user_from_irq)
> +	/* Only the v7m jumps directly to v7m_ret_to_user_from_irq */
>  	ldr	r1, [tsk, #TI_FLAGS]
>  	movs	r1, r1, lsl #16
>  	bne	slow_work_pending
> @@ -123,7 +124,7 @@ no_work_pending:
>  	bl	stackleak_erase_on_task_stack
>  #endif
>  	restore_user_regs fast = 0, offset = 0
> -ENDPROC(ret_to_user_from_irq)
> +ENDPROC(v7m_ret_to_user_from_irq)
>  ENDPROC(ret_to_user)
>  
>  /*
> diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S
> index 99411fa91350..e83f2fb8a592 100644
> --- a/arch/arm/kernel/entry-header.S
> +++ b/arch/arm/kernel/entry-header.S
> @@ -199,7 +199,11 @@
>  	.endm
>  
>  
> -	.macro	svc_exit, rpsr, irq = 0
> +	.macro	svc_exit, rpsr, irq = 0, irqentry = 0
> +	.if	\irqentry != 0
> +	@ Generic IRQ entry already handled tracing and lockdep state.
> +	disable_irq_notrace
> +	.else
>  	.if	\irq != 0
>  	@ IRQs already off
>  #ifdef CONFIG_TRACE_IRQFLAGS
> @@ -216,6 +220,7 @@
>  	tst	\rpsr, #PSR_I_BIT
>  	blne	trace_hardirqs_off
>  #endif
> +	.endif
>  	.endif
>  	uaccess_exit tsk, r0, r1
>  
> diff --git a/arch/arm/kernel/entry-v7m.S b/arch/arm/kernel/entry-v7m.S
> index 52bacf07ba16..49a3a34e2913 100644
> --- a/arch/arm/kernel/entry-v7m.S
> +++ b/arch/arm/kernel/entry-v7m.S
> @@ -94,7 +94,7 @@ __pendsv_entry:
>  	@ execute the pending work, including reschedule
>  	get_thread_info tsk
>  	mov	why, #0
> -	b	ret_to_user_from_irq
> +	b	v7m_ret_to_user_from_irq
>  ENDPROC(__pendsv_entry)
>  
>  /*
> diff --git a/arch/arm/kernel/entry.c b/arch/arm/kernel/entry.c
> new file mode 100644
> index 000000000000..1142e418d161
> --- /dev/null
> +++ b/arch/arm/kernel/entry.c
> @@ -0,0 +1,51 @@
> +// SPDX-License-Identifier: GPL-2.0
> +#include <linux/hardirq.h>
> +#include <linux/irq-entry-common.h>
> +#include <linux/irq.h>
> +
> +#include <asm/entry.h>
> +#include <asm/stacktrace.h>
> +#include <asm/traps.h>
> +
> +#include "irq.h"
> +
> +static void noinstr handle_arm_irq(void *data)
> +{
> +	struct pt_regs *regs = data;
> +	struct pt_regs *old_regs;
> +
> +	irq_enter_rcu();
> +	old_regs = set_irq_regs(regs);
> +
> +	handle_arch_irq(regs);
> +
> +	set_irq_regs(old_regs);
> +	irq_exit_rcu();
> +}
> +
> +noinstr void arm_irq_handler(struct pt_regs *regs, int mode)
> +{
> +	irqentry_state_t state = irqentry_enter(regs);
> +
> +	/*
> +	 * mode == 1 means we came from userspace, and then we
> +	 * should just immediately switch to the irq stack.
> +	 * Then we check of we are on the thread stack. If we are
> +	 * not, then by definition we are already using the irq stack.
> +	 */
> +	if (mode == 1 || on_thread_stack())
> +		call_on_irq_stack(handle_arm_irq, regs);
> +	else
> +		handle_arm_irq(regs);
> +
> +	irqentry_exit(regs, state);
> +}
> +
> +noinstr void arm_fiq_handler(struct pt_regs *regs)
> +{
> +	irqentry_state_t state = irqentry_nmi_enter(regs);
> +
> +	handle_fiq_as_nmi(regs);
> +
> +	irqentry_nmi_exit(regs, state);
> +}
> diff --git a/arch/arm/kernel/irq.c b/arch/arm/kernel/irq.c
> index e1993e28a9ec..f99d6b24d8ff 100644
> --- a/arch/arm/kernel/irq.c
> +++ b/arch/arm/kernel/irq.c
> @@ -43,6 +43,7 @@
>  #include <asm/mach/irq.h>
>  #include <asm/mach/time.h>
>  
> +#include "irq.h"
>  #include "reboot.h"
>  
>  unsigned long irq_err_count;
> @@ -71,6 +72,11 @@ static void __init init_irq_stacks(void)
>  	}
>  }
>  
> +void call_on_irq_stack(void (*fn)(void *), void *arg)
> +{
> +	call_with_stack(fn, arg, __this_cpu_read(irq_stack_ptr));
> +}
> +
>  #ifdef CONFIG_SOFTIRQ_ON_OWN_STACK
>  static void ____do_softirq(void *arg)
>  {
> diff --git a/arch/arm/kernel/irq.h b/arch/arm/kernel/irq.h
> new file mode 100644
> index 000000000000..80dd5bfe6403
> --- /dev/null
> +++ b/arch/arm/kernel/irq.h
> @@ -0,0 +1,2 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +void call_on_irq_stack(void (*fn)(void *), void *arg);
> diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
> index 7be9188d83d9..9084c04c07f7 100644
> --- a/arch/arm/kernel/signal.c
> +++ b/arch/arm/kernel/signal.c
> @@ -12,6 +12,7 @@
>  #include <linux/resume_user_mode.h>
>  #include <linux/uprobes.h>
>  #include <linux/syscalls.h>
> +#include <linux/irq-entry-common.h>
>  
>  #include <asm/elf.h>
>  #include <asm/cacheflush.h>
> @@ -599,6 +600,11 @@ static int do_signal(struct pt_regs *regs, int syscall)
>  	return 0;
>  }
>  
> +void arch_do_signal_or_restart(struct pt_regs *regs)
> +{
> +	do_signal(regs, 0);
> +}
> +
>  asmlinkage int
>  do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall)
>  {
> 
> ---
> base-commit: 8cd9520d35a6c38db6567e97dd93b1f11f185dc6
> change-id: 20260622-arm-generic-irq-entry-v7-1-ff6c1d6c9c48
> 
> Best regards,
> --  
> Linus Walleij <linusw@kernel.org>
> 



^ permalink raw reply related

* 答复: [外部邮件] Re: [PATCH] arm64: mm: refresh stale pmd snapshot after split_contpmd()
From: Li,Rongqing @ 2026-06-27  2:46 UTC (permalink / raw)
  To: Yang Shi, Catalin Marinas, Will Deacon, Ryan Roberts,
	Ard Biesheuvel, David Hildenbrand, Anshuman Khandual,
	Kevin Brodsky, Chaitanya S Prakash,
	linux-arm-kernel@lists.infradead.org,
	linux-kernel@vger.kernel.org
In-Reply-To: <32e089d6-7832-4af3-87fc-c1d6bcdb5ba8@os.amperecomputing.com>

> 
> 
> 
> On 6/25/26 4:39 AM, lirongqing wrote:
> > From: Li RongQing <lirongqing@baidu.com>
> >
> > split_contpmd() modifies the pmd entries in-place by clearing the CONT
> > bit, but the local 'pmd' variable still holds the old snapshot with
> > CONT set. The subsequent split_pmd() call uses this stale value to
> > derive the pgprot for the new PTE entries via pmd_pgprot(), causing
> > the resulting PTEs to be populated with incorrect protection bits.
> 
> If I read the code correctly, CONT bit is cleared by split_pmd(), then the bit
> may be set again for PTEs if we want to have cont ptes. So I don't see any
> problem, did I miss something?
> 

You are right, there's no functional issue with the current code.
However, I think explicitly re-reading the pmd is the safer and clearer 
approach — it makes the intent obvious (we need the post-modification state) 
rather than relying on the implicit assumption that "CONT bit doesn't affect pgprot."

Thanks


[Li,Rongqing] 


> Thanks,
> Yang
> 
> >
> > Fix this by re-reading the pmd from memory after split_contpmd()
> > returns in both call sites: split_kernel_leaf_mapping_locked() and
> > split_to_ptes_pmd_entry().
> >
> > Fixes: a166563e7ec3 ("arm64: mm: support large block mapping when
> > rodata=full")
> > Signed-off-by: Li RongQing <lirongqing@baidu.com>
> > ---
> >   arch/arm64/mm/mmu.c | 8 ++++++--
> >   1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index
> > 12e862c..e510336 100644
> > --- a/arch/arm64/mm/mmu.c
> > +++ b/arch/arm64/mm/mmu.c
> > @@ -746,8 +746,10 @@ static int
> split_kernel_leaf_mapping_locked(unsigned long addr)
> >   	if (!pmd_present(pmd))
> >   		goto out;
> >   	if (pmd_leaf(pmd)) {
> > -		if (pmd_cont(pmd))
> > +		if (pmd_cont(pmd)) {
> >   			split_contpmd(pmdp);
> > +			pmd = pmdp_get(pmdp);
> > +		}
> >   		/*
> >   		 * PMD: If addr is PMD aligned then addr already describes a
> >   		 * leaf boundary. Otherwise, split to contpte.
> > @@ -891,8 +893,10 @@ static int split_to_ptes_pmd_entry(pmd_t *pmdp,
> unsigned long addr,
> >   	int ret = 0;
> >
> >   	if (pmd_leaf(pmd)) {
> > -		if (pmd_cont(pmd))
> > +		if (pmd_cont(pmd)) {
> >   			split_contpmd(pmdp);
> > +			pmd = pmdp_get(pmdp);
> > +		}
> >   		ret = split_pmd(pmdp, pmd, gfp, false);
> >
> >   		/*


^ permalink raw reply

* Re: [PATCH v3 1/2] ARM: mm: fix use-after-free in __do_user_fault() under CONFIG_DEBUG_USER
From: Qi Xi @ 2026-06-27  1:39 UTC (permalink / raw)
  To: Russell King
  Cc: Andrew Morton, linux-arm-kernel, linux-kernel, Yuanbin Xie,
	Nanyong Sun
In-Reply-To: <aj5KCj1cRX3_IpPN@shell.armlinux.org.uk>

Hi Russell,

Thank you for the review. I understand the general concern about
taking locks in fault paths, but I would like to clarify the specific
case here.

__do_user_fault() with CONFIG_DEBUG_USER is not a kernel-dying path.
After show_pte() prints debug info, the kernel calls
force_sig_fault(SIGSEGV) and returns to user space. The system
continues running normally. Without this fix, a concurrent munmap can
cause show_pte() to trigger a secondary kernel fault, turning a
harmless SIGSEGV into a kernel panic.

Regarding your concern about the mm lock being already held: I have
verified that all three callers of __do_user_fault() (do_page_fault
-> bad_area, do_bad_area user path, and do_kernel_address_page_fault
user path) release mmap_read_lock or never hold it before entering
__do_user_fault(). So the lock is not held here.

It is also worth noting that we did NOT modify the paths where the
kernel is already dying (die_kernel_fault, __do_kernel_fault). Those
paths remain unchanged and continue to call show_pte() without any
lock, just as they always have.

On 26/06/2026 17:44, Russell King wrote:
> On Fri, Jun 26, 2026 at 03:30:47PM +0800, Qi Xi wrote:
>> When CONFIG_DEBUG_USER is enabled with user_debug=31 on 32-bit ARM,
>> a user page fault triggers show_pte() via __do_user_fault() after
>> do_page_fault() has already released mmap_read_lock. If another
>> thread concurrently calls munmap(), the page table pages can be
>> freed while show_pte() is still reading them, causing a
>> use-after-free in show_pte().
>>
>> The race can be reproduced on multi_v7_defconfig with:
>>      CONFIG_DEBUG_USER=y
>>      CONFIG_ARM_LPAE=y
>>      kernel command line: user_debug=31
>>
>> A delay inserted in show_pte() for testing widens the race window and
>> makes the UAF reliably reproducible. On LPAE, the race works as
>> follows:
>>
>>    CPU 0 (fault path)                       CPU 1 (munmap)
>>    munmap(page 0) -> clears PTE[0]
>>    PTE/PMD pages remain
>>
>>    read page 0 -> page fault
>>      -> do_DataAbort()
>>        -> do_page_fault()
>>          -> lock_mm_and_find_vma() -> no VMA
>>             (mmap_read_lock released)
>>          -> __do_user_fault()
>>            -> show_pte(tsk->mm, addr)
>>              -> *pgd (valid)
>>              -> p4d/pud checks pass
>>
>>              -> [delay]                     munmap(page 1)
>>                                               -> clears PTE[1]
>>                                               -> PTE/PMD pages freed
>>                                               -> PGD cleared
>>
>>              -> pmd_offset(pud, addr)
>>                -> *pud=0 -> __va(0)
>>                -> dereference
>>                -> secondary data abort (kernel)
>>
>> Fix by taking mmap_read_lock() around show_pte() in __do_user_fault().
>> __do_user_fault() is called from process context with interrupts
>> enabled, so the context can sleep and mmap_read_lock() is safe here.
> This is a fault path which should only be called when something is
> already wrong, the mm lock may already be held (e.g. a kernel
> fault while already holding the mmap lock.) We can't take any locks
> here.
>


^ permalink raw reply

* Re: [PATCH v3 2/2] ARM: mm: protect show_pte() in do_DataAbort() fallback path
From: Xie Yuanbin @ 2026-06-27  1:22 UTC (permalink / raw)
  To: linux; +Cc: akpm, linux-arm-kernel, linux-kernel, sunnanyong, xieyuanbin1,
	xiqi2
In-Reply-To: <aj5ybKcDxl1tOIx4@shell.armlinux.org.uk>

On Fri, 26 Jun 2026 13:37:00 +0100, Russell King wrote:
> On Fri, Jun 26, 2026 at 06:16:15PM +0800, Xie Yuanbin wrote:
>> I suggest that waiting for this patch to be merged first:
>> https://lore.kernel.org/20260625122612.43501-1-xieyuanbin1@huawei.com
>> which make sure that interrupts are enabled here.
>
> No, it doesn't ensure that.

Oh, I'm sorry my description wasn't clear. It should make sure that
for user unhandled faults, interrupts are enabled here, without
kernel unhandled faults.

> We are not "fixing" show_pte(), which is a diagnostic function when
> things go wrong in the kernel, and is there to *try* to give us
> information to diagnose what happened. It is *not* a function that
> is used routinely in the kernel.

For kernel faults, I fully agree with it. However, for
user faults, I think "fixing" is necessary.
We might be able to construct a user-mode program in some way to
repeatedly trigger unhandled faults -> show_pte(), such as executing bkpt
instruction, or something else, and then the kernel panic, this may be a
security vulnerability.


^ permalink raw reply

* Re: [PATCH 08/18] raid6: warn when using less than four devices
From: H. Peter Anvin @ 2026-06-27  1:14 UTC (permalink / raw)
  To: Christoph Hellwig, Andrew Morton
  Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Huacai Chen,
	WANG Xuerui, Madhavan Srinivasan, Michael Ellerman,
	Nicholas Piggin, Christophe Leroy (CS GROUP), Paul Walmsley,
	Palmer Dabbelt, Albert Ou, Alexandre Ghiti, Heiko Carstens,
	Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
	Sven Schnelle, Thomas Gleixner, Ingo Molnar, Borislav Petkov,
	Dave Hansen, x86, Herbert Xu, Dan Williams, Chris Mason,
	David Sterba, Arnd Bergmann, Song Liu, Yu Kuai, Li Nan,
	linux-kernel, linux-arm-kernel, loongarch, linuxppc-dev,
	linux-riscv, linux-s390, linux-crypto, linux-btrfs, linux-arch,
	linux-raid
In-Reply-To: <20260518051804.462141-9-hch@lst.de>

On 2026-05-17 22:17, Christoph Hellwig wrote:
> Quoting H. Peter Anvin who came up with the RAID6 P/Q algorithm, and
> who wrote the initial implementation, then still part of the md driver:
> 
>   The RAID-6 code has *never* supported only 3 units, and if it ever
>   worked for *any* of the implementations it was purely by accident.
>   Speaking as the original author I should know; this was deliberate as
>   in some cases the degenerate case (3) would have required extra trays

Stupid autocorrect. That was of course supposed to be "tests" (as in extra
code paths) not "trays" :)

>   in the code to no user benefit.
> 
> While md never allowed less than 4 devices, btrfs does.  This new
> warning will trigger for such file systems, but given how it already
> causes havoc that is a good thing.  If btrfs wants to fix third, it
> should switch to transparently use three-way mirroring underneath,
> which will work as P and Q are copies of the single data device by
> the definition of the Linux RAID 6 P/Q algorithm.

For what it's worth, this is also true in the degenerate two-drive RAID-4|5
case (D = P).

	-hpa



^ permalink raw reply

* Re: cleanup the RAID6 P/Q library v3
From: H. Peter Anvin @ 2026-06-27  0:52 UTC (permalink / raw)
  To: Christoph Hellwig, Andrew Morton
  Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Huacai Chen,
	WANG Xuerui, Madhavan Srinivasan, Michael Ellerman,
	Nicholas Piggin, Christophe Leroy (CS GROUP), Paul Walmsley,
	Palmer Dabbelt, Albert Ou, Alexandre Ghiti, Heiko Carstens,
	Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
	Sven Schnelle, Thomas Gleixner, Ingo Molnar, Borislav Petkov,
	Dave Hansen, x86, Herbert Xu, Dan Williams, Chris Mason,
	David Sterba, Arnd Bergmann, Song Liu, Yu Kuai, Li Nan,
	linux-kernel, linux-arm-kernel, loongarch, linuxppc-dev,
	linux-riscv, linux-s390, linux-crypto, linux-btrfs, linux-arch,
	linux-raid
In-Reply-To: <20260519082432.GA14956@lst.de>

On 2026-05-19 01:24, Christoph Hellwig wrote:
> 
> raid6: rework registration of optimized algorithms
> 
>  - avx2 instead of avx512 is probably the right thing for no
>    benchmarking, but if it was intentional (it wasn't), that should
>    be document.  So I'll just switch back to the previous version to
>    keep the state of the art

It is unlikely to be the right thing *going forward*, though.

The very unfortunate performance inversion is likely model-specific. It is one
of those things where you largely would have to have a list of quirks :(

	-hpa



^ permalink raw reply

* Re: [PATCH v2 05/11] iommu/arm-smmu-v3: Submit CMDQ_OP_PRI_RESP for IOPF event
From: Nicolin Chen @ 2026-06-27  0:44 UTC (permalink / raw)
  To: Robin Murphy
  Cc: will, jgg, joro, bhelgaas, praan, kevin.tian, kees, smostafa,
	baolu.lu, linux-arm-kernel, iommu, linux-kernel, linux-pci,
	skaestle, mmarrid, skolothumtho, bbiber
In-Reply-To: <b5085e09-6533-4f88-938d-8d46751cf7da@arm.com>

On Fri, Jun 26, 2026 at 05:15:13PM +0100, Robin Murphy wrote:
> On 28/05/2026 8:59 am, Nicolin Chen wrote:
> > From: Malak Marrid <mmarrid@nvidia.com>
> > 
> > To handle IOMMU_FAULT_PAGE_REQ from the PRI queue, arm_smmu_page_response()
> > must issue a CMDQ_OP_PRI_RESP back to the SMMU.
> > 
> > However, either a stall event in the EVTQ or a PRI request in the PRIQ can
> > surface to the IOPF infrastructure with fault.type == IOMMU_FAULT_PAGE_REQ,
> > and a single master can in principle be both stall-capable and PRI-capable
> 
> No, the SMMU architecture does all it can to specifically forbid this, see
> 3.12.1 and 16.4, it just can't be made architecturally ILLEGAL to enable
> stalls for PCIe devices because there's no strict architectural definition
> for what "a PCIe device" actually is. Similarly with the note in the
> definition of STE.EATS about the relationship with CD.S - the unwritten
> implication is that defining specific behaviours would only create an
> unreasonable burden for hardware validation, for the sake of something that
> nobody in their right mind should ever do anyway.
> 
> The expectation is that RCiEPs which do speak stallable non-PCIe bus
> protocols will not go to the effort of implementing ATS/PRI capabilities
> (not least because there's every chance that such protocols simply doesn't
> have that kind of transaction flow anyway). And conversely that it can be
> considered an egregious firmware (or system design) error to even claim (let
> alone force) stall capability for a real PCIe root port which may be
> deadlocked by blocking its requirement for free-flowing writes. Thus I think
> we could go so far as to refuse to handle any endpoint which did somehow
> claim both.

Oh, I missed that. This certainly can simplify things here.

I will fix it.

Thanks!
Nicolin


^ permalink raw reply

* Re: [PATCH v2 00/11] iommu/arm-smmu-v3: Add PRI support
From: Nicolin Chen @ 2026-06-27  0:43 UTC (permalink / raw)
  To: harsha.v
  Cc: will, robin.murphy, jgg, joro, bhelgaas, praan, kevin.tian, kees,
	smostafa, baolu.lu, linux-arm-kernel, iommu, linux-kernel,
	linux-pci, skaestle, mmarrid, skolothumtho, bbiber
In-Reply-To: <2a52ecb1-be8a-4522-aa23-f3277f0555fa@oss.qualcomm.com>

On Fri, Jun 26, 2026 at 08:24:31PM +0530, harsha.v@oss.qualcomm.com wrote:
> One thing I noticed while reviewing: when arm_smmu_priq_thread() detects
> PRIQ overflow, partial faults (non-LAST pages stored via
> report_partial_fault()) whose LAST page was lost in the overflow remain
> permanently in iopf_param->partial. This is a monotonic memory leak —
> it grows with each overflow event.
> 
> Intel VT-d handles this in prq_event_thread() (drivers/iommu/intel/prq.c):
>     if (head == tail) {
>         iopf_queue_discard_partial(iommu->iopf_queue);
>         writel(DMA_PRS_PRO, iommu->reg + DMAR_PRS_REG);
>     }
> 
> iopf_queue_discard_partial() was written for exactly this scenario.
> Could we add the same here arm_smmu_priq_thread()
> (drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c) ?
> 
>     if (queue_sync_prod_in(q) == -EOVERFLOW) {
>         dev_err(smmu->dev, "PRIQ overflow detected -- requests lost\n");
> +       iopf_queue_discard_partial(smmu->evtq.iopf);
>     }
> 
> At this point all surviving entries have already been consumed by the
> loop above, so discarding unconditionally is safe — implicitly matching
> Intel's "head == tail" guard.

I will fold it in.

Thanks!
Nicolin


^ permalink raw reply

* Re: [PATCH] usb: dwc3: meson-g12a: fix refcount leak in dwc3_meson_g12a_resume()
From: Thinh Nguyen @ 2026-06-26 23:20 UTC (permalink / raw)
  To: WenTao Liang
  Cc: Thinh Nguyen, gregkh@linuxfoundation.org,
	neil.armstrong@linaro.org, khilman@baylibre.com,
	jbrunet@baylibre.com, martin.blumenstingl@googlemail.com,
	linux-usb@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
	linux-amlogic@lists.infradead.org, linux-kernel@vger.kernel.org,
	stable@vger.kernel.org
In-Reply-To: <20260611131121.81784-1-vulab@iscas.ac.cn>

On Thu, Jun 11, 2026, WenTao Liang wrote:
> If dwc3_meson_g12a_resume() succeeds in calling
> reset_control_reset(), an internal triggered_count reference is
> acquired. If any later step fails (usb_init, phy_init,
> phy_power_on, regulator_enable, or usb_post_init), the function
> returns the error without rearming the reset control. This leaks
> the reference and leaves the reset control in a triggered state,
> causing future reset_control_reset() calls to incorrectly return
> early as if already reset.
> 
> Add an error path that calls reset_control_rearm() to balance
> the reference before returning the error.
> 
> Cc: stable@vger.kernel.org
> Fixes: 5b0ba0caaf3a ("usb: dwc3: meson-g12a: refactor usb init")
> Signed-off-by: WenTao Liang <vulab@iscas.ac.cn>
> ---
>  drivers/usb/dwc3/dwc3-meson-g12a.c | 14 +++++++++-----
>  1 file changed, 9 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/usb/dwc3/dwc3-meson-g12a.c b/drivers/usb/dwc3/dwc3-meson-g12a.c
> index 55e144ba8cfc..4d611c08e8a4 100644
> --- a/drivers/usb/dwc3/dwc3-meson-g12a.c
> +++ b/drivers/usb/dwc3/dwc3-meson-g12a.c
> @@ -907,35 +907,39 @@ static int __maybe_unused dwc3_meson_g12a_resume(struct device *dev)
>  
>  	ret = priv->drvdata->usb_init(priv);
>  	if (ret)
> -		return ret;
> +		goto err_rearm;
>  
>  	/* Init PHYs */
>  	for (i = 0 ; i < PHY_COUNT ; ++i) {
>  		ret = phy_init(priv->phys[i]);
>  		if (ret)
> -			return ret;
> +			goto err_rearm;

Should we unwind here and below instead of just reset_control_rearm? I
see we do that in probe() error path.

BR,
Thinh

>  	}
>  
>  	/* Set PHY Power */
>  	for (i = 0 ; i < PHY_COUNT ; ++i) {
>  		ret = phy_power_on(priv->phys[i]);
>  		if (ret)
> -			return ret;
> +			goto err_rearm;
>  	}
>  
>  	if (priv->vbus && priv->otg_phy_mode == PHY_MODE_USB_HOST) {
>  		ret = regulator_enable(priv->vbus);
>  		if (ret)
> -			return ret;
> +			goto err_rearm;
>  	}
>  
>  	if (priv->drvdata->usb_post_init) {
>  		ret = priv->drvdata->usb_post_init(priv);
>  		if (ret)
> -			return ret;
> +			goto err_rearm;
>  	}
>  
>  	return 0;
> +
> +err_rearm:
> +	reset_control_rearm(priv->reset);
> +	return ret;
>  }
>  
>  static const struct dev_pm_ops dwc3_meson_g12a_dev_pm_ops = {
> -- 
> 2.50.1 (Apple Git-155)
> 

^ permalink raw reply

* Re: [PATCH 1/1] dt-bindings: mfd: st,stmpe: document st,stmpe610 compatible
From: Linus Walleij @ 2026-06-26 23:05 UTC (permalink / raw)
  To: Frank.Li
  Cc: Lee Jones, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
	Maxime Coquelin, Alexandre Torgue,
	open list:OPEN FIRMWARE AND FLATTENED DEVICE TREE BINDINGS,
	moderated list:ARM/STM32 ARCHITECTURE,
	moderated list:ARM/STM32 ARCHITECTURE, open list, imx, Frank Li
In-Reply-To: <20260626183140.3499179-1-Frank.Li@oss.nxp.com>

Hi Frank,

thanks for your patch!

On Fri, Jun 26, 2026 at 8:31 PM <Frank.Li@oss.nxp.com> wrote:

> From: Frank Li <Frank.Li@nxp.com>
>
> The STMPE610 has long been supported by the STMPE I2C MFD driver, but its
> compatible string was never documented.
>
> Add the missing st,stmpe610 compatible string to fix below CHECK_DTBS
> warnings:
>   imx53-m53evk.dtb: /soc/bus@60000000/i2c@63fc4000/touchscreen@41: failed to match any schema with compatible: ['st,stmpe610']
>
> Signed-off-by: Frank Li <Frank.Li@nxp.com>
(...)

>    compatible:
>      enum:
>        - st,stmpe601
> +      - st,stmpe610

There is no STMPE601.

It's a mis-spelled STMPE610, so please delete the row above and
edit the committ message accordingly.

Yours,
Linus Walleij


^ permalink raw reply

* Re: [PATCH] arm64: mm: refresh stale pmd snapshot after split_contpmd()
From: Yang Shi @ 2026-06-26 22:53 UTC (permalink / raw)
  To: lirongqing, Catalin Marinas, Will Deacon, Ryan Roberts,
	Ard Biesheuvel, David Hildenbrand, Anshuman Khandual,
	Kevin Brodsky, Chaitanya S Prakash, linux-arm-kernel,
	linux-kernel
In-Reply-To: <20260625113953.2332-1-lirongqing@baidu.com>



On 6/25/26 4:39 AM, lirongqing wrote:
> From: Li RongQing <lirongqing@baidu.com>
>
> split_contpmd() modifies the pmd entries in-place by clearing the CONT
> bit, but the local 'pmd' variable still holds the old snapshot with CONT
> set. The subsequent split_pmd() call uses this stale value to derive the
> pgprot for the new PTE entries via pmd_pgprot(), causing the resulting
> PTEs to be populated with incorrect protection bits.

If I read the code correctly, CONT bit is cleared by split_pmd(), then 
the bit may be set again for PTEs if we want to have cont ptes. So I 
don't see any problem, did I miss something?

Thanks,
Yang

>
> Fix this by re-reading the pmd from memory after split_contpmd() returns
> in both call sites: split_kernel_leaf_mapping_locked() and
> split_to_ptes_pmd_entry().
>
> Fixes: a166563e7ec3 ("arm64: mm: support large block mapping when rodata=full")
> Signed-off-by: Li RongQing <lirongqing@baidu.com>
> ---
>   arch/arm64/mm/mmu.c | 8 ++++++--
>   1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> index 12e862c..e510336 100644
> --- a/arch/arm64/mm/mmu.c
> +++ b/arch/arm64/mm/mmu.c
> @@ -746,8 +746,10 @@ static int split_kernel_leaf_mapping_locked(unsigned long addr)
>   	if (!pmd_present(pmd))
>   		goto out;
>   	if (pmd_leaf(pmd)) {
> -		if (pmd_cont(pmd))
> +		if (pmd_cont(pmd)) {
>   			split_contpmd(pmdp);
> +			pmd = pmdp_get(pmdp);
> +		}
>   		/*
>   		 * PMD: If addr is PMD aligned then addr already describes a
>   		 * leaf boundary. Otherwise, split to contpte.
> @@ -891,8 +893,10 @@ static int split_to_ptes_pmd_entry(pmd_t *pmdp, unsigned long addr,
>   	int ret = 0;
>   
>   	if (pmd_leaf(pmd)) {
> -		if (pmd_cont(pmd))
> +		if (pmd_cont(pmd)) {
>   			split_contpmd(pmdp);
> +			pmd = pmdp_get(pmdp);
> +		}
>   		ret = split_pmd(pmdp, pmd, gfp, false);
>   
>   		/*



^ permalink raw reply

* Re: [PATCH v2] usb: dwc3: imx8mp: make dwc3_imx_glue_ops static and rename to imx8mp
From: Thinh Nguyen @ 2026-06-26 22:32 UTC (permalink / raw)
  To: Ben Dooks
  Cc: Thinh Nguyen, Greg Kroah-Hartman, Frank Li, Sascha Hauer,
	Pengutronix Kernel Team, Fabio Estevam, linux-usb@vger.kernel.org,
	imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
	linux-kernel@vger.kernel.org
In-Reply-To: <20260623101043.748359-1-ben.dooks@codethink.co.uk>

On Tue, Jun 23, 2026, Ben Dooks wrote:
> The dwc3_imx_glue_ops is not used outside this file, and technically this
> is the dwc3-imx8mp driver so whilst making this static to avoid the
> following warning, rename it dwc3_imx8mp_glue_ops to distinguish it from
> the other driver which also has dwc3_imx_glue_ops.
> 
> Fixes:
> drivers/usb/dwc3/dwc3-imx8mp.c:176:22: warning: symbol 'dwc3_imx_glue_ops' was not declared. Should it be static?
> 
> Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
> ---
>  drivers/usb/dwc3/dwc3-imx8mp.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/usb/dwc3/dwc3-imx8mp.c b/drivers/usb/dwc3/dwc3-imx8mp.c
> index 1cf96540b66e..de8c17bc940d 100644
> --- a/drivers/usb/dwc3/dwc3-imx8mp.c
> +++ b/drivers/usb/dwc3/dwc3-imx8mp.c
> @@ -158,7 +158,7 @@ static irqreturn_t dwc3_imx8mp_interrupt(int irq, void *_dwc3_imx)
>  	return IRQ_HANDLED;
>  }
>  
> -static void dwc3_imx_pre_set_role(struct dwc3 *dwc, enum usb_role role)
> +static void dwc3_imx8mp_pre_set_role(struct dwc3 *dwc, enum usb_role role)
>  {
>  	if (role == USB_ROLE_HOST)
>  		/*
> @@ -173,8 +173,8 @@ static void dwc3_imx_pre_set_role(struct dwc3 *dwc, enum usb_role role)
>  		pm_runtime_use_autosuspend(dwc->dev);
>  }
>  
> -struct dwc3_glue_ops dwc3_imx_glue_ops = {
> -	.pre_set_role   = dwc3_imx_pre_set_role,
> +static struct dwc3_glue_ops dwc3_imx8mp_glue_ops = {
> +	.pre_set_role   = dwc3_imx8mp_pre_set_role,
>  };
>  
>  static int dwc3_imx8mp_probe(struct platform_device *pdev)
> @@ -266,7 +266,7 @@ static int dwc3_imx8mp_probe(struct platform_device *pdev)
>  		goto put_dwc3;
>  	}
>  
> -	dwc3->glue_ops = &dwc3_imx_glue_ops;
> +	dwc3->glue_ops = &dwc3_imx8mp_glue_ops;
>  
>  	if (dwc3->dr_mode == USB_DR_MODE_HOST)
>  		pm_runtime_dont_use_autosuspend(dwc3->dev);
> -- 
> 2.37.2.352.g3c44437643
> 

Please add Fixes and Cc stable tags and backport this change also.

Thanks,
Thinh

^ permalink raw reply


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox