* [PATCH 6.1 000/578] 6.1.129-rc1 review
@ 2025-02-19 8:20 Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 001/578] powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active Greg Kroah-Hartman
` (586 more replies)
0 siblings, 587 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, hargar, broonie
This is the start of the stable review cycle for the 6.1.129 release.
There are 578 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 21 Feb 2025 08:25:11 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.129-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 6.1.129-rc1
David Woodhouse <dwmw@amazon.co.uk>
x86/i8253: Disable PIT timer 0 when not in use
Hersen Wu <hersenxs.wu@amd.com>
drm/amd/display: Add NULL pointer check for kzalloc
Chao Yu <chao@kernel.org>
f2fs: fix to wait dio completion
Romain Naour <romain.naour@skf.com>
ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus
Hangbin Liu <liuhangbin@gmail.com>
selftests: rtnetlink: update netdevsim ipsec output format
Hangbin Liu <liuhangbin@gmail.com>
netdevsim: print human readable IP address
Vladimir Oltean <vladimir.oltean@nxp.com>
net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events
Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
parport_pc: add support for ASIX AX99100
Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
serial: 8250_pci: add support for ASIX AX99100
Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
can: ems_pci: move ASIX AX99100 ids to pci_ids.h
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: protect access to buffers with no active references
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: do not force clear folio if buffer is referenced
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: do not output warnings when clearing dirty buffers
Kaixin Wang <kxwang23@m.fudan.edu.cn>
i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition
Ivan Kokshaysky <ink@unseen.parts>
alpha: replace hardcoded stack offsets with autogenerated ones
Zhaoyang Huang <zhaoyang.huang@unisoc.com>
mm: gup: fix infinite loop within __get_longterm_locked
Sumit Gupta <sumitg@nvidia.com>
arm64: tegra: Fix typo in Tegra234 dce-fabric compatible
Lu Baolu <baolu.lu@linux.intel.com>
iommu: Return right value in iommu_sva_bind_device()
Andrew Cooper <andrew.cooper3@citrix.com>
x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0
John Ogness <john.ogness@linutronix.de>
kdb: Do not assume write() callback available
Christian Gmeiner <cgmeiner@igalia.com>
drm/v3d: Stop active perfmon if it is being destroyed
Devarsh Thakkar <devarsht@ti.com>
drm/tidss: Clear the interrupt status for interrupts being disabled
Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
drm/tidss: Fix issue in irq handling causing irq-flood issue
Eric Dumazet <edumazet@google.com>
ipv6: mcast: add RCU protection to mld_newpack()
Eric Dumazet <edumazet@google.com>
ndisc: extend RCU protection in ndisc_send_skb()
Eric Dumazet <edumazet@google.com>
openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
Eric Dumazet <edumazet@google.com>
arp: use RCU protection in arp_xmit()
Eric Dumazet <edumazet@google.com>
neighbour: use RCU protection in __neigh_notify()
Li Zetao <lizetao1@huawei.com>
neighbour: delete redundant judgment statements
Eric Dumazet <edumazet@google.com>
ndisc: use RCU protection in ndisc_alloc_skb()
Eric Dumazet <edumazet@google.com>
ipv6: use RCU protection in ip6_default_advmss()
Eric Dumazet <edumazet@google.com>
flow_dissector: use RCU protection to fetch dev_net()
Eric Dumazet <edumazet@google.com>
ipv4: icmp: convert to dev_net_rcu()
Eric Dumazet <edumazet@google.com>
ipv4: use RCU protection in __ip_rt_update_pmtu()
Vladimir Vdovin <deliran@verdict.gg>
net: ipv4: Cache pmtu for all packet paths if multipath enabled
Eric Dumazet <edumazet@google.com>
ipv4: use RCU protection in inet_select_addr()
Eric Dumazet <edumazet@google.com>
ipv4: use RCU protection in rt_is_expired()
Eric Dumazet <edumazet@google.com>
ipv4: use RCU protection in ipv4_default_advmss()
Eric Dumazet <edumazet@google.com>
net: add dev_net_rcu() helper
Jiri Pirko <jiri@nvidia.com>
net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu()
Eric Dumazet <edumazet@google.com>
ipv4: add RCU protection to ip4_dst_hoplimit()
Waiman Long <longman@redhat.com>
clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context
Waiman Long <longman@redhat.com>
clocksource: Use pr_info() for "Checking clocksource synchronization" message
Filipe Manana <fdmanana@suse.com>
btrfs: fix hole expansion when writing at an offset beyond EOF
Wentao Liang <vulab@iscas.ac.cn>
mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()
Andy-ld Lu <andy-ld.lu@mediatek.com>
mmc: mtk-sd: Fix register settings for hs400(es) mode
Nathan Chancellor <nathan@kernel.org>
arm64: Handle .ARM.attributes section in linker scripts
Jiasheng Jiang <jiashengjiangcool@gmail.com>
regmap-irq: Add missing kfree()
Jann Horn <jannh@google.com>
partitions: mac: fix handling of bogus partition table
Wentao Liang <vulab@iscas.ac.cn>
gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock
Mario Limonciello <mario.limonciello@amd.com>
gpiolib: acpi: Add a quirk for Acer Nitro ANV14
Ivan Kokshaysky <ink@unseen.parts>
alpha: align stack for page fault and user unaligned trap handlers
John Keeping <jkeeping@inmusicbrands.com>
serial: 8250: Fix fifo underflow on flush
Shakeel Butt <shakeel.butt@linux.dev>
cgroup: fix race between fork and cgroup.kill
Ard Biesheuvel <ardb@kernel.org>
efi: Avoid cold plugged memory for placing the kernel
Ivan Kokshaysky <ink@unseen.parts>
alpha: make stack 16-byte aligned (most cases)
Alexander Hölzl <alexander.hoelzl@gmx.net>
can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
can: c_can: fix unbalanced runtime PM disable in error path
Fedor Pchelkin <pchelkin@ispras.ru>
can: ctucanfd: handle skb allocation failure
Johan Hovold <johan@kernel.org>
USB: serial: option: drop MeiG Smart defines
Fabio Porcedda <fabio.porcedda@gmail.com>
USB: serial: option: fix Telit Cinterion FN990A name
Fabio Porcedda <fabio.porcedda@gmail.com>
USB: serial: option: add Telit Cinterion FN990B compositions
Chester A. Unal <chester.a.unal@arinc9.com>
USB: serial: option: add MeiG Smart SLM828
Jann Horn <jannh@google.com>
usb: cdc-acm: Fix handling of oversized fragments
Jann Horn <jannh@google.com>
usb: cdc-acm: Check control transfer buffer size before access
Marek Vasut <marek.vasut+renesas@mailbox.org>
USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
Alan Stern <stern@rowland.harvard.edu>
USB: hub: Ignore non-compliant devices with too many configs or interfaces
John Keeping <jkeeping@inmusicbrands.com>
usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
Mathias Nyman <mathias.nyman@linux.intel.com>
USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
Lei Huang <huanglei@kylinos.cn>
USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
Stefan Eichenberger <stefan.eichenberger@toradex.com>
usb: core: fix pipe creation for get_bMaxPacketSize0
Huacai Chen <chenhuacai@kernel.org>
USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
Fabrice Gasnier <fabrice.gasnier@foss.st.com>
usb: dwc2: gadget: remove of_node reference upon udc_stop
Guo Ren <guoren@kernel.org>
usb: gadget: udc: renesas_usb3: Fix compiler warning
Elson Roy Serrao <quic_eserrao@quicinc.com>
usb: roles: set switch registered flag early on
Selvarasu Ganesan <selvarasu.g@samsung.com>
usb: dwc3: Fix timeout issue during controller enter/exit from halt state
Sean Christopherson <seanjc@google.com>
perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
Sean Christopherson <seanjc@google.com>
KVM: nSVM: Enter guest mode before initializing nested NPT MMU
Sean Christopherson <seanjc@google.com>
KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
Jiang Liu <gerry@linux.alibaba.com>
drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
Sven Eckelmann <sven@narfation.org>
batman-adv: Drop unmanaged ELP metric worker
Sven Eckelmann <sven@narfation.org>
batman-adv: Ignore neighbor throughput metrics in error case
Andy Strohman <andrew@andrewstrohman.com>
batman-adv: fix panic during interface removal
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
Mike Marshall <hubcap@omnibond.com>
orangefs: fix a oob in orangefs_debug_write
Rik van Riel <riel@fb.com>
x86/mm/tlb: Only trim the mm_cpumask once a second
Koichiro Den <koichiro.den@canonical.com>
selftests: gpio: gpio-sim: Fix missing chip disablements
Maksym Planeta <maksym@exostellar.io>
Grab mm lock before grabbing pt lock
Ramesh Thomas <ramesh.thomas@intel.com>
vfio/pci: Enable iowrite64 and ioread64 for vfio pci
Tomas Glozar <tglozar@redhat.com>
rtla/timerlat_top: Abort event processing on second signal
Tomas Glozar <tglozar@redhat.com>
rtla/timerlat_hist: Abort event processing on second signal
Guixin Liu <kanie@linux.alibaba.com>
scsi: ufs: bsg: Set bsg_queue to NULL after removal
Rakesh Babu Saladi <Saladi.Rakeshbabu@microchip.com>
PCI: switchtec: Add Microchip PCI100X device IDs
Takashi Iwai <tiwai@suse.de>
PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
Edward Adam Davis <eadavis@qq.com>
media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
Arnd Bergmann <arnd@arndb.de>
media: cxd2841er: fix 64-bit division on gcc-9
Aaro Koskinen <aaro.koskinen@iki.fi>
fbdev: omap: use threaded IRQ for LCD DMA
Michael Margolin <mrgolin@amazon.com>
RDMA/efa: Reset device on probe failure
Juergen Gross <jgross@suse.com>
x86/xen: allow larger contiguous memory regions in PV guests
Petr Tesarik <petr.tesarik.ext@huawei.com>
xen: remove a confusing comment on auto-translated guest I/O
Juergen Gross <jgross@suse.com>
xen/swiotlb: relax alignment requirements
Artur Weber <aweber.kernel@gmail.com>
gpio: bcm-kona: Add missing newline to dev_err format string
Artur Weber <aweber.kernel@gmail.com>
gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
Artur Weber <aweber.kernel@gmail.com>
gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
Krzysztof Karas <krzysztof.karas@intel.com>
drm/i915/selftests: avoid using uninitialized context
Muhammad Adeel <Muhammad.Adeel@ibm.com>
cgroup: Remove steal time from usage_usec
Radu Rendec <rrendec@redhat.com>
arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
Eric Dumazet <edumazet@google.com>
team: better TEAM_OPTION_TYPE_STRING validation
Eric Dumazet <edumazet@google.com>
vxlan: check vxlan_vnigroup_init() return value
Eric Dumazet <edumazet@google.com>
vrf: use RCU protection in l3mdev_l3_out()
Eric Dumazet <edumazet@google.com>
ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
Murad Masimov <m.masimov@mt-integration.ru>
ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
Tulio Fernandes <tuliomf09@gmail.com>
HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()
Charles Han <hanchunchao@inspur.com>
HID: multitouch: Add NULL check in mt_input_configured
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware
Dai Ngo <dai.ngo@oracle.com>
NFSD: fix hang in nfsd4_shutdown_callback
Li Lingfeng <lilingfeng3@huawei.com>
nfsd: clear acl_access/acl_default after releasing them
Filipe Manana <fdmanana@suse.com>
btrfs: avoid monopolizing a core when activating a swap file
Koichiro Den <koichiro.den@canonical.com>
Revert "btrfs: avoid monopolizing a core when activating a swap file"
Calvin Owens <calvin@wbinvd.org>
pps: Fix a use-after-free
Wei Yang <richard.weiyang@gmail.com>
maple_tree: simplify split calculation
Liam R. Howlett <Liam.Howlett@oracle.com>
maple_tree: fix static analyser cppcheck issue
Sean Anderson <sean.anderson@linux.dev>
tty: xilinx_uartps: split sysrq handling
Paolo Abeni <pabeni@redhat.com>
mptcp: prevent excessive coalescing on receive
Matthieu Baerts (NGI0) <matttbe@kernel.org>
mptcp: pm: only set fullmesh for subflow endp
Zizhi Wo <wozizhi@huawei.com>
cachefiles: Fix NULL pointer dereference in object->file
Su Yue <glass.su@suse.com>
ocfs2: check dir i_size in ocfs2_find_entry
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
gpio: xilinx: remove excess kernel doc
Paul Fertser <fercerpav@gmail.com>
net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
WangYuli <wangyuli@uniontech.com>
MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static
Pavel Begunkov <asml.silence@gmail.com>
io_uring/rw: commit provided buffer state on async
Pavel Begunkov <asml.silence@gmail.com>
io_uring: fix io_req_prep_async with provided buffers
Pavel Begunkov <asml.silence@gmail.com>
io_uring: fix multishots with selected buffers
Michal Simek <michal.simek@amd.com>
rtc: zynqmp: Fix optional clock name property
Thomas Weißschuh <linux@weissschuh.net>
ptp: Ensure info->enable callback is always set
Javier Carrasco <javier.carrasco.cruz@gmail.com>
pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails
Tomas Glozar <tglozar@redhat.com>
rtla/timerlat_top: Stop timerlat tracer on signal
Tomas Glozar <tglozar@redhat.com>
rtla/timerlat_hist: Stop timerlat tracer on signal
Tomas Glozar <tglozar@redhat.com>
rtla: Add trace_instance_stop
Tomas Glozar <tglozar@redhat.com>
rtla/osnoise: Distinguish missing workload option
Milos Reljin <milos_reljin@outlook.com>
net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset
Paul Fertser <fercerpav@gmail.com>
net/ncsi: wait for the last response to Deselect Package before configuring channel
Ekansh Gupta <quic_ekangupt@quicinc.com>
misc: fastrpc: Fix copy buffer page size
Ekansh Gupta <quic_ekangupt@quicinc.com>
misc: fastrpc: Fix registered buffer page address
Anandu Krishnan E <quic_anane@quicinc.com>
misc: fastrpc: Deregister device nodes properly in error scenarios
Ivan Stepchenko <sid@itb.spb.ru>
mtd: onenand: Fix uninitialized retlen in do_otp_read()
Nick Chan <towinchenmi@gmail.com>
irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so
Frank Li <Frank.Li@nxp.com>
i3c: master: Fix missing 'ret' assignment in set_speed()
Dan Carpenter <dan.carpenter@linaro.org>
NFC: nci: Add bounds checking in nci_hci_create_pipe()
Pekka Pessi <ppessi@nvidia.com>
mailbox: tegra-hsp: Clear mailbox before using message
Nikita Zhandarovich <n.zhandarovich@fintech.ru>
nilfs2: fix possible int overflows in nilfs_fiemap()
Matthew Wilcox (Oracle) <willy@infradead.org>
ocfs2: handle a symlink read error correctly
Heming Zhao <heming.zhao@suse.com>
ocfs2: fix incorrect CPU endianness conversion causing mount failure
Mike Snitzer <snitzer@kernel.org>
pnfs/flexfiles: retry getting layout segment for reads
Matthieu Baerts (NGI0) <matttbe@kernel.org>
selftests: mptcp: connect: -f: no reconnect
Alex Williamson <alex.williamson@redhat.com>
vfio/platform: check the bounds of read/write syscalls
Jens Axboe <axboe@kernel.dk>
io_uring/net: don't retry connect operation on EPOLLERR
Jennifer Berringer <jberring@redhat.com>
nvmem: core: improve range check for nvmem_cell_write()
Luca Weiss <luca.weiss@fairphone.com>
nvmem: qcom-spmi-sdam: Set size in struct nvmem_config
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
crypto: qce - unregister previously registered algos in error path
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
crypto: qce - fix goto jump in error path
Niklas Cassel <cassel@kernel.org>
ata: libata-sff: Ensure that we cannot write outside the allocated buffer
Catalin Marinas <catalin.marinas@arm.com>
mm: kmemleak: fix upper boundary check for physical address objects
Ricardo Ribalda <ribalda@chromium.org>
media: uvcvideo: Remove redundant NULL assignment
Ricardo Ribalda <ribalda@chromium.org>
media: uvcvideo: Fix event flags in uvc_ctrl_send_events
Mehdi Djait <mehdi.djait@linux.intel.com>
media: ccs: Fix cleanup order in ccs_probe()
Sakari Ailus <sakari.ailus@linux.intel.com>
media: ccs: Fix CCS static data parsing for large block sizes
Sam Bobrowicz <sam@elite-embedded.com>
media: ov5640: fix get_light_freq on auto
Cosmin Tanislav <demonsingur@gmail.com>
media: mc: fix endpoint iteration
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
soc: qcom: smem_state: fix missing of_node_put in error path
Javier Carrasco <javier.carrasco.cruz@gmail.com>
iio: light: as73211: fix channel handling in only-color triggered buffer
Sakari Ailus <sakari.ailus@linux.intel.com>
media: ccs: Clean up parsed CCS static data on parse failure
Marco Elver <elver@google.com>
kfence: skip __GFP_THISNODE allocations on NUMA systems
Gabriele Monaco <gmonaco@redhat.com>
rv: Reset per-task monitors also for idle tasks
Aubrey Li <aubrey.li@linux.intel.com>
ACPI: PRM: Remove unnecessary strict handler address checks
Wentao Liang <vulab@iscas.ac.cn>
xfs: Add error handling for xfs_reflink_cancel_cow_range
Sumit Gupta <sumitg@nvidia.com>
arm64: tegra: Disable Tegra234 sce-fabric node
Eric Biggers <ebiggers@google.com>
crypto: qce - fix priority to be less than ARMv8 CE
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sm8450: Fix MPSS memory length
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sm8350: Fix MPSS memory length
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sm6350: Fix MPSS memory length
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sm6350: Fix ADSP memory length
Nathan Chancellor <nathan@kernel.org>
x86/boot: Use '-std=gnu11' to fix build with GCC 15
Nathan Chancellor <nathan@kernel.org>
kbuild: Move -Wenum-enum-conversion to W=2
Long Li <longli@microsoft.com>
scsi: storvsc: Set correct data length for sending SCSI command without payload
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Move FCE Trace buffer allocation to user control
Georg Gottleuber <ggo@tuxedocomputers.com>
nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk
Georg Gottleuber <ggo@tuxedocomputers.com>
nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
Zijun Hu <quic_zijuhu@quicinc.com>
PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()
Brad Griffis <bgriffis@nvidia.com>
arm64: tegra: Fix Tegra234 PCIe interrupt-map
Kuan-Wei Chiu <visitorckw@gmail.com>
ALSA: hda: Fix headset detection failure due to unstable sort
Edson Juliano Drosdeck <edson.drosdeck@gmail.com>
ALSA: hda/realtek: Enable headset mic on Positivo C6400
Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Revert "media: uvcvideo: Require entities to have a non-zero unique ID"
Jens Axboe <axboe@kernel.dk>
block: don't revert iter for -EIOCBQUEUED
Mateusz Jończyk <mat.jonczyk@o2.pl>
mips/math-emu: fix emulation of the prefx instruction
Hou Tao <houtao1@huawei.com>
dm-crypt: track tag_offset in convert_context
Hou Tao <houtao1@huawei.com>
dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit()
Narayana Murty N <nnmlinux@linux.ibm.com>
powerpc/pseries/eeh: Fix get PE state translation
Kexy Biscuit <kexybiscuit@aosc.io>
MIPS: Loongson64: remove ROM Size unit in boardinfo
Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use
Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
serial: sh-sci: Drop __initdata macro for port_cfg
Stephan Gerhold <stephan.gerhold@linaro.org>
soc: qcom: socinfo: Avoid out of bounds read of serial number
Mario Limonciello <mario.limonciello@amd.com>
ASoC: acp: Support microphone from Lenovo Go S
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: gadget: f_tcm: Don't prepare BOT write request twice
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: gadget: f_tcm: Decrement command ref count on cleanup
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: gadget: f_tcm: Translate error to sense
Marcel Hamer <marcel.hamer@windriver.com>
wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtlwifi: rtl8821ae: Fix media status report
Heiko Stuebner <heiko@sntech.de>
HID: hid-sensor-hub: don't use stale platform-data on remove
Zijun Hu <quic_zijuhu@quicinc.com>
of: reserved-memory: Fix using wrong number of cells to get property 'alignment'
Zijun Hu <quic_zijuhu@quicinc.com>
of: Fix of_find_node_opts_by_path() handling of alias+path+options
Zijun Hu <quic_zijuhu@quicinc.com>
of: Correct child specifier used as input of the 2nd nexus node
Bao D. Nguyen <quic_nguyenb@quicinc.com>
scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions
Kuan-Wei Chiu <visitorckw@gmail.com>
perf bench: Fix undefined behavior in cmpworker()
Nathan Chancellor <nathan@kernel.org>
efi: libstub: Use '-std=gnu11' to fix build with GCC 15
Zijun Hu <quic_zijuhu@quicinc.com>
blk-cgroup: Fix class @block_class's subsystem refcount leakage
Anastasia Belova <abelova@astralinux.ru>
clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg
Luca Weiss <luca.weiss@fairphone.com>
clk: qcom: dispcc-sm6350: Add missing parent_map for a clock
Luca Weiss <luca.weiss@fairphone.com>
clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
Gabor Juhos <j4g8y7@gmail.com>
clk: qcom: clk-alpha-pll: fix alpha mode configuration
Cody Eksal <masterr3c0rd@epochal.quest>
clk: sunxi-ng: a100: enable MMC clock reparenting
Fedor Pchelkin <pchelkin@ispras.ru>
Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection
Fedor Pchelkin <pchelkin@ispras.ru>
Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes
Haoxiang Li <haoxiang_li2024@163.com>
drm/komeda: Add check for komeda_get_layer_fourcc_list()
Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
drm/i915/guc: Debug print LRC state entries only if the context is pinned
Tom Chung <chiahsuan.chung@amd.com>
Revert "drm/amd/display: Use HW lock mgr for PSR1"
Lijo Lazar <lijo.lazar@amd.com>
drm/amd/pm: Mark MM activity as unsupported
Dan Carpenter <dan.carpenter@linaro.org>
ksmbd: fix integer overflows on 32 bit systems
David Hildenbrand <david@redhat.com>
KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
Sean Christopherson <seanjc@google.com>
KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
Jakob Unterwurzacher <jakobunt@gmail.com>
arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma
Thomas Zimmermann <tzimmermann@suse.de>
drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()
Dan Carpenter <dan.carpenter@linaro.org>
binfmt_flat: Fix integer overflow bug on 32 bit systems
Nam Cao <namcao@linutronix.de>
fs/proc: do_task_stat: Fix ESP not readable during coredump
Thomas Zimmermann <tzimmermann@suse.de>
m68k: vga: Fix I/O defines
Heiko Carstens <hca@linux.ibm.com>
s390/futex: Fix FUTEX_OP_ANDN implementation
Meetakshi Setiya <msetiya@microsoft.com>
smb: client: change lease epoch type from unsigned int to __u16
Maarten Lankhorst <dev@lankhorst.se>
drm/modeset: Handle tiled displays in pan_display_atomic.
Sebastian Wiese-Wagner <seb@fastmail.to>
ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx
Alexander Sverdlin <alexander.sverdlin@siemens.com>
leds: lp8860: Write full EEPROM, not only half of it
Viresh Kumar <viresh.kumar@linaro.org>
cpufreq: s3c64xx: Fix compilation warning
Ido Schimmel <idosch@nvidia.com>
net: sched: Fix truncation of offloaded action statistics
Willem de Bruijn <willemb@google.com>
tun: revert fix group permission check
Cong Wang <cong.wang@bytedance.com>
netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read()
Juergen Gross <jgross@suse.com>
x86/xen: add FRAME_END to xen_hypercall_hvm()
Juergen Gross <jgross@suse.com>
x86/xen: fix xen_hypercall_hvm() to not clobber %rbx
Eric Dumazet <edumazet@google.com>
net: rose: lock the socket in rose_bind()
Jacob Moroni <mail@jakemoroni.com>
net: atlantic: fix warning during hot unplug
Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
gpio: pca953x: Improve interrupt support
Yan Zhai <yan@cloudflare.com>
udp: gso: do not drop small packets when PMTU reduces
Lenny Szubowicz <lszubowi@redhat.com>
tg3: Disable tg3 PCIe AER on system reboot
Hans Verkuil <hverkuil@xs4all.nl>
gpu: drm_dp_cec: fix broken CEC adapter properties check
Prasad Pandit <pjp@fedoraproject.org>
firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
Daniel Wagner <wagi@kernel.org>
nvme: handle connectivity loss in nvme_set_queue_count
Darrick J. Wong <djwong@kernel.org>
xfs: don't over-report free space or inodes in statvfs
Darrick J. Wong <djwong@kernel.org>
xfs: report realtime block quota limits on realtime directories
Sean Anderson <sean.anderson@linux.dev>
gpio: xilinx: Convert gpio_lock to raw spinlock
Linus Walleij <linus.walleij@linaro.org>
gpio: xilinx: Convert to immutable irq_chip
Paul Fertser <fercerpav@gmail.com>
net/ncsi: fix locking in Get MAC Address handling
Peter Delevoryas <peter@pjd.dev>
net/ncsi: Add NC-SI 1.2 Get MC MAC Address command
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe()
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning void
Paolo Bonzini <pbonzini@redhat.com>
KVM: e500: always restore irqs
Sean Christopherson <seanjc@google.com>
KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults
Sean Christopherson <seanjc@google.com>
KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock
Sean Christopherson <seanjc@google.com>
KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()
Armin Wolf <W_Armin@gmx.de>
platform/x86: acer-wmi: Ignore AC events
Illia Ostapyshyn <illia@yshyn.com>
Input: allocate keycode for phone linking
Yu-Chun Lin <eleanor15x@gmail.com>
ASoC: amd: Add ACPI dependency to fix build error
Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
Hans de Goede <hdegoede@redhat.com>
platform/x86: int3472: Check for adev == NULL
Robin Murphy <robin.murphy@arm.com>
iommu/arm-smmu-v3: Clean up more on probe failure
David Woodhouse <dwmw@amazon.co.uk>
x86/kexec: Allocate PGD for x86_64 transition page tables separately
Liu Ye <liuye@kylinos.cn>
selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()
Dan Carpenter <dan.carpenter@linaro.org>
tipc: re-order conditions in tipc_crypto_key_rcv()
Yuanjie Yang <quic_yuanjiey@quicinc.com>
mmc: sdhci-msm: Correctly set the load for the regulator
Maciej S. Szmigiero <mail@maciej.szmigiero.name>
net: wwan: iosm: Fix hibernation by re-binding the driver around it
Mazin Al Haddad <mazin@getstate.dev>
Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync
Borislav Petkov <bp@alien8.de>
APEI: GHES: Have GHES honor the panic= setting
Randolph Ha <rha051117@gmail.com>
i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
Miri Korenblit <miriam.rachel.korenblit@intel.com>
wifi: iwlwifi: avoid memory leak
Stefan Dösinger <stefan@codeweavers.com>
wifi: brcmfmac: Check the return value of of_property_read_string_index()
Vadim Fedorenko <vadfed@meta.com>
net/mlx5: use do_aux_work for PHC overflow checks
Even Xu <even.xu@intel.com>
HID: Wacom: Add PCI Wacom device support
Hans de Goede <hdegoede@redhat.com>
mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
tomoyo: don't emit warning in tomoyo_write_control()
Dmitry Antipov <dmantipov@yandex.ru>
wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
Shawn Lin <shawn.lin@rock-chips.com>
mmc: core: Respect quirk_max_rate for non-UHS SDIO card
Stas Sergeev <stsp2@yandex.ru>
tun: fix group permission check
Leo Stone <leocstone@gmail.com>
safesetid: check size of policy writes
Hermes Wu <hermes.wu@ite.com.tw>
drm/bridge: it6505: fix HDCP CTS compare V matching
Hermes Wu <hermes.wu@ite.com.tw>
drm/bridge: it6505: fix HDCP encryption when R0 ready
Hermes Wu <hermes.wu@ite.com.tw>
drm/bridge: it6505: fix HDCP Bstatus check
Hermes Wu <hermes.wu@ite.com.tw>
drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT
Fangzhi Zuo <Jerry.Zuo@amd.com>
drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor
Kuan-Wei Chiu <visitorckw@gmail.com>
printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
Dongwon Kim <dongwon.kim@intel.com>
drm/virtio: New fence for every plane update
Yazen Ghannam <yazen.ghannam@amd.com>
x86/amd_nb: Restrict init function to AMD-based systems
Carlos Llamas <cmllamas@google.com>
lockdep: Fix upper limit for LOCKDEP_*_BITS configs
Suleiman Souhlal <suleiman@google.com>
sched: Don't try to catch up excess steal time.
Josef Bacik <josef@toxicpanda.com>
btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
Hao-ran Zheng <zhenghaoran154@gmail.com>
btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents()
Kees Cook <kees@kernel.org>
exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case
Anshuman Khandual <anshuman.khandual@arm.com>
arm64/mm: Ensure adequate HUGE_MAX_HSTATE
Filipe Manana <fdmanana@suse.com>
btrfs: fix use-after-free when attempting to join an aborted transaction
Antonio Borneo <antonio.borneo@foss.st.com>
pinctrl: stm32: fix array read out of bound
Nathan Chancellor <nathan@kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Thomas Weißschuh <linux@weissschuh.net>
ptp: Properly handle compat ioctls
Qu Wenruo <wqu@suse.com>
btrfs: output the reason for open_ctree() failure
Dan Carpenter <dan.carpenter@linaro.org>
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Laurentiu Palcu <laurentiu.palcu@oss.nxp.com>
staging: media: max96712: fix kernel oops when removing module
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: gadget: f_tcm: Don't free command immediately
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
media: uvcvideo: Fix double free in error path
Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
remoteproc: core: Fix ida_free call while not allocated
Paolo Abeni <pabeni@redhat.com>
mptcp: handle fastopen disconnect correctly
Paolo Abeni <pabeni@redhat.com>
mptcp: consolidate suboption status
Kyle Tso <kyletso@google.com>
usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
Jos Wang <joswang@lenovo.com>
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
Kyle Tso <kyletso@google.com>
usb: dwc3: core: Defer the probe until USB power supply ready
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: gadget: f_tcm: Fix Get/SetInterface return value
Sean Rhodes <sean@starlabs.systems>
drivers/card_reader/rtsx_usb: Restore interrupt based detection
Michal Pecio <michal.pecio@gmail.com>
usb: xhci: Fix NULL pointer dereference on certain command aborts
Nikita Zhandarovich <n.zhandarovich@fintech.ru>
net: usb: rtl8150: enable basic endpoint checking
Lianqin Hu <hulianqin@vivo.com>
ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
Ricardo B. Marliere <rbm@suse.com>
ktest.pl: Check kernelrelease return in get_version
Tim Huang <tim.huang@amd.com>
drm/amd/display: fix double free issue during amdgpu module unload
Puranjay Mohan <pjy@amazon.com>
nvme: fix metadata handling in nvme-passthrough
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: reject mismatching sum of field_len with set key length
Parth Pancholi <parth.pancholi@toradex.com>
kbuild: switch from lz4c to lz4 for compression
Chuck Lever <chuck.lever@oracle.com>
NFSD: Reset cb_seq_status after NFS4ERR_DELAY
Daniel Lee <chullee@google.com>
f2fs: Introduce linear search for dentries
Lin Yujun <linyujun809@huawei.com>
hexagon: Fix unbalanced spinlock in die()
Willem de Bruijn <willemb@google.com>
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
Masahiro Yamada <masahiroy@kernel.org>
kconfig: fix memory leak in sym_warn_unmet_dep()
Sergey Senozhatsky <senozhatsky@chromium.org>
kconfig: WERROR unmet symbol dependency
Masahiro Yamada <masahiroy@kernel.org>
kconfig: deduplicate code in conf_read_simple()
Masahiro Yamada <masahiroy@kernel.org>
kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
Masahiro Yamada <masahiroy@kernel.org>
kconfig: require a space after '#' for valid input
Sergey Senozhatsky <senozhatsky@chromium.org>
kconfig: add warn-unknown-symbols sanity check
Masahiro Yamada <masahiroy@kernel.org>
kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
Detlev Casanova <detlev.casanova@collabora.com>
ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
Masahiro Yamada <masahiroy@kernel.org>
genksyms: fix memory leak when the same symbol is read from *.symref file
Masahiro Yamada <masahiroy@kernel.org>
genksyms: fix memory leak when the same symbol is added from source
Eric Dumazet <edumazet@google.com>
net: hsr: fix fill_frame_info() regression vs VLAN packets
Kory Maincent <kory.maincent@bootlin.com>
net: sh_eth: Fix missing rtnl lock in suspend/resume path
Rafał Miłecki <rafal@milecki.pl>
bgmac: reduce max frame size to support just MTU 1500
Howard Chu <howardchu95@gmail.com>
perf trace: Fix runtime error of index out of bounds
Chenyuan Yang <chenyuan0y@gmail.com>
net: davicom: fix UAF in dm9000_drv_remove
Shigeru Yoshida <syoshida@redhat.com>
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
Jakub Kicinski <kuba@kernel.org>
net: netdevsim: try to close UDP port harness races
Eric Dumazet <edumazet@google.com>
net: rose: fix timer races against user threads
Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
iavf: allow changing VLAN state without calling PF
Wentao Liang <vulab@iscas.ac.cn>
PM: hibernate: Add error handling for syscore_suspend()
Eric Dumazet <edumazet@google.com>
ipmr: do not call mr_mfc_uses_dev() for unres entries
Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev@gmail.com>
net: fec: implement TSO descriptor cleanup
Ahmad Fatoum <a.fatoum@pengutronix.de>
gpio: mxc: remove dead code after switch to DT-only
Jian Shen <shenjian15@huawei.com>
net: hns3: fix oops when unload drivers paralleling
Alexander Stein <alexander.stein@ew.tq-group.com>
regulator: core: Add missing newline character
pangliyuan <pangliyuan1@huawei.com>
ubifs: skip dumping tnc tree when zroot is null
Oleksij Rempel <linux@rempel-privat.de>
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
Jianbo Liu <jianbol@nvidia.com>
xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
Luo Yifan <luoyifan@cmss.chinamobile.com>
tools/bootconfig: Fix the wrong format specifier
Olga Kornievskaia <okorniev@redhat.com>
NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
Olga Kornievskaia <okorniev@redhat.com>
NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
John Ogness <john.ogness@linutronix.de>
serial: 8250: Adjust the timeout for FIFO mode
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
module: Extend the preempt disabled section in dereference_symbol_descriptor().
Su Yue <glass.su@suse.com>
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
Guixin Liu <kanie@linux.alibaba.com>
scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
Paul Menzel <pmenzel@molgen.mpg.de>
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
Manivannan Sadhasivam <mani@kernel.org>
PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
Damien Le Moal <dlemoal@kernel.org>
PCI: epf-test: Simplify DMA support checks
Mohamed Khalfella <khalfella@gmail.com>
PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
King Dix <kingdix10@qq.com>
PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
mtd: hyperbus: hbmc-am654: fix an OF node reference leak
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void
Ricardo Ribalda <ribalda@chromium.org>
media: uvcvideo: Propagate buf->error to userspace
Jiasheng Jiang <jiashengjiangcool@gmail.com>
media: camif-core: Add check for clk_enable()
Jiasheng Jiang <jiashengjiangcool@gmail.com>
media: mipi-csis: Add check for clk_enable()
Dave Stevenson <dave.stevenson@raspberrypi.com>
media: i2c: ov9282: Correct the exposure offset
Luca Weiss <luca.weiss@fairphone.com>
media: i2c: imx412: Add missing newline to prints
Jiasheng Jiang <jiashengjiangcool@gmail.com>
media: marvell: Add check for clk_enable()
Zijun Hu <quic_zijuhu@quicinc.com>
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
Chen Ni <nichen@iscas.ac.cn>
media: lmedm04: Handle errors for lme2510_int_read
Oliver Neukum <oneukum@suse.com>
media: rc: iguanair: handle timeouts
Qasim Ijaz <qasdev00@gmail.com>
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
Zhu Yanjun <yanjun.zhu@linux.dev>
RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
Randy Dunlap <rdunlap@infradead.org>
efi: sysfb_efi: fix W=1 warnings when EFI is not set
Zijun Hu <quic_zijuhu@quicinc.com>
of: reserved-memory: Do not make kmemleak ignore freed address
Michael Guralnik <michaelgur@nvidia.com>
RDMA/mlx5: Fix indirect mkey ODP page count
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
Rafał Miłecki <rafal@milecki.pl>
ARM: dts: mediatek: mt7623: fix IR nodename
Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
Jason-JH.Lin <jason-jh.lin@mediatek.com>
dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
Neil Armstrong <neil.armstrong@linaro.org>
arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
Neil Armstrong <neil.armstrong@linaro.org>
arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
Konrad Dybcio <konrad.dybcio@linaro.org>
arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays
Luca Weiss <luca.weiss@fairphone.com>
arm64: dts: qcom: pm6150l: add temp sensor and thermal zone config
Neil Armstrong <neil.armstrong@linaro.org>
arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
Nikita Travkin <nikita@trvn.ru>
arm64: dts: qcom: sc7180: Drop redundant disable in mdp
Nikita Travkin <nikita@trvn.ru>
arm64: dts: qcom: sc7180: Don't enable lpass clocks by default
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sc7180-trogdor-wormdingler: use just "port" in panel
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sc7180-trogdor-quackingstick: use just "port" in panel
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sc7180-idp: use just "port" in panel
Bryan O'Donoghue <bryan.odonoghue@linaro.org>
arm64: dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl
Bryan Brattlof <bb@ti.com>
arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
Bryan Brattlof <bb@ti.com>
arm64: dts: ti: k3-am62: Remove duplicate GICR reg
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: dts: qcom: sm8450: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: dts: qcom: sm8350: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: dts: qcom: sm8250: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: dts: qcom: sm6125: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: dts: qcom: sc7280: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: dts: qcom: msm8994: correct sleep clock frequency
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: dts: qcom: msm8916: correct sleep clock frequency
Luca Weiss <luca.weiss@fairphone.com>
arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
arm64: dts: qcom: msm8994: Describe USB interrupts
Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
arm64: dts: qcom: msm8996: Fix up USB3 interrupts
Marek Vasut <marex@denx.de>
arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
Chen-Yu Tsai <wenst@chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
Ma Ke <make_ruc2021@163.com>
RDMA/srp: Fix error handling in srp_add_port
Hsin-Te Yuan <yuanhsinte@chromium.org>
arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
Hsin-Te Yuan <yuanhsinte@chromium.org>
arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
Chen-Yu Tsai <wenst@chromium.org>
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst@chromium.org>
arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
Chen-Yu Tsai <wenst@chromium.org>
arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
Chen-Yu Tsai <wenst@chromium.org>
arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
Chen-Yu Tsai <wenst@chromium.org>
arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
Chen-Yu Tsai <wenst@chromium.org>
arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
Chen-Yu Tsai <wenst@chromium.org>
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
Dan Carpenter <dan.carpenter@linaro.org>
rdma/cxgb4: Prevent potential integer overflow on 32bit
Leon Romanovsky <leon@kernel.org>
RDMA/mlx4: Avoid false error about access to uninitialized gids array
Val Packett <val@packett.cool>
arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
Val Packett <val@packett.cool>
arm64: dts: mediatek: mt8516: add i2c clock-div property
Val Packett <val@packett.cool>
arm64: dts: mediatek: mt8516: fix wdt irq type
Val Packett <val@packett.cool>
arm64: dts: mediatek: mt8516: fix GICv2 range
Hsin-Yi Wang <hsinyi@chromium.org>
arm64: dts: mt8183: set DMIC one-wire mode on Damu
Nicolas Ferre <nicolas.ferre@microchip.com>
ARM: at91: pm: change BU Power Switch to automatic mode
Javier Carrasco <javier.carrasco.cruz@gmail.com>
soc: atmel: fix device_node release in atmel_soc_device_init()
Paulo Alcantara <pc@manguebit.com>
smb: client: fix oops due to unset link speed
Chen Ridong <chenridong@huawei.com>
padata: avoid UAF for reorder_work
Chen Ridong <chenridong@huawei.com>
padata: add pd get/put refcnt helper
Chen Ridong <chenridong@huawei.com>
padata: fix UAF in padata_reorder
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
Daniel Xu <dxu@dxuuu.xyz>
bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
Puranjay Mohan <puranjay@kernel.org>
bpf: Send signals asynchronously if !preemptible
Mingwei Zheng <zmw12306@gmail.com>
pinctrl: stm32: Add check for clk_enable()
Ma Ke <make24@iscas.ac.cn>
pinctrl: stm32: check devm_kasprintf() returned value
Chen Ni <nichen@iscas.ac.cn>
pinctrl: stm32: Add check for devm_kcalloc
Valentin Caron <valentin.caron@foss.st.com>
pinctrl: stm32: set default gpio line names using pin names
Jiachen Zhang <me@jcix.top>
perf report: Fix misleading help message about --demangle
Cezary Rojewski <cezary.rojewski@intel.com>
ASoC: Intel: avs: Fix theoretical infinite loop
Arnaldo Carvalho de Melo <acme@redhat.com>
perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
Arnaldo Carvalho de Melo <acme@redhat.com>
perf namespaces: Introduce nsinfo__set_in_pidns()
Arnaldo Carvalho de Melo <acme@redhat.com>
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
Thomas Weißschuh <linux@weissschuh.net>
padata: fix sysfs store callback check
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
Wenkai Lin <linwenkai6@hisilicon.com>
crypto: hisilicon/sec2 - fix for aead invalid authsize
Wenkai Lin <linwenkai6@hisilicon.com>
crypto: hisilicon/sec2 - fix for aead icv error
Chenghai Huang <huangchenghai2@huawei.com>
crypto: hisilicon/sec2 - optimize the error return process
Ba Jing <bajing@cmss.chinamobile.com>
ktest.pl: Remove unused declarations in run_bisect_test function
Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
ASoC: renesas: rz-ssi: Use only the proper amount of dividers
Zhongqiu Han <quic_zhonhan@quicinc.com>
perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
Zhongqiu Han <quic_zhonhan@quicinc.com>
perf header: Fix one memory leakage in process_bpf_prog_info()
Zhongqiu Han <quic_zhonhan@quicinc.com>
perf header: Fix one memory leakage in process_bpf_btf()
George Lander <lander@jagmn.com>
ASoC: sun4i-spdif: Add clock multiplier settings
Quentin Monnet <qmo@kernel.org>
libbpf: Fix segfault due to libelf functions not setting errno
Marco Leogrande <leogrande@google.com>
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
Andrii Nakryiko <andrii@kernel.org>
libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing
Nikita Zhandarovich <n.zhandarovich@fintech.ru>
net/rose: prevent integer overflows in rose_setsockopt()
Mahdi Arghavani <ma.arghavani@yahoo.com>
tcp_cubic: fix incorrect HyStart round start detection
Roger Quadros <rogerq@kernel.org>
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
Florian Westphal <fw@strlen.de>
netfilter: nft_flow_offload: update tcp state flags under lock
Jamal Hadi Salim <jhs@mojatatu.com>
net: sched: Disallow replacing of child qdisc from one parent to another
Antoine Tenart <atenart@kernel.org>
net: avoid race between device unregistration and ethnl ops
Maher Sanalla <msanalla@nvidia.com>
net/mlxfw: Drop hard coded max FW flash image size
Liu Jian <liujian56@huawei.com>
net: let net.core.dev_weight always be non-zero
Mickaël Salaün <mic@digikod.net>
selftests/landlock: Fix error message
Mingwei Zheng <zmw12306@gmail.com>
pwm: stm32: Add check for clk_enable()
Bo Gan <ganboing@gmail.com>
clk: analogbits: Fix incorrect calculation of vco rate delta
Dmitry Antipov <dmantipov@yandex.ru>
wifi: cfg80211: adjust allocation of colocated AP data
Ilan Peer <ilan.peer@intel.com>
wifi: cfg80211: Handle specific BSSID in 6GHz scanning
Dmitry V. Levin <ldv@strace.io>
selftests: harness: fix printing of mismatch values in __EXPECT()
Geert Uytterhoeven <geert+renesas@glider.be>
selftests: timers: clocksource-switch: Adapt progress to kselftest framework
Gautham R. Shenoy <gautham.shenoy@amd.com>
cpufreq: ACPI: Fix max-frequency computation
Peter Chiu <chui-hao.chiu@mediatek.com>
wifi: mt76: mt7915: fix register mapping
Michael Lo <michael.lo@mediatek.com>
wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
WangYuli <wangyuli@uniontech.com>
wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
Mickaël Salaün <mic@digikod.net>
landlock: Handle weird files
Guangguan Wang <guangguan.wang@linux.alibaba.com>
net/smc: fix data error when recvmsg with MSG_PEEK flag
Ilan Peer <ilan.peer@intel.com>
wifi: mac80211: Fix common size calculation for ML element
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211: prohibit deactivating all links
Andreas Kemnade <andreas@kemnade.info>
wifi: wlcore: fix unbalanced pm_runtime calls
Zichen Xie <zichenxie0106@gmail.com>
samples/landlock: Fix possible NULL dereference in parse_path()
Rob Herring (Arm) <robh@kernel.org>
mfd: syscon: Fix race in device_node_get_regmap()
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
mfd: syscon: Use scoped variables with memory allocators to simplify error paths
Peter Griffin <peter.griffin@linaro.org>
mfd: syscon: Add of_syscon_register_regmap() API
Peter Griffin <peter.griffin@linaro.org>
mfd: syscon: Remove extern from function prototypes
Karol Przybylski <karprzy7@gmail.com>
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
Amit Pundir <amit.pundir@linaro.org>
clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
OPP: OF: Fix an OF node leak in _opp_add_static_v2()
Eric Dumazet <edumazet@google.com>
ax25: rcu protect dev->ax25_ptr
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
regulator: of: Implement the unwind path of of_regulator_match()
Octavian Purdila <tavip@google.com>
team: prevent adding a device which is already a team device lower
Marek Vasut <marex@denx.de>
clk: imx8mp: Fix clkout1/2 support
Sultan Alsawaf (unemployed) <sultan@kerneltoast.com>
cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
Mingwei Zheng <zmw12306@gmail.com>
pwm: stm32-lp: Add check for clk_enable()
Eric Dumazet <edumazet@google.com>
inetpeer: do not get a refcount in inet_getpeer()
Eric Dumazet <edumazet@google.com>
inetpeer: update inetpeer timestamp in inet_getpeer()
Eric Dumazet <edumazet@google.com>
inetpeer: remove create argument of inet_getpeer()
Eric Dumazet <edumazet@google.com>
inetpeer: remove create argument of inet_getpeer_v[46]()
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
Matti Vaittinen <mazziesaccount@gmail.com>
dt-bindings: mfd: bd71815: Fix rsense and typos
He Rongguang <herongguang@linux.alibaba.com>
cpupower: fix TSC MHz calculation
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
ACPI: fan: cleanup resources in the error path of .probe()
Chen-Yu Tsai <wenst@chromium.org>
regulator: dt-bindings: mt6315: Drop regulator-compatible property
Jiri Kosina <jkosina@suse.com>
HID: multitouch: fix support for Goodix PID 0x01e9
Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
wifi: rtlwifi: destroy workqueue at rtl_deinit_core
Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
wifi: rtlwifi: remove unused check_buddy_priv
Dmitry Antipov <dmantipov@yandex.ru>
wifi: rtlwifi: remove unused dualmac control leftovers
Dmitry Antipov <dmantipov@yandex.ru>
wifi: rtlwifi: remove unused timer and related code
Geert Uytterhoeven <geert+renesas@glider.be>
dt-bindings: leds: class-multicolor: Fix path to color definitions
Neil Armstrong <neil.armstrong@linaro.org>
dt-bindings: mmc: controller: clarify the address-cells description
Mingwei Zheng <zmw12306@gmail.com>
spi: zynq-qspi: Add check for clk_enable()
Octavian Purdila <tavip@google.com>
net_sched: sch_sfq: don't allow 1 packet limit
Eric Dumazet <edumazet@google.com>
net_sched: sch_sfq: handle bigger packets
Eric Dumazet <edumazet@google.com>
net_sched: sch_sfq: annotate data-races around q->perturb_period
Barnabás Czémán <barnabas.czeman@mainlining.org>
wifi: wcn36xx: fix channel survey memory allocation size
Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
wifi: rtlwifi: usb: fix workqueue leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
wifi: rtlwifi: fix init_sw_vars leak when probe fails
Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
wifi: rtlwifi: wait for firmware loading before releasing memory
Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
wifi: rtlwifi: do not complete firmware loading needlessly
Balaji Pothunoori <quic_bpothuno@quicinc.com>
wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
Charles Han <hanchunchao@inspur.com>
ipmi: ipmb: Add check devm_kasprintf() returned value
Thomas Gleixner <tglx@linutronix.de>
genirq: Make handle_enforce_irqctx() unconditionally available
Hermes Wu <hermes.wu@ite.com.tw>
drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
Neil Armstrong <neil.armstrong@linaro.org>
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
Neil Armstrong <neil.armstrong@linaro.org>
OPP: add index check to assert to avoid buffer overflow in _read_freq()
Viresh Kumar <viresh.kumar@linaro.org>
OPP: Reuse dev_pm_opp_get_freq_indexed()
Viresh Kumar <viresh.kumar@linaro.org>
OPP: Add dev_pm_opp_find_freq_exact_indexed()
Manivannan Sadhasivam <mani@kernel.org>
OPP: Introduce dev_pm_opp_get_freq_indexed() API
Manivannan Sadhasivam <mani@kernel.org>
OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs
Viresh Kumar <viresh.kumar@linaro.org>
OPP: Rearrange entries in pm_opp.h
Andy Yan <andy.yan@rock-chips.com>
drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
Andy Yan <andy.yan@rock-chips.com>
drm/rockchip: vop2: Fix the windows switch between different layers
Andy Yan <andy.yan@rock-chips.com>
drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config
Andy Yan <andy.yan@rock-chips.com>
drm/rockchip: vop2: Set YUV/RGB overlay mode
Andy Yan <andy.yan@rock-chips.com>
drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
Andy Yan <andy.yan@rock-chips.com>
drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
Ivan Stepchenko <sid@itb.spb.ru>
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Alan Stern <stern@rowland.harvard.edu>
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
Sui Jingfeng <sui.jingfeng@linux.dev>
drm/etnaviv: Fix page property being used for non writecombine buffers
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm/dp: set safe_to_exit_level before printing it
Peter Zijlstra <peterz@infradead.org>
sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
Chengming Zhou <zhouchengming@bytedance.com>
sched/psi: Use task->psi_flags to clear in CPU migration
David Howells <dhowells@redhat.com>
afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
Christophe Leroy <christophe.leroy@csgroup.eu>
select: Fix unbalanced user_access_end()
Randy Dunlap <rdunlap@infradead.org>
partitions: ldm: remove the initial kernel-doc notation
Michael Ellerman <mpe@ellerman.id.au>
selftests/powerpc: Fix argument order to timer_sub()
Keisuke Nishimura <keisuke.nishimura@inria.fr>
nvme: Add error check for xa_store in nvme_get_effects_log
Eugen Hristev <eugen.hristev@linaro.org>
pstore/blk: trivial typo fixes
Yu Kuai <yukuai3@huawei.com>
nbd: don't allow reconnect after disconnect
Yang Erkun <yangerkun@huawei.com>
block: retry call probe after request_module in blk_request_module
Jinliang Zheng <alexjlzheng@gmail.com>
fs: fix proc_handler for sysctl_nr_open
David Howells <dhowells@redhat.com>
afs: Fix directory format encoding struct
David Howells <dhowells@redhat.com>
afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
Sourabh Jain <sourabhjain@linux.ibm.com>
powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
-------------
Diffstat:
.../bindings/leds/leds-class-multicolor.yaml | 2 +-
.../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +--
.../devicetree/bindings/mmc/mmc-controller.yaml | 2 +-
.../bindings/regulator/mt6315-regulator.yaml | 6 -
Documentation/kbuild/kconfig.rst | 9 ++
Makefile | 6 +-
arch/alpha/include/uapi/asm/ptrace.h | 2 +
arch/alpha/kernel/asm-offsets.c | 2 +
arch/alpha/kernel/entry.S | 24 ++-
arch/alpha/kernel/traps.c | 2 +-
arch/alpha/mm/fault.c | 4 +-
arch/arm/boot/dts/dra7-l4.dtsi | 2 +
arch/arm/boot/dts/mt7623.dtsi | 2 +-
arch/arm/mach-at91/pm.c | 31 ++--
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +---
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +---
.../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 +
.../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 ++
.../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 ++
.../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 -
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 -
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 --
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 +-
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +-
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 -
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 +-
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +-
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +-
arch/arm64/boot/dts/qcom/pm6150.dtsi | 2 +-
arch/arm64/boot/dts/qcom/pm6150l.dtsi | 35 +++++
arch/arm64/boot/dts/qcom/sc7180-idp.dts | 15 +-
.../arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 1 -
.../boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 1 -
.../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 7 +-
.../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 12 +-
.../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 12 +-
arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 9 +-
arch/arm64/boot/dts/qcom/sc7180.dtsi | 34 +----
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 6 +-
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +--
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 +-
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +-
.../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +-
arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 ++--
arch/arm64/boot/dts/qcom/sm8350.dtsi | 4 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 4 +-
arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +-
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 -
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 -
arch/arm64/kernel/cacheinfo.c | 12 +-
arch/arm64/kernel/vdso/vdso.lds.S | 1 +
arch/arm64/kernel/vmlinux.lds.S | 1 +
arch/arm64/mm/hugetlbpage.c | 12 ++
arch/hexagon/include/asm/cmpxchg.h | 2 +-
arch/hexagon/kernel/traps.c | 4 +-
arch/m68k/include/asm/vga.h | 8 +-
arch/mips/kernel/ftrace.c | 2 +-
arch/mips/loongson64/boardinfo.c | 2 -
arch/mips/math-emu/cp1emu.c | 2 +-
arch/powerpc/include/asm/hugetlb.h | 9 ++
arch/powerpc/kvm/e500_mmu_host.c | 21 +--
arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +-
arch/s390/Makefile | 2 +-
arch/s390/include/asm/futex.h | 2 +-
arch/s390/kvm/vsie.c | 25 +++-
arch/s390/purgatory/Makefile | 2 +-
arch/x86/boot/compressed/Makefile | 1 +
arch/x86/events/intel/core.c | 5 +-
arch/x86/include/asm/kexec.h | 18 ++-
arch/x86/include/asm/mmu.h | 2 +
arch/x86/include/asm/mmu_context.h | 1 +
arch/x86/include/asm/msr-index.h | 3 +-
arch/x86/include/asm/tlbflush.h | 1 +
arch/x86/kernel/amd_nb.c | 4 +
arch/x86/kernel/i8253.c | 11 +-
arch/x86/kernel/machine_kexec_64.c | 45 +++---
arch/x86/kernel/static_call.c | 1 -
arch/x86/kvm/hyperv.c | 6 +-
arch/x86/kvm/mmu/mmu.c | 2 +-
arch/x86/kvm/svm/nested.c | 10 +-
arch/x86/mm/tlb.c | 35 ++++-
arch/x86/xen/mmu_pv.c | 79 ++++++++--
arch/x86/xen/xen-head.S | 5 +-
block/blk-cgroup.c | 1 +
block/fops.c | 5 +-
block/genhd.c | 22 ++-
block/partitions/ldm.h | 2 +-
block/partitions/mac.c | 18 ++-
drivers/acpi/apei/ghes.c | 10 +-
drivers/acpi/fan_core.c | 10 +-
drivers/acpi/prmt.c | 4 +-
drivers/acpi/property.c | 10 +-
drivers/ata/libata-sff.c | 18 ++-
drivers/base/regmap/regmap-irq.c | 2 +
drivers/block/nbd.c | 1 +
drivers/char/ipmi/ipmb_dev_int.c | 3 +
drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +-
drivers/clk/imx/clk-imx8mp.c | 5 +-
drivers/clk/qcom/clk-alpha-pll.c | 2 +
drivers/clk/qcom/clk-rpmh.c | 2 +-
drivers/clk/qcom/dispcc-sm6350.c | 7 +-
drivers/clk/qcom/gcc-mdm9607.c | 2 +-
drivers/clk/qcom/gcc-sdm845.c | 32 ++--
drivers/clk/qcom/gcc-sm6350.c | 22 ++-
drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +-
drivers/clocksource/i8253.c | 13 +-
drivers/cpufreq/acpi-cpufreq.c | 36 +++--
drivers/cpufreq/s3c64xx-cpufreq.c | 11 +-
drivers/crypto/hisilicon/sec2/sec.h | 3 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 164 ++++++++++-----------
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 --
drivers/crypto/ixp4xx_crypto.c | 3 +
drivers/crypto/qce/aead.c | 2 +-
drivers/crypto/qce/core.c | 13 +-
drivers/crypto/qce/sha.c | 2 +-
drivers/crypto/qce/skcipher.c | 2 +-
drivers/dma/ti/edma.c | 3 +-
drivers/firmware/Kconfig | 2 +-
drivers/firmware/efi/efi.c | 6 +-
drivers/firmware/efi/libstub/Makefile | 2 +-
drivers/firmware/efi/libstub/randomalloc.c | 3 +
drivers/firmware/efi/libstub/relocate.c | 3 +
drivers/firmware/efi/sysfb_efi.c | 2 +-
drivers/gpio/gpio-bcm-kona.c | 71 +++++++--
drivers/gpio/gpio-mxc.c | 3 +-
drivers/gpio/gpio-pca953x.c | 19 ---
drivers/gpio/gpio-stmpe.c | 15 +-
drivers/gpio/gpio-xilinx.c | 56 +++----
drivers/gpio/gpiolib-acpi.c | 14 ++
.../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +-
.../amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c | 8 +
.../amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 8 +
drivers/gpu/drm/amd/display/dc/core/dc_link.c | 2 +-
.../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +-
.../gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 3 +
.../gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 5 +
.../drm/amd/display/dc/dcn314/dcn314_resource.c | 5 +
.../drm/amd/display/dc/dcn315/dcn315_resource.c | 2 +
.../drm/amd/display/dc/dcn316/dcn316_resource.c | 2 +
.../gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 5 +
.../drm/amd/display/dc/dcn321/dcn321_resource.c | 2 +
.../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 +
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 +-
drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 -
.../drm/arm/display/komeda/komeda_wb_connector.c | 4 +
drivers/gpu/drm/bridge/ite-it6505.c | 65 ++++----
drivers/gpu/drm/display/drm_dp_cec.c | 14 +-
drivers/gpu/drm/drm_fb_helper.c | 14 +-
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +-
drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 -
drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 ++-
drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +-
drivers/gpu/drm/msm/dp/dp_audio.c | 2 +-
drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +-
drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 1 +
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 120 +++++++++++----
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 1 +
drivers/gpu/drm/tidss/tidss_dispc.c | 22 +--
drivers/gpu/drm/v3d/v3d_perfmon.c | 5 +
drivers/gpu/drm/virtio/virtgpu_drv.h | 7 +
drivers/gpu/drm/virtio/virtgpu_plane.c | 58 +++++---
drivers/hid/hid-core.c | 2 +
drivers/hid/hid-multitouch.c | 7 +-
drivers/hid/hid-sensor-hub.c | 21 ++-
drivers/hid/hid-thrustmaster.c | 8 +
drivers/hid/wacom_wac.c | 5 +
drivers/i2c/i2c-core-acpi.c | 22 +++
drivers/i3c/master.c | 2 +-
drivers/i3c/master/i3c-master-cdns.c | 1 +
drivers/iio/light/as73211.c | 24 ++-
drivers/infiniband/hw/cxgb4/device.c | 6 +-
drivers/infiniband/hw/efa/efa_main.c | 9 +-
drivers/infiniband/hw/mlx4/main.c | 6 +-
drivers/infiniband/hw/mlx5/odp.c | 32 ++--
drivers/infiniband/sw/rxe/rxe_pool.c | 11 +-
drivers/infiniband/ulp/srp/ib_srp.c | 1 -
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 ++-
drivers/irqchip/irq-apple-aic.c | 3 +-
drivers/leds/leds-lp8860.c | 2 +-
drivers/leds/leds-netxbig.c | 1 +
drivers/mailbox/tegra-hsp.c | 6 +-
drivers/md/dm-crypt.c | 27 ++--
drivers/media/dvb-frontends/cxd2841er.c | 8 +-
drivers/media/i2c/ccs/ccs-core.c | 6 +-
drivers/media/i2c/ccs/ccs-data.c | 14 +-
drivers/media/i2c/imx412.c | 42 +++---
drivers/media/i2c/ov5640.c | 1 +
drivers/media/i2c/ov9282.c | 2 +-
drivers/media/platform/marvell/mcam-core.c | 7 +-
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +-
.../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +-
.../media/platform/samsung/s3c-camif/camif-core.c | 13 +-
drivers/media/rc/iguanair.c | 4 +-
drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 +-
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +-
drivers/media/usb/uvc/uvc_ctrl.c | 8 +-
drivers/media/usb/uvc/uvc_driver.c | 70 ++++-----
drivers/media/usb/uvc/uvc_queue.c | 3 +-
drivers/media/usb/uvc/uvc_status.c | 1 +
drivers/media/v4l2-core/v4l2-mc.c | 2 +-
drivers/memory/tegra/tegra20-emc.c | 8 +-
drivers/mfd/lpc_ich.c | 3 +-
drivers/mfd/syscon.c | 81 +++++++---
drivers/misc/cardreader/rtsx_usb.c | 15 ++
drivers/misc/fastrpc.c | 8 +-
drivers/mmc/core/sdio.c | 2 +
drivers/mmc/host/mtk-sd.c | 31 ++--
drivers/mmc/host/sdhci-msm.c | 53 ++++++-
drivers/mtd/hyperbus/hbmc-am654.c | 25 ++--
drivers/mtd/nand/onenand/onenand_base.c | 1 +
drivers/net/can/c_can/c_can_platform.c | 5 +-
drivers/net/can/ctucanfd/ctucanfd_base.c | 10 +-
drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +-
drivers/net/ethernet/broadcom/bgmac.h | 3 +-
drivers/net/ethernet/broadcom/tg3.c | 58 ++++++++
drivers/net/ethernet/davicom/dm9000.c | 3 +-
drivers/net/ethernet/freescale/fec_main.c | 31 +++-
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 ++
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 +
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 ++-
.../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 +--
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 -
.../net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 +-
drivers/net/ethernet/renesas/sh_eth.c | 4 +
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/netdevsim/ipsec.c | 12 +-
drivers/net/netdevsim/netdevsim.h | 1 +
drivers/net/netdevsim/udp_tunnels.c | 23 +--
drivers/net/phy/nxp-c45-tja11xx.c | 2 +
drivers/net/team/team.c | 11 +-
drivers/net/tun.c | 2 +-
drivers/net/usb/rtl8150.c | 22 +++
drivers/net/vxlan/vxlan_core.c | 7 +-
drivers/net/vxlan/vxlan_vnifilter.c | 5 +
drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +-
drivers/net/wireless/ath/wcn36xx/main.c | 5 +-
.../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 +
.../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 +-
.../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 +
drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +-
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 8 +-
drivers/net/wireless/mediatek/mt76/usb.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/base.c | 29 +---
drivers/net/wireless/realtek/rtlwifi/base.h | 2 -
drivers/net/wireless/realtek/rtlwifi/pci.c | 66 ++-------
.../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +-
.../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +-
drivers/net/wireless/realtek/rtlwifi/wifi.h | 23 ---
drivers/net/wireless/ti/wlcore/main.c | 10 +-
drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++++++-
drivers/nvme/host/core.c | 16 +-
drivers/nvme/host/ioctl.c | 8 +-
drivers/nvme/host/pci.c | 4 +-
drivers/nvmem/core.c | 2 +
drivers/nvmem/qcom-spmi-sdam.c | 1 +
drivers/of/base.c | 8 +-
drivers/of/of_reserved_mem.c | 7 +-
drivers/opp/core.c | 156 ++++++++++++++++----
drivers/opp/of.c | 4 +-
drivers/parport/parport_pc.c | 5 +
drivers/pci/controller/pcie-rcar-ep.c | 2 +-
drivers/pci/endpoint/functions/pci-epf-test.c | 51 +++----
drivers/pci/endpoint/pci-epc-core.c | 2 +-
drivers/pci/endpoint/pci-epf-core.c | 1 +
drivers/pci/quirks.c | 12 ++
drivers/pci/switch/switchtec.c | 26 ++++
drivers/pinctrl/pinctrl-cy8c95x0.c | 2 +-
drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 105 +++++++++----
drivers/platform/x86/acer-wmi.c | 4 +
drivers/platform/x86/intel/int3472/discrete.c | 3 +
drivers/platform/x86/intel/int3472/tps68470.c | 3 +
drivers/pps/clients/pps-gpio.c | 4 +-
drivers/pps/clients/pps-ktimer.c | 4 +-
drivers/pps/clients/pps-ldisc.c | 6 +-
drivers/pps/clients/pps_parport.c | 4 +-
drivers/pps/kapi.c | 10 +-
drivers/pps/kc.c | 10 +-
drivers/pps/pps.c | 127 ++++++++--------
drivers/ptp/ptp_chardev.c | 4 +
drivers/ptp/ptp_clock.c | 8 +
drivers/ptp/ptp_ocp.c | 2 +-
drivers/pwm/pwm-stm32-lp.c | 8 +-
drivers/pwm/pwm-stm32.c | 7 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/of_regulator.c | 14 +-
drivers/remoteproc/remoteproc_core.c | 14 +-
drivers/rtc/rtc-pcf85063.c | 11 +-
drivers/rtc/rtc-zynqmp.c | 4 +-
drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +-
drivers/scsi/qla2xxx/qla_def.h | 2 +
drivers/scsi/qla2xxx/qla_dfs.c | 122 ++++++++++++---
drivers/scsi/qla2xxx/qla_gbl.h | 3 +
drivers/scsi/qla2xxx/qla_init.c | 28 ++--
drivers/scsi/storvsc_drv.c | 1 +
drivers/soc/atmel/soc.c | 2 +-
drivers/soc/qcom/smem_state.c | 3 +-
drivers/soc/qcom/socinfo.c | 2 +-
drivers/spi/spi-zynq-qspi.c | 13 +-
drivers/staging/media/imx/imx-media-of.c | 8 +-
drivers/staging/media/max96712/max96712.c | 4 +-
drivers/tty/serial/8250/8250.h | 2 +
drivers/tty/serial/8250/8250_dma.c | 16 ++
drivers/tty/serial/8250/8250_pci.c | 10 ++
drivers/tty/serial/8250/8250_port.c | 41 +++++-
drivers/tty/serial/sh-sci.c | 25 +++-
drivers/tty/serial/xilinx_uartps.c | 10 +-
drivers/ufs/core/ufs_bsg.c | 2 +
drivers/usb/chipidea/ci_hdrc_imx.c | 31 ++--
drivers/usb/class/cdc-acm.c | 28 +++-
drivers/usb/core/hub.c | 14 +-
drivers/usb/core/quirks.c | 6 +
drivers/usb/dwc2/gadget.c | 1 +
drivers/usb/dwc3/core.c | 30 ++--
drivers/usb/dwc3/dwc3-am62.c | 1 +
drivers/usb/dwc3/gadget.c | 34 +++++
drivers/usb/gadget/function/f_midi.c | 8 +-
drivers/usb/gadget/function/f_tcm.c | 66 ++++-----
drivers/usb/gadget/udc/renesas_usb3.c | 2 +-
drivers/usb/host/pci-quirks.c | 9 ++
drivers/usb/host/xhci-ring.c | 3 +-
drivers/usb/roles/class.c | 5 +-
drivers/usb/serial/option.c | 49 +++---
drivers/usb/typec/tcpm/tcpci.c | 13 +-
drivers/usb/typec/tcpm/tcpm.c | 10 +-
drivers/vfio/iova_bitmap.c | 2 +-
drivers/vfio/pci/vfio_pci_rdwr.c | 1 +
drivers/vfio/platform/vfio_platform_common.c | 10 ++
drivers/video/fbdev/omap/lcd_dma.c | 4 +-
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 +
drivers/xen/swiotlb-xen.c | 20 ++-
fs/afs/dir.c | 7 +-
fs/afs/xdr_fs.h | 2 +-
fs/afs/yfsclient.c | 5 +-
fs/binfmt_flat.c | 2 +-
fs/btrfs/file.c | 6 +-
fs/btrfs/inode.c | 4 +-
fs/btrfs/relocation.c | 14 +-
fs/btrfs/super.c | 2 +-
fs/btrfs/transaction.c | 4 +-
fs/cachefiles/interface.c | 14 +-
fs/cachefiles/ondemand.c | 30 +++-
fs/exec.c | 29 +++-
fs/f2fs/dir.c | 53 +++++--
fs/f2fs/f2fs.h | 6 +-
fs/f2fs/file.c | 13 ++
fs/f2fs/inline.c | 5 +-
fs/file_table.c | 2 +-
fs/nfs/flexfilelayout/flexfilelayout.c | 27 +++-
fs/nfs/nfs42proc.c | 2 +-
fs/nfs/nfs42xdr.c | 2 +
fs/nfsd/nfs2acl.c | 2 +
fs/nfsd/nfs3acl.c | 2 +
fs/nfsd/nfs4callback.c | 8 +-
fs/nilfs2/inode.c | 10 +-
fs/nilfs2/mdt.c | 6 +-
fs/nilfs2/page.c | 55 ++++---
fs/nilfs2/page.h | 4 +-
fs/nilfs2/segment.c | 4 +-
fs/ocfs2/dir.c | 25 +++-
fs/ocfs2/quota_global.c | 5 +
fs/ocfs2/super.c | 2 +-
fs/ocfs2/symlink.c | 5 +-
fs/orangefs/orangefs-debugfs.c | 4 +-
fs/proc/array.c | 2 +-
fs/pstore/blk.c | 4 +-
fs/select.c | 4 +-
fs/smb/client/cifsglob.h | 14 +-
fs/smb/client/smb1ops.c | 2 +-
fs/smb/client/smb2ops.c | 21 +--
fs/smb/client/smb2pdu.c | 2 +-
fs/smb/client/smb2proto.h | 2 +-
fs/smb/server/transport_ipc.c | 9 ++
fs/ubifs/debug.c | 22 +--
fs/xfs/xfs_inode.c | 7 +-
fs/xfs/xfs_qm_bhv.c | 41 ++++--
fs/xfs/xfs_super.c | 11 +-
include/linux/binfmts.h | 4 +-
include/linux/cgroup-defs.h | 6 +-
include/linux/efi.h | 1 +
include/linux/i8253.h | 1 +
include/linux/ieee80211.h | 11 +-
include/linux/iommu.h | 2 +-
include/linux/kallsyms.h | 2 +-
include/linux/kvm_host.h | 9 ++
include/linux/mfd/syscon.h | 33 +++--
include/linux/mlx5/driver.h | 1 -
include/linux/netdevice.h | 8 +-
include/linux/pci_ids.h | 4 +
include/linux/pm_opp.h | 72 ++++++---
include/linux/pps_kernel.h | 3 +-
include/linux/sched.h | 4 +-
include/linux/sched/task.h | 1 +
include/linux/usb/tcpm.h | 3 +-
include/net/ax25.h | 10 +-
include/net/inetpeer.h | 12 +-
include/net/l3mdev.h | 2 +
include/net/net_namespace.h | 15 +-
include/net/route.h | 9 +-
include/net/sch_generic.h | 2 +-
include/rv/da_monitor.h | 4 +
include/uapi/linux/input-event-codes.h | 1 +
include/ufs/ufs.h | 4 +-
io_uring/io_uring.c | 5 +-
io_uring/net.c | 5 +
io_uring/poll.c | 4 +
io_uring/rw.c | 10 ++
kernel/cgroup/cgroup.c | 20 ++-
kernel/cgroup/rstat.c | 1 -
kernel/debug/kdb/kdb_io.c | 2 +
kernel/irq/internals.h | 9 +-
kernel/padata.c | 45 ++++--
kernel/power/hibernate.c | 7 +-
kernel/printk/printk.c | 2 +-
kernel/sched/core.c | 8 +-
kernel/sched/cpufreq_schedutil.c | 4 +-
kernel/sched/fair.c | 17 ++-
kernel/sched/stats.h | 22 +--
kernel/time/clocksource.c | 9 +-
kernel/trace/bpf_trace.c | 2 +-
lib/Kconfig.debug | 8 +-
lib/maple_tree.c | 22 +--
mm/gup.c | 14 +-
mm/kfence/core.c | 2 +
mm/kmemleak.c | 2 +-
net/ax25/af_ax25.c | 23 ++-
net/ax25/ax25_dev.c | 4 +-
net/ax25/ax25_ip.c | 3 +-
net/ax25/ax25_out.c | 22 ++-
net/ax25/ax25_route.c | 2 +
net/batman-adv/bat_v.c | 2 -
net/batman-adv/bat_v_elp.c | 122 ++++++++++-----
net/batman-adv/bat_v_elp.h | 2 -
net/batman-adv/types.h | 3 -
net/bluetooth/l2cap_sock.c | 7 +-
net/bluetooth/mgmt.c | 12 +-
net/can/j1939/socket.c | 4 +-
net/can/j1939/transport.c | 5 +-
net/core/filter.c | 2 +-
net/core/flow_dissector.c | 21 +--
net/core/neighbour.c | 11 +-
net/core/sysctl_net_core.c | 5 +-
net/dsa/slave.c | 7 +-
net/ethtool/netlink.c | 2 +-
net/hsr/hsr_forward.c | 7 +-
net/ipv4/arp.c | 4 +-
net/ipv4/devinet.c | 3 +-
net/ipv4/icmp.c | 40 ++---
net/ipv4/inetpeer.c | 31 +---
net/ipv4/ip_fragment.c | 15 +-
net/ipv4/ipmr_base.c | 3 -
net/ipv4/route.c | 56 +++++--
net/ipv4/tcp_cubic.c | 8 +-
net/ipv4/udp.c | 4 +-
net/ipv6/icmp.c | 6 +-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/mcast.c | 14 +-
net/ipv6/ndisc.c | 36 +++--
net/ipv6/route.c | 7 +-
net/ipv6/udp.c | 4 +-
net/mac80211/debugfs_netdev.c | 2 +-
net/mptcp/options.c | 13 +-
net/mptcp/pm_netlink.c | 3 +-
net/mptcp/protocol.c | 5 +-
net/mptcp/protocol.h | 30 ++--
net/ncsi/internal.h | 2 +
net/ncsi/ncsi-cmd.c | 3 +-
net/ncsi/ncsi-manage.c | 38 +++--
net/ncsi/ncsi-pkt.h | 10 ++
net/ncsi/ncsi-rsp.c | 58 ++++++--
net/netfilter/nf_tables_api.c | 8 +-
net/netfilter/nft_flow_offload.c | 16 +-
net/nfc/nci/hci.c | 2 +
net/openvswitch/datapath.c | 12 +-
net/rose/af_rose.c | 40 +++--
net/rose/rose_timer.c | 15 ++
net/sched/sch_api.c | 4 +
net/sched/sch_netem.c | 2 +-
net/sched/sch_sfq.c | 58 ++++----
net/smc/af_smc.c | 2 +-
net/smc/smc_rx.c | 37 +++--
net/smc/smc_rx.h | 8 +-
net/tipc/crypto.c | 4 +-
net/wireless/scan.c | 35 +++++
net/xfrm/xfrm_replay.c | 10 +-
samples/landlock/sandboxer.c | 7 +
scripts/Makefile.extrawarn | 5 +-
scripts/Makefile.lib | 4 +-
scripts/genksyms/genksyms.c | 11 +-
scripts/genksyms/genksyms.h | 2 +-
scripts/genksyms/parse.y | 18 ++-
scripts/kconfig/conf.c | 6 +
scripts/kconfig/confdata.c | 102 ++++++-------
scripts/kconfig/lkc_proto.h | 2 +
scripts/kconfig/symbol.c | 10 ++
security/landlock/fs.c | 11 +-
security/safesetid/securityfs.c | 3 +
security/tomoyo/common.c | 2 +-
sound/pci/hda/hda_auto_parser.c | 8 +-
sound/pci/hda/hda_auto_parser.h | 1 +
sound/pci/hda/patch_realtek.c | 3 +
sound/soc/amd/Kconfig | 2 +-
sound/soc/amd/yc/acp6x-mach.c | 28 ++++
sound/soc/intel/avs/apl.c | 2 +-
sound/soc/intel/boards/bytcr_rt5640.c | 17 ++-
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +++-
sound/soc/sh/rz-ssi.c | 3 +-
sound/soc/soc-pcm.c | 31 +++-
sound/soc/sunxi/sun4i-spdif.c | 7 +
sound/usb/quirks.c | 2 +
tools/bootconfig/main.c | 4 +-
tools/lib/bpf/linker.c | 22 +--
tools/lib/bpf/usdt.c | 2 +-
tools/perf/bench/epoll-wait.c | 7 +-
tools/perf/builtin-report.c | 2 +-
tools/perf/builtin-top.c | 2 +-
tools/perf/builtin-trace.c | 6 +-
tools/perf/util/bpf-event.c | 10 +-
tools/perf/util/env.c | 13 +-
tools/perf/util/env.h | 4 +-
tools/perf/util/header.c | 8 +-
tools/perf/util/namespaces.c | 7 +-
tools/perf/util/namespaces.h | 3 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +-
tools/testing/ktest/ktest.pl | 7 +-
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 +
.../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +-
tools/testing/selftests/gpio/gpio-sim.sh | 31 +++-
tools/testing/selftests/kselftest_harness.h | 24 +--
tools/testing/selftests/landlock/fs_test.c | 3 +-
tools/testing/selftests/net/ipsec.c | 3 +-
tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +-
tools/testing/selftests/net/pmtu.sh | 112 +++++++++++---
tools/testing/selftests/net/rtnetlink.sh | 4 +-
tools/testing/selftests/net/udpgso.c | 26 ++++
.../selftests/powerpc/benchmarks/gettimeofday.c | 2 +-
.../testing/selftests/timers/clocksource-switch.c | 6 +-
tools/tracing/rtla/src/osnoise.c | 2 +-
tools/tracing/rtla/src/timerlat_hist.c | 19 ++-
tools/tracing/rtla/src/timerlat_top.c | 20 ++-
tools/tracing/rtla/src/trace.c | 8 +
tools/tracing/rtla/src/trace.h | 1 +
553 files changed, 4631 insertions(+), 2332 deletions(-)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 001/578] powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 002/578] afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY Greg Kroah-Hartman
` (585 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ritesh Harjani (IBM), Sourabh Jain,
Madhavan Srinivasan, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sourabh Jain <sourabhjain@linux.ibm.com>
[ Upstream commit d629d7a8efc33d05d62f4805c0ffb44727e3d99f ]
Commit 8597538712eb ("powerpc/fadump: Do not use hugepages when fadump
is active") disabled hugetlb support when fadump is active by returning
early from hugetlbpage_init():arch/powerpc/mm/hugetlbpage.c and not
populating hpage_shift/HPAGE_SHIFT.
Later, commit 2354ad252b66 ("powerpc/mm: Update default hugetlb size
early") moved the allocation of hpage_shift/HPAGE_SHIFT to early boot,
which inadvertently re-enabled hugetlb support when fadump is active.
Fix this by implementing hugepages_supported() on powerpc. This ensures
that disabling hugetlb for the fadump kernel is independent of
hpage_shift/HPAGE_SHIFT.
Fixes: 2354ad252b66 ("powerpc/mm: Update default hugetlb size early")
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Signed-off-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Signed-off-by: Madhavan Srinivasan <maddy@linux.ibm.com>
Link: https://patch.msgid.link/20241217074640.1064510-1-sourabhjain@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/hugetlb.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/powerpc/include/asm/hugetlb.h b/arch/powerpc/include/asm/hugetlb.h
index ea71f7245a63e..8d8f4909ae1a4 100644
--- a/arch/powerpc/include/asm/hugetlb.h
+++ b/arch/powerpc/include/asm/hugetlb.h
@@ -15,6 +15,15 @@
extern bool hugetlb_disabled;
+static inline bool hugepages_supported(void)
+{
+ if (hugetlb_disabled)
+ return false;
+
+ return HPAGE_SHIFT != 0;
+}
+#define hugepages_supported hugepages_supported
+
void __init hugetlbpage_init_defaultsize(void);
int slice_is_hugepage_only_range(struct mm_struct *mm, unsigned long addr,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 002/578] afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 001/578] powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 003/578] afs: Fix directory format encoding struct Greg Kroah-Hartman
` (584 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Howells, Marc Dionne,
linux-afs, Christian Brauner, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
[ Upstream commit b49194da2aff2c879dec9c59ef8dec0f2b0809ef ]
AFS servers pass back a code indicating EEXIST when they're asked to remove
a directory that is not empty rather than ENOTEMPTY because not all the
systems that an AFS server can run on have the latter error available and
AFS preexisted the addition of that error in general.
Fix afs_rmdir() to translate EEXIST to ENOTEMPTY.
Fixes: 260a980317da ("[AFS]: Add "directory write" support.")
Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/20241216204124.3752367-13-dhowells@redhat.com
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/afs/dir.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/afs/dir.c b/fs/afs/dir.c
index 38d5260c4614f..cb537c669a8e8 100644
--- a/fs/afs/dir.c
+++ b/fs/afs/dir.c
@@ -1457,7 +1457,12 @@ static int afs_rmdir(struct inode *dir, struct dentry *dentry)
op->file[1].vnode = vnode;
}
- return afs_do_sync_operation(op);
+ ret = afs_do_sync_operation(op);
+
+ /* Not all systems that can host afs servers have ENOTEMPTY. */
+ if (ret == -EEXIST)
+ ret = -ENOTEMPTY;
+ return ret;
error:
return afs_put_operation(op);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 003/578] afs: Fix directory format encoding struct
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 001/578] powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 002/578] afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 004/578] fs: fix proc_handler for sysctl_nr_open Greg Kroah-Hartman
` (583 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Howells, Marc Dionne,
linux-afs, Christian Brauner, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
[ Upstream commit 07a10767853adcbdbf436dc91393b729b52c4e81 ]
The AFS directory format structure, union afs_xdr_dir_block::meta, has too
many alloc counter slots declared and so pushes the hash table along and
over the data. This doesn't cause a problem at the moment because I'm
currently ignoring the hash table and only using the correct number of
alloc_ctrs in the code anyway. In future, however, I should start using
the hash table to try and speed up afs_lookup().
Fix this by using the correct constant to declare the counter array.
Fixes: 4ea219a839bf ("afs: Split the directory content defs into a header")
Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/20241216204124.3752367-14-dhowells@redhat.com
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/afs/xdr_fs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/afs/xdr_fs.h b/fs/afs/xdr_fs.h
index 8ca8681645077..cc5f143d21a34 100644
--- a/fs/afs/xdr_fs.h
+++ b/fs/afs/xdr_fs.h
@@ -88,7 +88,7 @@ union afs_xdr_dir_block {
struct {
struct afs_xdr_dir_hdr hdr;
- u8 alloc_ctrs[AFS_DIR_MAX_BLOCKS];
+ u8 alloc_ctrs[AFS_DIR_BLOCKS_WITH_CTR];
__be16 hashtable[AFS_DIR_HASHTBL_SIZE];
} meta;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 004/578] fs: fix proc_handler for sysctl_nr_open
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 003/578] afs: Fix directory format encoding struct Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 005/578] block: retry call probe after request_module in blk_request_module Greg Kroah-Hartman
` (582 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jinliang Zheng, Christian Brauner,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinliang Zheng <alexjlzheng@gmail.com>
[ Upstream commit d727935cad9f6f52c8d184968f9720fdc966c669 ]
Use proc_douintvec_minmax() instead of proc_dointvec_minmax() to handle
sysctl_nr_open, because its data type is unsigned int, not int.
Fixes: 9b80a184eaad ("fs/file: more unsigned file descriptors")
Signed-off-by: Jinliang Zheng <alexjlzheng@tencent.com>
Link: https://lore.kernel.org/r/20241124034636.325337-1-alexjlzheng@tencent.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/file_table.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/file_table.c b/fs/file_table.c
index dd88701e54a93..cecc866871bc1 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -110,7 +110,7 @@ static struct ctl_table fs_stat_sysctls[] = {
.data = &sysctl_nr_open,
.maxlen = sizeof(unsigned int),
.mode = 0644,
- .proc_handler = proc_dointvec_minmax,
+ .proc_handler = proc_douintvec_minmax,
.extra1 = &sysctl_nr_open_min,
.extra2 = &sysctl_nr_open_max,
},
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 005/578] block: retry call probe after request_module in blk_request_module
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 004/578] fs: fix proc_handler for sysctl_nr_open Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 006/578] nbd: dont allow reconnect after disconnect Greg Kroah-Hartman
` (581 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Yang Erkun,
Jens Axboe, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yang Erkun <yangerkun@huawei.com>
[ Upstream commit 457ef47c08d2979f3e59ce66267485c3faed70c8 ]
Set kernel config:
CONFIG_BLK_DEV_LOOP=m
CONFIG_BLK_DEV_LOOP_MIN_COUNT=0
Do latter:
mknod loop0 b 7 0
exec 4<> loop0
Before commit e418de3abcda ("block: switch gendisk lookup to a simple
xarray"), lookup_gendisk will first use base_probe to load module loop,
and then the retry will call loop_probe to prepare the loop disk. Finally
open for this disk will success. However, after this commit, we lose the
retry logic, and open will fail with ENXIO. Block device autoloading is
deprecated and will be removed soon, but maybe we should keep open success
until we really remove it. So, give a retry to fix it.
Fixes: e418de3abcda ("block: switch gendisk lookup to a simple xarray")
Suggested-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Yang Erkun <yangerkun@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20241209110435.3670985-1-yangerkun@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/genhd.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/block/genhd.c b/block/genhd.c
index 8256e11f85b7d..1cb517969607c 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -738,7 +738,7 @@ static ssize_t disk_badblocks_store(struct device *dev,
}
#ifdef CONFIG_BLOCK_LEGACY_AUTOLOAD
-void blk_request_module(dev_t devt)
+static bool blk_probe_dev(dev_t devt)
{
unsigned int major = MAJOR(devt);
struct blk_major_name **n;
@@ -748,14 +748,26 @@ void blk_request_module(dev_t devt)
if ((*n)->major == major && (*n)->probe) {
(*n)->probe(devt);
mutex_unlock(&major_names_lock);
- return;
+ return true;
}
}
mutex_unlock(&major_names_lock);
+ return false;
+}
+
+void blk_request_module(dev_t devt)
+{
+ int error;
+
+ if (blk_probe_dev(devt))
+ return;
- if (request_module("block-major-%d-%d", MAJOR(devt), MINOR(devt)) > 0)
- /* Make old-style 2.4 aliases work */
- request_module("block-major-%d", MAJOR(devt));
+ error = request_module("block-major-%d-%d", MAJOR(devt), MINOR(devt));
+ /* Make old-style 2.4 aliases work */
+ if (error > 0)
+ error = request_module("block-major-%d", MAJOR(devt));
+ if (!error)
+ blk_probe_dev(devt);
}
#endif /* CONFIG_BLOCK_LEGACY_AUTOLOAD */
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 006/578] nbd: dont allow reconnect after disconnect
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 005/578] block: retry call probe after request_module in blk_request_module Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 007/578] pstore/blk: trivial typo fixes Greg Kroah-Hartman
` (580 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+6b0df248918b92c33e6a, Yu Kuai,
Christoph Hellwig, Jens Axboe, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 844b8cdc681612ff24df62cdefddeab5772fadf1 ]
Following process can cause nbd_config UAF:
1) grab nbd_config temporarily;
2) nbd_genl_disconnect() flush all recv_work() and release the
initial reference:
nbd_genl_disconnect
nbd_disconnect_and_put
nbd_disconnect
flush_workqueue(nbd->recv_workq)
if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))
nbd_config_put
-> due to step 1), reference is still not zero
3) nbd_genl_reconfigure() queue recv_work() again;
nbd_genl_reconfigure
config = nbd_get_config_unlocked(nbd)
if (!config)
-> succeed
if (!test_bit(NBD_RT_BOUND, ...))
-> succeed
nbd_reconnect_socket
queue_work(nbd->recv_workq, &args->work)
4) step 1) release the reference;
5) Finially, recv_work() will trigger UAF:
recv_work
nbd_config_put(nbd)
-> nbd_config is freed
atomic_dec(&config->recv_threads)
-> UAF
Fix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so
that nbd_genl_reconfigure() will fail.
Fixes: b7aa3d39385d ("nbd: add a reconfigure netlink command")
Reported-by: syzbot+6b0df248918b92c33e6a@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/675bfb65.050a0220.1a2d0d.0006.GAE@google.com/
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20250103092859.3574648-1-yukuai1@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 1f3cd5de41172..7f6ef0a2b4a5c 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -2133,6 +2133,7 @@ static void nbd_disconnect_and_put(struct nbd_device *nbd)
flush_workqueue(nbd->recv_workq);
nbd_clear_que(nbd);
nbd->task_setup = NULL;
+ clear_bit(NBD_RT_BOUND, &nbd->config->runtime_flags);
mutex_unlock(&nbd->config_lock);
if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 007/578] pstore/blk: trivial typo fixes
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 006/578] nbd: dont allow reconnect after disconnect Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 008/578] nvme: Add error check for xa_store in nvme_get_effects_log Greg Kroah-Hartman
` (579 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Eugen Hristev, Kees Cook,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eugen Hristev <eugen.hristev@linaro.org>
[ Upstream commit 542243af7182efaeaf6d0f4643f7de437541a9af ]
Fix trivial typos in comments.
Fixes: 2a03ddbde1e1 ("pstore/blk: Move verify_size() macro out of function")
Fixes: 17639f67c1d6 ("pstore/blk: Introduce backend for block devices")
Signed-off-by: Eugen Hristev <eugen.hristev@linaro.org>
Link: https://lore.kernel.org/r/20250101111921.850406-1-eugen.hristev@linaro.org
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/pstore/blk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/pstore/blk.c b/fs/pstore/blk.c
index 4ae0cfcd15f20..c6911c9997628 100644
--- a/fs/pstore/blk.c
+++ b/fs/pstore/blk.c
@@ -89,7 +89,7 @@ static struct pstore_device_info *pstore_device_info;
_##name_ = check_size(name, alignsize); \
else \
_##name_ = 0; \
- /* Synchronize module parameters with resuls. */ \
+ /* Synchronize module parameters with results. */ \
name = _##name_ / 1024; \
dev->zone.name = _##name_; \
}
@@ -121,7 +121,7 @@ static int __register_pstore_device(struct pstore_device_info *dev)
if (pstore_device_info)
return -EBUSY;
- /* zero means not limit on which backends to attempt to store. */
+ /* zero means no limit on which backends attempt to store. */
if (!dev->flags)
dev->flags = UINT_MAX;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 008/578] nvme: Add error check for xa_store in nvme_get_effects_log
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 007/578] pstore/blk: trivial typo fixes Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 009/578] selftests/powerpc: Fix argument order to timer_sub() Greg Kroah-Hartman
` (578 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Keisuke Nishimura, Christoph Hellwig,
Sagi Grimberg, Keith Busch, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Keisuke Nishimura <keisuke.nishimura@inria.fr>
[ Upstream commit ac32057acc7f3d7a238dafaa9b2aa2bc9750080e ]
The xa_store() may fail due to memory allocation failure because there
is no guarantee that the index csi is already used. This fix adds an
error check of the return value of xa_store() in nvme_get_effects_log().
Fixes: 1cf7a12e09aa ("nvme: use an xarray to lookup the Commands Supported and Effects log")
Signed-off-by: Keisuke Nishimura <keisuke.nishimura@inria.fr>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/core.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 92ffeb6605618..abca395385b2e 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -3099,7 +3099,7 @@ int nvme_get_log(struct nvme_ctrl *ctrl, u32 nsid, u8 log_page, u8 lsp, u8 csi,
static int nvme_get_effects_log(struct nvme_ctrl *ctrl, u8 csi,
struct nvme_effects_log **log)
{
- struct nvme_effects_log *cel = xa_load(&ctrl->cels, csi);
+ struct nvme_effects_log *old, *cel = xa_load(&ctrl->cels, csi);
int ret;
if (cel)
@@ -3116,7 +3116,11 @@ static int nvme_get_effects_log(struct nvme_ctrl *ctrl, u8 csi,
return ret;
}
- xa_store(&ctrl->cels, csi, cel, GFP_KERNEL);
+ old = xa_store(&ctrl->cels, csi, cel, GFP_KERNEL);
+ if (xa_is_err(old)) {
+ kfree(cel);
+ return xa_err(old);
+ }
out:
*log = cel;
return 0;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 009/578] selftests/powerpc: Fix argument order to timer_sub()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 008/578] nvme: Add error check for xa_store in nvme_get_effects_log Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 010/578] partitions: ldm: remove the initial kernel-doc notation Greg Kroah-Hartman
` (577 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Ellerman,
Madhavan Srinivasan, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit 2bf66e66d2e6feece6175ec09ec590a0a8563bdd ]
Commit c814bf958926 ("powerpc/selftests: Use timersub() for
gettimeofday()"), got the order of arguments to timersub() wrong,
leading to a negative time delta being reported, eg:
test: gettimeofday
tags: git_version:v6.12-rc5-409-gdddf291c3030
time = -3.297781
success: gettimeofday
The correct order is minuend, subtrahend, which in this case is end,
start. Which gives:
test: gettimeofday
tags: git_version:v6.12-rc5-409-gdddf291c3030-dirty
time = 3.300650
success: gettimeofday
Fixes: c814bf958926 ("powerpc/selftests: Use timersub() for gettimeofday()")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Madhavan Srinivasan <maddy@linux.ibm.com>
Link: https://patch.msgid.link/20241218114347.428108-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/powerpc/benchmarks/gettimeofday.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/powerpc/benchmarks/gettimeofday.c b/tools/testing/selftests/powerpc/benchmarks/gettimeofday.c
index 580fcac0a09f3..b71ef8a493ed1 100644
--- a/tools/testing/selftests/powerpc/benchmarks/gettimeofday.c
+++ b/tools/testing/selftests/powerpc/benchmarks/gettimeofday.c
@@ -20,7 +20,7 @@ static int test_gettimeofday(void)
gettimeofday(&tv_end, NULL);
}
- timersub(&tv_start, &tv_end, &tv_diff);
+ timersub(&tv_end, &tv_start, &tv_diff);
printf("time = %.6f\n", tv_diff.tv_sec + (tv_diff.tv_usec) * 1e-6);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 010/578] partitions: ldm: remove the initial kernel-doc notation
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 009/578] selftests/powerpc: Fix argument order to timer_sub() Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 011/578] select: Fix unbalanced user_access_end() Greg Kroah-Hartman
` (576 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap,
Richard Russon (FlatCap), linux-ntfs-dev, Jens Axboe, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit e494e451611a3de6ae95f99e8339210c157d70fb ]
Remove the file's first comment describing what the file is.
This comment is not in kernel-doc format so it causes a kernel-doc
warning.
ldm.h:13: warning: expecting prototype for ldm(). Prototype was for _FS_PT_LDM_H_() instead
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Richard Russon (FlatCap) <ldm@flatcap.org>
Cc: linux-ntfs-dev@lists.sourceforge.net
Cc: Jens Axboe <axboe@kernel.dk>
Link: https://lore.kernel.org/r/20250111062758.910458-1-rdunlap@infradead.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/partitions/ldm.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/partitions/ldm.h b/block/partitions/ldm.h
index 0a747a0c782d5..f98dbee941497 100644
--- a/block/partitions/ldm.h
+++ b/block/partitions/ldm.h
@@ -1,5 +1,5 @@
// SPDX-License-Identifier: GPL-2.0-or-later
-/**
+/*
* ldm - Part of the Linux-NTFS project.
*
* Copyright (C) 2001,2002 Richard Russon <ldm@flatcap.org>
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 011/578] select: Fix unbalanced user_access_end()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 010/578] partitions: ldm: remove the initial kernel-doc notation Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 012/578] afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call Greg Kroah-Hartman
` (575 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe Leroy, Christian Brauner,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit 344af27715ddbf357cf76978d674428b88f8e92d ]
While working on implementing user access validation on powerpc
I got the following warnings on a pmac32_defconfig build:
CC fs/select.o
fs/select.o: warning: objtool: sys_pselect6+0x1bc: redundant UACCESS disable
fs/select.o: warning: objtool: sys_pselect6_time32+0x1bc: redundant UACCESS disable
On powerpc/32s, user_read_access_begin/end() are no-ops, but the
failure path has a user_access_end() instead of user_read_access_end()
which means an access end without any prior access begin.
Replace that user_access_end() by user_read_access_end().
Fixes: 7e71609f64ec ("pselect6() and friends: take handling the combined 6th/7th args into helper")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Link: https://lore.kernel.org/r/a7139e28d767a13e667ee3c79599a8047222ef36.1736751221.git.christophe.leroy@csgroup.eu
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/select.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/select.c b/fs/select.c
index d4d881d439dcd..3f730b8581f65 100644
--- a/fs/select.c
+++ b/fs/select.c
@@ -788,7 +788,7 @@ static inline int get_sigset_argpack(struct sigset_argpack *to,
}
return 0;
Efault:
- user_access_end();
+ user_read_access_end();
return -EFAULT;
}
@@ -1361,7 +1361,7 @@ static inline int get_compat_sigset_argpack(struct compat_sigset_argpack *to,
}
return 0;
Efault:
- user_access_end();
+ user_read_access_end();
return -EFAULT;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 012/578] afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 011/578] select: Fix unbalanced user_access_end() Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 013/578] sched/psi: Use task->psi_flags to clear in CPU migration Greg Kroah-Hartman
` (574 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Howells, Marc Dionne,
linux-afs, Christian Brauner, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
[ Upstream commit e30458d690f35abb01de8b3cbc09285deb725d00 ]
Fix a pair of bugs in the fallback handling for the YFS.RemoveFile2 RPC
call:
(1) Fix the abort code check to also look for RXGEN_OPCODE. The lack of
this masks the second bug.
(2) call->server is now not used for ordinary filesystem RPC calls that
have an operation descriptor. Fix to use call->op->server instead.
Fixes: e49c7b2f6de7 ("afs: Build an abstraction around an "operation" concept")
Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/109541.1736865963@warthog.procyon.org.uk
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/afs/yfsclient.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/afs/yfsclient.c b/fs/afs/yfsclient.c
index 11571cca86c19..01f333e691d64 100644
--- a/fs/afs/yfsclient.c
+++ b/fs/afs/yfsclient.c
@@ -655,8 +655,9 @@ static int yfs_deliver_fs_remove_file2(struct afs_call *call)
static void yfs_done_fs_remove_file2(struct afs_call *call)
{
if (call->error == -ECONNABORTED &&
- call->abort_code == RX_INVALID_OPERATION) {
- set_bit(AFS_SERVER_FL_NO_RM2, &call->server->flags);
+ (call->abort_code == RX_INVALID_OPERATION ||
+ call->abort_code == RXGEN_OPCODE)) {
+ set_bit(AFS_SERVER_FL_NO_RM2, &call->op->server->flags);
call->op->flags |= AFS_OPERATION_DOWNGRADE;
}
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 013/578] sched/psi: Use task->psi_flags to clear in CPU migration
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 012/578] afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 014/578] sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Greg Kroah-Hartman
` (573 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chengming Zhou,
Peter Zijlstra (Intel), Johannes Weiner, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chengming Zhou <zhouchengming@bytedance.com>
[ Upstream commit 52b33d87b9197c51e8ffdc61873739d90dd0a16f ]
The commit d583d360a620 ("psi: Fix psi state corruption when schedule()
races with cgroup move") fixed a race problem by making cgroup_move_task()
use task->psi_flags instead of looking at the scheduler state.
We can extend task->psi_flags usage to CPU migration, which should be
a minor optimization for performance and code simplicity.
Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Link: https://lore.kernel.org/r/20220926081931.45420-1-zhouchengming@bytedance.com
Stable-dep-of: a430d99e3490 ("sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/sched.h | 3 ---
kernel/sched/core.c | 2 +-
kernel/sched/stats.h | 22 ++++------------------
3 files changed, 5 insertions(+), 22 deletions(-)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index e87a68b136da9..6c82d71fab113 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -888,9 +888,6 @@ struct task_struct {
unsigned sched_reset_on_fork:1;
unsigned sched_contributes_to_load:1;
unsigned sched_migrated:1;
-#ifdef CONFIG_PSI
- unsigned sched_psi_wake_requeue:1;
-#endif
/* Force alignment to the next boundary: */
unsigned :0;
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 54af671e8d510..f54d2da2f9a67 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -2049,7 +2049,7 @@ static inline void enqueue_task(struct rq *rq, struct task_struct *p, int flags)
if (!(flags & ENQUEUE_RESTORE)) {
sched_info_enqueue(rq, p);
- psi_enqueue(p, flags & ENQUEUE_WAKEUP);
+ psi_enqueue(p, (flags & ENQUEUE_WAKEUP) && !(flags & ENQUEUE_MIGRATED));
}
uclamp_rq_inc(rq, p);
diff --git a/kernel/sched/stats.h b/kernel/sched/stats.h
index b49a96fad1d2f..b02dfc3229510 100644
--- a/kernel/sched/stats.h
+++ b/kernel/sched/stats.h
@@ -132,11 +132,9 @@ static inline void psi_enqueue(struct task_struct *p, bool wakeup)
if (p->in_memstall)
set |= TSK_MEMSTALL_RUNNING;
- if (!wakeup || p->sched_psi_wake_requeue) {
+ if (!wakeup) {
if (p->in_memstall)
set |= TSK_MEMSTALL;
- if (p->sched_psi_wake_requeue)
- p->sched_psi_wake_requeue = 0;
} else {
if (p->in_iowait)
clear |= TSK_IOWAIT;
@@ -147,8 +145,6 @@ static inline void psi_enqueue(struct task_struct *p, bool wakeup)
static inline void psi_dequeue(struct task_struct *p, bool sleep)
{
- int clear = TSK_RUNNING;
-
if (static_branch_likely(&psi_disabled))
return;
@@ -161,10 +157,7 @@ static inline void psi_dequeue(struct task_struct *p, bool sleep)
if (sleep)
return;
- if (p->in_memstall)
- clear |= (TSK_MEMSTALL | TSK_MEMSTALL_RUNNING);
-
- psi_task_change(p, clear, 0);
+ psi_task_change(p, p->psi_flags, 0);
}
static inline void psi_ttwu_dequeue(struct task_struct *p)
@@ -176,19 +169,12 @@ static inline void psi_ttwu_dequeue(struct task_struct *p)
* deregister its sleep-persistent psi states from the old
* queue, and let psi_enqueue() know it has to requeue.
*/
- if (unlikely(p->in_iowait || p->in_memstall)) {
+ if (unlikely(p->psi_flags)) {
struct rq_flags rf;
struct rq *rq;
- int clear = 0;
-
- if (p->in_iowait)
- clear |= TSK_IOWAIT;
- if (p->in_memstall)
- clear |= TSK_MEMSTALL;
rq = __task_rq_lock(p, &rf);
- psi_task_change(p, clear, 0);
- p->sched_psi_wake_requeue = 1;
+ psi_task_change(p, p->psi_flags, 0);
__task_rq_unlock(rq, &rf);
}
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 014/578] sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 013/578] sched/psi: Use task->psi_flags to clear in CPU migration Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 015/578] drm/msm/dp: set safe_to_exit_level before printing it Greg Kroah-Hartman
` (572 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Zijlstra (Intel),
Gautham R. Shenoy, Swapnil Sapkal, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit a430d99e349026d53e2557b7b22bd2ebd61fe12a ]
In /proc/schedstat, lb_hot_gained reports the number hot tasks pulled
during load balance. This value is incremented in can_migrate_task()
if the task is migratable and hot. After incrementing the value,
load balancer can still decide not to migrate this task leading to wrong
accounting. Fix this by incrementing stats when hot tasks are detached.
This issue only exists in detach_tasks() where we can decide to not
migrate hot task even if it is migratable. However, in detach_one_task(),
we migrate it unconditionally.
[Swapnil: Handled the case where nr_failed_migrations_hot was not accounted properly and wrote commit log]
Fixes: d31980846f96 ("sched: Move up affinity check to mitigate useless redoing overhead")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reported-by: "Gautham R. Shenoy" <gautham.shenoy@amd.com>
Not-yet-signed-off-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Swapnil Sapkal <swapnil.sapkal@amd.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20241220063224.17767-2-swapnil.sapkal@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/sched.h | 1 +
kernel/sched/fair.c | 17 +++++++++++++----
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 6c82d71fab113..4dc764f3d26f5 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -888,6 +888,7 @@ struct task_struct {
unsigned sched_reset_on_fork:1;
unsigned sched_contributes_to_load:1;
unsigned sched_migrated:1;
+ unsigned sched_task_hot:1;
/* Force alignment to the next boundary: */
unsigned :0;
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index cf3bbddd4b7fc..eedbe66e05273 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -8317,6 +8317,8 @@ int can_migrate_task(struct task_struct *p, struct lb_env *env)
int tsk_cache_hot;
lockdep_assert_rq_held(env->src_rq);
+ if (p->sched_task_hot)
+ p->sched_task_hot = 0;
/*
* We do not migrate tasks that are:
@@ -8389,10 +8391,8 @@ int can_migrate_task(struct task_struct *p, struct lb_env *env)
if (tsk_cache_hot <= 0 ||
env->sd->nr_balance_failed > env->sd->cache_nice_tries) {
- if (tsk_cache_hot == 1) {
- schedstat_inc(env->sd->lb_hot_gained[env->idle]);
- schedstat_inc(p->stats.nr_forced_migrations);
- }
+ if (tsk_cache_hot == 1)
+ p->sched_task_hot = 1;
return 1;
}
@@ -8407,6 +8407,12 @@ static void detach_task(struct task_struct *p, struct lb_env *env)
{
lockdep_assert_rq_held(env->src_rq);
+ if (p->sched_task_hot) {
+ p->sched_task_hot = 0;
+ schedstat_inc(env->sd->lb_hot_gained[env->idle]);
+ schedstat_inc(p->stats.nr_forced_migrations);
+ }
+
deactivate_task(env->src_rq, p, DEQUEUE_NOCLOCK);
set_task_cpu(p, env->dst_cpu);
}
@@ -8567,6 +8573,9 @@ static int detach_tasks(struct lb_env *env)
continue;
next:
+ if (p->sched_task_hot)
+ schedstat_inc(p->stats.nr_failed_migrations_hot);
+
list_move(&p->se.group_node, tasks);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 015/578] drm/msm/dp: set safe_to_exit_level before printing it
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 014/578] sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 016/578] drm/etnaviv: Fix page property being used for non writecombine buffers Greg Kroah-Hartman
` (571 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Dmitry Baryshkov,
Abhinav Kumar, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 7dee35d79bb046bfd425aa9e58a82414f67c1cec ]
Rather than printing random garbage from stack and pretending that it is
the default safe_to_exit_level, set the variable beforehand.
Fixes: d13e36d7d222 ("drm/msm/dp: add audio support for Display Port on MSM")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202411081748.0PPL9MIj-lkp@intel.com/
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/626804/
Link: https://lore.kernel.org/r/20241202-fd-dp-audio-fixup-v2-1-d9187ea96dad@linaro.org
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/dp/dp_audio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/dp/dp_audio.c b/drivers/gpu/drm/msm/dp/dp_audio.c
index 1245c7aa49df8..a2113d6a022b5 100644
--- a/drivers/gpu/drm/msm/dp/dp_audio.c
+++ b/drivers/gpu/drm/msm/dp/dp_audio.c
@@ -410,10 +410,10 @@ static void dp_audio_safe_to_exit_level(struct dp_audio_private *audio)
safe_to_exit_level = 5;
break;
default:
+ safe_to_exit_level = 14;
drm_dbg_dp(audio->drm_dev,
"setting the default safe_to_exit_level = %u\n",
safe_to_exit_level);
- safe_to_exit_level = 14;
break;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 016/578] drm/etnaviv: Fix page property being used for non writecombine buffers
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 015/578] drm/msm/dp: set safe_to_exit_level before printing it Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 017/578] HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Greg Kroah-Hartman
` (570 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sui Jingfeng, Lucas Stach,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sui Jingfeng <sui.jingfeng@linux.dev>
[ Upstream commit 834f304192834d6f0941954f3277ae0ba11a9a86 ]
In the etnaviv_gem_vmap_impl() function, the driver vmap whatever buffers
with write combine(WC) page property, this is incorrect. Cached buffers
should be mapped with the cached page property and uncached buffers should
be mapped with the uncached page property.
Fixes: a0a5ab3e99b8 ("drm/etnaviv: call correct function when trying to vmap a DMABUF")
Signed-off-by: Sui Jingfeng <sui.jingfeng@linux.dev>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem.c b/drivers/gpu/drm/etnaviv/etnaviv_gem.c
index 23d5058eca8d8..740680205e8d6 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_gem.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_gem.c
@@ -342,6 +342,7 @@ void *etnaviv_gem_vmap(struct drm_gem_object *obj)
static void *etnaviv_gem_vmap_impl(struct etnaviv_gem_object *obj)
{
struct page **pages;
+ pgprot_t prot;
lockdep_assert_held(&obj->lock);
@@ -349,8 +350,19 @@ static void *etnaviv_gem_vmap_impl(struct etnaviv_gem_object *obj)
if (IS_ERR(pages))
return NULL;
- return vmap(pages, obj->base.size >> PAGE_SHIFT,
- VM_MAP, pgprot_writecombine(PAGE_KERNEL));
+ switch (obj->flags & ETNA_BO_CACHE_MASK) {
+ case ETNA_BO_CACHED:
+ prot = PAGE_KERNEL;
+ break;
+ case ETNA_BO_UNCACHED:
+ prot = pgprot_noncached(PAGE_KERNEL);
+ break;
+ case ETNA_BO_WC:
+ default:
+ prot = pgprot_writecombine(PAGE_KERNEL);
+ }
+
+ return vmap(pages, obj->base.size >> PAGE_SHIFT, VM_MAP, prot);
}
static inline enum dma_data_direction etnaviv_op_to_dma_dir(u32 op)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 017/578] HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 016/578] drm/etnaviv: Fix page property being used for non writecombine buffers Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 018/578] drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Greg Kroah-Hartman
` (569 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+ec5f884c4a135aa0dbb9,
Alan Stern, Peter Hutterer, Jiri Kosina
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit 64f2657b579343cf923aa933f08074e6258eb07b upstream.
A report in 2019 by the syzbot fuzzer was found to be connected to two
errors in the HID core associated with Resolution Multipliers. One of
the errors was fixed by commit ea427a222d8b ("HID: core: Fix deadloop
in hid_apply_multiplier."), but the other has not been fixed.
This error arises because hid_apply_multipler() assumes that every
Resolution Multiplier control is contained in a Logical Collection,
i.e., there's no way the routine can ever set multiplier_collection to
NULL. This is in spite of the fact that the function starts with a
big comment saying:
* "The Resolution Multiplier control must be contained in the same
* Logical Collection as the control(s) to which it is to be applied.
...
* If no Logical Collection is
* defined, the Resolution Multiplier is associated with all
* controls in the report."
* HID Usage Table, v1.12, Section 4.3.1, p30
*
* Thus, search from the current collection upwards until we find a
* logical collection...
The comment and the code overlook the possibility that none of the
collections found may be a Logical Collection.
The fix is to set the multiplier_collection pointer to NULL if the
collection found isn't a Logical Collection.
Reported-by: syzbot+ec5f884c4a135aa0dbb9@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/000000000000109c040597dc5843@google.com/
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: Peter Hutterer <peter.hutterer@who-t.net>
Fixes: 5a4abb36f312 ("HID: core: process the Resolution Multiplier")
Cc: stable@vger.kernel.org
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-core.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -1129,6 +1129,8 @@ static void hid_apply_multiplier(struct
while (multiplier_collection->parent_idx != -1 &&
multiplier_collection->type != HID_COLLECTION_LOGICAL)
multiplier_collection = &hid->collection[multiplier_collection->parent_idx];
+ if (multiplier_collection->type != HID_COLLECTION_LOGICAL)
+ multiplier_collection = NULL;
effective_multiplier = hid_calculate_multiplier(hid, multiplier);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 018/578] drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 017/578] HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 019/578] drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset Greg Kroah-Hartman
` (568 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ivan Stepchenko, Alex Deucher,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ivan Stepchenko <sid@itb.spb.ru>
[ Upstream commit 357445e28ff004d7f10967aa93ddb4bffa5c3688 ]
The function atomctrl_get_smc_sclk_range_table() does not check the return
value of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to
retrieve SMU_Info table, it returns NULL which is later dereferenced.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
In practice this should never happen as this code only gets called
on polaris chips and the vbios data table will always be present on
those chips.
Fixes: a23eefa2f461 ("drm/amd/powerplay: enable dpm for baffin.")
Signed-off-by: Ivan Stepchenko <sid@itb.spb.ru>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c
index cc3b62f733941..1fbd23922082a 100644
--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c
+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c
@@ -1420,6 +1420,8 @@ int atomctrl_get_smc_sclk_range_table(struct pp_hwmgr *hwmgr, struct pp_atom_ctr
GetIndexIntoMasterTable(DATA, SMU_Info),
&size, &frev, &crev);
+ if (!psmu_info)
+ return -EINVAL;
for (i = 0; i < psmu_info->ucSclkEntryNum; i++) {
table->entry[i].ucVco_setting = psmu_info->asSclkFcwRangeEntry[i].ucVco_setting;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 019/578] drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 018/578] drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 020/578] drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 Greg Kroah-Hartman
` (567 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Derek Foreman, Andy Yan,
Heiko Stuebner, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Yan <andy.yan@rock-chips.com>
[ Upstream commit 17b4b10a0df1a1421d5fbdc03bad0bd3799bc966 ]
The phy_id of cluster windws are not increase one for each window.
Fixes: 604be85547ce ("drm/rockchip: Add VOP2 driver")
Tested-by: Derek Foreman <derek.foreman@collabora.com>
Signed-off-by: Andy Yan <andy.yan@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20241209122943.2781431-6-andyshrk@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
index a6071464a543f..71c961e92c12a 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
@@ -1737,7 +1737,6 @@ static int vop2_find_start_mixer_id_for_vp(struct vop2 *vop2, u8 port_id)
static void vop2_setup_cluster_alpha(struct vop2 *vop2, struct vop2_win *main_win)
{
- u32 offset = (main_win->data->phys_id * 0x10);
struct vop2_alpha_config alpha_config;
struct vop2_alpha alpha;
struct drm_plane_state *bottom_win_pstate;
@@ -1745,6 +1744,7 @@ static void vop2_setup_cluster_alpha(struct vop2 *vop2, struct vop2_win *main_wi
u16 src_glb_alpha_val, dst_glb_alpha_val;
bool premulti_en = false;
bool swap = false;
+ u32 offset = 0;
/* At one win mode, win0 is dst/bottom win, and win1 is a all zero src/top win */
bottom_win_pstate = main_win->base.state;
@@ -1763,6 +1763,22 @@ static void vop2_setup_cluster_alpha(struct vop2 *vop2, struct vop2_win *main_wi
vop2_parse_alpha(&alpha_config, &alpha);
alpha.src_color_ctrl.bits.src_dst_swap = swap;
+
+ switch (main_win->data->phys_id) {
+ case ROCKCHIP_VOP2_CLUSTER0:
+ offset = 0x0;
+ break;
+ case ROCKCHIP_VOP2_CLUSTER1:
+ offset = 0x10;
+ break;
+ case ROCKCHIP_VOP2_CLUSTER2:
+ offset = 0x20;
+ break;
+ case ROCKCHIP_VOP2_CLUSTER3:
+ offset = 0x30;
+ break;
+ }
+
vop2_writel(vop2, RK3568_CLUSTER0_MIX_SRC_COLOR_CTRL + offset,
alpha.src_color_ctrl.val);
vop2_writel(vop2, RK3568_CLUSTER0_MIX_DST_COLOR_CTRL + offset,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 020/578] drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 019/578] drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 021/578] drm/rockchip: vop2: Set YUV/RGB overlay mode Greg Kroah-Hartman
` (566 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Derek Foreman, Andy Yan,
Heiko Stuebner, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Yan <andy.yan@rock-chips.com>
[ Upstream commit 6b4dfdcde3573a12b72d2869dabd4ca37ad7e9c7 ]
The alpha setup should start from the second layer, the current calculation
starts incorrectly from the first layer, a negative offset will be obtained
in the following formula:
offset = (mixer_id + zpos - 1) * 0x10
Fixes: 604be85547ce ("drm/rockchip: Add VOP2 driver")
Tested-by: Derek Foreman <derek.foreman@collabora.com>
Signed-off-by: Andy Yan <andy.yan@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20241209122943.2781431-7-andyshrk@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
index 71c961e92c12a..470a39a278b34 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
@@ -1826,6 +1826,12 @@ static void vop2_setup_alpha(struct vop2_video_port *vp)
struct vop2_win *win = to_vop2_win(plane);
int zpos = plane->state->normalized_zpos;
+ /*
+ * Need to configure alpha from second layer.
+ */
+ if (zpos == 0)
+ continue;
+
if (plane->state->pixel_blend_mode == DRM_MODE_BLEND_PREMULTI)
premulti_en = 1;
else
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 021/578] drm/rockchip: vop2: Set YUV/RGB overlay mode
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 020/578] drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 022/578] drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config Greg Kroah-Hartman
` (565 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Andy Yan, Heiko Stuebner,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Yan <andy.yan@rock-chips.com>
[ Upstream commit dd49ee4614cfb0b1f627c4353b60cecfe998a374 ]
Set overlay mode register according to the
output mode is yuv or rgb.
Signed-off-by: Andy Yan <andy.yan@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20231211115805.1785073-1-andyshrk@163.com
Stable-dep-of: 0ca953ac226e ("drm/rockchip: vop2: Fix the windows switch between different layers")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 1 +
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 17 ++++++++++++++---
drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 1 +
3 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_drv.h b/drivers/gpu/drm/rockchip/rockchip_drm_drv.h
index 1641440837af5..6298e3732887b 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_drv.h
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_drv.h
@@ -31,6 +31,7 @@ struct rockchip_crtc_state {
int output_bpc;
int output_flags;
bool enable_afbc;
+ bool yuv_overlay;
u32 bus_format;
u32 bus_flags;
int color_space;
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
index 470a39a278b34..f14a3f033953f 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
@@ -1556,6 +1556,8 @@ static void vop2_crtc_atomic_enable(struct drm_crtc *crtc,
vop2->enable_count++;
+ vcstate->yuv_overlay = is_yuv_output(vcstate->bus_format);
+
vop2_crtc_enable_irq(vp, VP_INT_POST_BUF_EMPTY);
polflags = 0;
@@ -1583,7 +1585,7 @@ static void vop2_crtc_atomic_enable(struct drm_crtc *crtc,
if (vop2_output_uv_swap(vcstate->bus_format, vcstate->output_mode))
dsp_ctrl |= RK3568_VP_DSP_CTRL__DSP_RB_SWAP;
- if (is_yuv_output(vcstate->bus_format))
+ if (vcstate->yuv_overlay)
dsp_ctrl |= RK3568_VP_DSP_CTRL__POST_DSP_OUT_R2Y;
vop2_dither_setup(crtc, &dsp_ctrl);
@@ -1914,10 +1916,12 @@ static void vop2_setup_layer_mixer(struct vop2_video_port *vp)
u16 hdisplay;
u32 bg_dly;
u32 pre_scan_dly;
+ u32 ovl_ctrl;
int i;
struct vop2_video_port *vp0 = &vop2->vps[0];
struct vop2_video_port *vp1 = &vop2->vps[1];
struct vop2_video_port *vp2 = &vop2->vps[2];
+ struct rockchip_crtc_state *vcstate = to_rockchip_crtc_state(vp->crtc.state);
adjusted_mode = &vp->crtc.state->adjusted_mode;
hsync_len = adjusted_mode->crtc_hsync_end - adjusted_mode->crtc_hsync_start;
@@ -1930,7 +1934,15 @@ static void vop2_setup_layer_mixer(struct vop2_video_port *vp)
pre_scan_dly = ((bg_dly + (hdisplay >> 1) - 1) << 16) | hsync_len;
vop2_vp_write(vp, RK3568_VP_PRE_SCAN_HTIMING, pre_scan_dly);
- vop2_writel(vop2, RK3568_OVL_CTRL, 0);
+ ovl_ctrl = vop2_readl(vop2, RK3568_OVL_CTRL);
+ ovl_ctrl |= RK3568_OVL_CTRL__LAYERSEL_REGDONE_IMD;
+ if (vcstate->yuv_overlay)
+ ovl_ctrl |= RK3568_OVL_CTRL__YUV_MODE(vp->id);
+ else
+ ovl_ctrl &= ~RK3568_OVL_CTRL__YUV_MODE(vp->id);
+
+ vop2_writel(vop2, RK3568_OVL_CTRL, ovl_ctrl);
+
port_sel = vop2_readl(vop2, RK3568_OVL_PORT_SEL);
port_sel &= RK3568_OVL_PORT_SEL__SEL_PORT;
@@ -2004,7 +2016,6 @@ static void vop2_setup_layer_mixer(struct vop2_video_port *vp)
vop2_writel(vop2, RK3568_OVL_LAYER_SEL, layer_sel);
vop2_writel(vop2, RK3568_OVL_PORT_SEL, port_sel);
- vop2_writel(vop2, RK3568_OVL_CTRL, RK3568_OVL_CTRL__LAYERSEL_REGDONE_IMD);
}
static void vop2_setup_dly_for_windows(struct vop2 *vop2)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.h b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.h
index f1234a151130f..18f0573b20002 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.h
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.h
@@ -418,6 +418,7 @@ enum dst_factor_mode {
#define VOP2_COLOR_KEY_MASK BIT(31)
#define RK3568_OVL_CTRL__LAYERSEL_REGDONE_IMD BIT(28)
+#define RK3568_OVL_CTRL__YUV_MODE(vp) BIT(vp)
#define RK3568_VP_BG_MIX_CTRL__BG_DLY GENMASK(31, 24)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 022/578] drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 021/578] drm/rockchip: vop2: Set YUV/RGB overlay mode Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 023/578] drm/rockchip: vop2: Fix the windows switch between different layers Greg Kroah-Hartman
` (564 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Andy Yan, Heiko Stuebner,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Yan <andy.yan@rock-chips.com>
[ Upstream commit 075a5b3969becb1ebc2f1d4fa1a1fe9163679273 ]
We need to setup background delay cycle and prescan
delay cycle when a mode is enable to avoid trigger
POST_BUF_EMPTY irq on rk3588.
Note: RK356x has no such requirement.
Signed-off-by: Andy Yan <andy.yan@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20231211115815.1785131-1-andyshrk@163.com
Stable-dep-of: 0ca953ac226e ("drm/rockchip: vop2: Fix the windows switch between different layers")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 26 ++++++++------------
1 file changed, 10 insertions(+), 16 deletions(-)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
index f14a3f033953f..1068f391b3e64 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
@@ -1395,8 +1395,18 @@ static void vop2_post_config(struct drm_crtc *crtc)
u32 top_margin = 100, bottom_margin = 100;
u16 hsize = hdisplay * (left_margin + right_margin) / 200;
u16 vsize = vdisplay * (top_margin + bottom_margin) / 200;
+ u16 hsync_len = mode->crtc_hsync_end - mode->crtc_hsync_start;
u16 hact_end, vact_end;
u32 val;
+ u32 bg_dly;
+ u32 pre_scan_dly;
+
+ bg_dly = vp->data->pre_scan_max_dly[3];
+ vop2_writel(vp->vop2, RK3568_VP_BG_MIX_CTRL(vp->id),
+ FIELD_PREP(RK3568_VP_BG_MIX_CTRL__BG_DLY, bg_dly));
+
+ pre_scan_dly = ((bg_dly + (hdisplay >> 1) - 1) << 16) | hsync_len;
+ vop2_vp_write(vp, RK3568_VP_PRE_SCAN_HTIMING, pre_scan_dly);
vsize = rounddown(vsize, 2);
hsize = rounddown(hsize, 2);
@@ -1911,11 +1921,6 @@ static void vop2_setup_layer_mixer(struct vop2_video_port *vp)
u32 layer_sel = 0;
u32 port_sel;
unsigned int nlayer, ofs;
- struct drm_display_mode *adjusted_mode;
- u16 hsync_len;
- u16 hdisplay;
- u32 bg_dly;
- u32 pre_scan_dly;
u32 ovl_ctrl;
int i;
struct vop2_video_port *vp0 = &vop2->vps[0];
@@ -1923,17 +1928,6 @@ static void vop2_setup_layer_mixer(struct vop2_video_port *vp)
struct vop2_video_port *vp2 = &vop2->vps[2];
struct rockchip_crtc_state *vcstate = to_rockchip_crtc_state(vp->crtc.state);
- adjusted_mode = &vp->crtc.state->adjusted_mode;
- hsync_len = adjusted_mode->crtc_hsync_end - adjusted_mode->crtc_hsync_start;
- hdisplay = adjusted_mode->crtc_hdisplay;
-
- bg_dly = vp->data->pre_scan_max_dly[3];
- vop2_writel(vop2, RK3568_VP_BG_MIX_CTRL(vp->id),
- FIELD_PREP(RK3568_VP_BG_MIX_CTRL__BG_DLY, bg_dly));
-
- pre_scan_dly = ((bg_dly + (hdisplay >> 1) - 1) << 16) | hsync_len;
- vop2_vp_write(vp, RK3568_VP_PRE_SCAN_HTIMING, pre_scan_dly);
-
ovl_ctrl = vop2_readl(vop2, RK3568_OVL_CTRL);
ovl_ctrl |= RK3568_OVL_CTRL__LAYERSEL_REGDONE_IMD;
if (vcstate->yuv_overlay)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 023/578] drm/rockchip: vop2: Fix the windows switch between different layers
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 022/578] drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 024/578] drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 Greg Kroah-Hartman
` (563 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Derek Foreman, Andy Yan,
Heiko Stuebner, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Yan <andy.yan@rock-chips.com>
[ Upstream commit 0ca953ac226eaffbe1a795f5e517095a8d494921 ]
Every layer of vop2 should bind a window, and we also need to make
sure that this window is not used by other layer.
0x5 is a reserved layer sel value on rk3568, but it will select
Cluster3 on rk3588, configure unused layers to 0x5 will lead
alpha blending error on rk3588.
When we bind a window from layerM to layerN, we move the old window
on layerN to layerM.
Fixes: 604be85547ce ("drm/rockchip: Add VOP2 driver")
Tested-by: Derek Foreman <derek.foreman@collabora.com>
Signed-off-by: Andy Yan <andy.yan@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20241214081719.3330518-3-andyshrk@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 47 ++++++++++++++------
1 file changed, 34 insertions(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
index 1068f391b3e64..7619a0c42aada 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
@@ -1920,7 +1920,10 @@ static void vop2_setup_layer_mixer(struct vop2_video_port *vp)
struct drm_plane *plane;
u32 layer_sel = 0;
u32 port_sel;
- unsigned int nlayer, ofs;
+ u8 layer_id;
+ u8 old_layer_id;
+ u8 layer_sel_id;
+ unsigned int ofs;
u32 ovl_ctrl;
int i;
struct vop2_video_port *vp0 = &vop2->vps[0];
@@ -1964,9 +1967,30 @@ static void vop2_setup_layer_mixer(struct vop2_video_port *vp)
for (i = 0; i < vp->id; i++)
ofs += vop2->vps[i].nlayers;
- nlayer = 0;
drm_atomic_crtc_for_each_plane(plane, &vp->crtc) {
struct vop2_win *win = to_vop2_win(plane);
+ struct vop2_win *old_win;
+
+ layer_id = (u8)(plane->state->normalized_zpos + ofs);
+
+ /*
+ * Find the layer this win bind in old state.
+ */
+ for (old_layer_id = 0; old_layer_id < vop2->data->win_size; old_layer_id++) {
+ layer_sel_id = (layer_sel >> (4 * old_layer_id)) & 0xf;
+ if (layer_sel_id == win->data->layer_sel_id)
+ break;
+ }
+
+ /*
+ * Find the win bind to this layer in old state
+ */
+ for (i = 0; i < vop2->data->win_size; i++) {
+ old_win = &vop2->win[i];
+ layer_sel_id = (layer_sel >> (4 * layer_id)) & 0xf;
+ if (layer_sel_id == old_win->data->layer_sel_id)
+ break;
+ }
switch (win->data->phys_id) {
case ROCKCHIP_VOP2_CLUSTER0:
@@ -1995,17 +2019,14 @@ static void vop2_setup_layer_mixer(struct vop2_video_port *vp)
break;
}
- layer_sel &= ~RK3568_OVL_LAYER_SEL__LAYER(plane->state->normalized_zpos + ofs,
- 0x7);
- layer_sel |= RK3568_OVL_LAYER_SEL__LAYER(plane->state->normalized_zpos + ofs,
- win->data->layer_sel_id);
- nlayer++;
- }
-
- /* configure unused layers to 0x5 (reserved) */
- for (; nlayer < vp->nlayers; nlayer++) {
- layer_sel &= ~RK3568_OVL_LAYER_SEL__LAYER(nlayer + ofs, 0x7);
- layer_sel |= RK3568_OVL_LAYER_SEL__LAYER(nlayer + ofs, 5);
+ layer_sel &= ~RK3568_OVL_LAYER_SEL__LAYER(layer_id, 0x7);
+ layer_sel |= RK3568_OVL_LAYER_SEL__LAYER(layer_id, win->data->layer_sel_id);
+ /*
+ * When we bind a window from layerM to layerN, we also need to move the old
+ * window on layerN to layerM to avoid one window selected by two or more layers.
+ */
+ layer_sel &= ~RK3568_OVL_LAYER_SEL__LAYER(old_layer_id, 0x7);
+ layer_sel |= RK3568_OVL_LAYER_SEL__LAYER(old_layer_id, old_win->data->layer_sel_id);
}
vop2_writel(vop2, RK3568_OVL_LAYER_SEL, layer_sel);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 024/578] drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 023/578] drm/rockchip: vop2: Fix the windows switch between different layers Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 025/578] OPP: Rearrange entries in pm_opp.h Greg Kroah-Hartman
` (562 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Andy Yan, Heiko Stuebner,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Yan <andy.yan@rock-chips.com>
[ Upstream commit df063c0b8ffbdca486ab2f802e716973985d8f86 ]
The Cluster windows on rk3566/8 only support afbc mode.
Fixes: 604be85547ce ("drm/rockchip: Add VOP2 driver")
Signed-off-by: Andy Yan <andy.yan@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20241214081719.3330518-6-andyshrk@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
index 7619a0c42aada..955ef2caac89f 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
@@ -463,6 +463,16 @@ static bool rockchip_vop2_mod_supported(struct drm_plane *plane, u32 format,
if (modifier == DRM_FORMAT_MOD_INVALID)
return false;
+ if (vop2->data->soc_id == 3568 || vop2->data->soc_id == 3566) {
+ if (vop2_cluster_window(win)) {
+ if (modifier == DRM_FORMAT_MOD_LINEAR) {
+ drm_dbg_kms(vop2->drm,
+ "Cluster window only supports format with afbc\n");
+ return false;
+ }
+ }
+ }
+
if (modifier == DRM_FORMAT_MOD_LINEAR)
return true;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 025/578] OPP: Rearrange entries in pm_opp.h
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 024/578] drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 026/578] OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs Greg Kroah-Hartman
` (561 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Viresh Kumar, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Viresh Kumar <viresh.kumar@linaro.org>
[ Upstream commit 754833b3194c30dad5af0145e25192a8e29521ab ]
Rearrange the helper function declarations / definitions to keep them in
order of freq, level and then bw.
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Stable-dep-of: b44b9bc7cab2 ("OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/pm_opp.h | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/include/linux/pm_opp.h b/include/linux/pm_opp.h
index dc1fb58907929..3821f50b9b89c 100644
--- a/include/linux/pm_opp.h
+++ b/include/linux/pm_opp.h
@@ -121,17 +121,19 @@ unsigned long dev_pm_opp_get_suspend_opp_freq(struct device *dev);
struct dev_pm_opp *dev_pm_opp_find_freq_exact(struct device *dev,
unsigned long freq,
bool available);
+
struct dev_pm_opp *dev_pm_opp_find_freq_floor(struct device *dev,
unsigned long *freq);
+struct dev_pm_opp *dev_pm_opp_find_freq_ceil(struct device *dev,
+ unsigned long *freq);
+
struct dev_pm_opp *dev_pm_opp_find_level_exact(struct device *dev,
unsigned int level);
+
struct dev_pm_opp *dev_pm_opp_find_level_ceil(struct device *dev,
unsigned int *level);
-struct dev_pm_opp *dev_pm_opp_find_freq_ceil(struct device *dev,
- unsigned long *freq);
-
struct dev_pm_opp *dev_pm_opp_find_bw_ceil(struct device *dev,
unsigned int *bw, int index);
@@ -247,32 +249,32 @@ static inline unsigned long dev_pm_opp_get_suspend_opp_freq(struct device *dev)
return 0;
}
-static inline struct dev_pm_opp *dev_pm_opp_find_level_exact(struct device *dev,
- unsigned int level)
+static inline struct dev_pm_opp *dev_pm_opp_find_freq_exact(struct device *dev,
+ unsigned long freq, bool available)
{
return ERR_PTR(-EOPNOTSUPP);
}
-static inline struct dev_pm_opp *dev_pm_opp_find_level_ceil(struct device *dev,
- unsigned int *level)
+static inline struct dev_pm_opp *dev_pm_opp_find_freq_floor(struct device *dev,
+ unsigned long *freq)
{
return ERR_PTR(-EOPNOTSUPP);
}
-static inline struct dev_pm_opp *dev_pm_opp_find_freq_exact(struct device *dev,
- unsigned long freq, bool available)
+static inline struct dev_pm_opp *dev_pm_opp_find_freq_ceil(struct device *dev,
+ unsigned long *freq)
{
return ERR_PTR(-EOPNOTSUPP);
}
-static inline struct dev_pm_opp *dev_pm_opp_find_freq_floor(struct device *dev,
- unsigned long *freq)
+static inline struct dev_pm_opp *dev_pm_opp_find_level_exact(struct device *dev,
+ unsigned int level)
{
return ERR_PTR(-EOPNOTSUPP);
}
-static inline struct dev_pm_opp *dev_pm_opp_find_freq_ceil(struct device *dev,
- unsigned long *freq)
+static inline struct dev_pm_opp *dev_pm_opp_find_level_ceil(struct device *dev,
+ unsigned int *level)
{
return ERR_PTR(-EOPNOTSUPP);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 026/578] OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 025/578] OPP: Rearrange entries in pm_opp.h Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 027/578] OPP: Introduce dev_pm_opp_get_freq_indexed() API Greg Kroah-Hartman
` (560 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manivannan Sadhasivam, Viresh Kumar,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 142e17c1c2b48e3fb4f024e62ab6dee18f268694 ]
In the case of devices with multiple clocks, drivers need to specify the
clock index for the OPP framework to find the OPP corresponding to the
floor/ceil of the supplied frequency. So let's introduce the two new APIs
accepting the clock index as an argument.
These APIs use the exising _find_key_ceil() helper by supplying the clock
index to it.
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Viresh: Rearranged definitions in pm_opp.h ]
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Stable-dep-of: b44b9bc7cab2 ("OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/opp/core.c | 56 ++++++++++++++++++++++++++++++++++++++++++
include/linux/pm_opp.h | 18 ++++++++++++++
2 files changed, 74 insertions(+)
diff --git a/drivers/opp/core.c b/drivers/opp/core.c
index 71d3e3ba909a3..8775f9d71f90a 100644
--- a/drivers/opp/core.c
+++ b/drivers/opp/core.c
@@ -653,6 +653,34 @@ struct dev_pm_opp *dev_pm_opp_find_freq_ceil(struct device *dev,
}
EXPORT_SYMBOL_GPL(dev_pm_opp_find_freq_ceil);
+/**
+ * dev_pm_opp_find_freq_ceil_indexed() - Search for a rounded ceil freq for the
+ * clock corresponding to the index
+ * @dev: Device for which we do this operation
+ * @freq: Start frequency
+ * @index: Clock index
+ *
+ * Search for the matching ceil *available* OPP for the clock corresponding to
+ * the specified index from a starting freq for a device.
+ *
+ * Return: matching *opp and refreshes *freq accordingly, else returns
+ * ERR_PTR in case of error and should be handled using IS_ERR. Error return
+ * values can be:
+ * EINVAL: for bad pointer
+ * ERANGE: no match found for search
+ * ENODEV: if device not found in list of registered devices
+ *
+ * The callers are required to call dev_pm_opp_put() for the returned OPP after
+ * use.
+ */
+struct dev_pm_opp *
+dev_pm_opp_find_freq_ceil_indexed(struct device *dev, unsigned long *freq,
+ u32 index)
+{
+ return _find_key_ceil(dev, freq, index, true, _read_freq, NULL);
+}
+EXPORT_SYMBOL_GPL(dev_pm_opp_find_freq_ceil_indexed);
+
/**
* dev_pm_opp_find_freq_floor() - Search for a rounded floor freq
* @dev: device for which we do this operation
@@ -678,6 +706,34 @@ struct dev_pm_opp *dev_pm_opp_find_freq_floor(struct device *dev,
}
EXPORT_SYMBOL_GPL(dev_pm_opp_find_freq_floor);
+/**
+ * dev_pm_opp_find_freq_floor_indexed() - Search for a rounded floor freq for the
+ * clock corresponding to the index
+ * @dev: Device for which we do this operation
+ * @freq: Start frequency
+ * @index: Clock index
+ *
+ * Search for the matching floor *available* OPP for the clock corresponding to
+ * the specified index from a starting freq for a device.
+ *
+ * Return: matching *opp and refreshes *freq accordingly, else returns
+ * ERR_PTR in case of error and should be handled using IS_ERR. Error return
+ * values can be:
+ * EINVAL: for bad pointer
+ * ERANGE: no match found for search
+ * ENODEV: if device not found in list of registered devices
+ *
+ * The callers are required to call dev_pm_opp_put() for the returned OPP after
+ * use.
+ */
+struct dev_pm_opp *
+dev_pm_opp_find_freq_floor_indexed(struct device *dev, unsigned long *freq,
+ u32 index)
+{
+ return _find_key_floor(dev, freq, index, true, _read_freq, NULL);
+}
+EXPORT_SYMBOL_GPL(dev_pm_opp_find_freq_floor_indexed);
+
/**
* dev_pm_opp_find_level_exact() - search for an exact level
* @dev: device for which we do this operation
diff --git a/include/linux/pm_opp.h b/include/linux/pm_opp.h
index 3821f50b9b89c..2617f2c51f29d 100644
--- a/include/linux/pm_opp.h
+++ b/include/linux/pm_opp.h
@@ -125,9 +125,15 @@ struct dev_pm_opp *dev_pm_opp_find_freq_exact(struct device *dev,
struct dev_pm_opp *dev_pm_opp_find_freq_floor(struct device *dev,
unsigned long *freq);
+struct dev_pm_opp *dev_pm_opp_find_freq_floor_indexed(struct device *dev,
+ unsigned long *freq, u32 index);
+
struct dev_pm_opp *dev_pm_opp_find_freq_ceil(struct device *dev,
unsigned long *freq);
+struct dev_pm_opp *dev_pm_opp_find_freq_ceil_indexed(struct device *dev,
+ unsigned long *freq, u32 index);
+
struct dev_pm_opp *dev_pm_opp_find_level_exact(struct device *dev,
unsigned int level);
@@ -261,12 +267,24 @@ static inline struct dev_pm_opp *dev_pm_opp_find_freq_floor(struct device *dev,
return ERR_PTR(-EOPNOTSUPP);
}
+static inline struct dev_pm_opp *
+dev_pm_opp_find_freq_floor_indexed(struct device *dev, unsigned long *freq, u32 index)
+{
+ return ERR_PTR(-EOPNOTSUPP);
+}
+
static inline struct dev_pm_opp *dev_pm_opp_find_freq_ceil(struct device *dev,
unsigned long *freq)
{
return ERR_PTR(-EOPNOTSUPP);
}
+static inline struct dev_pm_opp *
+dev_pm_opp_find_freq_ceil_indexed(struct device *dev, unsigned long *freq, u32 index)
+{
+ return ERR_PTR(-EOPNOTSUPP);
+}
+
static inline struct dev_pm_opp *dev_pm_opp_find_level_exact(struct device *dev,
unsigned int level)
{
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 027/578] OPP: Introduce dev_pm_opp_get_freq_indexed() API
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 026/578] OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 028/578] OPP: Add dev_pm_opp_find_freq_exact_indexed() Greg Kroah-Hartman
` (559 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manivannan Sadhasivam, Viresh Kumar,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 5f756d03e2c7db63c1df7148d7b1739f29ff1532 ]
In the case of devices with multiple clocks, drivers need to specify the
frequency index for the OPP framework to get the specific frequency within
the required OPP. So let's introduce the dev_pm_opp_get_freq_indexed() API
accepting the frequency index as an argument.
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Viresh: Fixed potential access to NULL opp pointer ]
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Stable-dep-of: b44b9bc7cab2 ("OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/opp/core.c | 20 ++++++++++++++++++++
include/linux/pm_opp.h | 7 +++++++
2 files changed, 27 insertions(+)
diff --git a/drivers/opp/core.c b/drivers/opp/core.c
index 8775f9d71f90a..1483d10627fba 100644
--- a/drivers/opp/core.c
+++ b/drivers/opp/core.c
@@ -200,6 +200,26 @@ unsigned long dev_pm_opp_get_freq(struct dev_pm_opp *opp)
}
EXPORT_SYMBOL_GPL(dev_pm_opp_get_freq);
+/**
+ * dev_pm_opp_get_freq_indexed() - Gets the frequency corresponding to an
+ * available opp with specified index
+ * @opp: opp for which frequency has to be returned for
+ * @index: index of the frequency within the required opp
+ *
+ * Return: frequency in hertz corresponding to the opp with specified index,
+ * else return 0
+ */
+unsigned long dev_pm_opp_get_freq_indexed(struct dev_pm_opp *opp, u32 index)
+{
+ if (IS_ERR_OR_NULL(opp) || index >= opp->opp_table->clk_count) {
+ pr_err("%s: Invalid parameters\n", __func__);
+ return 0;
+ }
+
+ return opp->rates[index];
+}
+EXPORT_SYMBOL_GPL(dev_pm_opp_get_freq_indexed);
+
/**
* dev_pm_opp_get_level() - Gets the level corresponding to an available opp
* @opp: opp for which level value has to be returned for
diff --git a/include/linux/pm_opp.h b/include/linux/pm_opp.h
index 2617f2c51f29d..a13a1705df57b 100644
--- a/include/linux/pm_opp.h
+++ b/include/linux/pm_opp.h
@@ -105,6 +105,8 @@ unsigned long dev_pm_opp_get_power(struct dev_pm_opp *opp);
unsigned long dev_pm_opp_get_freq(struct dev_pm_opp *opp);
+unsigned long dev_pm_opp_get_freq_indexed(struct dev_pm_opp *opp, u32 index);
+
unsigned int dev_pm_opp_get_level(struct dev_pm_opp *opp);
unsigned int dev_pm_opp_get_required_pstate(struct dev_pm_opp *opp,
@@ -213,6 +215,11 @@ static inline unsigned long dev_pm_opp_get_freq(struct dev_pm_opp *opp)
return 0;
}
+static inline unsigned long dev_pm_opp_get_freq_indexed(struct dev_pm_opp *opp, u32 index)
+{
+ return 0;
+}
+
static inline unsigned int dev_pm_opp_get_level(struct dev_pm_opp *opp)
{
return 0;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 028/578] OPP: Add dev_pm_opp_find_freq_exact_indexed()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 027/578] OPP: Introduce dev_pm_opp_get_freq_indexed() API Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 029/578] OPP: Reuse dev_pm_opp_get_freq_indexed() Greg Kroah-Hartman
` (558 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Viresh Kumar, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Viresh Kumar <viresh.kumar@linaro.org>
[ Upstream commit a5893928bb179d67ca1d44a8f66c990480ba541d ]
The indexed version of the API is added for other floor and ceil, add
the same for exact as well for completeness.
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Stable-dep-of: b44b9bc7cab2 ("OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/opp/core.c | 28 ++++++++++++++++++++++++++++
include/linux/pm_opp.h | 11 +++++++++++
2 files changed, 39 insertions(+)
diff --git a/drivers/opp/core.c b/drivers/opp/core.c
index 1483d10627fba..e1d9eddf26833 100644
--- a/drivers/opp/core.c
+++ b/drivers/opp/core.c
@@ -641,6 +641,34 @@ struct dev_pm_opp *dev_pm_opp_find_freq_exact(struct device *dev,
}
EXPORT_SYMBOL_GPL(dev_pm_opp_find_freq_exact);
+/**
+ * dev_pm_opp_find_freq_exact_indexed() - Search for an exact freq for the
+ * clock corresponding to the index
+ * @dev: Device for which we do this operation
+ * @freq: frequency to search for
+ * @index: Clock index
+ * @available: true/false - match for available opp
+ *
+ * Search for the matching exact OPP for the clock corresponding to the
+ * specified index from a starting freq for a device.
+ *
+ * Return: matching *opp , else returns ERR_PTR in case of error and should be
+ * handled using IS_ERR. Error return values can be:
+ * EINVAL: for bad pointer
+ * ERANGE: no match found for search
+ * ENODEV: if device not found in list of registered devices
+ *
+ * The callers are required to call dev_pm_opp_put() for the returned OPP after
+ * use.
+ */
+struct dev_pm_opp *
+dev_pm_opp_find_freq_exact_indexed(struct device *dev, unsigned long freq,
+ u32 index, bool available)
+{
+ return _find_key_exact(dev, freq, index, available, _read_freq, NULL);
+}
+EXPORT_SYMBOL_GPL(dev_pm_opp_find_freq_exact_indexed);
+
static noinline struct dev_pm_opp *_find_freq_ceil(struct opp_table *opp_table,
unsigned long *freq)
{
diff --git a/include/linux/pm_opp.h b/include/linux/pm_opp.h
index a13a1705df57b..23e4e4eaaa427 100644
--- a/include/linux/pm_opp.h
+++ b/include/linux/pm_opp.h
@@ -124,6 +124,10 @@ struct dev_pm_opp *dev_pm_opp_find_freq_exact(struct device *dev,
unsigned long freq,
bool available);
+struct dev_pm_opp *
+dev_pm_opp_find_freq_exact_indexed(struct device *dev, unsigned long freq,
+ u32 index, bool available);
+
struct dev_pm_opp *dev_pm_opp_find_freq_floor(struct device *dev,
unsigned long *freq);
@@ -268,6 +272,13 @@ static inline struct dev_pm_opp *dev_pm_opp_find_freq_exact(struct device *dev,
return ERR_PTR(-EOPNOTSUPP);
}
+static inline struct dev_pm_opp *
+dev_pm_opp_find_freq_exact_indexed(struct device *dev, unsigned long freq,
+ u32 index, bool available)
+{
+ return ERR_PTR(-EOPNOTSUPP);
+}
+
static inline struct dev_pm_opp *dev_pm_opp_find_freq_floor(struct device *dev,
unsigned long *freq)
{
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 029/578] OPP: Reuse dev_pm_opp_get_freq_indexed()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 028/578] OPP: Add dev_pm_opp_find_freq_exact_indexed() Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 030/578] OPP: add index check to assert to avoid buffer overflow in _read_freq() Greg Kroah-Hartman
` (557 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Viresh Kumar, Manivannan Sadhasivam,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Viresh Kumar <viresh.kumar@linaro.org>
[ Upstream commit 746de8255076c9924ffa51baad9822adddccb94e ]
Reuse dev_pm_opp_get_freq_indexed() from dev_pm_opp_get_freq().
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Acked-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Stable-dep-of: b44b9bc7cab2 ("OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/opp/core.c | 21 ---------------------
include/linux/pm_opp.h | 12 +++++-------
2 files changed, 5 insertions(+), 28 deletions(-)
diff --git a/drivers/opp/core.c b/drivers/opp/core.c
index e1d9eddf26833..83ff32b7f4793 100644
--- a/drivers/opp/core.c
+++ b/drivers/opp/core.c
@@ -179,27 +179,6 @@ unsigned long dev_pm_opp_get_power(struct dev_pm_opp *opp)
}
EXPORT_SYMBOL_GPL(dev_pm_opp_get_power);
-/**
- * dev_pm_opp_get_freq() - Gets the frequency corresponding to an available opp
- * @opp: opp for which frequency has to be returned for
- *
- * Return: frequency in hertz corresponding to the opp, else
- * return 0
- */
-unsigned long dev_pm_opp_get_freq(struct dev_pm_opp *opp)
-{
- if (IS_ERR_OR_NULL(opp)) {
- pr_err("%s: Invalid parameters\n", __func__);
- return 0;
- }
-
- if (!assert_single_clk(opp->opp_table))
- return 0;
-
- return opp->rates[0];
-}
-EXPORT_SYMBOL_GPL(dev_pm_opp_get_freq);
-
/**
* dev_pm_opp_get_freq_indexed() - Gets the frequency corresponding to an
* available opp with specified index
diff --git a/include/linux/pm_opp.h b/include/linux/pm_opp.h
index 23e4e4eaaa427..91f87d7e807cb 100644
--- a/include/linux/pm_opp.h
+++ b/include/linux/pm_opp.h
@@ -103,8 +103,6 @@ int dev_pm_opp_get_supplies(struct dev_pm_opp *opp, struct dev_pm_opp_supply *su
unsigned long dev_pm_opp_get_power(struct dev_pm_opp *opp);
-unsigned long dev_pm_opp_get_freq(struct dev_pm_opp *opp);
-
unsigned long dev_pm_opp_get_freq_indexed(struct dev_pm_opp *opp, u32 index);
unsigned int dev_pm_opp_get_level(struct dev_pm_opp *opp);
@@ -214,11 +212,6 @@ static inline unsigned long dev_pm_opp_get_power(struct dev_pm_opp *opp)
return 0;
}
-static inline unsigned long dev_pm_opp_get_freq(struct dev_pm_opp *opp)
-{
- return 0;
-}
-
static inline unsigned long dev_pm_opp_get_freq_indexed(struct dev_pm_opp *opp, u32 index)
{
return 0;
@@ -669,4 +662,9 @@ static inline void dev_pm_opp_put_prop_name(int token)
dev_pm_opp_clear_config(token);
}
+static inline unsigned long dev_pm_opp_get_freq(struct dev_pm_opp *opp)
+{
+ return dev_pm_opp_get_freq_indexed(opp, 0);
+}
+
#endif /* __LINUX_OPP_H__ */
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 030/578] OPP: add index check to assert to avoid buffer overflow in _read_freq()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 029/578] OPP: Reuse dev_pm_opp_get_freq_indexed() Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 031/578] OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized Greg Kroah-Hartman
` (556 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Neil Armstrong, Viresh Kumar,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Neil Armstrong <neil.armstrong@linaro.org>
[ Upstream commit d659bc68ed489022ea33342cfbda2911a81e7a0d ]
Pass the freq index to the assert function to make sure
we do not read a freq out of the opp->rates[] table when called
from the indexed variants:
dev_pm_opp_find_freq_exact_indexed() or
dev_pm_opp_find_freq_ceil/floor_indexed().
Add a secondary parameter to the assert function, unused
for assert_single_clk() then add assert_clk_index() which
will check for the clock index when called from the _indexed()
find functions.
Fixes: 142e17c1c2b4 ("OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs")
Fixes: a5893928bb17 ("OPP: Add dev_pm_opp_find_freq_exact_indexed()")
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Stable-dep-of: b44b9bc7cab2 ("OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/opp/core.c | 42 +++++++++++++++++++++++++++---------------
1 file changed, 27 insertions(+), 15 deletions(-)
diff --git a/drivers/opp/core.c b/drivers/opp/core.c
index 83ff32b7f4793..53286063df558 100644
--- a/drivers/opp/core.c
+++ b/drivers/opp/core.c
@@ -104,11 +104,21 @@ struct opp_table *_find_opp_table(struct device *dev)
* representation in the OPP table and manage the clock configuration themselves
* in an platform specific way.
*/
-static bool assert_single_clk(struct opp_table *opp_table)
+static bool assert_single_clk(struct opp_table *opp_table,
+ unsigned int __always_unused index)
{
return !WARN_ON(opp_table->clk_count > 1);
}
+/*
+ * Returns true if clock table is large enough to contain the clock index.
+ */
+static bool assert_clk_index(struct opp_table *opp_table,
+ unsigned int index)
+{
+ return opp_table->clk_count > index;
+}
+
/**
* dev_pm_opp_get_voltage() - Gets the voltage corresponding to an opp
* @opp: opp for which voltage has to be returned for
@@ -496,12 +506,12 @@ static struct dev_pm_opp *_opp_table_find_key(struct opp_table *opp_table,
unsigned long (*read)(struct dev_pm_opp *opp, int index),
bool (*compare)(struct dev_pm_opp **opp, struct dev_pm_opp *temp_opp,
unsigned long opp_key, unsigned long key),
- bool (*assert)(struct opp_table *opp_table))
+ bool (*assert)(struct opp_table *opp_table, unsigned int index))
{
struct dev_pm_opp *temp_opp, *opp = ERR_PTR(-ERANGE);
/* Assert that the requirement is met */
- if (assert && !assert(opp_table))
+ if (assert && !assert(opp_table, index))
return ERR_PTR(-EINVAL);
mutex_lock(&opp_table->lock);
@@ -529,7 +539,7 @@ _find_key(struct device *dev, unsigned long *key, int index, bool available,
unsigned long (*read)(struct dev_pm_opp *opp, int index),
bool (*compare)(struct dev_pm_opp **opp, struct dev_pm_opp *temp_opp,
unsigned long opp_key, unsigned long key),
- bool (*assert)(struct opp_table *opp_table))
+ bool (*assert)(struct opp_table *opp_table, unsigned int index))
{
struct opp_table *opp_table;
struct dev_pm_opp *opp;
@@ -552,7 +562,7 @@ _find_key(struct device *dev, unsigned long *key, int index, bool available,
static struct dev_pm_opp *_find_key_exact(struct device *dev,
unsigned long key, int index, bool available,
unsigned long (*read)(struct dev_pm_opp *opp, int index),
- bool (*assert)(struct opp_table *opp_table))
+ bool (*assert)(struct opp_table *opp_table, unsigned int index))
{
/*
* The value of key will be updated here, but will be ignored as the
@@ -565,7 +575,7 @@ static struct dev_pm_opp *_find_key_exact(struct device *dev,
static struct dev_pm_opp *_opp_table_find_key_ceil(struct opp_table *opp_table,
unsigned long *key, int index, bool available,
unsigned long (*read)(struct dev_pm_opp *opp, int index),
- bool (*assert)(struct opp_table *opp_table))
+ bool (*assert)(struct opp_table *opp_table, unsigned int index))
{
return _opp_table_find_key(opp_table, key, index, available, read,
_compare_ceil, assert);
@@ -574,7 +584,7 @@ static struct dev_pm_opp *_opp_table_find_key_ceil(struct opp_table *opp_table,
static struct dev_pm_opp *_find_key_ceil(struct device *dev, unsigned long *key,
int index, bool available,
unsigned long (*read)(struct dev_pm_opp *opp, int index),
- bool (*assert)(struct opp_table *opp_table))
+ bool (*assert)(struct opp_table *opp_table, unsigned int index))
{
return _find_key(dev, key, index, available, read, _compare_ceil,
assert);
@@ -583,7 +593,7 @@ static struct dev_pm_opp *_find_key_ceil(struct device *dev, unsigned long *key,
static struct dev_pm_opp *_find_key_floor(struct device *dev,
unsigned long *key, int index, bool available,
unsigned long (*read)(struct dev_pm_opp *opp, int index),
- bool (*assert)(struct opp_table *opp_table))
+ bool (*assert)(struct opp_table *opp_table, unsigned int index))
{
return _find_key(dev, key, index, available, read, _compare_floor,
assert);
@@ -644,7 +654,8 @@ struct dev_pm_opp *
dev_pm_opp_find_freq_exact_indexed(struct device *dev, unsigned long freq,
u32 index, bool available)
{
- return _find_key_exact(dev, freq, index, available, _read_freq, NULL);
+ return _find_key_exact(dev, freq, index, available, _read_freq,
+ assert_clk_index);
}
EXPORT_SYMBOL_GPL(dev_pm_opp_find_freq_exact_indexed);
@@ -704,7 +715,8 @@ struct dev_pm_opp *
dev_pm_opp_find_freq_ceil_indexed(struct device *dev, unsigned long *freq,
u32 index)
{
- return _find_key_ceil(dev, freq, index, true, _read_freq, NULL);
+ return _find_key_ceil(dev, freq, index, true, _read_freq,
+ assert_clk_index);
}
EXPORT_SYMBOL_GPL(dev_pm_opp_find_freq_ceil_indexed);
@@ -757,7 +769,7 @@ struct dev_pm_opp *
dev_pm_opp_find_freq_floor_indexed(struct device *dev, unsigned long *freq,
u32 index)
{
- return _find_key_floor(dev, freq, index, true, _read_freq, NULL);
+ return _find_key_floor(dev, freq, index, true, _read_freq, assert_clk_index);
}
EXPORT_SYMBOL_GPL(dev_pm_opp_find_freq_floor_indexed);
@@ -1671,7 +1683,7 @@ void dev_pm_opp_remove(struct device *dev, unsigned long freq)
if (IS_ERR(opp_table))
return;
- if (!assert_single_clk(opp_table))
+ if (!assert_single_clk(opp_table, 0))
goto put_table;
mutex_lock(&opp_table->lock);
@@ -2022,7 +2034,7 @@ int _opp_add_v1(struct opp_table *opp_table, struct device *dev,
unsigned long tol;
int ret;
- if (!assert_single_clk(opp_table))
+ if (!assert_single_clk(opp_table, 0))
return -EINVAL;
new_opp = _opp_allocate(opp_table);
@@ -2878,7 +2890,7 @@ static int _opp_set_availability(struct device *dev, unsigned long freq,
return r;
}
- if (!assert_single_clk(opp_table)) {
+ if (!assert_single_clk(opp_table, 0)) {
r = -EINVAL;
goto put_table;
}
@@ -2954,7 +2966,7 @@ int dev_pm_opp_adjust_voltage(struct device *dev, unsigned long freq,
return r;
}
- if (!assert_single_clk(opp_table)) {
+ if (!assert_single_clk(opp_table, 0)) {
r = -EINVAL;
goto put_table;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 031/578] OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 030/578] OPP: add index check to assert to avoid buffer overflow in _read_freq() Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 032/578] drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Greg Kroah-Hartman
` (555 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Neil Armstrong, Viresh Kumar,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Neil Armstrong <neil.armstrong@linaro.org>
[ Upstream commit b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e ]
If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth
from the OPP table but the bandwidth table was not created because the
interconnect properties were missing in the OPP consumer node, the
kernel will crash with:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004
...
pc : _read_bw+0x8/0x10
lr : _opp_table_find_key+0x9c/0x174
...
Call trace:
_read_bw+0x8/0x10 (P)
_opp_table_find_key+0x9c/0x174 (L)
_find_key+0x98/0x168
dev_pm_opp_find_bw_ceil+0x50/0x88
...
In order to fix the crash, create an assert function to check
if the bandwidth table was created before trying to get a
bandwidth with _read_bw().
Fixes: add1dc094a74 ("OPP: Use generic key finding helpers for bandwidth key")
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/opp/core.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/opp/core.c b/drivers/opp/core.c
index 53286063df558..4211cfb27350f 100644
--- a/drivers/opp/core.c
+++ b/drivers/opp/core.c
@@ -119,6 +119,15 @@ static bool assert_clk_index(struct opp_table *opp_table,
return opp_table->clk_count > index;
}
+/*
+ * Returns true if bandwidth table is large enough to contain the bandwidth index.
+ */
+static bool assert_bandwidth_index(struct opp_table *opp_table,
+ unsigned int index)
+{
+ return opp_table->path_count > index;
+}
+
/**
* dev_pm_opp_get_voltage() - Gets the voltage corresponding to an opp
* @opp: opp for which voltage has to be returned for
@@ -847,7 +856,8 @@ struct dev_pm_opp *dev_pm_opp_find_bw_ceil(struct device *dev, unsigned int *bw,
unsigned long temp = *bw;
struct dev_pm_opp *opp;
- opp = _find_key_ceil(dev, &temp, index, true, _read_bw, NULL);
+ opp = _find_key_ceil(dev, &temp, index, true, _read_bw,
+ assert_bandwidth_index);
*bw = temp;
return opp;
}
@@ -878,7 +888,8 @@ struct dev_pm_opp *dev_pm_opp_find_bw_floor(struct device *dev,
unsigned long temp = *bw;
struct dev_pm_opp *opp;
- opp = _find_key_floor(dev, &temp, index, true, _read_bw, NULL);
+ opp = _find_key_floor(dev, &temp, index, true, _read_bw,
+ assert_bandwidth_index);
*bw = temp;
return opp;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 032/578] drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 031/578] OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 033/578] genirq: Make handle_enforce_irqctx() unconditionally available Greg Kroah-Hartman
` (554 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Hermes Wu,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hermes Wu <hermes.wu@ite.com.tw>
[ Upstream commit c14870218c14532b0f0a7805b96a4d3c92d06fb2 ]
The hardware AUX FIFO is 16 bytes
Change definition of AUX_FIFO_MAX_SIZE to 16
Fixes: b5c84a9edcd4 ("drm/bridge: add it6505 driver")
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Hermes Wu <hermes.wu@ite.com.tw>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20241230-v7-upstream-v7-1-e0fdd4844703@ite.corp-partner.google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/ite-it6505.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/ite-it6505.c b/drivers/gpu/drm/bridge/ite-it6505.c
index 5a23277be4445..45596b211fb88 100644
--- a/drivers/gpu/drm/bridge/ite-it6505.c
+++ b/drivers/gpu/drm/bridge/ite-it6505.c
@@ -300,7 +300,7 @@
#define MAX_CR_LEVEL 0x03
#define MAX_EQ_LEVEL 0x03
#define AUX_WAIT_TIMEOUT_MS 15
-#define AUX_FIFO_MAX_SIZE 32
+#define AUX_FIFO_MAX_SIZE 16
#define PIXEL_CLK_DELAY 1
#define PIXEL_CLK_INVERSE 0
#define ADJUST_PHASE_THRESHOLD 80000
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 033/578] genirq: Make handle_enforce_irqctx() unconditionally available
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 032/578] drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 034/578] ipmi: ipmb: Add check devm_kasprintf() returned value Greg Kroah-Hartman
` (553 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thomas Gleixner, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
[ Upstream commit 8d187a77f04c14fb459a5301d69f733a5a1396bc ]
Commit 1b57d91b969c ("irqchip/gic-v2, v3: Prevent SW resends entirely")
sett the flag which enforces interrupt handling in interrupt context and
prevents software base resends for ARM GIC v2/v3.
But it missed that the helper function which checks the flag was hidden
behind CONFIG_GENERIC_PENDING_IRQ, which is not set by ARM[64].
Make the helper unconditionally available so that the enforcement actually
works.
Fixes: 1b57d91b969c ("irqchip/gic-v2, v3: Prevent SW resends entirely")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/all/20241210101811.497716609@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/irq/internals.h | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/kernel/irq/internals.h b/kernel/irq/internals.h
index 5fdc0b5575797..35e85323940c3 100644
--- a/kernel/irq/internals.h
+++ b/kernel/irq/internals.h
@@ -429,10 +429,6 @@ static inline struct cpumask *irq_desc_get_pending_mask(struct irq_desc *desc)
{
return desc->pending_mask;
}
-static inline bool handle_enforce_irqctx(struct irq_data *data)
-{
- return irqd_is_handle_enforce_irqctx(data);
-}
bool irq_fixup_move_pending(struct irq_desc *desc, bool force_clear);
#else /* CONFIG_GENERIC_PENDING_IRQ */
static inline bool irq_can_move_pcntxt(struct irq_data *data)
@@ -459,11 +455,12 @@ static inline bool irq_fixup_move_pending(struct irq_desc *desc, bool fclear)
{
return false;
}
+#endif /* !CONFIG_GENERIC_PENDING_IRQ */
+
static inline bool handle_enforce_irqctx(struct irq_data *data)
{
- return false;
+ return irqd_is_handle_enforce_irqctx(data);
}
-#endif /* !CONFIG_GENERIC_PENDING_IRQ */
#if !defined(CONFIG_IRQ_DOMAIN) || !defined(CONFIG_IRQ_DOMAIN_HIERARCHY)
static inline int irq_domain_activate_irq(struct irq_data *data, bool reserve)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 034/578] ipmi: ipmb: Add check devm_kasprintf() returned value
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 033/578] genirq: Make handle_enforce_irqctx() unconditionally available Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 035/578] wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Greg Kroah-Hartman
` (552 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Charles Han, Corey Minyard,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Charles Han <hanchunchao@inspur.com>
[ Upstream commit 2378bd0b264ad3a1f76bd957caf33ee0c7945351 ]
devm_kasprintf() can return a NULL pointer on failure but this
returned value is not checked.
Fixes: 51bd6f291583 ("Add support for IPMB driver")
Signed-off-by: Charles Han <hanchunchao@inspur.com>
Message-ID: <20240926094419.25900-1-hanchunchao@inspur.com>
Signed-off-by: Corey Minyard <corey@minyard.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/ipmb_dev_int.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/char/ipmi/ipmb_dev_int.c b/drivers/char/ipmi/ipmb_dev_int.c
index a0e9e80d92eeb..d6a4b1671d5bc 100644
--- a/drivers/char/ipmi/ipmb_dev_int.c
+++ b/drivers/char/ipmi/ipmb_dev_int.c
@@ -321,6 +321,9 @@ static int ipmb_probe(struct i2c_client *client)
ipmb_dev->miscdev.name = devm_kasprintf(&client->dev, GFP_KERNEL,
"%s%d", "ipmb-",
client->adapter->nr);
+ if (!ipmb_dev->miscdev.name)
+ return -ENOMEM;
+
ipmb_dev->miscdev.fops = &ipmb_fops;
ipmb_dev->miscdev.parent = &client->dev;
ret = misc_register(&ipmb_dev->miscdev);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 035/578] wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 034/578] ipmi: ipmb: Add check devm_kasprintf() returned value Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 036/578] wifi: rtlwifi: do not complete firmware loading needlessly Greg Kroah-Hartman
` (551 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Balaji Pothunoori, Jeff Johnson,
Kalle Valo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Balaji Pothunoori <quic_bpothuno@quicinc.com>
[ Upstream commit 78e154d42f2c72905fe66a400847e1b2b101b7b2 ]
The following error messages were encountered while parsing fragmented RX
packets for WCN6750/WCN6855:
ath11k 17a10040.wifi: invalid return buffer manager 4
This issue arose due to a hardcoded check for HAL_RX_BUF_RBM_SW3_BM
introduced in 'commit 71c748b5e01e ("ath11k: Fix unexpected return buffer
manager error for QCA6390")'
For WCN6750 and WCN6855, the return buffer manager ID should be
HAL_RX_BUF_RBM_SW1_BM. The incorrect conditional check caused fragmented
packets to be dropped, resulting in the above error log.
Fix this by adding a check for HAL_RX_BUF_RBM_SW1_BM.
Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.2.0.c2-00258-QCAMSLSWPL-1
Tested-on: WCN6855 hw2.1 WLAN.HSP.1.1-04479-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1
Fixes: 71c748b5e01e ("ath11k: Fix unexpected return buffer manager error for QCA6390")
Signed-off-by: Balaji Pothunoori <quic_bpothuno@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Acked-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20241030114625.2416942-1-quic_bpothuno@quicinc.com
Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
drivers/net/wireless/ath/ath11k/hal_rx.c | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c
index d01616d06a326..2f6b22708b53f 100644
--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
+++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
@@ -3795,6 +3795,7 @@ int ath11k_dp_process_rx_err(struct ath11k_base *ab, struct napi_struct *napi,
ath11k_hal_rx_msdu_link_info_get(link_desc_va, &num_msdus, msdu_cookies,
&rbm);
if (rbm != HAL_RX_BUF_RBM_WBM_IDLE_DESC_LIST &&
+ rbm != HAL_RX_BUF_RBM_SW1_BM &&
rbm != HAL_RX_BUF_RBM_SW3_BM) {
ab->soc_stats.invalid_rbm++;
ath11k_warn(ab, "invalid return buffer manager %d\n", rbm);
diff --git a/drivers/net/wireless/ath/ath11k/hal_rx.c b/drivers/net/wireless/ath/ath11k/hal_rx.c
index 7f39c6fb7408c..d1785e71ffc98 100644
--- a/drivers/net/wireless/ath/ath11k/hal_rx.c
+++ b/drivers/net/wireless/ath/ath11k/hal_rx.c
@@ -371,7 +371,8 @@ int ath11k_hal_wbm_desc_parse_err(struct ath11k_base *ab, void *desc,
ret_buf_mgr = FIELD_GET(BUFFER_ADDR_INFO1_RET_BUF_MGR,
wbm_desc->buf_addr_info.info1);
- if (ret_buf_mgr != HAL_RX_BUF_RBM_SW3_BM) {
+ if (ret_buf_mgr != HAL_RX_BUF_RBM_SW1_BM &&
+ ret_buf_mgr != HAL_RX_BUF_RBM_SW3_BM) {
ab->soc_stats.invalid_rbm++;
return -EINVAL;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 036/578] wifi: rtlwifi: do not complete firmware loading needlessly
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 035/578] wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 037/578] wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Greg Kroah-Hartman
` (550 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thadeu Lima de Souza Cascardo,
Ping-Ke Shih, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
[ Upstream commit e73e11d303940119e41850a0452a0deda2cc4eb5 ]
The only code waiting for completion is driver removal, which will not be
called when probe returns a failure. So this completion is unnecessary.
Fixes: b0302aba812b ("rtlwifi: Convert to asynchronous firmware load")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20241107133322.855112-2-cascardo@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/pci.c | 1 -
drivers/net/wireless/realtek/rtlwifi/usb.c | 1 -
2 files changed, 2 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c
index 6116c1bec1558..1707d00b49698 100644
--- a/drivers/net/wireless/realtek/rtlwifi/pci.c
+++ b/drivers/net/wireless/realtek/rtlwifi/pci.c
@@ -2273,7 +2273,6 @@ int rtl_pci_probe(struct pci_dev *pdev,
pci_iounmap(pdev, (void __iomem *)rtlpriv->io.pci_mem_start);
pci_release_regions(pdev);
- complete(&rtlpriv->firmware_loading_complete);
fail1:
if (hw)
diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index a8eebafb9a7ee..c2a3c88ea1fcc 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -1085,7 +1085,6 @@ int rtl_usb_probe(struct usb_interface *intf,
error_out2:
_rtl_usb_io_handler_release(hw);
usb_put_dev(udev);
- complete(&rtlpriv->firmware_loading_complete);
kfree(rtlpriv->usb_data);
ieee80211_free_hw(hw);
return -ENODEV;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 037/578] wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 036/578] wifi: rtlwifi: do not complete firmware loading needlessly Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 038/578] wifi: rtlwifi: wait for firmware loading before releasing memory Greg Kroah-Hartman
` (549 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thadeu Lima de Souza Cascardo,
Ping-Ke Shih, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
[ Upstream commit 8559a9e0c457729fe3edb3176bbf7c7874f482b0 ]
Just like in commit 4dfde294b979 ("rtlwifi: rise completion at the last
step of firmware callback"), only signal completion once the function is
finished. Otherwise, the module removal waiting for the completion could
free the memory that the callback will still use before returning.
Fixes: b0302aba812b ("rtlwifi: Convert to asynchronous firmware load")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20241107133322.855112-3-cascardo@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c
index 6d352a3161b8f..60d97e73ca28e 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c
@@ -67,22 +67,23 @@ static void rtl92se_fw_cb(const struct firmware *firmware, void *context)
rtl_dbg(rtlpriv, COMP_ERR, DBG_LOUD,
"Firmware callback routine entered!\n");
- complete(&rtlpriv->firmware_loading_complete);
if (!firmware) {
pr_err("Firmware %s not available\n", fw_name);
rtlpriv->max_fw_size = 0;
- return;
+ goto exit;
}
if (firmware->size > rtlpriv->max_fw_size) {
pr_err("Firmware is too big!\n");
rtlpriv->max_fw_size = 0;
release_firmware(firmware);
- return;
+ goto exit;
}
pfirmware = (struct rt_firmware *)rtlpriv->rtlhal.pfirmware;
memcpy(pfirmware->sz_fw_tmpbuffer, firmware->data, firmware->size);
pfirmware->sz_fw_tmpbufferlen = firmware->size;
release_firmware(firmware);
+exit:
+ complete(&rtlpriv->firmware_loading_complete);
}
static int rtl92s_init_sw_vars(struct ieee80211_hw *hw)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 038/578] wifi: rtlwifi: wait for firmware loading before releasing memory
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 037/578] wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 039/578] wifi: rtlwifi: fix init_sw_vars leak when probe fails Greg Kroah-Hartman
` (548 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thadeu Lima de Souza Cascardo,
Ping-Ke Shih, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
[ Upstream commit b4b26642b31ef282df6ff7ea8531985edfdef12a ]
At probe error path, the firmware loading work may have already been
queued. In such a case, it will try to access memory allocated by the probe
function, which is about to be released. In such paths, wait for the
firmware worker to finish before releasing memory.
Fixes: a7f7c15e945a ("rtlwifi: rtl8192cu: Free ieee80211_hw if probing fails")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20241107133322.855112-4-cascardo@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/usb.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index c2a3c88ea1fcc..038d9bb652b64 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -1073,13 +1073,15 @@ int rtl_usb_probe(struct usb_interface *intf,
err = ieee80211_register_hw(hw);
if (err) {
pr_err("Can't register mac80211 hw.\n");
- goto error_out;
+ goto error_init_vars;
}
rtlpriv->mac80211.mac80211_registered = 1;
set_bit(RTL_STATUS_INTERFACE_START, &rtlpriv->status);
return 0;
+error_init_vars:
+ wait_for_completion(&rtlpriv->firmware_loading_complete);
error_out:
rtl_deinit_core(hw);
error_out2:
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 039/578] wifi: rtlwifi: fix init_sw_vars leak when probe fails
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 038/578] wifi: rtlwifi: wait for firmware loading before releasing memory Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 040/578] wifi: rtlwifi: usb: fix workqueue " Greg Kroah-Hartman
` (547 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thadeu Lima de Souza Cascardo,
Ping-Ke Shih, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
[ Upstream commit 00260350aed80c002df270c805ca443ec9a719a6 ]
If ieee80211_register_hw fails, the memory allocated for the firmware will
not be released. Call deinit_sw_vars as the function that undoes the
allocationes done by init_sw_vars.
Fixes: cefe3dfdb9f5 ("rtl8192cu: Call ieee80211_register_hw from rtl_usb_probe")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20241107133322.855112-5-cascardo@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/usb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index 038d9bb652b64..1753eccbefdd9 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -1082,6 +1082,7 @@ int rtl_usb_probe(struct usb_interface *intf,
error_init_vars:
wait_for_completion(&rtlpriv->firmware_loading_complete);
+ rtlpriv->cfg->ops->deinit_sw_vars(hw);
error_out:
rtl_deinit_core(hw);
error_out2:
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 040/578] wifi: rtlwifi: usb: fix workqueue leak when probe fails
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 039/578] wifi: rtlwifi: fix init_sw_vars leak when probe fails Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 041/578] wifi: wcn36xx: fix channel survey memory allocation size Greg Kroah-Hartman
` (546 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thadeu Lima de Souza Cascardo,
Ping-Ke Shih, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
[ Upstream commit f79bc5c67867c19ce2762e7934c20dbb835ed82c ]
rtl_init_core creates a workqueue that is then assigned to rtl_wq.
rtl_deinit_core does not destroy it. It is left to rtl_usb_deinit, which
must be called in the probe error path.
Fixes: 2ca20f79e0d8 ("rtlwifi: Add usb driver")
Fixes: 851639fdaeac ("rtlwifi: Modify some USB de-initialize code.")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20241107133322.855112-6-cascardo@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/usb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index 1753eccbefdd9..04590d16874c4 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -1084,6 +1084,7 @@ int rtl_usb_probe(struct usb_interface *intf,
wait_for_completion(&rtlpriv->firmware_loading_complete);
rtlpriv->cfg->ops->deinit_sw_vars(hw);
error_out:
+ rtl_usb_deinit(hw);
rtl_deinit_core(hw);
error_out2:
_rtl_usb_io_handler_release(hw);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 041/578] wifi: wcn36xx: fix channel survey memory allocation size
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 040/578] wifi: rtlwifi: usb: fix workqueue " Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 042/578] net_sched: sch_sfq: annotate data-races around q->perturb_period Greg Kroah-Hartman
` (545 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Barnabás Czémán,
Loic Poulain, Bryan ODonoghue, Jeff Johnson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Barnabás Czémán <barnabas.czeman@mainlining.org>
[ Upstream commit 6200d947f050efdba4090dfefd8a01981363d954 ]
KASAN reported a memory allocation issue in wcn->chan_survey
due to incorrect size calculation.
This commit uses kcalloc to allocate memory for wcn->chan_survey,
ensuring proper initialization and preventing the use of uninitialized
values when there are no frames on the channel.
Fixes: 29696e0aa413 ("wcn36xx: Track SNR and RSSI for each RX frame")
Signed-off-by: Barnabás Czémán <barnabas.czeman@mainlining.org>
Acked-by: Loic Poulain <loic.poulain@linaro.org>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Link: https://patch.msgid.link/20241104-wcn36xx-memory-allocation-v1-1-5ec901cf37b6@mainlining.org
Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wcn36xx/main.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/main.c b/drivers/net/wireless/ath/wcn36xx/main.c
index 6b8d2889d73f4..b3a685f2ddd2d 100644
--- a/drivers/net/wireless/ath/wcn36xx/main.c
+++ b/drivers/net/wireless/ath/wcn36xx/main.c
@@ -1585,7 +1585,10 @@ static int wcn36xx_probe(struct platform_device *pdev)
}
n_channels = wcn_band_2ghz.n_channels + wcn_band_5ghz.n_channels;
- wcn->chan_survey = devm_kmalloc(wcn->dev, n_channels, GFP_KERNEL);
+ wcn->chan_survey = devm_kcalloc(wcn->dev,
+ n_channels,
+ sizeof(struct wcn36xx_chan_survey),
+ GFP_KERNEL);
if (!wcn->chan_survey) {
ret = -ENOMEM;
goto out_wq;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 042/578] net_sched: sch_sfq: annotate data-races around q->perturb_period
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 041/578] wifi: wcn36xx: fix channel survey memory allocation size Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 043/578] net_sched: sch_sfq: handle bigger packets Greg Kroah-Hartman
` (544 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Simon Horman,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit a17ef9e6c2c1cf0fc6cd6ca6a9ce525c67d1da7f ]
sfq_perturbation() reads q->perturb_period locklessly.
Add annotations to fix potential issues.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240430180015.3111398-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 10685681bafc ("net_sched: sch_sfq: don't allow 1 packet limit")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_sfq.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index 66dcb18638fea..ed362eefeea9a 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -608,6 +608,7 @@ static void sfq_perturbation(struct timer_list *t)
struct Qdisc *sch = q->sch;
spinlock_t *root_lock;
siphash_key_t nkey;
+ int period;
get_random_bytes(&nkey, sizeof(nkey));
rcu_read_lock();
@@ -618,8 +619,12 @@ static void sfq_perturbation(struct timer_list *t)
sfq_rehash(sch);
spin_unlock(root_lock);
- if (q->perturb_period)
- mod_timer(&q->perturb_timer, jiffies + q->perturb_period);
+ /* q->perturb_period can change under us from
+ * sfq_change() and sfq_destroy().
+ */
+ period = READ_ONCE(q->perturb_period);
+ if (period)
+ mod_timer(&q->perturb_timer, jiffies + period);
rcu_read_unlock();
}
@@ -662,7 +667,7 @@ static int sfq_change(struct Qdisc *sch, struct nlattr *opt)
q->quantum = ctl->quantum;
q->scaled_quantum = SFQ_ALLOT_SIZE(q->quantum);
}
- q->perturb_period = ctl->perturb_period * HZ;
+ WRITE_ONCE(q->perturb_period, ctl->perturb_period * HZ);
if (ctl->flows)
q->maxflows = min_t(u32, ctl->flows, SFQ_MAX_FLOWS);
if (ctl->divisor) {
@@ -724,7 +729,7 @@ static void sfq_destroy(struct Qdisc *sch)
struct sfq_sched_data *q = qdisc_priv(sch);
tcf_block_put(q->block);
- q->perturb_period = 0;
+ WRITE_ONCE(q->perturb_period, 0);
del_timer_sync(&q->perturb_timer);
sfq_free(q->ht);
sfq_free(q->slots);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 043/578] net_sched: sch_sfq: handle bigger packets
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 042/578] net_sched: sch_sfq: annotate data-races around q->perturb_period Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 044/578] net_sched: sch_sfq: dont allow 1 packet limit Greg Kroah-Hartman
` (543 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet,
Toke Høiland-Jørgensen, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit e4650d7ae4252f67e997a632adfae0dd74d3a99a ]
SFQ has an assumption on dealing with packets smaller than 64KB.
Even before BIG TCP, TCA_STAB can provide arbitrary big values
in qdisc_pkt_len(skb)
It is time to switch (struct sfq_slot)->allot to a 32bit field.
sizeof(struct sfq_slot) is now 64 bytes, giving better cache locality.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Link: https://patch.msgid.link/20241008111603.653140-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 10685681bafc ("net_sched: sch_sfq: don't allow 1 packet limit")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_sfq.c | 39 +++++++++++++--------------------------
1 file changed, 13 insertions(+), 26 deletions(-)
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index ed362eefeea9a..7d4feae2fae36 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -77,12 +77,6 @@
#define SFQ_EMPTY_SLOT 0xffff
#define SFQ_DEFAULT_HASH_DIVISOR 1024
-/* We use 16 bits to store allot, and want to handle packets up to 64K
- * Scale allot by 8 (1<<3) so that no overflow occurs.
- */
-#define SFQ_ALLOT_SHIFT 3
-#define SFQ_ALLOT_SIZE(X) DIV_ROUND_UP(X, 1 << SFQ_ALLOT_SHIFT)
-
/* This type should contain at least SFQ_MAX_DEPTH + 1 + SFQ_MAX_FLOWS values */
typedef u16 sfq_index;
@@ -104,7 +98,7 @@ struct sfq_slot {
sfq_index next; /* next slot in sfq RR chain */
struct sfq_head dep; /* anchor in dep[] chains */
unsigned short hash; /* hash value (index in ht[]) */
- short allot; /* credit for this slot */
+ int allot; /* credit for this slot */
unsigned int backlog;
struct red_vars vars;
@@ -120,7 +114,6 @@ struct sfq_sched_data {
siphash_key_t perturbation;
u8 cur_depth; /* depth of longest slot */
u8 flags;
- unsigned short scaled_quantum; /* SFQ_ALLOT_SIZE(quantum) */
struct tcf_proto __rcu *filter_list;
struct tcf_block *block;
sfq_index *ht; /* Hash table ('divisor' slots) */
@@ -456,7 +449,7 @@ sfq_enqueue(struct sk_buff *skb, struct Qdisc *sch, struct sk_buff **to_free)
*/
q->tail = slot;
/* We could use a bigger initial quantum for new flows */
- slot->allot = q->scaled_quantum;
+ slot->allot = q->quantum;
}
if (++sch->q.qlen <= q->limit)
return NET_XMIT_SUCCESS;
@@ -493,7 +486,7 @@ sfq_dequeue(struct Qdisc *sch)
slot = &q->slots[a];
if (slot->allot <= 0) {
q->tail = slot;
- slot->allot += q->scaled_quantum;
+ slot->allot += q->quantum;
goto next_slot;
}
skb = slot_dequeue_head(slot);
@@ -512,7 +505,7 @@ sfq_dequeue(struct Qdisc *sch)
}
q->tail->next = next_a;
} else {
- slot->allot -= SFQ_ALLOT_SIZE(qdisc_pkt_len(skb));
+ slot->allot -= qdisc_pkt_len(skb);
}
return skb;
}
@@ -595,7 +588,7 @@ static void sfq_rehash(struct Qdisc *sch)
q->tail->next = x;
}
q->tail = slot;
- slot->allot = q->scaled_quantum;
+ slot->allot = q->quantum;
}
}
sch->q.qlen -= dropped;
@@ -628,7 +621,8 @@ static void sfq_perturbation(struct timer_list *t)
rcu_read_unlock();
}
-static int sfq_change(struct Qdisc *sch, struct nlattr *opt)
+static int sfq_change(struct Qdisc *sch, struct nlattr *opt,
+ struct netlink_ext_ack *extack)
{
struct sfq_sched_data *q = qdisc_priv(sch);
struct tc_sfq_qopt *ctl = nla_data(opt);
@@ -646,14 +640,10 @@ static int sfq_change(struct Qdisc *sch, struct nlattr *opt)
(!is_power_of_2(ctl->divisor) || ctl->divisor > 65536))
return -EINVAL;
- /* slot->allot is a short, make sure quantum is not too big. */
- if (ctl->quantum) {
- unsigned int scaled = SFQ_ALLOT_SIZE(ctl->quantum);
-
- if (scaled <= 0 || scaled > SHRT_MAX)
- return -EINVAL;
+ if ((int)ctl->quantum < 0) {
+ NL_SET_ERR_MSG_MOD(extack, "invalid quantum");
+ return -EINVAL;
}
-
if (ctl_v1 && !red_check_params(ctl_v1->qth_min, ctl_v1->qth_max,
ctl_v1->Wlog, ctl_v1->Scell_log, NULL))
return -EINVAL;
@@ -663,10 +653,8 @@ static int sfq_change(struct Qdisc *sch, struct nlattr *opt)
return -ENOMEM;
}
sch_tree_lock(sch);
- if (ctl->quantum) {
+ if (ctl->quantum)
q->quantum = ctl->quantum;
- q->scaled_quantum = SFQ_ALLOT_SIZE(q->quantum);
- }
WRITE_ONCE(q->perturb_period, ctl->perturb_period * HZ);
if (ctl->flows)
q->maxflows = min_t(u32, ctl->flows, SFQ_MAX_FLOWS);
@@ -762,12 +750,11 @@ static int sfq_init(struct Qdisc *sch, struct nlattr *opt,
q->divisor = SFQ_DEFAULT_HASH_DIVISOR;
q->maxflows = SFQ_DEFAULT_FLOWS;
q->quantum = psched_mtu(qdisc_dev(sch));
- q->scaled_quantum = SFQ_ALLOT_SIZE(q->quantum);
q->perturb_period = 0;
get_random_bytes(&q->perturbation, sizeof(q->perturbation));
if (opt) {
- int err = sfq_change(sch, opt);
+ int err = sfq_change(sch, opt, extack);
if (err)
return err;
}
@@ -878,7 +865,7 @@ static int sfq_dump_class_stats(struct Qdisc *sch, unsigned long cl,
if (idx != SFQ_EMPTY_SLOT) {
const struct sfq_slot *slot = &q->slots[idx];
- xstats.allot = slot->allot << SFQ_ALLOT_SHIFT;
+ xstats.allot = slot->allot;
qs.qlen = slot->qlen;
qs.backlog = slot->backlog;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 044/578] net_sched: sch_sfq: dont allow 1 packet limit
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 043/578] net_sched: sch_sfq: handle bigger packets Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 045/578] spi: zynq-qspi: Add check for clk_enable() Greg Kroah-Hartman
` (542 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Octavian Purdila,
Eric Dumazet, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Octavian Purdila <tavip@google.com>
[ Upstream commit 10685681bafce6febb39770f3387621bf5d67d0b ]
The current implementation does not work correctly with a limit of
1. iproute2 actually checks for this and this patch adds the check in
kernel as well.
This fixes the following syzkaller reported crash:
UBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6
index 65535 is out of range for type 'struct sfq_head[128]'
CPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x125/0x19f lib/dump_stack.c:120
ubsan_epilogue lib/ubsan.c:148 [inline]
__ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347
sfq_link net/sched/sch_sfq.c:210 [inline]
sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238
sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500
sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525
qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026
tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319
qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026
dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296
netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]
dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362
__dev_close_many+0x214/0x350 net/core/dev.c:1468
dev_close_many+0x207/0x510 net/core/dev.c:1506
unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738
unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695
unregister_netdevice include/linux/netdevice.h:2893 [inline]
__tun_detach+0x6b6/0x1600 drivers/net/tun.c:689
tun_detach drivers/net/tun.c:705 [inline]
tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640
__fput+0x203/0x840 fs/file_table.c:280
task_work_run+0x129/0x1b0 kernel/task_work.c:185
exit_task_work include/linux/task_work.h:33 [inline]
do_exit+0x5ce/0x2200 kernel/exit.c:931
do_group_exit+0x144/0x310 kernel/exit.c:1046
__do_sys_exit_group kernel/exit.c:1057 [inline]
__se_sys_exit_group kernel/exit.c:1055 [inline]
__x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055
do_syscall_64+0x6c/0xd0
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fe5e7b52479
Code: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.
RSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0
R13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270
The crash can be also be reproduced with the following (with a tc
recompiled to allow for sfq limits of 1):
tc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s
../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1
ifconfig dummy0 up
ping -I dummy0 -f -c2 -W0.1 8.8.8.8
sleep 1
Scenario that triggers the crash:
* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1
* TBF dequeues: it peeks from SFQ which moves the packet to the
gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so
it schedules itself for later.
* the second packet is sent and TBF tries to queues it to SFQ. qdisc
qlen is now 2 and because the SFQ limit is 1 the packet is dropped
by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,
however q->tail is not NULL.
At this point, assuming no more packets are queued, when sch_dequeue
runs again it will decrement the qlen for the current empty slot
causing an underflow and the subsequent out of bounds access.
Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Octavian Purdila <tavip@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241204030520.2084663-2-tavip@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_sfq.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index 7d4feae2fae36..60754f366ab7b 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -652,6 +652,10 @@ static int sfq_change(struct Qdisc *sch, struct nlattr *opt,
if (!p)
return -ENOMEM;
}
+ if (ctl->limit == 1) {
+ NL_SET_ERR_MSG_MOD(extack, "invalid limit");
+ return -EINVAL;
+ }
sch_tree_lock(sch);
if (ctl->quantum)
q->quantum = ctl->quantum;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 045/578] spi: zynq-qspi: Add check for clk_enable()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 044/578] net_sched: sch_sfq: dont allow 1 packet limit Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 046/578] dt-bindings: mmc: controller: clarify the address-cells description Greg Kroah-Hartman
` (541 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mingwei Zheng, Jiasheng Jiang,
Mark Brown, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mingwei Zheng <zmw12306@gmail.com>
[ Upstream commit 8332e667099712e05ec87ba2058af394b51ebdc9 ]
Add check for the return value of clk_enable() to catch the potential
error.
Fixes: c618a90dcaf3 ("spi: zynq-qspi: Drop GPIO header")
Signed-off-by: Mingwei Zheng <zmw12306@gmail.com>
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Link: https://patch.msgid.link/20241207015206.3689364-1-zmw12306@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-zynq-qspi.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi-zynq-qspi.c b/drivers/spi/spi-zynq-qspi.c
index 78f31b61a2aac..77ea6b5223483 100644
--- a/drivers/spi/spi-zynq-qspi.c
+++ b/drivers/spi/spi-zynq-qspi.c
@@ -379,12 +379,21 @@ static int zynq_qspi_setup_op(struct spi_device *spi)
{
struct spi_controller *ctlr = spi->master;
struct zynq_qspi *qspi = spi_controller_get_devdata(ctlr);
+ int ret;
if (ctlr->busy)
return -EBUSY;
- clk_enable(qspi->refclk);
- clk_enable(qspi->pclk);
+ ret = clk_enable(qspi->refclk);
+ if (ret)
+ return ret;
+
+ ret = clk_enable(qspi->pclk);
+ if (ret) {
+ clk_disable(qspi->refclk);
+ return ret;
+ }
+
zynq_qspi_write(qspi, ZYNQ_QSPI_ENABLE_OFFSET,
ZYNQ_QSPI_ENABLE_ENABLE_MASK);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 046/578] dt-bindings: mmc: controller: clarify the address-cells description
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 045/578] spi: zynq-qspi: Add check for clk_enable() Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 047/578] dt-bindings: leds: class-multicolor: Fix path to color definitions Greg Kroah-Hartman
` (540 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Neil Armstrong, Rob Herring (Arm),
Ulf Hansson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Neil Armstrong <neil.armstrong@linaro.org>
[ Upstream commit b2b8e93ec00b8110cb37cbde5400d5abfdaed6a7 ]
The term "slot ID" has nothing to do with the SDIO function number
which is specified in the reg property of the subnodes, rephrase
the description to be more accurate.
Fixes: f9b7989859dd ("dt-bindings: mmc: Add YAML schemas for the generic MMC options")
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Acked-by: Rob Herring (Arm) <robh@kernel.org>
Message-ID: <20241128-topic-amlogic-arm32-upstream-bindings-fixes-convert-meson-mx-sdio-v4-1-11d9f9200a59@linaro.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/devicetree/bindings/mmc/mmc-controller.yaml b/Documentation/devicetree/bindings/mmc/mmc-controller.yaml
index 802e3ca8be4df..f6bd7d19f4619 100644
--- a/Documentation/devicetree/bindings/mmc/mmc-controller.yaml
+++ b/Documentation/devicetree/bindings/mmc/mmc-controller.yaml
@@ -25,7 +25,7 @@ properties:
"#address-cells":
const: 1
description: |
- The cell is the slot ID if a function subnode is used.
+ The cell is the SDIO function number if a function subnode is used.
"#size-cells":
const: 0
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 047/578] dt-bindings: leds: class-multicolor: Fix path to color definitions
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 046/578] dt-bindings: mmc: controller: clarify the address-cells description Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 048/578] wifi: rtlwifi: remove unused timer and related code Greg Kroah-Hartman
` (539 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Conor Dooley,
Lee Jones, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 609bc99a4452ffbce82d10f024a85d911c42e6cd ]
The LED color definitions have always been in
include/dt-bindings/leds/common.h in upstream.
Fixes: 5c7f8ffe741daae7 ("dt: bindings: Add multicolor class dt bindings documention")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/a3c7ea92e90b77032f2e480d46418b087709286d.1731588129.git.geert+renesas@glider.be
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../devicetree/bindings/leds/leds-class-multicolor.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml b/Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml
index 31840e33dcf55..3452cc9ef3373 100644
--- a/Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml
+++ b/Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml
@@ -27,7 +27,7 @@ properties:
description: |
For multicolor LED support this property should be defined as either
LED_COLOR_ID_RGB or LED_COLOR_ID_MULTI which can be found in
- include/linux/leds/common.h.
+ include/dt-bindings/leds/common.h.
enum: [ 8, 9 ]
required:
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 048/578] wifi: rtlwifi: remove unused timer and related code
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 047/578] dt-bindings: leds: class-multicolor: Fix path to color definitions Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 049/578] wifi: rtlwifi: remove unused dualmac control leftovers Greg Kroah-Hartman
` (538 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Antipov, Ping-Ke Shih,
Kalle Valo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit 358b94f0a7cadd2ec7824531d54dadaa8b71de04 ]
Drop unused 'dualmac_easyconcurrent_retrytimer' of 'struct rtl_works',
corresponding 'rtl_easy_concurrent_retrytimer_callback()' handler,
'dualmac_easy_concurrent' function pointer of 'struct rtl_hal_ops'
and related call to 'timer_setup()' in '_rtl_init_deferred_work()'.
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230602065940.149198-1-dmantipov@yandex.ru
Stable-dep-of: 2fdac64c3c35 ("wifi: rtlwifi: remove unused check_buddy_priv")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/base.c | 16 +---------------
drivers/net/wireless/realtek/rtlwifi/base.h | 1 -
drivers/net/wireless/realtek/rtlwifi/wifi.h | 2 --
3 files changed, 1 insertion(+), 18 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/base.c b/drivers/net/wireless/realtek/rtlwifi/base.c
index 9e7e98b55eff8..44846e96b2abe 100644
--- a/drivers/net/wireless/realtek/rtlwifi/base.c
+++ b/drivers/net/wireless/realtek/rtlwifi/base.c
@@ -452,8 +452,7 @@ static int _rtl_init_deferred_work(struct ieee80211_hw *hw)
/* <1> timer */
timer_setup(&rtlpriv->works.watchdog_timer,
rtl_watch_dog_timer_callback, 0);
- timer_setup(&rtlpriv->works.dualmac_easyconcurrent_retrytimer,
- rtl_easy_concurrent_retrytimer_callback, 0);
+
/* <2> work queue */
rtlpriv->works.hw = hw;
rtlpriv->works.rtl_wq = wq;
@@ -2366,19 +2365,6 @@ static void rtl_c2hcmd_wq_callback(struct work_struct *work)
rtl_c2hcmd_launcher(hw, 1);
}
-void rtl_easy_concurrent_retrytimer_callback(struct timer_list *t)
-{
- struct rtl_priv *rtlpriv =
- from_timer(rtlpriv, t, works.dualmac_easyconcurrent_retrytimer);
- struct ieee80211_hw *hw = rtlpriv->hw;
- struct rtl_priv *buddy_priv = rtlpriv->buddy_priv;
-
- if (buddy_priv == NULL)
- return;
-
- rtlpriv->cfg->ops->dualmac_easy_concurrent(hw);
-}
-
/*********************************************************
*
* frame process functions
diff --git a/drivers/net/wireless/realtek/rtlwifi/base.h b/drivers/net/wireless/realtek/rtlwifi/base.h
index 0e4f8a8ae3a5f..f081a9a90563f 100644
--- a/drivers/net/wireless/realtek/rtlwifi/base.h
+++ b/drivers/net/wireless/realtek/rtlwifi/base.h
@@ -124,7 +124,6 @@ int rtl_send_smps_action(struct ieee80211_hw *hw,
u8 *rtl_find_ie(u8 *data, unsigned int len, u8 ie);
void rtl_recognize_peer(struct ieee80211_hw *hw, u8 *data, unsigned int len);
u8 rtl_tid_to_ac(u8 tid);
-void rtl_easy_concurrent_retrytimer_callback(struct timer_list *t);
extern struct rtl_global_var rtl_global_var;
void rtl_phy_scan_operation_backup(struct ieee80211_hw *hw, u8 operation);
diff --git a/drivers/net/wireless/realtek/rtlwifi/wifi.h b/drivers/net/wireless/realtek/rtlwifi/wifi.h
index 0bac788ccd6e3..1991cffd3dd4a 100644
--- a/drivers/net/wireless/realtek/rtlwifi/wifi.h
+++ b/drivers/net/wireless/realtek/rtlwifi/wifi.h
@@ -2300,7 +2300,6 @@ struct rtl_hal_ops {
u32 regaddr, u32 bitmask, u32 data);
void (*linked_set_reg)(struct ieee80211_hw *hw);
void (*chk_switch_dmdp)(struct ieee80211_hw *hw);
- void (*dualmac_easy_concurrent)(struct ieee80211_hw *hw);
void (*dualmac_switch_to_dmdp)(struct ieee80211_hw *hw);
bool (*phy_rf6052_config)(struct ieee80211_hw *hw);
void (*phy_rf6052_set_cck_txpower)(struct ieee80211_hw *hw,
@@ -2465,7 +2464,6 @@ struct rtl_works {
/*timer */
struct timer_list watchdog_timer;
- struct timer_list dualmac_easyconcurrent_retrytimer;
struct timer_list fw_clockoff_timer;
struct timer_list fast_antenna_training_timer;
/*task */
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 049/578] wifi: rtlwifi: remove unused dualmac control leftovers
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 048/578] wifi: rtlwifi: remove unused timer and related code Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 050/578] wifi: rtlwifi: remove unused check_buddy_priv Greg Kroah-Hartman
` (537 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Antipov, Ping-Ke Shih,
Kalle Valo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit 557123259200b30863e1b6a8f24a8c8060b6fc1d ]
Remove 'struct rtl_dualmac_easy_concurrent_ctl' of 'struct rtl_priv'
and related code in '_rtl_pci_tx_chk_waitq()'.
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230602065940.149198-2-dmantipov@yandex.ru
Stable-dep-of: 2fdac64c3c35 ("wifi: rtlwifi: remove unused check_buddy_priv")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/pci.c | 5 -----
drivers/net/wireless/realtek/rtlwifi/wifi.h | 9 ---------
2 files changed, 14 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c
index 1707d00b49698..99504e3daf6cf 100644
--- a/drivers/net/wireless/realtek/rtlwifi/pci.c
+++ b/drivers/net/wireless/realtek/rtlwifi/pci.c
@@ -443,11 +443,6 @@ static void _rtl_pci_tx_chk_waitq(struct ieee80211_hw *hw)
if (!rtlpriv->rtlhal.earlymode_enable)
return;
- if (rtlpriv->dm.supp_phymode_switch &&
- (rtlpriv->easy_concurrent_ctl.switch_in_process ||
- (rtlpriv->buddy_priv &&
- rtlpriv->buddy_priv->easy_concurrent_ctl.switch_in_process)))
- return;
/* we just use em for BE/BK/VI/VO */
for (tid = 7; tid >= 0; tid--) {
u8 hw_queue = ac_to_hwq[rtl_tid_to_ac(tid)];
diff --git a/drivers/net/wireless/realtek/rtlwifi/wifi.h b/drivers/net/wireless/realtek/rtlwifi/wifi.h
index 1991cffd3dd4a..d461c22aa9ed7 100644
--- a/drivers/net/wireless/realtek/rtlwifi/wifi.h
+++ b/drivers/net/wireless/realtek/rtlwifi/wifi.h
@@ -2496,14 +2496,6 @@ struct rtl_debug {
#define MIMO_PS_DYNAMIC 1
#define MIMO_PS_NOLIMIT 3
-struct rtl_dualmac_easy_concurrent_ctl {
- enum band_type currentbandtype_backfordmdp;
- bool close_bbandrf_for_dmsp;
- bool change_to_dmdp;
- bool change_to_dmsp;
- bool switch_in_process;
-};
-
struct rtl_dmsp_ctl {
bool activescan_for_slaveofdmsp;
bool scan_for_anothermac_fordmsp;
@@ -2744,7 +2736,6 @@ struct rtl_priv {
struct list_head list;
struct rtl_priv *buddy_priv;
struct rtl_global_var *glb_var;
- struct rtl_dualmac_easy_concurrent_ctl easy_concurrent_ctl;
struct rtl_dmsp_ctl dmsp_ctl;
struct rtl_locks locks;
struct rtl_works works;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 050/578] wifi: rtlwifi: remove unused check_buddy_priv
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 049/578] wifi: rtlwifi: remove unused dualmac control leftovers Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 051/578] wifi: rtlwifi: destroy workqueue at rtl_deinit_core Greg Kroah-Hartman
` (536 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thadeu Lima de Souza Cascardo,
Ping-Ke Shih, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
[ Upstream commit 2fdac64c3c35858aa8ac5caa70b232e03456e120 ]
Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global
list of private data structures.
Later on, commit 26634c4b1868 ("rtlwifi Modify existing bits to match
vendor version 2013.02.07") started adding the private data to that list at
probe time and added a hook, check_buddy_priv to find the private data from
a similar device.
However, that function was never used.
Besides, though there is a lock for that list, it is never used. And when
the probe fails, the private data is never removed from the list. This
would cause a second probe to access freed memory.
Remove the unused hook, structures and members, which will prevent the
potential race condition on the list and its corruption during a second
probe when probe fails.
Fixes: 26634c4b1868 ("rtlwifi Modify existing bits to match vendor version 2013.02.07")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20241206173713.3222187-2-cascardo@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/base.c | 7 ----
drivers/net/wireless/realtek/rtlwifi/base.h | 1 -
drivers/net/wireless/realtek/rtlwifi/pci.c | 44 ---------------------
drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 ------
4 files changed, 64 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/base.c b/drivers/net/wireless/realtek/rtlwifi/base.c
index 44846e96b2abe..e69845545f6a2 100644
--- a/drivers/net/wireless/realtek/rtlwifi/base.c
+++ b/drivers/net/wireless/realtek/rtlwifi/base.c
@@ -2710,9 +2710,6 @@ MODULE_AUTHOR("Larry Finger <Larry.FInger@lwfinger.net>");
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Realtek 802.11n PCI wireless core");
-struct rtl_global_var rtl_global_var = {};
-EXPORT_SYMBOL_GPL(rtl_global_var);
-
static int __init rtl_core_module_init(void)
{
BUILD_BUG_ON(TX_PWR_BY_RATE_NUM_RATE < TX_PWR_BY_RATE_NUM_SECTION);
@@ -2726,10 +2723,6 @@ static int __init rtl_core_module_init(void)
/* add debugfs */
rtl_debugfs_add_topdir();
- /* init some global vars */
- INIT_LIST_HEAD(&rtl_global_var.glb_priv_list);
- spin_lock_init(&rtl_global_var.glb_list_lock);
-
return 0;
}
diff --git a/drivers/net/wireless/realtek/rtlwifi/base.h b/drivers/net/wireless/realtek/rtlwifi/base.h
index f081a9a90563f..f3a6a43a42eca 100644
--- a/drivers/net/wireless/realtek/rtlwifi/base.h
+++ b/drivers/net/wireless/realtek/rtlwifi/base.h
@@ -124,7 +124,6 @@ int rtl_send_smps_action(struct ieee80211_hw *hw,
u8 *rtl_find_ie(u8 *data, unsigned int len, u8 ie);
void rtl_recognize_peer(struct ieee80211_hw *hw, u8 *data, unsigned int len);
u8 rtl_tid_to_ac(u8 tid);
-extern struct rtl_global_var rtl_global_var;
void rtl_phy_scan_operation_backup(struct ieee80211_hw *hw, u8 operation);
#endif
diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c
index 99504e3daf6cf..071537ee7165d 100644
--- a/drivers/net/wireless/realtek/rtlwifi/pci.c
+++ b/drivers/net/wireless/realtek/rtlwifi/pci.c
@@ -295,46 +295,6 @@ static bool rtl_pci_get_amd_l1_patch(struct ieee80211_hw *hw)
return status;
}
-static bool rtl_pci_check_buddy_priv(struct ieee80211_hw *hw,
- struct rtl_priv **buddy_priv)
-{
- struct rtl_priv *rtlpriv = rtl_priv(hw);
- struct rtl_pci_priv *pcipriv = rtl_pcipriv(hw);
- struct rtl_priv *tpriv = NULL, *iter;
- struct rtl_pci_priv *tpcipriv = NULL;
-
- if (!list_empty(&rtlpriv->glb_var->glb_priv_list)) {
- list_for_each_entry(iter, &rtlpriv->glb_var->glb_priv_list,
- list) {
- tpcipriv = (struct rtl_pci_priv *)iter->priv;
- rtl_dbg(rtlpriv, COMP_INIT, DBG_LOUD,
- "pcipriv->ndis_adapter.funcnumber %x\n",
- pcipriv->ndis_adapter.funcnumber);
- rtl_dbg(rtlpriv, COMP_INIT, DBG_LOUD,
- "tpcipriv->ndis_adapter.funcnumber %x\n",
- tpcipriv->ndis_adapter.funcnumber);
-
- if (pcipriv->ndis_adapter.busnumber ==
- tpcipriv->ndis_adapter.busnumber &&
- pcipriv->ndis_adapter.devnumber ==
- tpcipriv->ndis_adapter.devnumber &&
- pcipriv->ndis_adapter.funcnumber !=
- tpcipriv->ndis_adapter.funcnumber) {
- tpriv = iter;
- break;
- }
- }
- }
-
- rtl_dbg(rtlpriv, COMP_INIT, DBG_LOUD,
- "find_buddy_priv %d\n", tpriv != NULL);
-
- if (tpriv)
- *buddy_priv = tpriv;
-
- return tpriv != NULL;
-}
-
static void rtl_pci_parse_configuration(struct pci_dev *pdev,
struct ieee80211_hw *hw)
{
@@ -2013,7 +1973,6 @@ static bool _rtl_pci_find_adapter(struct pci_dev *pdev,
pcipriv->ndis_adapter.amd_l1_patch);
rtl_pci_parse_configuration(pdev, hw);
- list_add_tail(&rtlpriv->list, &rtlpriv->glb_var->glb_priv_list);
return true;
}
@@ -2160,7 +2119,6 @@ int rtl_pci_probe(struct pci_dev *pdev,
rtlpriv->rtlhal.interface = INTF_PCI;
rtlpriv->cfg = (struct rtl_hal_cfg *)(id->driver_data);
rtlpriv->intf_ops = &rtl_pci_ops;
- rtlpriv->glb_var = &rtl_global_var;
rtl_efuse_ops_init(hw);
/* MEM map */
@@ -2318,7 +2276,6 @@ void rtl_pci_disconnect(struct pci_dev *pdev)
if (rtlpci->using_msi)
pci_disable_msi(rtlpci->pdev);
- list_del(&rtlpriv->list);
if (rtlpriv->io.pci_mem_start != 0) {
pci_iounmap(pdev, (void __iomem *)rtlpriv->io.pci_mem_start);
pci_release_regions(pdev);
@@ -2378,7 +2335,6 @@ const struct rtl_intf_ops rtl_pci_ops = {
.read_efuse_byte = read_efuse_byte,
.adapter_start = rtl_pci_start,
.adapter_stop = rtl_pci_stop,
- .check_buddy_priv = rtl_pci_check_buddy_priv,
.adapter_tx = rtl_pci_tx,
.flush = rtl_pci_flush,
.reset_trx_ring = rtl_pci_reset_trx_ring,
diff --git a/drivers/net/wireless/realtek/rtlwifi/wifi.h b/drivers/net/wireless/realtek/rtlwifi/wifi.h
index d461c22aa9ed7..a8b5db365a30e 100644
--- a/drivers/net/wireless/realtek/rtlwifi/wifi.h
+++ b/drivers/net/wireless/realtek/rtlwifi/wifi.h
@@ -2335,8 +2335,6 @@ struct rtl_intf_ops {
void (*read_efuse_byte)(struct ieee80211_hw *hw, u16 _offset, u8 *pbuf);
int (*adapter_start)(struct ieee80211_hw *hw);
void (*adapter_stop)(struct ieee80211_hw *hw);
- bool (*check_buddy_priv)(struct ieee80211_hw *hw,
- struct rtl_priv **buddy_priv);
int (*adapter_tx)(struct ieee80211_hw *hw,
struct ieee80211_sta *sta,
@@ -2580,14 +2578,6 @@ struct dig_t {
u32 rssi_max;
};
-struct rtl_global_var {
- /* from this list we can get
- * other adapter's rtl_priv
- */
- struct list_head glb_priv_list;
- spinlock_t glb_list_lock;
-};
-
#define IN_4WAY_TIMEOUT_TIME (30 * MSEC_PER_SEC) /* 30 seconds */
struct rtl_btc_info {
@@ -2733,9 +2723,7 @@ struct rtl_scan_list {
struct rtl_priv {
struct ieee80211_hw *hw;
struct completion firmware_loading_complete;
- struct list_head list;
struct rtl_priv *buddy_priv;
- struct rtl_global_var *glb_var;
struct rtl_dmsp_ctl dmsp_ctl;
struct rtl_locks locks;
struct rtl_works works;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 051/578] wifi: rtlwifi: destroy workqueue at rtl_deinit_core
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 050/578] wifi: rtlwifi: remove unused check_buddy_priv Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 052/578] wifi: rtlwifi: fix memory leaks and invalid access at probe error path Greg Kroah-Hartman
` (535 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thadeu Lima de Souza Cascardo,
Ping-Ke Shih, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
[ Upstream commit d8ece6fc3694657e4886191b32ca1690af11adda ]
rtl_wq is allocated at rtl_init_core, so it makes more sense to destroy it
at rtl_deinit_core. In the case of USB, where _rtl_usb_init does not
require anything to be undone, that is fine. But for PCI, rtl_pci_init,
which is called after rtl_init_core, needs to deallocate data, but only if
it has been called.
That means that destroying the workqueue needs to be done whether
rtl_pci_init has been called or not. And since rtl_pci_deinit was doing it,
it has to be moved out of there.
It makes more sense to move it to rtl_deinit_core and have it done in both
cases, USB and PCI.
Since this is a requirement for a followup memory leak fix, mark this as
fixing such memory leak.
Fixes: 0c8173385e54 ("rtl8192ce: Add new driver")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20241206173713.3222187-3-cascardo@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/base.c | 6 ++++++
drivers/net/wireless/realtek/rtlwifi/pci.c | 2 --
drivers/net/wireless/realtek/rtlwifi/usb.c | 5 -----
3 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/base.c b/drivers/net/wireless/realtek/rtlwifi/base.c
index e69845545f6a2..25570ec0918ef 100644
--- a/drivers/net/wireless/realtek/rtlwifi/base.c
+++ b/drivers/net/wireless/realtek/rtlwifi/base.c
@@ -575,9 +575,15 @@ static void rtl_free_entries_from_ack_queue(struct ieee80211_hw *hw,
void rtl_deinit_core(struct ieee80211_hw *hw)
{
+ struct rtl_priv *rtlpriv = rtl_priv(hw);
+
rtl_c2hcmd_launcher(hw, 0);
rtl_free_entries_from_scan_list(hw);
rtl_free_entries_from_ack_queue(hw, false);
+ if (rtlpriv->works.rtl_wq) {
+ destroy_workqueue(rtlpriv->works.rtl_wq);
+ rtlpriv->works.rtl_wq = NULL;
+ }
}
EXPORT_SYMBOL_GPL(rtl_deinit_core);
diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c
index 071537ee7165d..c44850394fd27 100644
--- a/drivers/net/wireless/realtek/rtlwifi/pci.c
+++ b/drivers/net/wireless/realtek/rtlwifi/pci.c
@@ -1657,8 +1657,6 @@ static void rtl_pci_deinit(struct ieee80211_hw *hw)
synchronize_irq(rtlpci->pdev->irq);
tasklet_kill(&rtlpriv->works.irq_tasklet);
cancel_work_sync(&rtlpriv->works.lps_change_work);
-
- destroy_workqueue(rtlpriv->works.rtl_wq);
}
static int rtl_pci_init(struct ieee80211_hw *hw, struct pci_dev *pdev)
diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index 04590d16874c4..68dc0e6af6b1b 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -679,11 +679,6 @@ static void _rtl_usb_cleanup_rx(struct ieee80211_hw *hw)
tasklet_kill(&rtlusb->rx_work_tasklet);
cancel_work_sync(&rtlpriv->works.lps_change_work);
- if (rtlpriv->works.rtl_wq) {
- destroy_workqueue(rtlpriv->works.rtl_wq);
- rtlpriv->works.rtl_wq = NULL;
- }
-
skb_queue_purge(&rtlusb->rx_queue);
while ((urb = usb_get_from_anchor(&rtlusb->rx_cleanup_urbs))) {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 052/578] wifi: rtlwifi: fix memory leaks and invalid access at probe error path
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 051/578] wifi: rtlwifi: destroy workqueue at rtl_deinit_core Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 053/578] wifi: rtlwifi: pci: wait for firmware loading before releasing memory Greg Kroah-Hartman
` (534 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thadeu Lima de Souza Cascardo,
Ping-Ke Shih, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
[ Upstream commit e7ceefbfd8d447abc8aca8ab993a942803522c06 ]
Deinitialize at reverse order when probe fails.
When init_sw_vars fails, rtl_deinit_core should not be called, specially
now that it destroys the rtl_wq workqueue.
And call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be
leaked.
Remove pci_set_drvdata call as it will already be cleaned up by the core
driver code and could lead to memory leaks too. cf. commit 8d450935ae7f
("wireless: rtlwifi: remove unnecessary pci_set_drvdata()") and
commit 3d86b93064c7 ("rtlwifi: Fix PCI probe error path orphaned memory").
Fixes: 0c8173385e54 ("rtl8192ce: Add new driver")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20241206173713.3222187-4-cascardo@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/pci.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c
index c44850394fd27..737ab425da995 100644
--- a/drivers/net/wireless/realtek/rtlwifi/pci.c
+++ b/drivers/net/wireless/realtek/rtlwifi/pci.c
@@ -2167,7 +2167,7 @@ int rtl_pci_probe(struct pci_dev *pdev,
if (rtlpriv->cfg->ops->init_sw_vars(hw)) {
pr_err("Can't init_sw_vars\n");
err = -ENODEV;
- goto fail3;
+ goto fail2;
}
rtlpriv->cfg->ops->init_sw_leds(hw);
@@ -2185,14 +2185,14 @@ int rtl_pci_probe(struct pci_dev *pdev,
err = rtl_pci_init(hw, pdev);
if (err) {
pr_err("Failed to init PCI\n");
- goto fail3;
+ goto fail4;
}
err = ieee80211_register_hw(hw);
if (err) {
pr_err("Can't register mac80211 hw.\n");
err = -ENODEV;
- goto fail3;
+ goto fail5;
}
rtlpriv->mac80211.mac80211_registered = 1;
@@ -2215,9 +2215,12 @@ int rtl_pci_probe(struct pci_dev *pdev,
set_bit(RTL_STATUS_INTERFACE_START, &rtlpriv->status);
return 0;
-fail3:
- pci_set_drvdata(pdev, NULL);
+fail5:
+ rtl_pci_deinit(hw);
+fail4:
rtl_deinit_core(hw);
+fail3:
+ rtlpriv->cfg->ops->deinit_sw_vars(hw);
fail2:
if (rtlpriv->io.pci_mem_start != 0)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 053/578] wifi: rtlwifi: pci: wait for firmware loading before releasing memory
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 052/578] wifi: rtlwifi: fix memory leaks and invalid access at probe error path Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 054/578] HID: multitouch: fix support for Goodix PID 0x01e9 Greg Kroah-Hartman
` (533 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thadeu Lima de Souza Cascardo,
Ping-Ke Shih, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
[ Upstream commit b59b86c5d08be7d761c04affcbcec8184738c200 ]
At probe error path, the firmware loading work may have already been
queued. In such a case, it will try to access memory allocated by the probe
function, which is about to be released. In such paths, wait for the
firmware worker to finish before releasing memory.
Fixes: 3d86b93064c7 ("rtlwifi: Fix PCI probe error path orphaned memory")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20241206173713.3222187-5-cascardo@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/pci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c
index 737ab425da995..2a1bc168f7715 100644
--- a/drivers/net/wireless/realtek/rtlwifi/pci.c
+++ b/drivers/net/wireless/realtek/rtlwifi/pci.c
@@ -2220,6 +2220,7 @@ int rtl_pci_probe(struct pci_dev *pdev,
fail4:
rtl_deinit_core(hw);
fail3:
+ wait_for_completion(&rtlpriv->firmware_loading_complete);
rtlpriv->cfg->ops->deinit_sw_vars(hw);
fail2:
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 054/578] HID: multitouch: fix support for Goodix PID 0x01e9
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 053/578] wifi: rtlwifi: pci: wait for firmware loading before releasing memory Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 055/578] regulator: dt-bindings: mt6315: Drop regulator-compatible property Greg Kroah-Hartman
` (532 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, He Lugang, WangYuli,
Ulrich Müller, Jiri Kosina, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Kosina <jkosina@suse.com>
[ Upstream commit 8ade5e05bd094485ce370fad66a6a3fb6f50bfbc ]
Commit c8000deb68365b ("HID: multitouch: Add support for GT7868Q") added
support for 0x01e8 and 0x01e9, but the mt_device[] entries were added
twice for 0x01e8 and there was none added for 0x01e9. Fix that.
Fixes: c8000deb68365b ("HID: multitouch: Add support for GT7868Q")
Reported-by: He Lugang <helugang@uniontech.com>
Reported-by: WangYuli <wangyuli@uniontech.com>
Reported-by: Ulrich Müller <ulm@gentoo.org>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-multitouch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
index e62104e1a6038..5ad871a7d1a44 100644
--- a/drivers/hid/hid-multitouch.c
+++ b/drivers/hid/hid-multitouch.c
@@ -2072,7 +2072,7 @@ static const struct hid_device_id mt_devices[] = {
I2C_DEVICE_ID_GOODIX_01E8) },
{ .driver_data = MT_CLS_WIN_8_FORCE_MULTI_INPUT_NSMU,
HID_DEVICE(BUS_I2C, HID_GROUP_ANY, I2C_VENDOR_ID_GOODIX,
- I2C_DEVICE_ID_GOODIX_01E8) },
+ I2C_DEVICE_ID_GOODIX_01E9) },
/* GoodTouch panels */
{ .driver_data = MT_CLS_NSMU,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 055/578] regulator: dt-bindings: mt6315: Drop regulator-compatible property
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 054/578] HID: multitouch: fix support for Goodix PID 0x01e9 Greg Kroah-Hartman
@ 2025-02-19 8:20 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 056/578] ACPI: fan: cleanup resources in the error path of .probe() Greg Kroah-Hartman
` (531 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Mark Brown, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit 08242719a8af603db54a2a79234a8fe600680105 ]
The "regulator-compatible" property has been deprecated since 2012 in
commit 13511def87b9 ("regulator: deprecate regulator-compatible DT
property"), which is so old it's not even mentioned in the converted
regulator bindings YAML file. It should not have been used for new
submissions such as the MT6315.
Drop the property from the MT6315 regulator binding and its examples.
Fixes: 977fb5b58469 ("regulator: document binding for MT6315 regulator")
Fixes: 6d435a94ba5b ("regulator: mt6315: Enforce regulator-compatible, not name")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://patch.msgid.link/20241211052427.4178367-2-wenst@chromium.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../devicetree/bindings/regulator/mt6315-regulator.yaml | 6 ------
1 file changed, 6 deletions(-)
diff --git a/Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml b/Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml
index 364b58730be2b..796c09f24f3e6 100644
--- a/Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml
+++ b/Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml
@@ -31,10 +31,6 @@ properties:
$ref: "regulator.yaml#"
unevaluatedProperties: false
- properties:
- regulator-compatible:
- pattern: "^vbuck[1-4]$"
-
additionalProperties: false
required:
@@ -52,7 +48,6 @@ examples:
regulators {
vbuck1 {
- regulator-compatible = "vbuck1";
regulator-min-microvolt = <300000>;
regulator-max-microvolt = <1193750>;
regulator-enable-ramp-delay = <256>;
@@ -60,7 +55,6 @@ examples:
};
vbuck3 {
- regulator-compatible = "vbuck3";
regulator-min-microvolt = <300000>;
regulator-max-microvolt = <1193750>;
regulator-enable-ramp-delay = <256>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 056/578] ACPI: fan: cleanup resources in the error path of .probe()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2025-02-19 8:20 ` [PATCH 6.1 055/578] regulator: dt-bindings: mt6315: Drop regulator-compatible property Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 057/578] cpupower: fix TSC MHz calculation Greg Kroah-Hartman
` (530 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joe Hattori, Rafael J. Wysocki,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit c759bc8e9046f9812238f506d70f07d3ea4206d4 ]
Call thermal_cooling_device_unregister() and sysfs_remove_link() in the
error path of acpi_fan_probe() to fix possible memory leak.
This bug was found by an experimental static analysis tool that I am
developing.
Fixes: 05a83d972293 ("ACPI: register ACPI Fan as generic thermal cooling device")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Link: https://patch.msgid.link/20241211032812.210164-1-joe@pf.is.s.u-tokyo.ac.jp
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/fan_core.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/fan_core.c b/drivers/acpi/fan_core.c
index 52a0b303b70aa..36907331a6691 100644
--- a/drivers/acpi/fan_core.c
+++ b/drivers/acpi/fan_core.c
@@ -366,19 +366,25 @@ static int acpi_fan_probe(struct platform_device *pdev)
result = sysfs_create_link(&pdev->dev.kobj,
&cdev->device.kobj,
"thermal_cooling");
- if (result)
+ if (result) {
dev_err(&pdev->dev, "Failed to create sysfs link 'thermal_cooling'\n");
+ goto err_unregister;
+ }
result = sysfs_create_link(&cdev->device.kobj,
&pdev->dev.kobj,
"device");
if (result) {
dev_err(&pdev->dev, "Failed to create sysfs link 'device'\n");
- goto err_end;
+ goto err_remove_link;
}
return 0;
+err_remove_link:
+ sysfs_remove_link(&pdev->dev.kobj, "thermal_cooling");
+err_unregister:
+ thermal_cooling_device_unregister(cdev);
err_end:
if (fan->acpi4)
acpi_fan_delete_attributes(device);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 057/578] cpupower: fix TSC MHz calculation
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 056/578] ACPI: fan: cleanup resources in the error path of .probe() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 058/578] dt-bindings: mfd: bd71815: Fix rsense and typos Greg Kroah-Hartman
` (529 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, He Rongguang, Shuah Khan,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: He Rongguang <herongguang@linux.alibaba.com>
[ Upstream commit 9d6c0e58514f8b57cd9c2c755e41623d6a966025 ]
Commit 'cpupower: Make TSC read per CPU for Mperf monitor' (c2adb1877b7)
changes TSC counter reads per cpu, but left time diff global (from start
of all cpus to end of all cpus), thus diff(time) is too large for a
cpu's tsc counting, resulting in far less than acutal TSC_Mhz and thus
`cpupower monitor` showing far less than actual cpu realtime frequency.
/proc/cpuinfo shows frequency:
cat /proc/cpuinfo | egrep -e 'processor' -e 'MHz'
...
processor : 171
cpu MHz : 4108.498
...
before fix (System 100% busy):
| Mperf || Idle_Stats
CPU| C0 | Cx | Freq || POLL | C1 | C2
171| 0.77| 99.23| 2279|| 0.00| 0.00| 0.00
after fix (System 100% busy):
| Mperf || Idle_Stats
CPU| C0 | Cx | Freq || POLL | C1 | C2
171| 0.46| 99.54| 4095|| 0.00| 0.00| 0.00
Fixes: c2adb1877b76 ("cpupower: Make TSC read per CPU for Mperf monitor")
Signed-off-by: He Rongguang <herongguang@linux.alibaba.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/tools/power/cpupower/utils/idle_monitor/mperf_monitor.c b/tools/power/cpupower/utils/idle_monitor/mperf_monitor.c
index ae6af354a81db..08a399b0be286 100644
--- a/tools/power/cpupower/utils/idle_monitor/mperf_monitor.c
+++ b/tools/power/cpupower/utils/idle_monitor/mperf_monitor.c
@@ -33,7 +33,7 @@ static int mperf_get_count_percent(unsigned int self_id, double *percent,
unsigned int cpu);
static int mperf_get_count_freq(unsigned int id, unsigned long long *count,
unsigned int cpu);
-static struct timespec time_start, time_end;
+static struct timespec *time_start, *time_end;
static cstate_t mperf_cstates[MPERF_CSTATE_COUNT] = {
{
@@ -174,7 +174,7 @@ static int mperf_get_count_percent(unsigned int id, double *percent,
dprint("%s: TSC Ref - mperf_diff: %llu, tsc_diff: %llu\n",
mperf_cstates[id].name, mperf_diff, tsc_diff);
} else if (max_freq_mode == MAX_FREQ_SYSFS) {
- timediff = max_frequency * timespec_diff_us(time_start, time_end);
+ timediff = max_frequency * timespec_diff_us(time_start[cpu], time_end[cpu]);
*percent = 100.0 * mperf_diff / timediff;
dprint("%s: MAXFREQ - mperf_diff: %llu, time_diff: %llu\n",
mperf_cstates[id].name, mperf_diff, timediff);
@@ -207,7 +207,7 @@ static int mperf_get_count_freq(unsigned int id, unsigned long long *count,
if (max_freq_mode == MAX_FREQ_TSC_REF) {
/* Calculate max_freq from TSC count */
tsc_diff = tsc_at_measure_end[cpu] - tsc_at_measure_start[cpu];
- time_diff = timespec_diff_us(time_start, time_end);
+ time_diff = timespec_diff_us(time_start[cpu], time_end[cpu]);
max_frequency = tsc_diff / time_diff;
}
@@ -226,9 +226,8 @@ static int mperf_start(void)
{
int cpu;
- clock_gettime(CLOCK_REALTIME, &time_start);
-
for (cpu = 0; cpu < cpu_count; cpu++) {
+ clock_gettime(CLOCK_REALTIME, &time_start[cpu]);
mperf_get_tsc(&tsc_at_measure_start[cpu]);
mperf_init_stats(cpu);
}
@@ -243,9 +242,9 @@ static int mperf_stop(void)
for (cpu = 0; cpu < cpu_count; cpu++) {
mperf_measure_stats(cpu);
mperf_get_tsc(&tsc_at_measure_end[cpu]);
+ clock_gettime(CLOCK_REALTIME, &time_end[cpu]);
}
- clock_gettime(CLOCK_REALTIME, &time_end);
return 0;
}
@@ -349,6 +348,8 @@ struct cpuidle_monitor *mperf_register(void)
aperf_current_count = calloc(cpu_count, sizeof(unsigned long long));
tsc_at_measure_start = calloc(cpu_count, sizeof(unsigned long long));
tsc_at_measure_end = calloc(cpu_count, sizeof(unsigned long long));
+ time_start = calloc(cpu_count, sizeof(struct timespec));
+ time_end = calloc(cpu_count, sizeof(struct timespec));
mperf_monitor.name_len = strlen(mperf_monitor.name);
return &mperf_monitor;
}
@@ -361,6 +362,8 @@ void mperf_unregister(void)
free(aperf_current_count);
free(tsc_at_measure_start);
free(tsc_at_measure_end);
+ free(time_start);
+ free(time_end);
free(is_valid);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 058/578] dt-bindings: mfd: bd71815: Fix rsense and typos
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 057/578] cpupower: fix TSC MHz calculation Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 059/578] leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() Greg Kroah-Hartman
` (528 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matti Vaittinen, Conor Dooley,
Lee Jones, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matti Vaittinen <mazziesaccount@gmail.com>
[ Upstream commit 6856edf7ead8c54803216a38a7b227bcb3dadff7 ]
The sense resistor used for measuring currents is typically some tens of
milli Ohms. It has accidentally been documented to be tens of mega Ohms.
Fix the size of this resistor and a few copy-paste errors while at it.
Drop the unsuitable 'rohm,charger-sense-resistor-ohms' property (which
can't represent resistors smaller than one Ohm), and introduce a new
'rohm,charger-sense-resistor-micro-ohms' property with appropriate
minimum, maximum and default values instead.
Fixes: 4238dc1e6490 ("dt_bindings: mfd: Add ROHM BD71815 PMIC")
Signed-off-by: Matti Vaittinen <mazziesaccount@gmail.com>
Acked-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/0efd8e9de0ae8d62ee4c6b78cc565b04007a245d.1731430700.git.mazziesaccount@gmail.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../bindings/mfd/rohm,bd71815-pmic.yaml | 20 +++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml b/Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml
index fbface720678c..d579992499743 100644
--- a/Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml
+++ b/Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml
@@ -50,15 +50,15 @@ properties:
minimum: 0
maximum: 1
- rohm,charger-sense-resistor-ohms:
- minimum: 10000000
- maximum: 50000000
+ rohm,charger-sense-resistor-micro-ohms:
+ minimum: 10000
+ maximum: 50000
description: |
- BD71827 and BD71828 have SAR ADC for measuring charging currents.
- External sense resistor (RSENSE in data sheet) should be used. If
- something other but 30MOhm resistor is used the resistance value
- should be given here in Ohms.
- default: 30000000
+ BD71815 has SAR ADC for measuring charging currents. External sense
+ resistor (RSENSE in data sheet) should be used. If something other
+ but a 30 mOhm resistor is used the resistance value should be given
+ here in micro Ohms.
+ default: 30000
regulators:
$ref: ../regulator/rohm,bd71815-regulator.yaml
@@ -67,7 +67,7 @@ properties:
gpio-reserved-ranges:
description: |
- Usage of BD71828 GPIO pins can be changed via OTP. This property can be
+ Usage of BD71815 GPIO pins can be changed via OTP. This property can be
used to mark the pins which should not be configured for GPIO. Please see
the ../gpio/gpio.txt for more information.
@@ -113,7 +113,7 @@ examples:
gpio-controller;
#gpio-cells = <2>;
- rohm,charger-sense-resistor-ohms = <10000000>;
+ rohm,charger-sense-resistor-micro-ohms = <10000>;
regulators {
buck1: buck1 {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 059/578] leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 058/578] dt-bindings: mfd: bd71815: Fix rsense and typos Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 060/578] inetpeer: remove create argument of inet_getpeer_v[46]() Greg Kroah-Hartman
` (527 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Joe Hattori, Lee Jones, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit 0508316be63bb735f59bdc8fe4527cadb62210ca ]
netxbig_leds_get_of_pdata() does not release the OF node obtained by
of_parse_phandle() when of_find_device_by_node() fails. Add an
of_node_put() call to fix the leak.
This bug was found by an experimental static analysis tool that I am
developing.
Fixes: 9af512e81964 ("leds: netxbig: Convert to use GPIO descriptors")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Link: https://lore.kernel.org/r/20241216074923.628509-1-joe@pf.is.s.u-tokyo.ac.jp
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/leds/leds-netxbig.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/leds/leds-netxbig.c b/drivers/leds/leds-netxbig.c
index 77213b79f84d9..6692de0af68f1 100644
--- a/drivers/leds/leds-netxbig.c
+++ b/drivers/leds/leds-netxbig.c
@@ -440,6 +440,7 @@ static int netxbig_leds_get_of_pdata(struct device *dev,
}
gpio_ext_pdev = of_find_device_by_node(gpio_ext_np);
if (!gpio_ext_pdev) {
+ of_node_put(gpio_ext_np);
dev_err(dev, "Failed to find platform device for gpio-ext\n");
return -ENODEV;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 060/578] inetpeer: remove create argument of inet_getpeer_v[46]()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 059/578] leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 061/578] inetpeer: remove create argument of inet_getpeer() Greg Kroah-Hartman
` (526 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Jakub Kicinski,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 661cd8fc8e9039819ca0c22e0add52b632240a9e ]
All callers of inet_getpeer_v4() and inet_getpeer_v6()
want to create an inetpeer.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241215175629.1248773-2-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: a853c609504e ("inetpeer: do not get a refcount in inet_getpeer()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/inetpeer.h | 9 ++++-----
net/ipv4/icmp.c | 2 +-
net/ipv4/ip_fragment.c | 2 +-
net/ipv4/route.c | 4 ++--
net/ipv6/icmp.c | 2 +-
net/ipv6/ip6_output.c | 2 +-
net/ipv6/ndisc.c | 2 +-
7 files changed, 11 insertions(+), 12 deletions(-)
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
index 74ff688568a0c..6f51f81d6cb19 100644
--- a/include/net/inetpeer.h
+++ b/include/net/inetpeer.h
@@ -101,25 +101,24 @@ struct inet_peer *inet_getpeer(struct inet_peer_base *base,
static inline struct inet_peer *inet_getpeer_v4(struct inet_peer_base *base,
__be32 v4daddr,
- int vif, int create)
+ int vif)
{
struct inetpeer_addr daddr;
daddr.a4.addr = v4daddr;
daddr.a4.vif = vif;
daddr.family = AF_INET;
- return inet_getpeer(base, &daddr, create);
+ return inet_getpeer(base, &daddr, 1);
}
static inline struct inet_peer *inet_getpeer_v6(struct inet_peer_base *base,
- const struct in6_addr *v6daddr,
- int create)
+ const struct in6_addr *v6daddr)
{
struct inetpeer_addr daddr;
daddr.a6 = *v6daddr;
daddr.family = AF_INET6;
- return inet_getpeer(base, &daddr, create);
+ return inet_getpeer(base, &daddr, 1);
}
static inline int inetpeer_addr_cmp(const struct inetpeer_addr *a,
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 9dffdd876fef5..203734e29d462 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -326,7 +326,7 @@ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt,
goto out;
vif = l3mdev_master_ifindex(dst->dev);
- peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, vif, 1);
+ peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, vif);
rc = inet_peer_xrlim_allow(peer,
READ_ONCE(net->ipv4.sysctl_icmp_ratelimit));
if (peer)
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 6c309c1ec3b0f..1427a94fc77a0 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -89,7 +89,7 @@ static void ip4_frag_init(struct inet_frag_queue *q, const void *a)
q->key.v4 = *key;
qp->ecn = 0;
qp->peer = q->fqdir->max_dist ?
- inet_getpeer_v4(net->ipv4.peers, key->saddr, key->vif, 1) :
+ inet_getpeer_v4(net->ipv4.peers, key->saddr, key->vif) :
NULL;
}
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index fda88894d0205..ae83b86fb209d 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -885,7 +885,7 @@ void ip_rt_send_redirect(struct sk_buff *skb)
rcu_read_unlock();
net = dev_net(rt->dst.dev);
- peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, vif, 1);
+ peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, vif);
if (!peer) {
icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
rt_nexthop(rt, ip_hdr(skb)->daddr));
@@ -988,7 +988,7 @@ static int ip_error(struct sk_buff *skb)
}
peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr,
- l3mdev_master_ifindex(skb->dev), 1);
+ l3mdev_master_ifindex(skb->dev));
send = true;
if (peer) {
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index ed8cdf7b8b11e..ad34482186a9c 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -222,7 +222,7 @@ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
if (rt->rt6i_dst.plen < 128)
tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
- peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
+ peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr);
res = inet_peer_xrlim_allow(peer, tmo);
if (peer)
inet_putpeer(peer);
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 4082470803615..5332aeddf9277 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -610,7 +610,7 @@ int ip6_forward(struct sk_buff *skb)
else
target = &hdr->daddr;
- peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr, 1);
+ peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr);
/* Limit redirects both by destination (here)
and by source (inside ndisc_send_redirect)
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index cfb4cf6e66549..d1eb0e324b7c0 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1721,7 +1721,7 @@ void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
"Redirect: destination is not a neighbour\n");
goto release;
}
- peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
+ peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr);
ret = inet_peer_xrlim_allow(peer, 1*HZ);
if (peer)
inet_putpeer(peer);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 061/578] inetpeer: remove create argument of inet_getpeer()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 060/578] inetpeer: remove create argument of inet_getpeer_v[46]() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 062/578] inetpeer: update inetpeer timestamp in inet_getpeer() Greg Kroah-Hartman
` (525 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Jakub Kicinski,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 7a596a50c4a4eab946aec149171c72321b4934aa ]
All callers of inet_getpeer() want to create an inetpeer.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241215175629.1248773-3-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: a853c609504e ("inetpeer: do not get a refcount in inet_getpeer()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/inetpeer.h | 7 +++----
net/ipv4/inetpeer.c | 11 ++---------
2 files changed, 5 insertions(+), 13 deletions(-)
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
index 6f51f81d6cb19..f475757daafba 100644
--- a/include/net/inetpeer.h
+++ b/include/net/inetpeer.h
@@ -96,8 +96,7 @@ static inline struct in6_addr *inetpeer_get_addr_v6(struct inetpeer_addr *iaddr)
/* can be called with or without local BH being disabled */
struct inet_peer *inet_getpeer(struct inet_peer_base *base,
- const struct inetpeer_addr *daddr,
- int create);
+ const struct inetpeer_addr *daddr);
static inline struct inet_peer *inet_getpeer_v4(struct inet_peer_base *base,
__be32 v4daddr,
@@ -108,7 +107,7 @@ static inline struct inet_peer *inet_getpeer_v4(struct inet_peer_base *base,
daddr.a4.addr = v4daddr;
daddr.a4.vif = vif;
daddr.family = AF_INET;
- return inet_getpeer(base, &daddr, 1);
+ return inet_getpeer(base, &daddr);
}
static inline struct inet_peer *inet_getpeer_v6(struct inet_peer_base *base,
@@ -118,7 +117,7 @@ static inline struct inet_peer *inet_getpeer_v6(struct inet_peer_base *base,
daddr.a6 = *v6daddr;
daddr.family = AF_INET6;
- return inet_getpeer(base, &daddr, 1);
+ return inet_getpeer(base, &daddr);
}
static inline int inetpeer_addr_cmp(const struct inetpeer_addr *a,
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index e9fed83e9b3cc..5670571ee5fbe 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -177,13 +177,11 @@ static void inet_peer_gc(struct inet_peer_base *base,
}
struct inet_peer *inet_getpeer(struct inet_peer_base *base,
- const struct inetpeer_addr *daddr,
- int create)
+ const struct inetpeer_addr *daddr)
{
struct inet_peer *p, *gc_stack[PEER_MAX_GC];
struct rb_node **pp, *parent;
unsigned int gc_cnt, seq;
- int invalidated;
/* Attempt a lockless lookup first.
* Because of a concurrent writer, we might not find an existing entry.
@@ -191,16 +189,11 @@ struct inet_peer *inet_getpeer(struct inet_peer_base *base,
rcu_read_lock();
seq = read_seqbegin(&base->lock);
p = lookup(daddr, base, seq, NULL, &gc_cnt, &parent, &pp);
- invalidated = read_seqretry(&base->lock, seq);
rcu_read_unlock();
if (p)
return p;
- /* If no writer did a change during our lookup, we can return early. */
- if (!create && !invalidated)
- return NULL;
-
/* retry an exact lookup, taking the lock before.
* At least, nodes should be hot in our cache.
*/
@@ -209,7 +202,7 @@ struct inet_peer *inet_getpeer(struct inet_peer_base *base,
gc_cnt = 0;
p = lookup(daddr, base, seq, gc_stack, &gc_cnt, &parent, &pp);
- if (!p && create) {
+ if (!p) {
p = kmem_cache_alloc(peer_cachep, GFP_ATOMIC);
if (p) {
p->daddr = *daddr;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 062/578] inetpeer: update inetpeer timestamp in inet_getpeer()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 061/578] inetpeer: remove create argument of inet_getpeer() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 063/578] inetpeer: do not get a refcount " Greg Kroah-Hartman
` (524 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Jakub Kicinski,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 50b362f21d6c10b0f7939c1482c6a1b43da82f1a ]
inet_putpeer() will be removed in the following patch,
because we will no longer use refcounts.
Update inetpeer timestamp (p->dtime) at lookup time.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241215175629.1248773-4-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: a853c609504e ("inetpeer: do not get a refcount in inet_getpeer()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/inetpeer.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index 5670571ee5fbe..596e2c3a8551f 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -98,6 +98,7 @@ static struct inet_peer *lookup(const struct inetpeer_addr *daddr,
{
struct rb_node **pp, *parent, *next;
struct inet_peer *p;
+ u32 now;
pp = &base->rb_root.rb_node;
parent = NULL;
@@ -113,6 +114,9 @@ static struct inet_peer *lookup(const struct inetpeer_addr *daddr,
if (cmp == 0) {
if (!refcount_inc_not_zero(&p->refcnt))
break;
+ now = jiffies;
+ if (READ_ONCE(p->dtime) != now)
+ WRITE_ONCE(p->dtime, now);
return p;
}
if (gc_stack) {
@@ -158,9 +162,6 @@ static void inet_peer_gc(struct inet_peer_base *base,
for (i = 0; i < gc_cnt; i++) {
p = gc_stack[i];
- /* The READ_ONCE() pairs with the WRITE_ONCE()
- * in inet_putpeer()
- */
delta = (__u32)jiffies - READ_ONCE(p->dtime);
if (delta < ttl || !refcount_dec_if_one(&p->refcnt))
@@ -232,11 +233,6 @@ EXPORT_SYMBOL_GPL(inet_getpeer);
void inet_putpeer(struct inet_peer *p)
{
- /* The WRITE_ONCE() pairs with itself (we run lockless)
- * and the READ_ONCE() in inet_peer_gc()
- */
- WRITE_ONCE(p->dtime, (__u32)jiffies);
-
if (refcount_dec_and_test(&p->refcnt))
call_rcu(&p->rcu, inetpeer_free_rcu);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 063/578] inetpeer: do not get a refcount in inet_getpeer()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 062/578] inetpeer: update inetpeer timestamp in inet_getpeer() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 064/578] pwm: stm32-lp: Add check for clk_enable() Greg Kroah-Hartman
` (523 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Jakub Kicinski,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit a853c609504e2d1d83e71285e3622fda1f1451d8 ]
All inet_getpeer() callers except ip4_frag_init() don't need
to acquire a permanent refcount on the inetpeer.
They can switch to full RCU protection.
Move the refcount_inc_not_zero() into ip4_frag_init(),
so that all the other callers no longer have to
perform a pair of expensive atomic operations on
a possibly contended cache line.
inet_putpeer() no longer needs to be exported.
After this patch, my DUT can receive 8,400,000 UDP packets
per second targeting closed ports, using 50% less cpu cycles
than before.
Also change two calls to l3mdev_master_ifindex() by
l3mdev_master_ifindex_rcu() (Ido ideas)
Fixes: 8c2bd38b95f7 ("icmp: change the order of rate limits")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241215175629.1248773-5-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/icmp.c | 9 ++++-----
net/ipv4/inetpeer.c | 8 ++------
net/ipv4/ip_fragment.c | 15 ++++++++++-----
net/ipv4/route.c | 15 ++++++++-------
net/ipv6/icmp.c | 4 ++--
net/ipv6/ip6_output.c | 4 ++--
net/ipv6/ndisc.c | 6 ++++--
7 files changed, 32 insertions(+), 29 deletions(-)
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 203734e29d462..a6adf6a2ec4b5 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -316,7 +316,6 @@ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt,
struct dst_entry *dst = &rt->dst;
struct inet_peer *peer;
bool rc = true;
- int vif;
if (!apply_ratelimit)
return true;
@@ -325,12 +324,12 @@ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt,
if (dst->dev && (dst->dev->flags&IFF_LOOPBACK))
goto out;
- vif = l3mdev_master_ifindex(dst->dev);
- peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, vif);
+ rcu_read_lock();
+ peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr,
+ l3mdev_master_ifindex_rcu(dst->dev));
rc = inet_peer_xrlim_allow(peer,
READ_ONCE(net->ipv4.sysctl_icmp_ratelimit));
- if (peer)
- inet_putpeer(peer);
+ rcu_read_unlock();
out:
if (!rc)
__ICMP_INC_STATS(net, ICMP_MIB_RATELIMITHOST);
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index 596e2c3a8551f..23896b6b8417d 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -112,8 +112,6 @@ static struct inet_peer *lookup(const struct inetpeer_addr *daddr,
p = rb_entry(parent, struct inet_peer, rb_node);
cmp = inetpeer_addr_cmp(daddr, &p->daddr);
if (cmp == 0) {
- if (!refcount_inc_not_zero(&p->refcnt))
- break;
now = jiffies;
if (READ_ONCE(p->dtime) != now)
WRITE_ONCE(p->dtime, now);
@@ -177,6 +175,7 @@ static void inet_peer_gc(struct inet_peer_base *base,
}
}
+/* Must be called under RCU : No refcount change is done here. */
struct inet_peer *inet_getpeer(struct inet_peer_base *base,
const struct inetpeer_addr *daddr)
{
@@ -187,10 +186,8 @@ struct inet_peer *inet_getpeer(struct inet_peer_base *base,
/* Attempt a lockless lookup first.
* Because of a concurrent writer, we might not find an existing entry.
*/
- rcu_read_lock();
seq = read_seqbegin(&base->lock);
p = lookup(daddr, base, seq, NULL, &gc_cnt, &parent, &pp);
- rcu_read_unlock();
if (p)
return p;
@@ -208,7 +205,7 @@ struct inet_peer *inet_getpeer(struct inet_peer_base *base,
if (p) {
p->daddr = *daddr;
p->dtime = (__u32)jiffies;
- refcount_set(&p->refcnt, 2);
+ refcount_set(&p->refcnt, 1);
atomic_set(&p->rid, 0);
p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW;
p->rate_tokens = 0;
@@ -236,7 +233,6 @@ void inet_putpeer(struct inet_peer *p)
if (refcount_dec_and_test(&p->refcnt))
call_rcu(&p->rcu, inetpeer_free_rcu);
}
-EXPORT_SYMBOL_GPL(inet_putpeer);
/*
* Check transmit rate limitation for given message.
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 1427a94fc77a0..0ed999fdca2d7 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -82,15 +82,20 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *skb,
static void ip4_frag_init(struct inet_frag_queue *q, const void *a)
{
struct ipq *qp = container_of(q, struct ipq, q);
- struct net *net = q->fqdir->net;
-
const struct frag_v4_compare_key *key = a;
+ struct net *net = q->fqdir->net;
+ struct inet_peer *p = NULL;
q->key.v4 = *key;
qp->ecn = 0;
- qp->peer = q->fqdir->max_dist ?
- inet_getpeer_v4(net->ipv4.peers, key->saddr, key->vif) :
- NULL;
+ if (q->fqdir->max_dist) {
+ rcu_read_lock();
+ p = inet_getpeer_v4(net->ipv4.peers, key->saddr, key->vif);
+ if (p && !refcount_inc_not_zero(&p->refcnt))
+ p = NULL;
+ rcu_read_unlock();
+ }
+ qp->peer = p;
}
static void ip4_frag_free(struct inet_frag_queue *q)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index ae83b86fb209d..f877a96fd1eb5 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -882,11 +882,11 @@ void ip_rt_send_redirect(struct sk_buff *skb)
}
log_martians = IN_DEV_LOG_MARTIANS(in_dev);
vif = l3mdev_master_ifindex_rcu(rt->dst.dev);
- rcu_read_unlock();
net = dev_net(rt->dst.dev);
peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, vif);
if (!peer) {
+ rcu_read_unlock();
icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
rt_nexthop(rt, ip_hdr(skb)->daddr));
return;
@@ -905,7 +905,7 @@ void ip_rt_send_redirect(struct sk_buff *skb)
*/
if (peer->n_redirects >= ip_rt_redirect_number) {
peer->rate_last = jiffies;
- goto out_put_peer;
+ goto out_unlock;
}
/* Check for load limit; set rate_last to the latest sent
@@ -926,8 +926,8 @@ void ip_rt_send_redirect(struct sk_buff *skb)
&ip_hdr(skb)->saddr, inet_iif(skb),
&ip_hdr(skb)->daddr, &gw);
}
-out_put_peer:
- inet_putpeer(peer);
+out_unlock:
+ rcu_read_unlock();
}
static int ip_error(struct sk_buff *skb)
@@ -987,9 +987,9 @@ static int ip_error(struct sk_buff *skb)
break;
}
+ rcu_read_lock();
peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr,
- l3mdev_master_ifindex(skb->dev));
-
+ l3mdev_master_ifindex_rcu(skb->dev));
send = true;
if (peer) {
now = jiffies;
@@ -1001,8 +1001,9 @@ static int ip_error(struct sk_buff *skb)
peer->rate_tokens -= ip_rt_error_cost;
else
send = false;
- inet_putpeer(peer);
}
+ rcu_read_unlock();
+
if (send)
icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index ad34482186a9c..7d88fd314c390 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -222,10 +222,10 @@ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
if (rt->rt6i_dst.plen < 128)
tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
+ rcu_read_lock();
peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr);
res = inet_peer_xrlim_allow(peer, tmo);
- if (peer)
- inet_putpeer(peer);
+ rcu_read_unlock();
}
if (!res)
__ICMP6_INC_STATS(net, ip6_dst_idev(dst),
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 5332aeddf9277..d7f7a714bd232 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -610,6 +610,7 @@ int ip6_forward(struct sk_buff *skb)
else
target = &hdr->daddr;
+ rcu_read_lock();
peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr);
/* Limit redirects both by destination (here)
@@ -617,8 +618,7 @@ int ip6_forward(struct sk_buff *skb)
*/
if (inet_peer_xrlim_allow(peer, 1*HZ))
ndisc_send_redirect(skb, target);
- if (peer)
- inet_putpeer(peer);
+ rcu_read_unlock();
} else {
int addrtype = ipv6_addr_type(&hdr->saddr);
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index d1eb0e324b7c0..44d3e6ab0c7d4 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1721,10 +1721,12 @@ void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
"Redirect: destination is not a neighbour\n");
goto release;
}
+
+ rcu_read_lock();
peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr);
ret = inet_peer_xrlim_allow(peer, 1*HZ);
- if (peer)
- inet_putpeer(peer);
+ rcu_read_unlock();
+
if (!ret)
goto release;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 064/578] pwm: stm32-lp: Add check for clk_enable()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 063/578] inetpeer: do not get a refcount " Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 065/578] cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Greg Kroah-Hartman
` (522 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mingwei Zheng, Jiasheng Jiang,
Uwe Kleine-König, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mingwei Zheng <zmw12306@gmail.com>
[ Upstream commit cce16e7f6216227964cda25f5f23634bce2c500f ]
Add check for the return value of clk_enable() to catch the potential
error.
We used APP-Miner to find it.
Fixes: e70a540b4e02 ("pwm: Add STM32 LPTimer PWM driver")
Signed-off-by: Mingwei Zheng <zmw12306@gmail.com>
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Link: https://lore.kernel.org/r/20241206215318.3402860-1-zmw12306@gmail.com
Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pwm/pwm-stm32-lp.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/pwm/pwm-stm32-lp.c b/drivers/pwm/pwm-stm32-lp.c
index 31a185c6b8da4..7f477082db1d7 100644
--- a/drivers/pwm/pwm-stm32-lp.c
+++ b/drivers/pwm/pwm-stm32-lp.c
@@ -169,8 +169,12 @@ static int stm32_pwm_lp_get_state(struct pwm_chip *chip,
regmap_read(priv->regmap, STM32_LPTIM_CR, &val);
state->enabled = !!FIELD_GET(STM32_LPTIM_ENABLE, val);
/* Keep PWM counter clock refcount in sync with PWM initial state */
- if (state->enabled)
- clk_enable(priv->clk);
+ if (state->enabled) {
+ int ret = clk_enable(priv->clk);
+
+ if (ret)
+ return ret;
+ }
regmap_read(priv->regmap, STM32_LPTIM_CFGR, &val);
presc = FIELD_GET(STM32_LPTIM_PRESC, val);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 065/578] cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 064/578] pwm: stm32-lp: Add check for clk_enable() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 066/578] clk: imx8mp: Fix clkout1/2 support Greg Kroah-Hartman
` (521 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sultan Alsawaf (unemployed),
Christian Loehle, Rafael J. Wysocki, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sultan Alsawaf (unemployed) <sultan@kerneltoast.com>
[ Upstream commit 8e461a1cb43d69d2fc8a97e61916dce571e6bb31 ]
A redundant frequency update is only truly needed when there is a policy
limits change with a driver that specifies CPUFREQ_NEED_UPDATE_LIMITS.
In spite of that, drivers specifying CPUFREQ_NEED_UPDATE_LIMITS receive a
frequency update _all the time_, not just for a policy limits change,
because need_freq_update is never cleared.
Furthermore, ignore_dl_rate_limit()'s usage of need_freq_update also leads
to a redundant frequency update, regardless of whether or not the driver
specifies CPUFREQ_NEED_UPDATE_LIMITS, when the next chosen frequency is the
same as the current one.
Fix the superfluous updates by only honoring CPUFREQ_NEED_UPDATE_LIMITS
when there's a policy limits change, and clearing need_freq_update when a
requisite redundant update occurs.
This is neatly achieved by moving up the CPUFREQ_NEED_UPDATE_LIMITS test
and instead setting need_freq_update to false in sugov_update_next_freq().
Fixes: 600f5badb78c ("cpufreq: schedutil: Don't skip freq update when limits change")
Signed-off-by: Sultan Alsawaf (unemployed) <sultan@kerneltoast.com>
Reviewed-by: Christian Loehle <christian.loehle@arm.com>
Link: https://patch.msgid.link/20241212015734.41241-2-sultan@kerneltoast.com
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/cpufreq_schedutil.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/sched/cpufreq_schedutil.c b/kernel/sched/cpufreq_schedutil.c
index 853a07618a3cf..542c0e82a9005 100644
--- a/kernel/sched/cpufreq_schedutil.c
+++ b/kernel/sched/cpufreq_schedutil.c
@@ -84,7 +84,7 @@ static bool sugov_should_update_freq(struct sugov_policy *sg_policy, u64 time)
if (unlikely(sg_policy->limits_changed)) {
sg_policy->limits_changed = false;
- sg_policy->need_freq_update = true;
+ sg_policy->need_freq_update = cpufreq_driver_test_flags(CPUFREQ_NEED_UPDATE_LIMITS);
return true;
}
@@ -97,7 +97,7 @@ static bool sugov_update_next_freq(struct sugov_policy *sg_policy, u64 time,
unsigned int next_freq)
{
if (sg_policy->need_freq_update)
- sg_policy->need_freq_update = cpufreq_driver_test_flags(CPUFREQ_NEED_UPDATE_LIMITS);
+ sg_policy->need_freq_update = false;
else if (sg_policy->next_freq == next_freq)
return false;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 066/578] clk: imx8mp: Fix clkout1/2 support
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 065/578] cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 067/578] team: prevent adding a device which is already a team device lower Greg Kroah-Hartman
` (520 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Vasut, Peng Fan, Abel Vesa,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Vasut <marex@denx.de>
[ Upstream commit a9b7c84d22fb1687d63ca2a386773015cf59436b ]
The CLKOUTn may be fed from PLL1/2/3, but the PLL1/2/3 has to be enabled
first by setting PLL_CLKE bit 11 in CCM_ANALOG_SYS_PLLn_GEN_CTRL register.
The CCM_ANALOG_SYS_PLLn_GEN_CTRL bit 11 is modeled by plln_out clock. Fix
the clock tree and place the clkout1/2 under plln_sel instead of plain plln
to let the clock subsystem correctly control the bit 11 and enable the PLL
in case the CLKOUTn is supplied by PLL1/2/3.
Fixes: 43896f56b59e ("clk: imx8mp: add clkout1/2 support")
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Link: https://lore.kernel.org/r/20241112013718.333771-1-marex@denx.de
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-imx8mp.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/imx/clk-imx8mp.c b/drivers/clk/imx/clk-imx8mp.c
index 2de49bbc40f30..444dfd6adfe68 100644
--- a/drivers/clk/imx/clk-imx8mp.c
+++ b/drivers/clk/imx/clk-imx8mp.c
@@ -398,8 +398,9 @@ static const char * const imx8mp_dram_core_sels[] = {"dram_pll_out", "dram_alt_r
static const char * const imx8mp_clkout_sels[] = {"audio_pll1_out", "audio_pll2_out", "video_pll1_out",
"dummy", "dummy", "gpu_pll_out", "vpu_pll_out",
- "arm_pll_out", "sys_pll1", "sys_pll2", "sys_pll3",
- "dummy", "dummy", "osc_24m", "dummy", "osc_32k"};
+ "arm_pll_out", "sys_pll1_out", "sys_pll2_out",
+ "sys_pll3_out", "dummy", "dummy", "osc_24m",
+ "dummy", "osc_32k"};
static struct clk_hw **hws;
static struct clk_hw_onecell_data *clk_hw_data;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 067/578] team: prevent adding a device which is already a team device lower
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 066/578] clk: imx8mp: Fix clkout1/2 support Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 068/578] regulator: of: Implement the unwind path of of_regulator_match() Greg Kroah-Hartman
` (519 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+3c47b5843403a45aef57,
Octavian Purdila, Hangbin Liu, David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Octavian Purdila <tavip@google.com>
[ Upstream commit 3fff5da4ca2164bb4d0f1e6cd33f6eb8a0e73e50 ]
Prevent adding a device which is already a team device lower,
e.g. adding veth0 if vlan1 was already added and veth0 is a lower of
vlan1.
This is not useful in practice and can lead to recursive locking:
$ ip link add veth0 type veth peer name veth1
$ ip link set veth0 up
$ ip link set veth1 up
$ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1
$ ip link add team0 type team
$ ip link set veth0.1 down
$ ip link set veth0.1 master team0
team0: Port device veth0.1 added
$ ip link set veth0 down
$ ip link set veth0 master team0
============================================
WARNING: possible recursive locking detected
6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted
--------------------------------------------
ip/7684 is trying to acquire lock:
ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)
but task is already holding lock:
ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977)
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(team->team_lock_key);
lock(team->team_lock_key);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by ip/7684:
stack backtrace:
CPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl (lib/dump_stack.c:122)
print_deadlock_bug.cold (kernel/locking/lockdep.c:3040)
__lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226)
? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548)
lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851)
? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)
? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2))
? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)
? lock_acquire (kernel/locking/lockdep.c:5822)
? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)
__mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735)
? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)
? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)
? fib_sync_up (net/ipv4/fib_semantics.c:2167)
? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)
team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)
notifier_call_chain (kernel/notifier.c:85)
call_netdevice_notifiers_info (net/core/dev.c:1996)
__dev_notify_flags (net/core/dev.c:8993)
? __dev_change_flags (net/core/dev.c:8975)
dev_change_flags (net/core/dev.c:9027)
vlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470)
? br_device_event (net/bridge/br.c:143)
notifier_call_chain (kernel/notifier.c:85)
call_netdevice_notifiers_info (net/core/dev.c:1996)
dev_open (net/core/dev.c:1519 net/core/dev.c:1505)
team_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977)
? __pfx_team_add_slave (drivers/net/team/team_core.c:1972)
do_set_master (net/core/rtnetlink.c:2917)
do_setlink.isra.0 (net/core/rtnetlink.c:3117)
Reported-by: syzbot+3c47b5843403a45aef57@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3c47b5843403a45aef57
Fixes: 3d249d4ca7d0 ("net: introduce ethernet teaming device")
Signed-off-by: Octavian Purdila <tavip@google.com>
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/team/team.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
index 872640a9e73a1..b23aa3c8bdf8e 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
@@ -1171,6 +1171,13 @@ static int team_port_add(struct team *team, struct net_device *port_dev,
return -EBUSY;
}
+ if (netdev_has_upper_dev(port_dev, dev)) {
+ NL_SET_ERR_MSG(extack, "Device is already a lower device of the team interface");
+ netdev_err(dev, "Device %s is already a lower device of the team interface\n",
+ portname);
+ return -EBUSY;
+ }
+
if (port_dev->features & NETIF_F_VLAN_CHALLENGED &&
vlan_uses_dev(dev)) {
NL_SET_ERR_MSG(extack, "Device is VLAN challenged and team device has VLAN set up");
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 068/578] regulator: of: Implement the unwind path of of_regulator_match()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 067/578] team: prevent adding a device which is already a team device lower Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 069/578] ax25: rcu protect dev->ax25_ptr Greg Kroah-Hartman
` (518 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Joe Hattori, Mark Brown, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit dddca3b2fc676113c58b04aaefe84bfb958ac83e ]
of_regulator_match() does not release the OF node reference in the error
path, resulting in an OF node leak. Therefore, call of_node_put() on the
obtained nodes before returning the EINVAL error.
Since it is possible that some drivers call this function and do not
exit on failure, such as s2mps11_pmic_driver, clear the init_data and
of_node in the error path.
This was reported by an experimental verification tool that I am
developing. As I do not have access to actual devices nor the QEMU board
configuration to test drivers that call this function, no runtime test
was able to be performed.
Fixes: 1c8fa58f4750 ("regulator: Add generic DT parsing for regulators")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Link: https://patch.msgid.link/20250104080453.2153592-1-joe@pf.is.s.u-tokyo.ac.jp
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/of_regulator.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/drivers/regulator/of_regulator.c b/drivers/regulator/of_regulator.c
index 59e71fd0db439..f23c12f4ffbfa 100644
--- a/drivers/regulator/of_regulator.c
+++ b/drivers/regulator/of_regulator.c
@@ -435,7 +435,7 @@ int of_regulator_match(struct device *dev, struct device_node *node,
"failed to parse DT for regulator %pOFn\n",
child);
of_node_put(child);
- return -EINVAL;
+ goto err_put;
}
match->of_node = of_node_get(child);
count++;
@@ -444,6 +444,18 @@ int of_regulator_match(struct device *dev, struct device_node *node,
}
return count;
+
+err_put:
+ for (i = 0; i < num_matches; i++) {
+ struct of_regulator_match *match = &matches[i];
+
+ match->init_data = NULL;
+ if (match->of_node) {
+ of_node_put(match->of_node);
+ match->of_node = NULL;
+ }
+ }
+ return -EINVAL;
}
EXPORT_SYMBOL_GPL(of_regulator_match);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 069/578] ax25: rcu protect dev->ax25_ptr
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 068/578] regulator: of: Implement the unwind path of of_regulator_match() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 070/578] OPP: OF: Fix an OF node leak in _opp_add_static_v2() Greg Kroah-Hartman
` (517 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Eric Dumazet,
Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 95fc45d1dea8e1253f8ec58abc5befb71553d666 ]
syzbot found a lockdep issue [1].
We should remove ax25 RTNL dependency in ax25_setsockopt()
This should also fix a variety of possible UAF in ax25.
[1]
WARNING: possible circular locking dependency detected
6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted
------------------------------------------------------
syz.5.1818/12806 is trying to acquire lock:
ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680
but task is already holding lock:
ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]
ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (sk_lock-AF_AX25){+.+.}-{0:0}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
lock_sock_nested+0x48/0x100 net/core/sock.c:3642
lock_sock include/net/sock.h:1618 [inline]
ax25_kill_by_device net/ax25/af_ax25.c:101 [inline]
ax25_device_event+0x24d/0x580 net/ax25/af_ax25.c:146
notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85
__dev_notify_flags+0x207/0x400
dev_change_flags+0xf0/0x1a0 net/core/dev.c:9026
dev_ifsioc+0x7c8/0xe70 net/core/dev_ioctl.c:563
dev_ioctl+0x719/0x1340 net/core/dev_ioctl.c:820
sock_do_ioctl+0x240/0x460 net/socket.c:1234
sock_ioctl+0x626/0x8e0 net/socket.c:1339
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (rtnl_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680
do_sock_setsockopt+0x3af/0x720 net/socket.c:2324
__sys_setsockopt net/socket.c:2349 [inline]
__do_sys_setsockopt net/socket.c:2355 [inline]
__se_sys_setsockopt net/socket.c:2352 [inline]
__x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2352
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sk_lock-AF_AX25);
lock(rtnl_mutex);
lock(sk_lock-AF_AX25);
lock(rtnl_mutex);
*** DEADLOCK ***
1 lock held by syz.5.1818/12806:
#0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]
#0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574
stack backtrace:
CPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680
do_sock_setsockopt+0x3af/0x720 net/socket.c:2324
__sys_setsockopt net/socket.c:2349 [inline]
__do_sys_setsockopt net/socket.c:2355 [inline]
__se_sys_setsockopt net/socket.c:2352 [inline]
__x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2352
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7b62385d29
Fixes: c433570458e4 ("ax25: fix a use-after-free in ax25_fillin_cb()")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250103210514.87290-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/netdevice.h | 2 +-
include/net/ax25.h | 10 +++++-----
net/ax25/af_ax25.c | 12 ++++++------
net/ax25/ax25_dev.c | 4 ++--
net/ax25/ax25_ip.c | 3 ++-
net/ax25/ax25_out.c | 22 +++++++++++++++++-----
net/ax25/ax25_route.c | 2 ++
7 files changed, 35 insertions(+), 20 deletions(-)
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 662183994e885..c75aed1fff7d1 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -2177,7 +2177,7 @@ struct net_device {
void *atalk_ptr;
#endif
#if IS_ENABLED(CONFIG_AX25)
- void *ax25_ptr;
+ struct ax25_dev __rcu *ax25_ptr;
#endif
#if IS_ENABLED(CONFIG_CFG80211)
struct wireless_dev *ieee80211_ptr;
diff --git a/include/net/ax25.h b/include/net/ax25.h
index 1d55e8ee08b4f..e9465aa07a4e7 100644
--- a/include/net/ax25.h
+++ b/include/net/ax25.h
@@ -229,6 +229,7 @@ typedef struct ax25_dev {
#endif
refcount_t refcount;
bool device_up;
+ struct rcu_head rcu;
} ax25_dev;
typedef struct ax25_cb {
@@ -291,9 +292,8 @@ static inline void ax25_dev_hold(ax25_dev *ax25_dev)
static inline void ax25_dev_put(ax25_dev *ax25_dev)
{
- if (refcount_dec_and_test(&ax25_dev->refcount)) {
- kfree(ax25_dev);
- }
+ if (refcount_dec_and_test(&ax25_dev->refcount))
+ kfree_rcu(ax25_dev, rcu);
}
static inline __be16 ax25_type_trans(struct sk_buff *skb, struct net_device *dev)
{
@@ -336,9 +336,9 @@ void ax25_digi_invert(const ax25_digi *, ax25_digi *);
extern spinlock_t ax25_dev_lock;
#if IS_ENABLED(CONFIG_AX25)
-static inline ax25_dev *ax25_dev_ax25dev(struct net_device *dev)
+static inline ax25_dev *ax25_dev_ax25dev(const struct net_device *dev)
{
- return dev->ax25_ptr;
+ return rcu_dereference_rtnl(dev->ax25_ptr);
}
#endif
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index a1e0be8716870..4b96dedcc3c9c 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -467,7 +467,7 @@ static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg)
goto out_put;
}
-static void ax25_fillin_cb_from_dev(ax25_cb *ax25, ax25_dev *ax25_dev)
+static void ax25_fillin_cb_from_dev(ax25_cb *ax25, const ax25_dev *ax25_dev)
{
ax25->rtt = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]) / 2;
ax25->t1 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]);
@@ -677,22 +677,22 @@ static int ax25_setsockopt(struct socket *sock, int level, int optname,
break;
}
- rtnl_lock();
- dev = __dev_get_by_name(&init_net, devname);
+ rcu_read_lock();
+ dev = dev_get_by_name_rcu(&init_net, devname);
if (!dev) {
- rtnl_unlock();
+ rcu_read_unlock();
res = -ENODEV;
break;
}
ax25->ax25_dev = ax25_dev_ax25dev(dev);
if (!ax25->ax25_dev) {
- rtnl_unlock();
+ rcu_read_unlock();
res = -ENODEV;
break;
}
ax25_fillin_cb(ax25, ax25->ax25_dev);
- rtnl_unlock();
+ rcu_read_unlock();
break;
default:
diff --git a/net/ax25/ax25_dev.c b/net/ax25/ax25_dev.c
index e165fe108bb00..2b4f8df53b765 100644
--- a/net/ax25/ax25_dev.c
+++ b/net/ax25/ax25_dev.c
@@ -87,7 +87,7 @@ void ax25_dev_device_up(struct net_device *dev)
spin_lock_bh(&ax25_dev_lock);
list_add(&ax25_dev->list, &ax25_dev_list);
- dev->ax25_ptr = ax25_dev;
+ rcu_assign_pointer(dev->ax25_ptr, ax25_dev);
spin_unlock_bh(&ax25_dev_lock);
ax25_register_dev_sysctl(ax25_dev);
@@ -122,7 +122,7 @@ void ax25_dev_device_down(struct net_device *dev)
}
}
- dev->ax25_ptr = NULL;
+ RCU_INIT_POINTER(dev->ax25_ptr, NULL);
spin_unlock_bh(&ax25_dev_lock);
netdev_put(dev, &ax25_dev->dev_tracker);
ax25_dev_put(ax25_dev);
diff --git a/net/ax25/ax25_ip.c b/net/ax25/ax25_ip.c
index 36249776c021e..215d4ccf12b91 100644
--- a/net/ax25/ax25_ip.c
+++ b/net/ax25/ax25_ip.c
@@ -122,6 +122,7 @@ netdev_tx_t ax25_ip_xmit(struct sk_buff *skb)
if (dev == NULL)
dev = skb->dev;
+ rcu_read_lock();
if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL) {
kfree_skb(skb);
goto put;
@@ -202,7 +203,7 @@ netdev_tx_t ax25_ip_xmit(struct sk_buff *skb)
ax25_queue_xmit(skb, dev);
put:
-
+ rcu_read_unlock();
ax25_route_lock_unuse();
return NETDEV_TX_OK;
}
diff --git a/net/ax25/ax25_out.c b/net/ax25/ax25_out.c
index 3db76d2470e95..8bca2ace98e51 100644
--- a/net/ax25/ax25_out.c
+++ b/net/ax25/ax25_out.c
@@ -39,10 +39,14 @@ ax25_cb *ax25_send_frame(struct sk_buff *skb, int paclen, const ax25_address *sr
* specified.
*/
if (paclen == 0) {
- if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL)
+ rcu_read_lock();
+ ax25_dev = ax25_dev_ax25dev(dev);
+ if (!ax25_dev) {
+ rcu_read_unlock();
return NULL;
-
+ }
paclen = ax25_dev->values[AX25_VALUES_PACLEN];
+ rcu_read_unlock();
}
/*
@@ -53,13 +57,19 @@ ax25_cb *ax25_send_frame(struct sk_buff *skb, int paclen, const ax25_address *sr
return ax25; /* It already existed */
}
- if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL)
+ rcu_read_lock();
+ ax25_dev = ax25_dev_ax25dev(dev);
+ if (!ax25_dev) {
+ rcu_read_unlock();
return NULL;
+ }
- if ((ax25 = ax25_create_cb()) == NULL)
+ if ((ax25 = ax25_create_cb()) == NULL) {
+ rcu_read_unlock();
return NULL;
-
+ }
ax25_fillin_cb(ax25, ax25_dev);
+ rcu_read_unlock();
ax25->source_addr = *src;
ax25->dest_addr = *dest;
@@ -358,7 +368,9 @@ void ax25_queue_xmit(struct sk_buff *skb, struct net_device *dev)
{
unsigned char *ptr;
+ rcu_read_lock();
skb->protocol = ax25_type_trans(skb, ax25_fwd_dev(dev));
+ rcu_read_unlock();
ptr = skb_push(skb, 1);
*ptr = 0x00; /* KISS */
diff --git a/net/ax25/ax25_route.c b/net/ax25/ax25_route.c
index b7c4d656a94b7..69de75db0c9c2 100644
--- a/net/ax25/ax25_route.c
+++ b/net/ax25/ax25_route.c
@@ -406,6 +406,7 @@ int ax25_rt_autobind(ax25_cb *ax25, ax25_address *addr)
ax25_route_lock_unuse();
return -EHOSTUNREACH;
}
+ rcu_read_lock();
if ((ax25->ax25_dev = ax25_dev_ax25dev(ax25_rt->dev)) == NULL) {
err = -EHOSTUNREACH;
goto put;
@@ -442,6 +443,7 @@ int ax25_rt_autobind(ax25_cb *ax25, ax25_address *addr)
}
put:
+ rcu_read_unlock();
ax25_route_lock_unuse();
return err;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 070/578] OPP: OF: Fix an OF node leak in _opp_add_static_v2()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 069/578] ax25: rcu protect dev->ax25_ptr Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 071/578] clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Greg Kroah-Hartman
` (516 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Joe Hattori, Viresh Kumar,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit 1d38eb7f7b26261a0b642f6e0923269c7c000a97 ]
_opp_add_static_v2() leaks the obtained OF node reference when
_of_opp_alloc_required_opps() fails. Add an of_node_put() call in the
error path.
Fixes: 3466ea2cd6b6 ("OPP: Don't drop opp->np reference while it is still in use")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/opp/of.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/opp/of.c b/drivers/opp/of.c
index 605d68673f928..c1b2d8927845c 100644
--- a/drivers/opp/of.c
+++ b/drivers/opp/of.c
@@ -950,7 +950,7 @@ static struct dev_pm_opp *_opp_add_static_v2(struct opp_table *opp_table,
ret = _of_opp_alloc_required_opps(opp_table, new_opp);
if (ret)
- goto free_opp;
+ goto put_node;
if (!of_property_read_u32(np, "clock-latency-ns", &val))
new_opp->clock_latency_ns = val;
@@ -1003,6 +1003,8 @@ static struct dev_pm_opp *_opp_add_static_v2(struct opp_table *opp_table,
free_required_opps:
_of_opp_free_required_opps(opp_table, new_opp);
+put_node:
+ of_node_put(np);
free_opp:
_opp_free(new_opp);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 071/578] clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 070/578] OPP: OF: Fix an OF node leak in _opp_add_static_v2() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 072/578] HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Greg Kroah-Hartman
` (515 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Amit Pundir, Bjorn Andersson,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Amit Pundir <amit.pundir@linaro.org>
[ Upstream commit f760a4bb5e927a133dcd75f7b69ccae2a331e42c ]
Similar to the earlier fixes meant for sm8x50 and x1e platforms,
we have to stop using the shared clk ops for sdm845 QUPs as well.
As Stephen Boyd pointed out in earlier fixes, there wasn't a problem
to mark QUP clks shared until we started parking shared RCGs at clk
registration time in commit 01a0a6cc8cfd ("clk: qcom: Park shared RCGs
upon registration"). Parking at init is actually harmful to the UART
when earlycon is used. If the device is pumping out data while the
frequency changes and we see garbage on the serial console until the
driver can probe and actually set a proper frequency.
This patch reverts the QUP clk sharing ops part of commit 06391eddb60a
("clk: qcom: Add Global Clock controller (GCC) driver for SDM845"), so
that the QUPs on sdm845 don't get parked during clk registration and
break UART operations.
Fixes: 01a0a6cc8cfd ("clk: qcom: Park shared RCGs upon registration")
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Link: https://lore.kernel.org/r/20241209174912.2526928-1-amit.pundir@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-sdm845.c | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/drivers/clk/qcom/gcc-sdm845.c b/drivers/clk/qcom/gcc-sdm845.c
index ef15e8f114027..0ea549d792834 100644
--- a/drivers/clk/qcom/gcc-sdm845.c
+++ b/drivers/clk/qcom/gcc-sdm845.c
@@ -455,7 +455,7 @@ static struct clk_init_data gcc_qupv3_wrap0_s0_clk_src_init = {
.name = "gcc_qupv3_wrap0_s0_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap0_s0_clk_src = {
@@ -471,7 +471,7 @@ static struct clk_init_data gcc_qupv3_wrap0_s1_clk_src_init = {
.name = "gcc_qupv3_wrap0_s1_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap0_s1_clk_src = {
@@ -487,7 +487,7 @@ static struct clk_init_data gcc_qupv3_wrap0_s2_clk_src_init = {
.name = "gcc_qupv3_wrap0_s2_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap0_s2_clk_src = {
@@ -503,7 +503,7 @@ static struct clk_init_data gcc_qupv3_wrap0_s3_clk_src_init = {
.name = "gcc_qupv3_wrap0_s3_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap0_s3_clk_src = {
@@ -519,7 +519,7 @@ static struct clk_init_data gcc_qupv3_wrap0_s4_clk_src_init = {
.name = "gcc_qupv3_wrap0_s4_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap0_s4_clk_src = {
@@ -535,7 +535,7 @@ static struct clk_init_data gcc_qupv3_wrap0_s5_clk_src_init = {
.name = "gcc_qupv3_wrap0_s5_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap0_s5_clk_src = {
@@ -551,7 +551,7 @@ static struct clk_init_data gcc_qupv3_wrap0_s6_clk_src_init = {
.name = "gcc_qupv3_wrap0_s6_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap0_s6_clk_src = {
@@ -567,7 +567,7 @@ static struct clk_init_data gcc_qupv3_wrap0_s7_clk_src_init = {
.name = "gcc_qupv3_wrap0_s7_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap0_s7_clk_src = {
@@ -583,7 +583,7 @@ static struct clk_init_data gcc_qupv3_wrap1_s0_clk_src_init = {
.name = "gcc_qupv3_wrap1_s0_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap1_s0_clk_src = {
@@ -599,7 +599,7 @@ static struct clk_init_data gcc_qupv3_wrap1_s1_clk_src_init = {
.name = "gcc_qupv3_wrap1_s1_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap1_s1_clk_src = {
@@ -615,7 +615,7 @@ static struct clk_init_data gcc_qupv3_wrap1_s2_clk_src_init = {
.name = "gcc_qupv3_wrap1_s2_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap1_s2_clk_src = {
@@ -631,7 +631,7 @@ static struct clk_init_data gcc_qupv3_wrap1_s3_clk_src_init = {
.name = "gcc_qupv3_wrap1_s3_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap1_s3_clk_src = {
@@ -647,7 +647,7 @@ static struct clk_init_data gcc_qupv3_wrap1_s4_clk_src_init = {
.name = "gcc_qupv3_wrap1_s4_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap1_s4_clk_src = {
@@ -663,7 +663,7 @@ static struct clk_init_data gcc_qupv3_wrap1_s5_clk_src_init = {
.name = "gcc_qupv3_wrap1_s5_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap1_s5_clk_src = {
@@ -679,7 +679,7 @@ static struct clk_init_data gcc_qupv3_wrap1_s6_clk_src_init = {
.name = "gcc_qupv3_wrap1_s6_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap1_s6_clk_src = {
@@ -695,7 +695,7 @@ static struct clk_init_data gcc_qupv3_wrap1_s7_clk_src_init = {
.name = "gcc_qupv3_wrap1_s7_clk_src",
.parent_data = gcc_parent_data_0,
.num_parents = ARRAY_SIZE(gcc_parent_data_0),
- .ops = &clk_rcg2_shared_ops,
+ .ops = &clk_rcg2_ops,
};
static struct clk_rcg2 gcc_qupv3_wrap1_s7_clk_src = {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 072/578] HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 071/578] clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 073/578] mfd: syscon: Remove extern from function prototypes Greg Kroah-Hartman
` (514 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+040e8b3db6a96908d470,
Karol Przybylski, Jiri Kosina, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Karol Przybylski <karprzy7@gmail.com>
[ Upstream commit 50420d7c79c37a3efe4010ff9b1bb14bc61ebccf ]
syzbot has found a type mismatch between a USB pipe and the transfer
endpoint, which is triggered by the hid-thrustmaster driver[1].
There is a number of similar, already fixed issues [2].
In this case as in others, implementing check for endpoint type fixes the issue.
[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470
[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622
Fixes: c49c33637802 ("HID: support for initialization of some Thrustmaster wheels")
Reported-by: syzbot+040e8b3db6a96908d470@syzkaller.appspotmail.com
Tested-by: syzbot+040e8b3db6a96908d470@syzkaller.appspotmail.com
Signed-off-by: Karol Przybylski <karprzy7@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-thrustmaster.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/hid/hid-thrustmaster.c b/drivers/hid/hid-thrustmaster.c
index cf1679b0d4fbb..6c3e758bbb09e 100644
--- a/drivers/hid/hid-thrustmaster.c
+++ b/drivers/hid/hid-thrustmaster.c
@@ -170,6 +170,14 @@ static void thrustmaster_interrupts(struct hid_device *hdev)
ep = &usbif->cur_altsetting->endpoint[1];
b_ep = ep->desc.bEndpointAddress;
+ /* Are the expected endpoints present? */
+ u8 ep_addr[1] = {b_ep};
+
+ if (!usb_check_int_endpoints(usbif, ep_addr)) {
+ hid_err(hdev, "Unexpected non-int endpoint\n");
+ return;
+ }
+
for (i = 0; i < ARRAY_SIZE(setup_arr); ++i) {
memcpy(send_buf, setup_arr[i], setup_arr_sizes[i]);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 073/578] mfd: syscon: Remove extern from function prototypes
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 072/578] HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 074/578] mfd: syscon: Add of_syscon_register_regmap() API Greg Kroah-Hartman
` (513 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Peter Griffin, Lee Jones,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Griffin <peter.griffin@linaro.org>
[ Upstream commit 0db017f8edd9b9af818bc1d68ba578df1b4c4628 ]
The kernel coding style does not require 'extern' in function prototypes
in .h files, so remove them as they are not needed.
To avoid checkpatch warnings such as
CHECK: Lines should not end with a '('
+struct regmap *syscon_regmap_lookup_by_phandle(
The indentation is also updated. No functional changes in this patch.
Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
Link: https://lore.kernel.org/r/20240220115012.471689-3-peter.griffin@linaro.org
Signed-off-by: Lee Jones <lee@kernel.org>
Stable-dep-of: 805f7aaf7fee ("mfd: syscon: Fix race in device_node_get_regmap()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/mfd/syscon.h | 25 +++++++++++--------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/include/linux/mfd/syscon.h b/include/linux/mfd/syscon.h
index fecc2fa2a3647..c315903f6dab3 100644
--- a/include/linux/mfd/syscon.h
+++ b/include/linux/mfd/syscon.h
@@ -17,20 +17,17 @@
struct device_node;
#ifdef CONFIG_MFD_SYSCON
-extern struct regmap *device_node_to_regmap(struct device_node *np);
-extern struct regmap *syscon_node_to_regmap(struct device_node *np);
-extern struct regmap *syscon_regmap_lookup_by_compatible(const char *s);
-extern struct regmap *syscon_regmap_lookup_by_phandle(
- struct device_node *np,
- const char *property);
-extern struct regmap *syscon_regmap_lookup_by_phandle_args(
- struct device_node *np,
- const char *property,
- int arg_count,
- unsigned int *out_args);
-extern struct regmap *syscon_regmap_lookup_by_phandle_optional(
- struct device_node *np,
- const char *property);
+struct regmap *device_node_to_regmap(struct device_node *np);
+struct regmap *syscon_node_to_regmap(struct device_node *np);
+struct regmap *syscon_regmap_lookup_by_compatible(const char *s);
+struct regmap *syscon_regmap_lookup_by_phandle(struct device_node *np,
+ const char *property);
+struct regmap *syscon_regmap_lookup_by_phandle_args(struct device_node *np,
+ const char *property,
+ int arg_count,
+ unsigned int *out_args);
+struct regmap *syscon_regmap_lookup_by_phandle_optional(struct device_node *np,
+ const char *property);
#else
static inline struct regmap *device_node_to_regmap(struct device_node *np)
{
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 074/578] mfd: syscon: Add of_syscon_register_regmap() API
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 073/578] mfd: syscon: Remove extern from function prototypes Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 075/578] mfd: syscon: Use scoped variables with memory allocators to simplify error paths Greg Kroah-Hartman
` (512 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Griffin, Arnd Bergmann,
Sam Protsenko, Will McVicker, Krzysztof Kozlowski, Lee Jones,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Griffin <peter.griffin@linaro.org>
[ Upstream commit 769cb63166d90f1fadafa4352f180cbd96b6cb77 ]
The of_syscon_register_regmap() API allows an externally created regmap
to be registered with syscon. This regmap can then be returned to client
drivers using the syscon_regmap_lookup_by_phandle() APIs.
The API is used by platforms where mmio access to the syscon registers is
not possible, and a underlying soc driver like exynos-pmu provides a SoC
specific regmap that can issue a SMC or hypervisor call to write the
register.
This approach keeps the SoC complexities out of syscon, but allows common
drivers such as syscon-poweroff, syscon-reboot and friends that are used
by many SoCs already to be re-used.
Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Tested-by: Will McVicker <willmcvicker@google.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20240621115544.1655458-2-peter.griffin@linaro.org
Signed-off-by: Lee Jones <lee@kernel.org>
Stable-dep-of: 805f7aaf7fee ("mfd: syscon: Fix race in device_node_get_regmap()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/syscon.c | 48 ++++++++++++++++++++++++++++++++++++++
include/linux/mfd/syscon.h | 8 +++++++
2 files changed, 56 insertions(+)
diff --git a/drivers/mfd/syscon.c b/drivers/mfd/syscon.c
index ecfe151220919..1ce8f6f9d7f54 100644
--- a/drivers/mfd/syscon.c
+++ b/drivers/mfd/syscon.c
@@ -177,6 +177,54 @@ static struct regmap *device_node_get_regmap(struct device_node *np,
return syscon->regmap;
}
+/**
+ * of_syscon_register_regmap() - Register regmap for specified device node
+ * @np: Device tree node
+ * @regmap: Pointer to regmap object
+ *
+ * Register an externally created regmap object with syscon for the specified
+ * device tree node. This regmap will then be returned to client drivers using
+ * the syscon_regmap_lookup_by_phandle() API.
+ *
+ * Return: 0 on success, negative error code on failure.
+ */
+int of_syscon_register_regmap(struct device_node *np, struct regmap *regmap)
+{
+ struct syscon *entry, *syscon = NULL;
+ int ret;
+
+ if (!np || !regmap)
+ return -EINVAL;
+
+ syscon = kzalloc(sizeof(*syscon), GFP_KERNEL);
+ if (!syscon)
+ return -ENOMEM;
+
+ /* check if syscon entry already exists */
+ spin_lock(&syscon_list_slock);
+
+ list_for_each_entry(entry, &syscon_list, list)
+ if (entry->np == np) {
+ ret = -EEXIST;
+ goto err_unlock;
+ }
+
+ syscon->regmap = regmap;
+ syscon->np = np;
+
+ /* register the regmap in syscon list */
+ list_add_tail(&syscon->list, &syscon_list);
+ spin_unlock(&syscon_list_slock);
+
+ return 0;
+
+err_unlock:
+ spin_unlock(&syscon_list_slock);
+ kfree(syscon);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(of_syscon_register_regmap);
+
struct regmap *device_node_to_regmap(struct device_node *np)
{
return device_node_get_regmap(np, false);
diff --git a/include/linux/mfd/syscon.h b/include/linux/mfd/syscon.h
index c315903f6dab3..aad9c6b504636 100644
--- a/include/linux/mfd/syscon.h
+++ b/include/linux/mfd/syscon.h
@@ -28,6 +28,8 @@ struct regmap *syscon_regmap_lookup_by_phandle_args(struct device_node *np,
unsigned int *out_args);
struct regmap *syscon_regmap_lookup_by_phandle_optional(struct device_node *np,
const char *property);
+int of_syscon_register_regmap(struct device_node *np,
+ struct regmap *regmap);
#else
static inline struct regmap *device_node_to_regmap(struct device_node *np)
{
@@ -67,6 +69,12 @@ static inline struct regmap *syscon_regmap_lookup_by_phandle_optional(
return NULL;
}
+static inline int of_syscon_register_regmap(struct device_node *np,
+ struct regmap *regmap)
+{
+ return -EOPNOTSUPP;
+}
+
#endif
#endif /* __LINUX_MFD_SYSCON_H__ */
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 075/578] mfd: syscon: Use scoped variables with memory allocators to simplify error paths
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 074/578] mfd: syscon: Add of_syscon_register_regmap() API Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 076/578] mfd: syscon: Fix race in device_node_get_regmap() Greg Kroah-Hartman
` (511 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Lee Jones,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 82f898f47112bc7b787cb9ce8803c4e2f9f60c89 ]
Allocate the memory with scoped/cleanup.h to reduce error handling and
make the code a bit simpler.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20240707114823.9175-2-krzysztof.kozlowski@linaro.org
Signed-off-by: Lee Jones <lee@kernel.org>
Stable-dep-of: 805f7aaf7fee ("mfd: syscon: Fix race in device_node_get_regmap()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/syscon.c | 20 +++++++-------------
1 file changed, 7 insertions(+), 13 deletions(-)
diff --git a/drivers/mfd/syscon.c b/drivers/mfd/syscon.c
index 1ce8f6f9d7f54..cc7b07882fee4 100644
--- a/drivers/mfd/syscon.c
+++ b/drivers/mfd/syscon.c
@@ -8,6 +8,7 @@
* Author: Dong Aisheng <dong.aisheng@linaro.org>
*/
+#include <linux/cleanup.h>
#include <linux/clk.h>
#include <linux/err.h>
#include <linux/hwspinlock.h>
@@ -43,7 +44,6 @@ static const struct regmap_config syscon_regmap_config = {
static struct syscon *of_syscon_register(struct device_node *np, bool check_clk)
{
struct clk *clk;
- struct syscon *syscon;
struct regmap *regmap;
void __iomem *base;
u32 reg_io_width;
@@ -51,20 +51,16 @@ static struct syscon *of_syscon_register(struct device_node *np, bool check_clk)
struct regmap_config syscon_config = syscon_regmap_config;
struct resource res;
- syscon = kzalloc(sizeof(*syscon), GFP_KERNEL);
+ struct syscon *syscon __free(kfree) = kzalloc(sizeof(*syscon), GFP_KERNEL);
if (!syscon)
return ERR_PTR(-ENOMEM);
- if (of_address_to_resource(np, 0, &res)) {
- ret = -ENOMEM;
- goto err_map;
- }
+ if (of_address_to_resource(np, 0, &res))
+ return ERR_PTR(-ENOMEM);
base = of_iomap(np, 0);
- if (!base) {
- ret = -ENOMEM;
- goto err_map;
- }
+ if (!base)
+ return ERR_PTR(-ENOMEM);
/* Parse the device's DT node for an endianness specification */
if (of_property_read_bool(np, "big-endian"))
@@ -139,7 +135,7 @@ static struct syscon *of_syscon_register(struct device_node *np, bool check_clk)
list_add_tail(&syscon->list, &syscon_list);
spin_unlock(&syscon_list_slock);
- return syscon;
+ return_ptr(syscon);
err_attach:
if (!IS_ERR(clk))
@@ -148,8 +144,6 @@ static struct syscon *of_syscon_register(struct device_node *np, bool check_clk)
regmap_exit(regmap);
err_regmap:
iounmap(base);
-err_map:
- kfree(syscon);
return ERR_PTR(ret);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 076/578] mfd: syscon: Fix race in device_node_get_regmap()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 075/578] mfd: syscon: Use scoped variables with memory allocators to simplify error paths Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 077/578] samples/landlock: Fix possible NULL dereference in parse_path() Greg Kroah-Hartman
` (510 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rob Herring (Arm),
Krzysztof Kozlowski, Will McVicker, Pankaj Dubey, Lee Jones,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rob Herring (Arm) <robh@kernel.org>
[ Upstream commit 805f7aaf7fee14a57b56af01d270edf6c10765e8 ]
It is possible for multiple, simultaneous callers calling
device_node_get_regmap() with the same node to fail to find an entry in
the syscon_list. There is a period of time while the first caller is
calling of_syscon_register() that subsequent callers also fail to find
an entry in the syscon_list and then call of_syscon_register() a second
time.
Fix this by keeping the lock held until after of_syscon_register()
completes and adds the node to syscon_list. Convert the spinlock to a
mutex as many of the functions called in of_syscon_register() such as
kzalloc() and of_clk_get() may sleep.
Fixes: bdb0066df96e ("mfd: syscon: Decouple syscon interface from platform devices")
Signed-off-by: Rob Herring (Arm) <robh@kernel.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Tested-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Tested-by: Will McVicker <willmcvicker@google.com>
Tested-by: Pankaj Dubey <pankaj.dubey@samsung.com>
Reviewed-by: Pankaj Dubey <pankaj.dubey@samsung.com>
Link: https://lore.kernel.org/r/20241217-syscon-fixes-v2-1-4f56d750541d@kernel.org
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/syscon.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/drivers/mfd/syscon.c b/drivers/mfd/syscon.c
index cc7b07882fee4..8302cd63a73d0 100644
--- a/drivers/mfd/syscon.c
+++ b/drivers/mfd/syscon.c
@@ -15,6 +15,7 @@
#include <linux/io.h>
#include <linux/init.h>
#include <linux/list.h>
+#include <linux/mutex.h>
#include <linux/of.h>
#include <linux/of_address.h>
#include <linux/of_platform.h>
@@ -26,7 +27,7 @@
static struct platform_driver syscon_driver;
-static DEFINE_SPINLOCK(syscon_list_slock);
+static DEFINE_MUTEX(syscon_list_lock);
static LIST_HEAD(syscon_list);
struct syscon {
@@ -51,6 +52,8 @@ static struct syscon *of_syscon_register(struct device_node *np, bool check_clk)
struct regmap_config syscon_config = syscon_regmap_config;
struct resource res;
+ WARN_ON(!mutex_is_locked(&syscon_list_lock));
+
struct syscon *syscon __free(kfree) = kzalloc(sizeof(*syscon), GFP_KERNEL);
if (!syscon)
return ERR_PTR(-ENOMEM);
@@ -131,9 +134,7 @@ static struct syscon *of_syscon_register(struct device_node *np, bool check_clk)
syscon->regmap = regmap;
syscon->np = np;
- spin_lock(&syscon_list_slock);
list_add_tail(&syscon->list, &syscon_list);
- spin_unlock(&syscon_list_slock);
return_ptr(syscon);
@@ -152,7 +153,7 @@ static struct regmap *device_node_get_regmap(struct device_node *np,
{
struct syscon *entry, *syscon = NULL;
- spin_lock(&syscon_list_slock);
+ mutex_lock(&syscon_list_lock);
list_for_each_entry(entry, &syscon_list, list)
if (entry->np == np) {
@@ -160,11 +161,11 @@ static struct regmap *device_node_get_regmap(struct device_node *np,
break;
}
- spin_unlock(&syscon_list_slock);
-
if (!syscon)
syscon = of_syscon_register(np, check_clk);
+ mutex_unlock(&syscon_list_lock);
+
if (IS_ERR(syscon))
return ERR_CAST(syscon);
@@ -195,7 +196,7 @@ int of_syscon_register_regmap(struct device_node *np, struct regmap *regmap)
return -ENOMEM;
/* check if syscon entry already exists */
- spin_lock(&syscon_list_slock);
+ mutex_lock(&syscon_list_lock);
list_for_each_entry(entry, &syscon_list, list)
if (entry->np == np) {
@@ -208,12 +209,12 @@ int of_syscon_register_regmap(struct device_node *np, struct regmap *regmap)
/* register the regmap in syscon list */
list_add_tail(&syscon->list, &syscon_list);
- spin_unlock(&syscon_list_slock);
+ mutex_unlock(&syscon_list_lock);
return 0;
err_unlock:
- spin_unlock(&syscon_list_slock);
+ mutex_unlock(&syscon_list_lock);
kfree(syscon);
return ret;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 077/578] samples/landlock: Fix possible NULL dereference in parse_path()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 076/578] mfd: syscon: Fix race in device_node_get_regmap() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 078/578] wifi: wlcore: fix unbalanced pm_runtime calls Greg Kroah-Hartman
` (509 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zichen Xie, Mickaël Salaün,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zichen Xie <zichenxie0106@gmail.com>
[ Upstream commit 078bf9438a31567e2c0587159ccefde835fb1ced ]
malloc() may return NULL, leading to NULL dereference. Add a NULL
check.
Fixes: ba84b0bf5a16 ("samples/landlock: Add a sandbox manager example")
Signed-off-by: Zichen Xie <zichenxie0106@gmail.com>
Link: https://lore.kernel.org/r/20241128032955.11711-1-zichenxie0106@gmail.com
[mic: Simplify fix]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
samples/landlock/sandboxer.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/samples/landlock/sandboxer.c b/samples/landlock/sandboxer.c
index f29bb3c722307..ce9b77bc167b1 100644
--- a/samples/landlock/sandboxer.c
+++ b/samples/landlock/sandboxer.c
@@ -65,6 +65,9 @@ static int parse_path(char *env_path, const char ***const path_list)
}
}
*path_list = malloc(num_paths * sizeof(**path_list));
+ if (!*path_list)
+ return -1;
+
for (i = 0; i < num_paths; i++)
(*path_list)[i] = strsep(&env_path, ENV_PATH_TOKEN);
@@ -99,6 +102,10 @@ static int populate_ruleset(const char *const env_var, const int ruleset_fd,
env_path_name = strdup(env_path_name);
unsetenv(env_var);
num_paths = parse_path(env_path_name, &path_list);
+ if (num_paths < 0) {
+ fprintf(stderr, "Failed to allocate memory\n");
+ goto out_free_name;
+ }
if (num_paths == 1 && path_list[0][0] == '\0') {
/*
* Allows to not use all possible restrictions (e.g. use
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 078/578] wifi: wlcore: fix unbalanced pm_runtime calls
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 077/578] samples/landlock: Fix possible NULL dereference in parse_path() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 079/578] wifi: mac80211: prohibit deactivating all links Greg Kroah-Hartman
` (508 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andreas Kemnade, Michael Nemanov,
Kalle Valo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andreas Kemnade <andreas@kemnade.info>
[ Upstream commit 996c934c8c196144af386c4385f61fcd5349af28 ]
If firmware boot failes, runtime pm is put too often:
[12092.708099] wlcore: ERROR firmware boot failed despite 3 retries
[12092.708099] wl18xx_driver wl18xx.1.auto: Runtime PM usage count underflow!
Fix that by redirecting all error gotos before runtime_get so that runtime is
not put.
Fixes: c40aad28a3cf ("wlcore: Make sure firmware is initialized in wl1271_op_add_interface()")
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Reviewed-by: Michael Nemanov <michael.nemanov@ti.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20250104195507.402673-1-akemnade@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ti/wlcore/main.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/ti/wlcore/main.c b/drivers/net/wireless/ti/wlcore/main.c
index 28c0f06e311f7..b88ceb1f9800c 100644
--- a/drivers/net/wireless/ti/wlcore/main.c
+++ b/drivers/net/wireless/ti/wlcore/main.c
@@ -2533,24 +2533,24 @@ static int wl1271_op_add_interface(struct ieee80211_hw *hw,
if (test_bit(WL1271_FLAG_RECOVERY_IN_PROGRESS, &wl->flags) ||
test_bit(WLVIF_FLAG_INITIALIZED, &wlvif->flags)) {
ret = -EBUSY;
- goto out;
+ goto out_unlock;
}
ret = wl12xx_init_vif_data(wl, vif);
if (ret < 0)
- goto out;
+ goto out_unlock;
wlvif->wl = wl;
role_type = wl12xx_get_role_type(wl, wlvif);
if (role_type == WL12XX_INVALID_ROLE_TYPE) {
ret = -EINVAL;
- goto out;
+ goto out_unlock;
}
ret = wlcore_allocate_hw_queue_base(wl, wlvif);
if (ret < 0)
- goto out;
+ goto out_unlock;
/*
* TODO: after the nvs issue will be solved, move this block
@@ -2565,7 +2565,7 @@ static int wl1271_op_add_interface(struct ieee80211_hw *hw,
ret = wl12xx_init_fw(wl);
if (ret < 0)
- goto out;
+ goto out_unlock;
}
/*
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 079/578] wifi: mac80211: prohibit deactivating all links
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 078/578] wifi: wlcore: fix unbalanced pm_runtime calls Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 080/578] wifi: mac80211: Fix common size calculation for ML element Greg Kroah-Hartman
` (507 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+0c5d8e65f23569a8ffec,
Johannes Berg, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 7553477cbfd784b128297f9ed43751688415bbaa ]
In the internal API this calls this is a WARN_ON, but that
should remain since internally we want to know about bugs
that may cause this. Prevent deactivating all links in the
debugfs write directly.
Reported-by: syzbot+0c5d8e65f23569a8ffec@syzkaller.appspotmail.com
Fixes: 3d9011029227 ("wifi: mac80211: implement link switching")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://patch.msgid.link/20241230091408.505bd125c35a.Ic3c1f9572b980a952a444cad62b09b9c6721732b@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/debugfs_netdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 8ced615add712..f8416965c2198 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -588,7 +588,7 @@ static ssize_t ieee80211_if_parse_active_links(struct ieee80211_sub_if_data *sda
{
u16 active_links;
- if (kstrtou16(buf, 0, &active_links))
+ if (kstrtou16(buf, 0, &active_links) || !active_links)
return -EINVAL;
return ieee80211_set_active_links(&sdata->vif, active_links) ?: buflen;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 080/578] wifi: mac80211: Fix common size calculation for ML element
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 079/578] wifi: mac80211: prohibit deactivating all links Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 081/578] net/smc: fix data error when recvmsg with MSG_PEEK flag Greg Kroah-Hartman
` (506 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ilan Peer, Johannes Berg,
Miri Korenblit, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilan Peer <ilan.peer@intel.com>
[ Upstream commit 19aa842dcbb5860509b7e1b7745dbae0b791f6c4 ]
When the ML type is EPCS the control bitmap is reserved, the length
is always 7 and is captured by the 1st octet after the control.
Fixes: 0f48b8b88aa9 ("wifi: ieee80211: add definitions for multi-link element")
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20250102161730.5790376754a7.I381208cbb72b1be2a88239509294099e9337e254@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/ieee80211.h | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 160230bb1a9ce..8e00918b15b49 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -4571,28 +4571,24 @@ static inline u8 ieee80211_mle_common_size(const u8 *data)
{
const struct ieee80211_multi_link_elem *mle = (const void *)data;
u16 control = le16_to_cpu(mle->control);
- u8 common = 0;
switch (u16_get_bits(control, IEEE80211_ML_CONTROL_TYPE)) {
case IEEE80211_ML_CONTROL_TYPE_BASIC:
case IEEE80211_ML_CONTROL_TYPE_PREQ:
case IEEE80211_ML_CONTROL_TYPE_TDLS:
case IEEE80211_ML_CONTROL_TYPE_RECONF:
+ case IEEE80211_ML_CONTROL_TYPE_PRIO_ACCESS:
/*
* The length is the first octet pointed by mle->variable so no
* need to add anything
*/
break;
- case IEEE80211_ML_CONTROL_TYPE_PRIO_ACCESS:
- if (control & IEEE80211_MLC_PRIO_ACCESS_PRES_AP_MLD_MAC_ADDR)
- common += ETH_ALEN;
- return common;
default:
WARN_ON(1);
return 0;
}
- return sizeof(*mle) + common + mle->variable[0];
+ return sizeof(*mle) + mle->variable[0];
}
/**
@@ -4645,8 +4641,7 @@ static inline bool ieee80211_mle_size_ok(const u8 *data, u8 len)
check_common_len = true;
break;
case IEEE80211_ML_CONTROL_TYPE_PRIO_ACCESS:
- if (control & IEEE80211_MLC_PRIO_ACCESS_PRES_AP_MLD_MAC_ADDR)
- common += ETH_ALEN;
+ common = ETH_ALEN + 1;
break;
default:
/* we don't know this type */
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 081/578] net/smc: fix data error when recvmsg with MSG_PEEK flag
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 080/578] wifi: mac80211: Fix common size calculation for ML element Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 082/578] landlock: Handle weird files Greg Kroah-Hartman
` (505 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, D. Wythe, Guangguan Wang,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guangguan Wang <guangguan.wang@linux.alibaba.com>
[ Upstream commit a4b6539038c1aa1ae871aacf6e41b566c3613993 ]
When recvmsg with MSG_PEEK flag, the data will be copied to
user's buffer without advancing consume cursor and without
reducing the length of rx available data. Once the expected
peek length is larger than the value of bytes_to_rcv, in the
loop of do while in smc_rx_recvmsg, the first loop will copy
bytes_to_rcv bytes of data from the position local_tx_ctrl.cons,
the second loop will copy the min(bytes_to_rcv, read_remaining)
bytes from the position local_tx_ctrl.cons again because of the
lacking of process with advancing consume cursor and reducing
the length of available data. So do the subsequent loops. The
data copied in the second loop and the subsequent loops will
result in data error, as it should not be copied if no more data
arrives and it should be copied from the position advancing
bytes_to_rcv bytes from the local_tx_ctrl.cons if more data arrives.
This issue can be reproduce by the following python script:
server.py:
import socket
import time
server_ip = '0.0.0.0'
server_port = 12346
server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_socket.bind((server_ip, server_port))
server_socket.listen(1)
print('Server is running and listening for connections...')
conn, addr = server_socket.accept()
print('Connected by', addr)
while True:
data = conn.recv(1024)
if not data:
break
print('Received request:', data.decode())
conn.sendall(b'Hello, client!\n')
time.sleep(5)
conn.sendall(b'Hello, again!\n')
conn.close()
client.py:
import socket
server_ip = '<server ip>'
server_port = 12346
resp=b'Hello, client!\nHello, again!\n'
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_socket.connect((server_ip, server_port))
request = 'Hello, server!'
client_socket.sendall(request.encode())
peek_data = client_socket.recv(len(resp),
socket.MSG_PEEK | socket.MSG_WAITALL)
print('Peeked data:', peek_data.decode())
client_socket.close()
Fixes: 952310ccf2d8 ("smc: receive data from RMBE")
Reported-by: D. Wythe <alibuda@linux.alibaba.com>
Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
Link: https://patch.msgid.link/20250104143201.35529-1-guangguan.wang@linux.alibaba.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/smc/af_smc.c | 2 +-
net/smc/smc_rx.c | 37 +++++++++++++++++++++----------------
net/smc/smc_rx.h | 8 ++++----
3 files changed, 26 insertions(+), 21 deletions(-)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index e2bdd6aa3d89c..c951e5c483b51 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -2645,7 +2645,7 @@ static int smc_accept(struct socket *sock, struct socket *new_sock,
release_sock(clcsk);
} else if (!atomic_read(&smc_sk(nsk)->conn.bytes_to_rcv)) {
lock_sock(nsk);
- smc_rx_wait(smc_sk(nsk), &timeo, smc_rx_data_available);
+ smc_rx_wait(smc_sk(nsk), &timeo, 0, smc_rx_data_available);
release_sock(nsk);
}
}
diff --git a/net/smc/smc_rx.c b/net/smc/smc_rx.c
index ffcc9996a3da3..e57002d2ac372 100644
--- a/net/smc/smc_rx.c
+++ b/net/smc/smc_rx.c
@@ -234,22 +234,23 @@ static int smc_rx_splice(struct pipe_inode_info *pipe, char *src, size_t len,
return -ENOMEM;
}
-static int smc_rx_data_available_and_no_splice_pend(struct smc_connection *conn)
+static int smc_rx_data_available_and_no_splice_pend(struct smc_connection *conn, size_t peeked)
{
- return atomic_read(&conn->bytes_to_rcv) &&
+ return smc_rx_data_available(conn, peeked) &&
!atomic_read(&conn->splice_pending);
}
/* blocks rcvbuf consumer until >=len bytes available or timeout or interrupted
* @smc smc socket
* @timeo pointer to max seconds to wait, pointer to value 0 for no timeout
+ * @peeked number of bytes already peeked
* @fcrit add'l criterion to evaluate as function pointer
* Returns:
* 1 if at least 1 byte available in rcvbuf or if socket error/shutdown.
* 0 otherwise (nothing in rcvbuf nor timeout, e.g. interrupted).
*/
-int smc_rx_wait(struct smc_sock *smc, long *timeo,
- int (*fcrit)(struct smc_connection *conn))
+int smc_rx_wait(struct smc_sock *smc, long *timeo, size_t peeked,
+ int (*fcrit)(struct smc_connection *conn, size_t baseline))
{
DEFINE_WAIT_FUNC(wait, woken_wake_function);
struct smc_connection *conn = &smc->conn;
@@ -258,7 +259,7 @@ int smc_rx_wait(struct smc_sock *smc, long *timeo,
struct sock *sk = &smc->sk;
int rc;
- if (fcrit(conn))
+ if (fcrit(conn, peeked))
return 1;
sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
add_wait_queue(sk_sleep(sk), &wait);
@@ -267,7 +268,7 @@ int smc_rx_wait(struct smc_sock *smc, long *timeo,
cflags->peer_conn_abort ||
READ_ONCE(sk->sk_shutdown) & RCV_SHUTDOWN ||
conn->killed ||
- fcrit(conn),
+ fcrit(conn, peeked),
&wait);
remove_wait_queue(sk_sleep(sk), &wait);
sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
@@ -318,11 +319,11 @@ static int smc_rx_recv_urg(struct smc_sock *smc, struct msghdr *msg, int len,
return -EAGAIN;
}
-static bool smc_rx_recvmsg_data_available(struct smc_sock *smc)
+static bool smc_rx_recvmsg_data_available(struct smc_sock *smc, size_t peeked)
{
struct smc_connection *conn = &smc->conn;
- if (smc_rx_data_available(conn))
+ if (smc_rx_data_available(conn, peeked))
return true;
else if (conn->urg_state == SMC_URG_VALID)
/* we received a single urgent Byte - skip */
@@ -340,10 +341,10 @@ static bool smc_rx_recvmsg_data_available(struct smc_sock *smc)
int smc_rx_recvmsg(struct smc_sock *smc, struct msghdr *msg,
struct pipe_inode_info *pipe, size_t len, int flags)
{
- size_t copylen, read_done = 0, read_remaining = len;
+ size_t copylen, read_done = 0, read_remaining = len, peeked_bytes = 0;
size_t chunk_len, chunk_off, chunk_len_sum;
struct smc_connection *conn = &smc->conn;
- int (*func)(struct smc_connection *conn);
+ int (*func)(struct smc_connection *conn, size_t baseline);
union smc_host_cursor cons;
int readable, chunk;
char *rcvbuf_base;
@@ -380,14 +381,14 @@ int smc_rx_recvmsg(struct smc_sock *smc, struct msghdr *msg,
if (conn->killed)
break;
- if (smc_rx_recvmsg_data_available(smc))
+ if (smc_rx_recvmsg_data_available(smc, peeked_bytes))
goto copy;
if (sk->sk_shutdown & RCV_SHUTDOWN) {
/* smc_cdc_msg_recv_action() could have run after
* above smc_rx_recvmsg_data_available()
*/
- if (smc_rx_recvmsg_data_available(smc))
+ if (smc_rx_recvmsg_data_available(smc, peeked_bytes))
goto copy;
break;
}
@@ -421,26 +422,28 @@ int smc_rx_recvmsg(struct smc_sock *smc, struct msghdr *msg,
}
}
- if (!smc_rx_data_available(conn)) {
- smc_rx_wait(smc, &timeo, smc_rx_data_available);
+ if (!smc_rx_data_available(conn, peeked_bytes)) {
+ smc_rx_wait(smc, &timeo, peeked_bytes, smc_rx_data_available);
continue;
}
copy:
/* initialize variables for 1st iteration of subsequent loop */
/* could be just 1 byte, even after waiting on data above */
- readable = atomic_read(&conn->bytes_to_rcv);
+ readable = smc_rx_data_available(conn, peeked_bytes);
splbytes = atomic_read(&conn->splice_pending);
if (!readable || (msg && splbytes)) {
if (splbytes)
func = smc_rx_data_available_and_no_splice_pend;
else
func = smc_rx_data_available;
- smc_rx_wait(smc, &timeo, func);
+ smc_rx_wait(smc, &timeo, peeked_bytes, func);
continue;
}
smc_curs_copy(&cons, &conn->local_tx_ctrl.cons, conn);
+ if ((flags & MSG_PEEK) && peeked_bytes)
+ smc_curs_add(conn->rmb_desc->len, &cons, peeked_bytes);
/* subsequent splice() calls pick up where previous left */
if (splbytes)
smc_curs_add(conn->rmb_desc->len, &cons, splbytes);
@@ -476,6 +479,8 @@ int smc_rx_recvmsg(struct smc_sock *smc, struct msghdr *msg,
}
read_remaining -= chunk_len;
read_done += chunk_len;
+ if (flags & MSG_PEEK)
+ peeked_bytes += chunk_len;
if (chunk_len_sum == copylen)
break; /* either on 1st or 2nd iteration */
diff --git a/net/smc/smc_rx.h b/net/smc/smc_rx.h
index db823c97d824e..994f5e42d1ba2 100644
--- a/net/smc/smc_rx.h
+++ b/net/smc/smc_rx.h
@@ -21,11 +21,11 @@ void smc_rx_init(struct smc_sock *smc);
int smc_rx_recvmsg(struct smc_sock *smc, struct msghdr *msg,
struct pipe_inode_info *pipe, size_t len, int flags);
-int smc_rx_wait(struct smc_sock *smc, long *timeo,
- int (*fcrit)(struct smc_connection *conn));
-static inline int smc_rx_data_available(struct smc_connection *conn)
+int smc_rx_wait(struct smc_sock *smc, long *timeo, size_t peeked,
+ int (*fcrit)(struct smc_connection *conn, size_t baseline));
+static inline int smc_rx_data_available(struct smc_connection *conn, size_t peeked)
{
- return atomic_read(&conn->bytes_to_rcv);
+ return atomic_read(&conn->bytes_to_rcv) - peeked;
}
#endif /* SMC_RX_H */
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 082/578] landlock: Handle weird files
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 081/578] net/smc: fix data error when recvmsg with MSG_PEEK flag Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 083/578] wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Greg Kroah-Hartman
` (504 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dave Chinner, Kent Overstreet,
Paul Moore, syzbot+34b68f850391452207df,
syzbot+360866a59e3c80510a62, Ubisectech Sirius,
Günther Noack, Mickaël Salaün, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mickaël Salaün <mic@digikod.net>
[ Upstream commit 49440290a0935f428a1e43a5ac8dc275a647ff80 ]
A corrupted filesystem (e.g. bcachefs) might return weird files.
Instead of throwing a warning and allowing access to such file, treat
them as regular files.
Cc: Dave Chinner <david@fromorbit.com>
Cc: Kent Overstreet <kent.overstreet@linux.dev>
Cc: Paul Moore <paul@paul-moore.com>
Reported-by: syzbot+34b68f850391452207df@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/r/000000000000a65b35061cffca61@google.com
Reported-by: syzbot+360866a59e3c80510a62@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/r/67379b3f.050a0220.85a0.0001.GAE@google.com
Reported-by: Ubisectech Sirius <bugreport@ubisectech.com>
Closes: https://lore.kernel.org/r/c426821d-8380-46c4-a494-7008bbd7dd13.bugreport@ubisectech.com
Fixes: cb2c7d1a1776 ("landlock: Support filesystem access-control")
Reviewed-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20250110153918.241810-1-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/landlock/fs.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/security/landlock/fs.c b/security/landlock/fs.c
index 7b0e5976113c2..7b95afcc6b437 100644
--- a/security/landlock/fs.c
+++ b/security/landlock/fs.c
@@ -669,10 +669,6 @@ static inline access_mask_t get_mode_access(const umode_t mode)
switch (mode & S_IFMT) {
case S_IFLNK:
return LANDLOCK_ACCESS_FS_MAKE_SYM;
- case 0:
- /* A zero mode translates to S_IFREG. */
- case S_IFREG:
- return LANDLOCK_ACCESS_FS_MAKE_REG;
case S_IFDIR:
return LANDLOCK_ACCESS_FS_MAKE_DIR;
case S_IFCHR:
@@ -683,9 +679,12 @@ static inline access_mask_t get_mode_access(const umode_t mode)
return LANDLOCK_ACCESS_FS_MAKE_FIFO;
case S_IFSOCK:
return LANDLOCK_ACCESS_FS_MAKE_SOCK;
+ case S_IFREG:
+ case 0:
+ /* A zero mode translates to S_IFREG. */
default:
- WARN_ON_ONCE(1);
- return 0;
+ /* Treats weird files as regular files. */
+ return LANDLOCK_ACCESS_FS_MAKE_REG;
}
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 083/578] wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 082/578] landlock: Handle weird files Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 084/578] wifi: mt76: mt7921: fix using incorrect group cipher after disconnection Greg Kroah-Hartman
` (503 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xu Rao, WangYuli, Felix Fietkau,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: WangYuli <wangyuli@uniontech.com>
[ Upstream commit f1b1e133a770fcdbd89551651232b034d2f7a27a ]
When initializing the network card, unplugging the device will
trigger an -EPROTO error, resulting in a flood of error messages
being printed frantically.
The exception is printed as follows:
mt76x2u 2-2.4:1.0: vendor request req:47 off:9018 failed:-71
mt76x2u 2-2.4:1.0: vendor request req:47 off:9018 failed:-71
...
It will continue to print more than 2000 times for about 5 minutes,
causing the usb device to be unable to be disconnected. During this
period, the usb port cannot recognize the new device because the old
device has not disconnected.
There may be other operating methods that cause -EPROTO, but -EPROTO is
a low-level hardware error. It is unwise to repeat vendor requests
expecting to read correct data. It is a better choice to treat -EPROTO
and -ENODEV the same way.
Similar to commit 9b0f100c1970 ("mt76: usb: process URBs with status
EPROTO properly") do no schedule rx_worker for urb marked with status
set -EPROTO. I also reproduced this situation when plugging and
unplugging the device, and this patch is effective.
Just do not vendor request again for urb marked with status set -EPROTO.
Link: https://lore.kernel.org/all/531681bd-30f5-4a70-a156-bf8754b8e072@intel.com/
Link: https://lore.kernel.org/all/D4B9CC1FFC0CBAC3+20250105040607.154706-1-wangyuli@uniontech.com/
Fixes: b40b15e1521f ("mt76: add usb support to mt76 layer")
Co-developed-by: Xu Rao <raoxu@uniontech.com>
Signed-off-by: Xu Rao <raoxu@uniontech.com>
Signed-off-by: WangYuli <wangyuli@uniontech.com>
Link: https://patch.msgid.link/9DD7DE7AAB497CB7+20250113070241.63590-1-wangyuli@uniontech.com
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/usb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/usb.c b/drivers/net/wireless/mediatek/mt76/usb.c
index 0597df2729a62..1e2133670291c 100644
--- a/drivers/net/wireless/mediatek/mt76/usb.c
+++ b/drivers/net/wireless/mediatek/mt76/usb.c
@@ -33,9 +33,9 @@ int __mt76u_vendor_request(struct mt76_dev *dev, u8 req, u8 req_type,
ret = usb_control_msg(udev, pipe, req, req_type, val,
offset, buf, len, MT_VEND_REQ_TOUT_MS);
- if (ret == -ENODEV)
+ if (ret == -ENODEV || ret == -EPROTO)
set_bit(MT76_REMOVED, &dev->phy.state);
- if (ret >= 0 || ret == -ENODEV)
+ if (ret >= 0 || ret == -ENODEV || ret == -EPROTO)
return ret;
usleep_range(5000, 10000);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 084/578] wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 083/578] wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 085/578] wifi: mt76: mt7915: fix register mapping Greg Kroah-Hartman
` (502 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Lo, Ming Yen Hsieh,
David Ruth, Felix Fietkau, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Lo <michael.lo@mediatek.com>
[ Upstream commit aa566ac6b7272e7ea5359cb682bdca36d2fc7e73 ]
To avoid incorrect cipher after disconnection, we should
do the key deletion process in this case.
Fixes: e6db67fa871d ("wifi: mt76: ignore key disable commands")
Signed-off-by: Michael Lo <michael.lo@mediatek.com>
Signed-off-by: Ming Yen Hsieh <mingyen.hsieh@mediatek.com>
Tested-by: David Ruth <druth@chromium.org>
Reviewed-by: David Ruth <druth@chromium.org>
Link: https://patch.msgid.link/20240801024335.12981-1-mingyen.hsieh@mediatek.com
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
@@ -469,7 +469,13 @@ static int mt7921_set_key(struct ieee802
} else {
if (idx == *wcid_keyidx)
*wcid_keyidx = -1;
- goto out;
+
+ /* For security issue we don't trigger the key deletion when
+ * reassociating. But we should trigger the deletion process
+ * to avoid using incorrect cipher after disconnection,
+ */
+ if (vif->type != NL80211_IFTYPE_STATION || vif->cfg.assoc)
+ goto out;
}
mt76_wcid_key_setup(&dev->mt76, wcid, key);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 085/578] wifi: mt76: mt7915: fix register mapping
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 084/578] wifi: mt76: mt7921: fix using incorrect group cipher after disconnection Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 086/578] cpufreq: ACPI: Fix max-frequency computation Greg Kroah-Hartman
` (501 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Chiu, Shengyu Qu,
Felix Fietkau, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Chiu <chui-hao.chiu@mediatek.com>
[ Upstream commit dd1649ef966bb87053c17385ea2cfd1758f5385b ]
Bypass the entry when ofs is equal to dev->reg.map[i].size.
Without this patch, it would get incorrect register mapping when the CR
address is located at the boundary of an entry.
Fixes: cd4c314a65d3 ("mt76: mt7915: refine register definition")
Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Signed-off-by: Shengyu Qu <wiagn233@outlook.com>
Link: https://patch.msgid.link/OSZPR01MB843401EAA1DA6BD7AEF356F298132@OSZPR01MB8434.jpnprd01.prod.outlook.com
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c b/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c
index bc68ede64ddbb..74f5321611c45 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c
@@ -423,7 +423,7 @@ static u32 __mt7915_reg_addr(struct mt7915_dev *dev, u32 addr)
continue;
ofs = addr - dev->reg.map[i].phys;
- if (ofs > dev->reg.map[i].size)
+ if (ofs >= dev->reg.map[i].size)
continue;
return dev->reg.map[i].maps + ofs;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 086/578] cpufreq: ACPI: Fix max-frequency computation
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 085/578] wifi: mt76: mt7915: fix register mapping Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 087/578] selftests: timers: clocksource-switch: Adapt progress to kselftest framework Greg Kroah-Hartman
` (500 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dhananjay Ugwekar, Gautham R. Shenoy,
Mario Limonciello, Rafael J. Wysocki, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gautham R. Shenoy <gautham.shenoy@amd.com>
[ Upstream commit 0834667545962ef1c5e8684ed32b45d9c574acd3 ]
Commit 3c55e94c0ade ("cpufreq: ACPI: Extend frequency tables to cover
boost frequencies") introduced an assumption in acpi_cpufreq_cpu_init()
that the first entry in the P-state table was the nominal frequency.
This assumption is incorrect. The frequency corresponding to the P0
P-State need not be the same as the nominal frequency advertised via
CPPC.
Since the driver is using the CPPC.highest_perf and CPPC.nominal_perf
to compute the boost-ratio, it makes sense to use CPPC.nominal_freq to
compute the max-frequency. CPPC.nominal_freq is advertised on
platforms supporting CPPC revisions 3 or higher.
Hence, fallback to using the first entry in the P-State table only on
platforms that do not advertise CPPC.nominal_freq.
Fixes: 3c55e94c0ade ("cpufreq: ACPI: Extend frequency tables to cover boost frequencies")
Tested-by: Dhananjay Ugwekar <Dhananjay.Ugwekar@amd.com>
Signed-off-by: Gautham R. Shenoy <gautham.shenoy@amd.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://patch.msgid.link/20250113044107.566-1-gautham.shenoy@amd.com
[ rjw: Retain reverse X-mas tree ordering of local variable declarations ]
[ rjw: Subject and changelog edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/acpi-cpufreq.c | 36 +++++++++++++++++++++++++---------
1 file changed, 27 insertions(+), 9 deletions(-)
diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c
index 1bb2b90ebb21c..72464e4132e2b 100644
--- a/drivers/cpufreq/acpi-cpufreq.c
+++ b/drivers/cpufreq/acpi-cpufreq.c
@@ -635,7 +635,14 @@ static int acpi_cpufreq_blacklist(struct cpuinfo_x86 *c)
#endif
#ifdef CONFIG_ACPI_CPPC_LIB
-static u64 get_max_boost_ratio(unsigned int cpu)
+/*
+ * get_max_boost_ratio: Computes the max_boost_ratio as the ratio
+ * between the highest_perf and the nominal_perf.
+ *
+ * Returns the max_boost_ratio for @cpu. Returns the CPPC nominal
+ * frequency via @nominal_freq if it is non-NULL pointer.
+ */
+static u64 get_max_boost_ratio(unsigned int cpu, u64 *nominal_freq)
{
struct cppc_perf_caps perf_caps;
u64 highest_perf, nominal_perf;
@@ -658,6 +665,9 @@ static u64 get_max_boost_ratio(unsigned int cpu)
nominal_perf = perf_caps.nominal_perf;
+ if (nominal_freq)
+ *nominal_freq = perf_caps.nominal_freq;
+
if (!highest_perf || !nominal_perf) {
pr_debug("CPU%d: highest or nominal performance missing\n", cpu);
return 0;
@@ -670,8 +680,12 @@ static u64 get_max_boost_ratio(unsigned int cpu)
return div_u64(highest_perf << SCHED_CAPACITY_SHIFT, nominal_perf);
}
+
#else
-static inline u64 get_max_boost_ratio(unsigned int cpu) { return 0; }
+static inline u64 get_max_boost_ratio(unsigned int cpu, u64 *nominal_freq)
+{
+ return 0;
+}
#endif
static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
@@ -681,9 +695,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
struct acpi_cpufreq_data *data;
unsigned int cpu = policy->cpu;
struct cpuinfo_x86 *c = &cpu_data(cpu);
+ u64 max_boost_ratio, nominal_freq = 0;
unsigned int valid_states = 0;
unsigned int result = 0;
- u64 max_boost_ratio;
unsigned int i;
#ifdef CONFIG_SMP
static int blacklisted;
@@ -833,16 +847,20 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
}
freq_table[valid_states].frequency = CPUFREQ_TABLE_END;
- max_boost_ratio = get_max_boost_ratio(cpu);
+ max_boost_ratio = get_max_boost_ratio(cpu, &nominal_freq);
if (max_boost_ratio) {
- unsigned int freq = freq_table[0].frequency;
+ unsigned int freq = nominal_freq;
/*
- * Because the loop above sorts the freq_table entries in the
- * descending order, freq is the maximum frequency in the table.
- * Assume that it corresponds to the CPPC nominal frequency and
- * use it to set cpuinfo.max_freq.
+ * The loop above sorts the freq_table entries in the
+ * descending order. If ACPI CPPC has not advertised
+ * the nominal frequency (this is possible in CPPC
+ * revisions prior to 3), then use the first entry in
+ * the pstate table as a proxy for nominal frequency.
*/
+ if (!freq)
+ freq = freq_table[0].frequency;
+
policy->cpuinfo.max_freq = freq * max_boost_ratio >> SCHED_CAPACITY_SHIFT;
} else {
/*
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 087/578] selftests: timers: clocksource-switch: Adapt progress to kselftest framework
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 086/578] cpufreq: ACPI: Fix max-frequency computation Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 088/578] selftests: harness: fix printing of mismatch values in __EXPECT() Greg Kroah-Hartman
` (499 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Thomas Gleixner,
Shuah Khan, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 8694e6a7f7dba23d3abd9f5a96f64d161704c7b1 ]
When adapting the test to the kselftest framework, a few printf() calls
indicating test progress were not updated.
Fix this by replacing these printf() calls by ksft_print_msg() calls.
Link: https://lore.kernel.org/r/7dd4b9ab6e43268846e250878ebf25ae6d3d01ce.1733994134.git.geert+renesas@glider.be
Fixes: ce7d101750ff ("selftests: timers: clocksource-switch: adapt to kselftest framework")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/timers/clocksource-switch.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/timers/clocksource-switch.c b/tools/testing/selftests/timers/clocksource-switch.c
index c5264594064c8..83faa4e354e38 100644
--- a/tools/testing/selftests/timers/clocksource-switch.c
+++ b/tools/testing/selftests/timers/clocksource-switch.c
@@ -156,8 +156,8 @@ int main(int argc, char **argv)
/* Check everything is sane before we start switching asynchronously */
if (do_sanity_check) {
for (i = 0; i < count; i++) {
- printf("Validating clocksource %s\n",
- clocksource_list[i]);
+ ksft_print_msg("Validating clocksource %s\n",
+ clocksource_list[i]);
if (change_clocksource(clocksource_list[i])) {
status = -1;
goto out;
@@ -169,7 +169,7 @@ int main(int argc, char **argv)
}
}
- printf("Running Asynchronous Switching Tests...\n");
+ ksft_print_msg("Running Asynchronous Switching Tests...\n");
pid = fork();
if (!pid)
return run_tests(runtime);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 088/578] selftests: harness: fix printing of mismatch values in __EXPECT()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 087/578] selftests: timers: clocksource-switch: Adapt progress to kselftest framework Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 089/578] wifi: cfg80211: Handle specific BSSID in 6GHz scanning Greg Kroah-Hartman
` (498 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry V. Levin, Kees Cook,
Shuah Khan, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry V. Levin <ldv@strace.io>
[ Upstream commit 02bc220dc6dc7c56edc4859bc5dd2c08b95d5fb5 ]
intptr_t and uintptr_t are not big enough types on 32-bit architectures
when printing 64-bit values, resulting to the following incorrect
diagnostic output:
# get_syscall_info.c:209:get_syscall_info:Expected exp_args[2] (3134324433) == info.entry.args[1] (3134324433)
Replace intptr_t and uintptr_t with intmax_t and uintmax_t, respectively.
With this fix, the same test produces more usable diagnostic output:
# get_syscall_info.c:209:get_syscall_info:Expected exp_args[2] (3134324433) == info.entry.args[1] (18446744072548908753)
Link: https://lore.kernel.org/r/20250108170757.GA6723@strace.io
Fixes: b5bb6d3068ea ("selftests/seccomp: fix 32-bit build warnings")
Signed-off-by: Dmitry V. Levin <ldv@strace.io>
Reviewed-by: Kees Cook <kees@kernel.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/kselftest_harness.h | 24 ++++++++++-----------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/selftests/kselftest_harness.h
index 584687c3286dd..9d1379da59dfe 100644
--- a/tools/testing/selftests/kselftest_harness.h
+++ b/tools/testing/selftests/kselftest_harness.h
@@ -709,33 +709,33 @@
/* Report with actual signedness to avoid weird output. */ \
switch (is_signed_type(__exp) * 2 + is_signed_type(__seen)) { \
case 0: { \
- unsigned long long __exp_print = (uintptr_t)__exp; \
- unsigned long long __seen_print = (uintptr_t)__seen; \
- __TH_LOG("Expected %s (%llu) %s %s (%llu)", \
+ uintmax_t __exp_print = (uintmax_t)__exp; \
+ uintmax_t __seen_print = (uintmax_t)__seen; \
+ __TH_LOG("Expected %s (%ju) %s %s (%ju)", \
_expected_str, __exp_print, #_t, \
_seen_str, __seen_print); \
break; \
} \
case 1: { \
- unsigned long long __exp_print = (uintptr_t)__exp; \
- long long __seen_print = (intptr_t)__seen; \
- __TH_LOG("Expected %s (%llu) %s %s (%lld)", \
+ uintmax_t __exp_print = (uintmax_t)__exp; \
+ intmax_t __seen_print = (intmax_t)__seen; \
+ __TH_LOG("Expected %s (%ju) %s %s (%jd)", \
_expected_str, __exp_print, #_t, \
_seen_str, __seen_print); \
break; \
} \
case 2: { \
- long long __exp_print = (intptr_t)__exp; \
- unsigned long long __seen_print = (uintptr_t)__seen; \
- __TH_LOG("Expected %s (%lld) %s %s (%llu)", \
+ intmax_t __exp_print = (intmax_t)__exp; \
+ uintmax_t __seen_print = (uintmax_t)__seen; \
+ __TH_LOG("Expected %s (%jd) %s %s (%ju)", \
_expected_str, __exp_print, #_t, \
_seen_str, __seen_print); \
break; \
} \
case 3: { \
- long long __exp_print = (intptr_t)__exp; \
- long long __seen_print = (intptr_t)__seen; \
- __TH_LOG("Expected %s (%lld) %s %s (%lld)", \
+ intmax_t __exp_print = (intmax_t)__exp; \
+ intmax_t __seen_print = (intmax_t)__seen; \
+ __TH_LOG("Expected %s (%jd) %s %s (%jd)", \
_expected_str, __exp_print, #_t, \
_seen_str, __seen_print); \
break; \
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 089/578] wifi: cfg80211: Handle specific BSSID in 6GHz scanning
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 088/578] selftests: harness: fix printing of mismatch values in __EXPECT() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 090/578] wifi: cfg80211: adjust allocation of colocated AP data Greg Kroah-Hartman
` (497 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ilan Peer, Gregory Greenman,
Johannes Berg, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilan Peer <ilan.peer@intel.com>
[ Upstream commit 0fca7784b7a14d4ede64f479662afb98876ec7f8 ]
When the scan parameters for a 6GHz scan specify a unicast
BSSID address, and the corresponding AP is found in the scan
list, add a corresponding entry in the collocated AP list,
so this AP would be directly probed even if it was not
advertised as a collocated AP.
This is needed for handling a scan request that is intended
for a ML probe flow, where user space can requests a scan
to retrieve information for other links in the AP MLD.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230928172905.54b954bc02ad.I1c072793d3d77a4c8fbbc64b4db5cce1bbb00382@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Stable-dep-of: 1a0d24775cde ("wifi: cfg80211: adjust allocation of colocated AP data")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/scan.c | 37 +++++++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 398b6bab4b60e..42514768bcb10 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -799,10 +799,47 @@ static int cfg80211_scan_6ghz(struct cfg80211_registered_device *rdev)
list_for_each_entry(intbss, &rdev->bss_list, list) {
struct cfg80211_bss *res = &intbss->pub;
const struct cfg80211_bss_ies *ies;
+ const struct element *ssid_elem;
+ struct cfg80211_colocated_ap *entry;
+ u32 s_ssid_tmp;
+ int ret;
ies = rcu_access_pointer(res->ies);
count += cfg80211_parse_colocated_ap(ies,
&coloc_ap_list);
+
+ /* In case the scan request specified a specific BSSID
+ * and the BSS is found and operating on 6GHz band then
+ * add this AP to the collocated APs list.
+ * This is relevant for ML probe requests when the lower
+ * band APs have not been discovered.
+ */
+ if (is_broadcast_ether_addr(rdev_req->bssid) ||
+ !ether_addr_equal(rdev_req->bssid, res->bssid) ||
+ res->channel->band != NL80211_BAND_6GHZ)
+ continue;
+
+ ret = cfg80211_calc_short_ssid(ies, &ssid_elem,
+ &s_ssid_tmp);
+ if (ret)
+ continue;
+
+ entry = kzalloc(sizeof(*entry) + IEEE80211_MAX_SSID_LEN,
+ GFP_ATOMIC);
+
+ if (!entry)
+ continue;
+
+ memcpy(entry->bssid, res->bssid, ETH_ALEN);
+ entry->short_ssid = s_ssid_tmp;
+ memcpy(entry->ssid, ssid_elem->data,
+ ssid_elem->datalen);
+ entry->ssid_len = ssid_elem->datalen;
+ entry->short_ssid_valid = true;
+ entry->center_freq = res->channel->center_freq;
+
+ list_add_tail(&entry->list, &coloc_ap_list);
+ count++;
}
spin_unlock_bh(&rdev->bss_lock);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 090/578] wifi: cfg80211: adjust allocation of colocated AP data
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 089/578] wifi: cfg80211: Handle specific BSSID in 6GHz scanning Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 091/578] clk: analogbits: Fix incorrect calculation of vco rate delta Greg Kroah-Hartman
` (496 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Antipov, Johannes Berg,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit 1a0d24775cdee2b8dc14bfa4f4418c930ab1ac57 ]
In 'cfg80211_scan_6ghz()', an instances of 'struct cfg80211_colocated_ap'
are allocated as if they would have 'ssid' as trailing VLA member. Since
this is not so, extra IEEE80211_MAX_SSID_LEN bytes are not needed.
Briefly tested with KUnit.
Fixes: c8cb5b854b40 ("nl80211/cfg80211: support 6 GHz scanning")
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Link: https://patch.msgid.link/20250113155417.552587-1-dmantipov@yandex.ru
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/scan.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 42514768bcb10..810293f160a8c 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -824,9 +824,7 @@ static int cfg80211_scan_6ghz(struct cfg80211_registered_device *rdev)
if (ret)
continue;
- entry = kzalloc(sizeof(*entry) + IEEE80211_MAX_SSID_LEN,
- GFP_ATOMIC);
-
+ entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
if (!entry)
continue;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 091/578] clk: analogbits: Fix incorrect calculation of vco rate delta
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 090/578] wifi: cfg80211: adjust allocation of colocated AP data Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 092/578] pwm: stm32: Add check for clk_enable() Greg Kroah-Hartman
` (495 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Bo Gan, Stephen Boyd, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bo Gan <ganboing@gmail.com>
[ Upstream commit d7f12857f095ef38523399d47e68787b357232f6 ]
In wrpll_configure_for_rate() we try to determine the best PLL
configuration for a target rate. However, in the loop where we try
values of R, we should compare the derived `vco` with `target_vco_rate`.
However, we were in fact comparing it with `target_rate`, which is
actually after Q shift. This is incorrect, and sometimes can result in
suboptimal clock rates. Fix it.
Fixes: 7b9487a9a5c4 ("clk: analogbits: add Wide-Range PLL library")
Signed-off-by: Bo Gan <ganboing@gmail.com>
Link: https://lore.kernel.org/r/20240830061639.2316-1-ganboing@gmail.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/analogbits/wrpll-cln28hpc.c b/drivers/clk/analogbits/wrpll-cln28hpc.c
index 09ca823563993..d8ae392959969 100644
--- a/drivers/clk/analogbits/wrpll-cln28hpc.c
+++ b/drivers/clk/analogbits/wrpll-cln28hpc.c
@@ -291,7 +291,7 @@ int wrpll_configure_for_rate(struct wrpll_cfg *c, u32 target_rate,
vco = vco_pre * f;
}
- delta = abs(target_rate - vco);
+ delta = abs(target_vco_rate - vco);
if (delta < best_delta) {
best_delta = delta;
best_r = r;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 092/578] pwm: stm32: Add check for clk_enable()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 091/578] clk: analogbits: Fix incorrect calculation of vco rate delta Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 093/578] selftests/landlock: Fix error message Greg Kroah-Hartman
` (494 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mingwei Zheng, Jiasheng Jiang,
Uwe Kleine-König, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mingwei Zheng <zmw12306@gmail.com>
[ Upstream commit e8c59791ebb60790c74b2c3ab520f04a8a57219a ]
Add check for the return value of clk_enable() to catch the potential
error.
Fixes: 19f1016ea960 ("pwm: stm32: Fix enable count for clk in .probe()")
Signed-off-by: Mingwei Zheng <zmw12306@gmail.com>
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Link: https://lore.kernel.org/r/20241215224752.220318-1-zmw12306@gmail.com
Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pwm/pwm-stm32.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/pwm/pwm-stm32.c b/drivers/pwm/pwm-stm32.c
index 2070d107c6328..fda7d76f08b1b 100644
--- a/drivers/pwm/pwm-stm32.c
+++ b/drivers/pwm/pwm-stm32.c
@@ -631,8 +631,11 @@ static int stm32_pwm_probe(struct platform_device *pdev)
priv->chip.npwm = stm32_pwm_detect_channels(priv, &num_enabled);
/* Initialize clock refcount to number of enabled PWM channels. */
- for (i = 0; i < num_enabled; i++)
- clk_enable(priv->clk);
+ for (i = 0; i < num_enabled; i++) {
+ ret = clk_enable(priv->clk);
+ if (ret)
+ return ret;
+ }
ret = pwmchip_add(&priv->chip);
if (ret < 0)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 093/578] selftests/landlock: Fix error message
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 092/578] pwm: stm32: Add check for clk_enable() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 094/578] net: let net.core.dev_weight always be non-zero Greg Kroah-Hartman
` (493 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Günther Noack,
Mickaël Salaün, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mickaël Salaün <mic@digikod.net>
[ Upstream commit 2107c35128ad751b201eb92fe91443450d9e5c37 ]
The global variable errno may not be set in test_execute(). Do not use
it in related error message.
Cc: Günther Noack <gnoack@google.com>
Fixes: e1199815b47b ("selftests/landlock: Add user space tests")
Link: https://lore.kernel.org/r/20250108154338.1129069-21-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/landlock/fs_test.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
index f2c3bffa6ea51..864309ebb0b4c 100644
--- a/tools/testing/selftests/landlock/fs_test.c
+++ b/tools/testing/selftests/landlock/fs_test.c
@@ -1775,8 +1775,7 @@ static void test_execute(struct __test_metadata *const _metadata, const int err,
ASSERT_EQ(1, WIFEXITED(status));
ASSERT_EQ(err ? 2 : 0, WEXITSTATUS(status))
{
- TH_LOG("Unexpected return code for \"%s\": %s", path,
- strerror(errno));
+ TH_LOG("Unexpected return code for \"%s\"", path);
};
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 094/578] net: let net.core.dev_weight always be non-zero
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 093/578] selftests/landlock: Fix error message Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 095/578] net/mlxfw: Drop hard coded max FW flash image size Greg Kroah-Hartman
` (492 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Liu Jian, Jakub Kicinski,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit d1f9f79fa2af8e3b45cffdeef66e05833480148a ]
The following problem was encountered during stability test:
(NULL net_device): NAPI poll function process_backlog+0x0/0x530 \
returned 1, exceeding its budget of 0.
------------[ cut here ]------------
list_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \
next=ffff88905f746e40.
WARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \
__list_add_valid_or_report+0xf3/0x130
CPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+
RIP: 0010:__list_add_valid_or_report+0xf3/0x130
Call Trace:
? __warn+0xcd/0x250
? __list_add_valid_or_report+0xf3/0x130
enqueue_to_backlog+0x923/0x1070
netif_rx_internal+0x92/0x2b0
__netif_rx+0x15/0x170
loopback_xmit+0x2ef/0x450
dev_hard_start_xmit+0x103/0x490
__dev_queue_xmit+0xeac/0x1950
ip_finish_output2+0x6cc/0x1620
ip_output+0x161/0x270
ip_push_pending_frames+0x155/0x1a0
raw_sendmsg+0xe13/0x1550
__sys_sendto+0x3bf/0x4e0
__x64_sys_sendto+0xdc/0x1b0
do_syscall_64+0x5b/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
The reproduction command is as follows:
sysctl -w net.core.dev_weight=0
ping 127.0.0.1
This is because when the napi's weight is set to 0, process_backlog() may
return 0 and clear the NAPI_STATE_SCHED bit of napi->state, causing this
napi to be re-polled in net_rx_action() until __do_softirq() times out.
Since the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can
be retriggered in enqueue_to_backlog(), causing this issue.
Making the napi's weight always non-zero solves this problem.
Triggering this issue requires system-wide admin (setting is
not namespaced).
Fixes: e38766054509 ("[NET]: Fix sysctl net.core.dev_weight")
Fixes: 3d48b53fb2ae ("net: dev_weight: TX/RX orthogonality")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Link: https://patch.msgid.link/20250116143053.4146855-1-liujian56@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/sysctl_net_core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index d281d5343ff4a..47ca6d3ddbb56 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -238,7 +238,7 @@ static int proc_do_dev_weight(struct ctl_table *table, int write,
int ret, weight;
mutex_lock(&dev_weight_mutex);
- ret = proc_dointvec(table, write, buffer, lenp, ppos);
+ ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
if (!ret && write) {
weight = READ_ONCE(weight_p);
WRITE_ONCE(dev_rx_weight, weight * dev_weight_rx_bias);
@@ -363,6 +363,7 @@ static struct ctl_table net_core_table[] = {
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_do_dev_weight,
+ .extra1 = SYSCTL_ONE,
},
{
.procname = "dev_weight_rx_bias",
@@ -370,6 +371,7 @@ static struct ctl_table net_core_table[] = {
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_do_dev_weight,
+ .extra1 = SYSCTL_ONE,
},
{
.procname = "dev_weight_tx_bias",
@@ -377,6 +379,7 @@ static struct ctl_table net_core_table[] = {
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_do_dev_weight,
+ .extra1 = SYSCTL_ONE,
},
{
.procname = "netdev_max_backlog",
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 095/578] net/mlxfw: Drop hard coded max FW flash image size
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 094/578] net: let net.core.dev_weight always be non-zero Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 096/578] net: avoid race between device unregistration and ethnl ops Greg Kroah-Hartman
` (491 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maher Sanalla, Moshe Shemesh,
Ido Schimmel, Michal Swiatkowski, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maher Sanalla <msanalla@nvidia.com>
[ Upstream commit 70d81f25cc92cc4e914516c9935ae752f27d78ad ]
Currently, mlxfw kernel module limits FW flash image size to be
10MB at most, preventing the ability to burn recent BlueField-3
FW that exceeds the said size limit.
Thus, drop the hard coded limit. Instead, rely on FW's
max_component_size threshold that is reported in MCQI register
as the size limit for FW image.
Fixes: 410ed13cae39 ("Add the mlxfw module for Mellanox firmware flash process")
Signed-off-by: Maher Sanalla <msanalla@nvidia.com>
Signed-off-by: Moshe Shemesh <moshe@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Link: https://patch.msgid.link/1737030796-1441634-1-git-send-email-moshe@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c b/drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c
index 46245e0b24623..43c84900369a3 100644
--- a/drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c
+++ b/drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c
@@ -14,7 +14,6 @@
#define MLXFW_FSM_STATE_WAIT_TIMEOUT_MS 30000
#define MLXFW_FSM_STATE_WAIT_ROUNDS \
(MLXFW_FSM_STATE_WAIT_TIMEOUT_MS / MLXFW_FSM_STATE_WAIT_CYCLE_MS)
-#define MLXFW_FSM_MAX_COMPONENT_SIZE (10 * (1 << 20))
static const int mlxfw_fsm_state_errno[] = {
[MLXFW_FSM_STATE_ERR_ERROR] = -EIO,
@@ -229,7 +228,6 @@ static int mlxfw_flash_component(struct mlxfw_dev *mlxfw_dev,
return err;
}
- comp_max_size = min_t(u32, comp_max_size, MLXFW_FSM_MAX_COMPONENT_SIZE);
if (comp->data_size > comp_max_size) {
MLXFW_ERR_MSG(mlxfw_dev, extack,
"Component size is bigger than limit", -EINVAL);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 096/578] net: avoid race between device unregistration and ethnl ops
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 095/578] net/mlxfw: Drop hard coded max FW flash image size Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 097/578] net: sched: Disallow replacing of child qdisc from one parent to another Greg Kroah-Hartman
` (490 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Antoine Tenart, Przemek Kitszel,
Edward Cree, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Antoine Tenart <atenart@kernel.org>
[ Upstream commit 12e070eb6964b341b41677fd260af5a305316a1f ]
The following trace can be seen if a device is being unregistered while
its number of channels are being modified.
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120
CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771
RIP: 0010:__mutex_lock+0xc8a/0x1120
Call Trace:
<TASK>
ethtool_check_max_channel+0x1ea/0x880
ethnl_set_channels+0x3c3/0xb10
ethnl_default_set_doit+0x306/0x650
genl_family_rcv_msg_doit+0x1e3/0x2c0
genl_rcv_msg+0x432/0x6f0
netlink_rcv_skb+0x13d/0x3b0
genl_rcv+0x28/0x40
netlink_unicast+0x42e/0x720
netlink_sendmsg+0x765/0xc20
__sys_sendto+0x3ac/0x420
__x64_sys_sendto+0xe0/0x1c0
do_syscall_64+0x95/0x180
entry_SYSCALL_64_after_hwframe+0x76/0x7e
This is because unregister_netdevice_many_notify might run before the
rtnl lock section of ethnl operations, eg. set_channels in the above
example. In this example the rss lock would be destroyed by the device
unregistration path before being used again, but in general running
ethnl operations while dismantle has started is not a good idea.
Fix this by denying any operation on devices being unregistered. A check
was already there in ethnl_ops_begin, but not wide enough.
Note that the same issue cannot be seen on the ioctl version
(__dev_ethtool) because the device reference is retrieved from within
the rtnl lock section there. Once dismantle started, the net device is
unlisted and no reference will be found.
Fixes: dde91ccfa25f ("ethtool: do not perform operations on net devices being unregistered")
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Reviewed-by: Edward Cree <ecree.xilinx@gmail.com>
Link: https://patch.msgid.link/20250116092159.50890-1-atenart@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ethtool/netlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ethtool/netlink.c b/net/ethtool/netlink.c
index fc4ccecf9495c..e5efdf2817eff 100644
--- a/net/ethtool/netlink.c
+++ b/net/ethtool/netlink.c
@@ -41,7 +41,7 @@ int ethnl_ops_begin(struct net_device *dev)
pm_runtime_get_sync(dev->dev.parent);
if (!netif_device_present(dev) ||
- dev->reg_state == NETREG_UNREGISTERING) {
+ dev->reg_state >= NETREG_UNREGISTERING) {
ret = -ENODEV;
goto err;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 097/578] net: sched: Disallow replacing of child qdisc from one parent to another
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 096/578] net: avoid race between device unregistration and ethnl ops Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 098/578] netfilter: nft_flow_offload: update tcp state flags under lock Greg Kroah-Hartman
` (489 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jamal Hadi Salim, Simon Horman,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jamal Hadi Salim <jhs@mojatatu.com>
[ Upstream commit bc50835e83f60f56e9bec2b392fb5544f250fb6f ]
Lion Ackermann was able to create a UAF which can be abused for privilege
escalation with the following script
Step 1. create root qdisc
tc qdisc add dev lo root handle 1:0 drr
step2. a class for packet aggregation do demonstrate uaf
tc class add dev lo classid 1:1 drr
step3. a class for nesting
tc class add dev lo classid 1:2 drr
step4. a class to graft qdisc to
tc class add dev lo classid 1:3 drr
step5.
tc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024
step6.
tc qdisc add dev lo parent 1:2 handle 3:0 drr
step7.
tc class add dev lo classid 3:1 drr
step 8.
tc qdisc add dev lo parent 3:1 handle 4:0 pfifo
step 9. Display the class/qdisc layout
tc class ls dev lo
class drr 1:1 root leaf 2: quantum 64Kb
class drr 1:2 root leaf 3: quantum 64Kb
class drr 3:1 root leaf 4: quantum 64Kb
tc qdisc ls
qdisc drr 1: dev lo root refcnt 2
qdisc plug 2: dev lo parent 1:1
qdisc pfifo 4: dev lo parent 3:1 limit 1000p
qdisc drr 3: dev lo parent 1:2
step10. trigger the bug <=== prevented by this patch
tc qdisc replace dev lo parent 1:3 handle 4:0
step 11. Redisplay again the qdiscs/classes
tc class ls dev lo
class drr 1:1 root leaf 2: quantum 64Kb
class drr 1:2 root leaf 3: quantum 64Kb
class drr 1:3 root leaf 4: quantum 64Kb
class drr 3:1 root leaf 4: quantum 64Kb
tc qdisc ls
qdisc drr 1: dev lo root refcnt 2
qdisc plug 2: dev lo parent 1:1
qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p
qdisc drr 3: dev lo parent 1:2
Observe that a) parent for 4:0 does not change despite the replace request.
There can only be one parent. b) refcount has gone up by two for 4:0 and
c) both class 1:3 and 3:1 are pointing to it.
Step 12. send one packet to plug
echo "" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))
step13. send one packet to the grafted fifo
echo "" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))
step14. lets trigger the uaf
tc class delete dev lo classid 1:3
tc class delete dev lo classid 1:1
The semantics of "replace" is for a del/add _on the same node_ and not
a delete from one node(3:1) and add to another node (1:3) as in step10.
While we could "fix" with a more complex approach there could be
consequences to expectations so the patch takes the preventive approach of
"disallow such config".
Joint work with Lion Ackermann <nnamrec@gmail.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20250116013713.900000-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_api.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index fe053e717260e..cb379849c51a4 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1638,6 +1638,10 @@ static int tc_modify_qdisc(struct sk_buff *skb, struct nlmsghdr *n,
q = qdisc_lookup(dev, tcm->tcm_handle);
if (!q)
goto create_n_graft;
+ if (q->parent != tcm->tcm_parent) {
+ NL_SET_ERR_MSG(extack, "Cannot move an existing qdisc to a different parent");
+ return -EINVAL;
+ }
if (n->nlmsg_flags & NLM_F_EXCL) {
NL_SET_ERR_MSG(extack, "Exclusivity flag on, cannot override");
return -EEXIST;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 098/578] netfilter: nft_flow_offload: update tcp state flags under lock
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 097/578] net: sched: Disallow replacing of child qdisc from one parent to another Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 099/578] net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Greg Kroah-Hartman
` (488 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Westphal, Pablo Neira Ayuso,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 7a4b61406395291ffb7220a10e8951a9a8684819 ]
The conntrack entry is already public, there is a small chance that another
CPU is handling a packet in reply direction and racing with the tcp state
update.
Move this under ct spinlock.
This is done once, when ct is about to be offloaded, so this should
not result in a noticeable performance hit.
Fixes: 8437a6209f76 ("netfilter: nft_flow_offload: set liberal tracking mode for tcp")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nft_flow_offload.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index 7a8707632a815..9d335aa58907d 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -288,6 +288,15 @@ static bool nft_flow_offload_skip(struct sk_buff *skb, int family)
return false;
}
+static void flow_offload_ct_tcp(struct nf_conn *ct)
+{
+ /* conntrack will not see all packets, disable tcp window validation. */
+ spin_lock_bh(&ct->lock);
+ ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
+ ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
+ spin_unlock_bh(&ct->lock);
+}
+
static void nft_flow_offload_eval(const struct nft_expr *expr,
struct nft_regs *regs,
const struct nft_pktinfo *pkt)
@@ -355,11 +364,8 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
goto err_flow_alloc;
flow_offload_route_init(flow, &route);
-
- if (tcph) {
- ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
- ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
- }
+ if (tcph)
+ flow_offload_ct_tcp(ct);
ret = flow_offload_add(flowtable, flow);
if (ret < 0)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 099/578] net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 098/578] netfilter: nft_flow_offload: update tcp state flags under lock Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 100/578] tcp_cubic: fix incorrect HyStart round start detection Greg Kroah-Hartman
` (487 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roger Quadros, Simon Horman,
Siddharth Vadapalli, Jacob Keller, David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Quadros <rogerq@kernel.org>
[ Upstream commit 4395a44acb15850e492dd1de9ec4b6479d96bc80 ]
When getting the IRQ we use k3_udma_glue_tx_get_irq() which returns
negative error value on error. So not NULL check is not sufficient
to deteremine if IRQ is valid. Check that IRQ is greater then zero
to ensure it is valid.
There is no issue at probe time but at runtime user can invoke
.set_channels which results in the following call chain.
am65_cpsw_set_channels()
am65_cpsw_nuss_update_tx_rx_chns()
am65_cpsw_nuss_remove_tx_chns()
am65_cpsw_nuss_init_tx_chns()
At this point if am65_cpsw_nuss_init_tx_chns() fails due to
k3_udma_glue_tx_get_irq() then tx_chn->irq will be set to a
negative value.
Then, at subsequent .set_channels with higher channel count we
will attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()
leading to a kernel warning.
The issue is present in the original commit that introduced this driver,
although there, am65_cpsw_nuss_update_tx_rx_chns() existed as
am65_cpsw_nuss_update_tx_chns().
Fixes: 93a76530316a ("net: ethernet: ti: introduce am65x/j721e gigabit eth subsystem driver")
Signed-off-by: Roger Quadros <rogerq@kernel.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Siddharth Vadapalli <s-vadapalli@ti.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/ti/am65-cpsw-nuss.c b/drivers/net/ethernet/ti/am65-cpsw-nuss.c
index 33df06a2de13a..32828d4ac64ce 100644
--- a/drivers/net/ethernet/ti/am65-cpsw-nuss.c
+++ b/drivers/net/ethernet/ti/am65-cpsw-nuss.c
@@ -1541,7 +1541,7 @@ void am65_cpsw_nuss_remove_tx_chns(struct am65_cpsw_common *common)
for (i = 0; i < common->tx_ch_num; i++) {
struct am65_cpsw_tx_chn *tx_chn = &common->tx_chns[i];
- if (tx_chn->irq)
+ if (tx_chn->irq > 0)
devm_free_irq(dev, tx_chn->irq, tx_chn);
netif_napi_del(&tx_chn->napi_tx);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 100/578] tcp_cubic: fix incorrect HyStart round start detection
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 099/578] net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 101/578] net/rose: prevent integer overflows in rose_setsockopt() Greg Kroah-Hartman
` (486 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mahdi Arghavani, Jason Xing,
Neal Cardwell, Eric Dumazet, Haibo Zhang, David Eyers,
Abbas Arghavani, David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mahdi Arghavani <ma.arghavani@yahoo.com>
[ Upstream commit 25c1a9ca53db5780757e7f53e688b8f916821baa ]
I noticed that HyStart incorrectly marks the start of rounds,
leading to inaccurate measurements of ACK train lengths and
resetting the `ca->sample_cnt` variable. This inaccuracy can impact
HyStart's functionality in terminating exponential cwnd growth during
Slow-Start, potentially degrading TCP performance.
The issue arises because the changes introduced in commit 4e1fddc98d25
("tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows")
moved the caller of the `bictcp_hystart_reset` function inside the `hystart_update` function.
This modification added an additional condition for triggering the caller,
requiring that (tcp_snd_cwnd(tp) >= hystart_low_window) must also
be satisfied before invoking `bictcp_hystart_reset`.
This fix ensures that `bictcp_hystart_reset` is correctly called
at the start of a new round, regardless of the congestion window size.
This is achieved by moving the condition
(tcp_snd_cwnd(tp) >= hystart_low_window)
from before calling `bictcp_hystart_reset` to after it.
I tested with a client and a server connected through two Linux software routers.
In this setup, the minimum RTT was 150 ms, the bottleneck bandwidth was 50 Mbps,
and the bottleneck buffer size was 1 BDP, calculated as (50M / 1514 / 8) * 0.150 = 619 packets.
I conducted the test twice, transferring data from the server to the client for 1.5 seconds.
Before the patch was applied, HYSTART-DELAY stopped the exponential growth of cwnd when
cwnd = 516, and the bottleneck link was not yet saturated (516 < 619).
After the patch was applied, HYSTART-ACK-TRAIN stopped the exponential growth of cwnd when
cwnd = 632, and the bottleneck link was saturated (632 > 619).
In this test, applying the patch resulted in 300 KB more data delivered.
Fixes: 4e1fddc98d25 ("tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows")
Signed-off-by: Mahdi Arghavani <ma.arghavani@yahoo.com>
Reviewed-by: Jason Xing <kerneljasonxing@gmail.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Haibo Zhang <haibo.zhang@otago.ac.nz>
Cc: David Eyers <david.eyers@otago.ac.nz>
Cc: Abbas Arghavani <abbas.arghavani@mdu.se>
Reviewed-by: Neal Cardwell <ncardwell@google.com>
Tested-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_cubic.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/tcp_cubic.c b/net/ipv4/tcp_cubic.c
index 768c10c1f6498..b7c140874d97e 100644
--- a/net/ipv4/tcp_cubic.c
+++ b/net/ipv4/tcp_cubic.c
@@ -392,6 +392,10 @@ static void hystart_update(struct sock *sk, u32 delay)
if (after(tp->snd_una, ca->end_seq))
bictcp_hystart_reset(sk);
+ /* hystart triggers when cwnd is larger than some threshold */
+ if (tcp_snd_cwnd(tp) < hystart_low_window)
+ return;
+
if (hystart_detect & HYSTART_ACK_TRAIN) {
u32 now = bictcp_clock_us(sk);
@@ -467,9 +471,7 @@ static void cubictcp_acked(struct sock *sk, const struct ack_sample *sample)
if (ca->delay_min == 0 || ca->delay_min > delay)
ca->delay_min = delay;
- /* hystart triggers when cwnd is larger than some threshold */
- if (!ca->found && tcp_in_slow_start(tp) && hystart &&
- tcp_snd_cwnd(tp) >= hystart_low_window)
+ if (!ca->found && tcp_in_slow_start(tp) && hystart)
hystart_update(sk, delay);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 101/578] net/rose: prevent integer overflows in rose_setsockopt()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 100/578] tcp_cubic: fix incorrect HyStart round start detection Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 102/578] libbpf: dont adjust USDT semaphore address if .stapsdt.base addr is missing Greg Kroah-Hartman
` (485 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nikita Zhandarovich, Jakub Kicinski,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
[ Upstream commit d640627663bfe7d8963c7615316d7d4ef60f3b0b ]
In case of possible unpredictably large arguments passed to
rose_setsockopt() and multiplied by extra values on top of that,
integer overflows may occur.
Do the safest minimum and fix these issues by checking the
contents of 'opt' and returning -EINVAL if they are too large. Also,
switch to unsigned int and remove useless check for negative 'opt'
in ROSE_IDLE case.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Link: https://patch.msgid.link/20250115164220.19954-1-n.zhandarovich@fintech.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rose/af_rose.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 29b74a569e0b0..8b0f249c94570 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -397,15 +397,15 @@ static int rose_setsockopt(struct socket *sock, int level, int optname,
{
struct sock *sk = sock->sk;
struct rose_sock *rose = rose_sk(sk);
- int opt;
+ unsigned int opt;
if (level != SOL_ROSE)
return -ENOPROTOOPT;
- if (optlen < sizeof(int))
+ if (optlen < sizeof(unsigned int))
return -EINVAL;
- if (copy_from_sockptr(&opt, optval, sizeof(int)))
+ if (copy_from_sockptr(&opt, optval, sizeof(unsigned int)))
return -EFAULT;
switch (optname) {
@@ -414,31 +414,31 @@ static int rose_setsockopt(struct socket *sock, int level, int optname,
return 0;
case ROSE_T1:
- if (opt < 1)
+ if (opt < 1 || opt > UINT_MAX / HZ)
return -EINVAL;
rose->t1 = opt * HZ;
return 0;
case ROSE_T2:
- if (opt < 1)
+ if (opt < 1 || opt > UINT_MAX / HZ)
return -EINVAL;
rose->t2 = opt * HZ;
return 0;
case ROSE_T3:
- if (opt < 1)
+ if (opt < 1 || opt > UINT_MAX / HZ)
return -EINVAL;
rose->t3 = opt * HZ;
return 0;
case ROSE_HOLDBACK:
- if (opt < 1)
+ if (opt < 1 || opt > UINT_MAX / HZ)
return -EINVAL;
rose->hb = opt * HZ;
return 0;
case ROSE_IDLE:
- if (opt < 0)
+ if (opt > UINT_MAX / (60 * HZ))
return -EINVAL;
rose->idle = opt * 60 * HZ;
return 0;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 102/578] libbpf: dont adjust USDT semaphore address if .stapsdt.base addr is missing
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 101/578] net/rose: prevent integer overflows in rose_setsockopt() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 103/578] tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Greg Kroah-Hartman
` (484 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrii Nakryiko, Jiri Olsa,
Alexei Starovoitov, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit 98ebe5ef6f5c4517ba92fb3e56f95827ebea83fd ]
USDT ELF note optionally can record an offset of .stapsdt.base, which is
used to make adjustments to USDT target attach address. Currently,
libbpf will do this address adjustment unconditionally if it finds
.stapsdt.base ELF section in target binary. But there is a corner case
where .stapsdt.base ELF section is present, but specific USDT note
doesn't reference it. In such case, libbpf will basically just add base
address and end up with absolutely incorrect USDT target address.
This adjustment has to be done only if both .stapsdt.sema section is
present and USDT note is recording a reference to it.
Fixes: 74cc6311cec9 ("libbpf: Add USDT notes parsing and resolution logic")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Link: https://lore.kernel.org/r/20241121224558.796110-1-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/usdt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/lib/bpf/usdt.c b/tools/lib/bpf/usdt.c
index af1cb30556b46..b8e83712a5d72 100644
--- a/tools/lib/bpf/usdt.c
+++ b/tools/lib/bpf/usdt.c
@@ -653,7 +653,7 @@ static int collect_usdt_targets(struct usdt_manager *man, Elf *elf, const char *
* [0] https://sourceware.org/systemtap/wiki/UserSpaceProbeImplementation
*/
usdt_abs_ip = note.loc_addr;
- if (base_addr)
+ if (base_addr && note.base_addr)
usdt_abs_ip += base_addr - note.base_addr;
/* When attaching uprobes (which is what USDTs basically are)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 103/578] tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 102/578] libbpf: dont adjust USDT semaphore address if .stapsdt.base addr is missing Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 104/578] libbpf: Fix segfault due to libelf functions not setting errno Greg Kroah-Hartman
` (483 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marco Leogrande, Stanislav Fomichev,
Alexei Starovoitov, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marco Leogrande <leogrande@google.com>
[ Upstream commit e2f0791124a1b6ca8d570110cbd487969d9d41ef ]
Commit f803bcf9208a ("selftests/bpf: Prevent client connect before
server bind in test_tc_tunnel.sh") added code that waits for the
netcat server to start before the netcat client attempts to connect to
it. However, not all calls to 'server_listen' were guarded.
This patch adds the existing 'wait_for_port' guard after the remaining
call to 'server_listen'.
Fixes: f803bcf9208a ("selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh")
Signed-off-by: Marco Leogrande <leogrande@google.com>
Acked-by: Stanislav Fomichev <sdf@fomichev.me>
Link: https://lore.kernel.org/r/20241202204530.1143448-1-leogrande@google.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
index 365a2c7a89bad..8766e88b5a407 100755
--- a/tools/testing/selftests/bpf/test_tc_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -296,6 +296,7 @@ else
client_connect
verify_data
server_listen
+ wait_for_port ${port} ${netcat_opt}
fi
# bpf_skb_net_shrink does not take tunnel flags yet, cannot update L3.
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 104/578] libbpf: Fix segfault due to libelf functions not setting errno
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 103/578] tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 105/578] ASoC: sun4i-spdif: Add clock multiplier settings Greg Kroah-Hartman
` (482 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Quentin Monnet, Andrii Nakryiko,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quentin Monnet <qmo@kernel.org>
[ Upstream commit e10500b69c3f3378f3dcfc8c2fe4cdb74fc844f5 ]
Libelf functions do not set errno on failure. Instead, it relies on its
internal _elf_errno value, that can be retrieved via elf_errno (or the
corresponding message via elf_errmsg()). From "man libelf":
If a libelf function encounters an error it will set an internal
error code that can be retrieved with elf_errno. Each thread
maintains its own separate error code. The meaning of each error
code can be determined with elf_errmsg, which returns a string
describing the error.
As a consequence, libbpf should not return -errno when a function from
libelf fails, because an empty value will not be interpreted as an error
and won't prevent the program to stop. This is visible in
bpf_linker__add_file(), for example, where we call a succession of
functions that rely on libelf:
err = err ?: linker_load_obj_file(linker, filename, opts, &obj);
err = err ?: linker_append_sec_data(linker, &obj);
err = err ?: linker_append_elf_syms(linker, &obj);
err = err ?: linker_append_elf_relos(linker, &obj);
err = err ?: linker_append_btf(linker, &obj);
err = err ?: linker_append_btf_ext(linker, &obj);
If the object file that we try to process is not, in fact, a correct
object file, linker_load_obj_file() may fail with errno not being set,
and return 0. In this case we attempt to run linker_append_elf_sysms()
and may segfault.
This can happen (and was discovered) with bpftool:
$ bpftool gen object output.o sample_ret0.bpf.c
libbpf: failed to get ELF header for sample_ret0.bpf.c: invalid `Elf' handle
zsh: segmentation fault (core dumped) bpftool gen object output.o sample_ret0.bpf.c
Fix the issue by returning a non-null error code (-EINVAL) when libelf
functions fail.
Fixes: faf6ed321cf6 ("libbpf: Add BPF static linker APIs")
Signed-off-by: Quentin Monnet <qmo@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20241205135942.65262-1-qmo@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/linker.c | 22 ++++++++--------------
1 file changed, 8 insertions(+), 14 deletions(-)
diff --git a/tools/lib/bpf/linker.c b/tools/lib/bpf/linker.c
index 7d28f21b007fc..5a99bf6af445b 100644
--- a/tools/lib/bpf/linker.c
+++ b/tools/lib/bpf/linker.c
@@ -567,17 +567,15 @@ static int linker_load_obj_file(struct bpf_linker *linker, const char *filename,
}
obj->elf = elf_begin(obj->fd, ELF_C_READ_MMAP, NULL);
if (!obj->elf) {
- err = -errno;
pr_warn_elf("failed to parse ELF file '%s'", filename);
- return err;
+ return -EINVAL;
}
/* Sanity check ELF file high-level properties */
ehdr = elf64_getehdr(obj->elf);
if (!ehdr) {
- err = -errno;
pr_warn_elf("failed to get ELF header for %s", filename);
- return err;
+ return -EINVAL;
}
if (ehdr->e_ident[EI_DATA] != host_endianness) {
err = -EOPNOTSUPP;
@@ -593,9 +591,8 @@ static int linker_load_obj_file(struct bpf_linker *linker, const char *filename,
}
if (elf_getshdrstrndx(obj->elf, &obj->shstrs_sec_idx)) {
- err = -errno;
pr_warn_elf("failed to get SHSTRTAB section index for %s", filename);
- return err;
+ return -EINVAL;
}
scn = NULL;
@@ -605,26 +602,23 @@ static int linker_load_obj_file(struct bpf_linker *linker, const char *filename,
shdr = elf64_getshdr(scn);
if (!shdr) {
- err = -errno;
pr_warn_elf("failed to get section #%zu header for %s",
sec_idx, filename);
- return err;
+ return -EINVAL;
}
sec_name = elf_strptr(obj->elf, obj->shstrs_sec_idx, shdr->sh_name);
if (!sec_name) {
- err = -errno;
pr_warn_elf("failed to get section #%zu name for %s",
sec_idx, filename);
- return err;
+ return -EINVAL;
}
data = elf_getdata(scn, 0);
if (!data) {
- err = -errno;
pr_warn_elf("failed to get section #%zu (%s) data from %s",
sec_idx, sec_name, filename);
- return err;
+ return -EINVAL;
}
sec = add_src_sec(obj, sec_name);
@@ -2597,14 +2591,14 @@ int bpf_linker__finalize(struct bpf_linker *linker)
/* Finalize ELF layout */
if (elf_update(linker->elf, ELF_C_NULL) < 0) {
- err = -errno;
+ err = -EINVAL;
pr_warn_elf("failed to finalize ELF layout");
return libbpf_err(err);
}
/* Write out final ELF contents */
if (elf_update(linker->elf, ELF_C_WRITE) < 0) {
- err = -errno;
+ err = -EINVAL;
pr_warn_elf("failed to write ELF contents");
return libbpf_err(err);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 105/578] ASoC: sun4i-spdif: Add clock multiplier settings
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 104/578] libbpf: Fix segfault due to libelf functions not setting errno Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 106/578] perf header: Fix one memory leakage in process_bpf_btf() Greg Kroah-Hartman
` (481 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, George Lander, Marcus Cooper,
Mark Brown, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: George Lander <lander@jagmn.com>
[ Upstream commit 0a2319308de88b9e819c0b43d0fccd857123eb31 ]
There have been intermittent issues with the SPDIF output on H3
and H2+ devices which has been fixed by setting the s_clk to 4
times the audio pll.
Add a quirk for the clock multiplier as not every supported SoC
requires it. Without the multiplier, the audio at normal sampling
rates was distorted and did not play at higher sampling rates.
Fixes: 1bd92af877ab ("ASoC: sun4i-spdif: Add support for the H3 SoC")
Signed-off-by: George Lander <lander@jagmn.com>
Signed-off-by: Marcus Cooper <codekipper@gmail.com>
Link: https://patch.msgid.link/20241111165600.57219-2-codekipper@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sunxi/sun4i-spdif.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/sunxi/sun4i-spdif.c b/sound/soc/sunxi/sun4i-spdif.c
index 484b0e7c2defa..84e7b363ac3b1 100644
--- a/sound/soc/sunxi/sun4i-spdif.c
+++ b/sound/soc/sunxi/sun4i-spdif.c
@@ -177,6 +177,7 @@ struct sun4i_spdif_quirks {
unsigned int reg_dac_txdata;
bool has_reset;
unsigned int val_fctl_ftx;
+ unsigned int mclk_multiplier;
};
struct sun4i_spdif_dev {
@@ -314,6 +315,7 @@ static int sun4i_spdif_hw_params(struct snd_pcm_substream *substream,
default:
return -EINVAL;
}
+ mclk *= host->quirks->mclk_multiplier;
ret = clk_set_rate(host->spdif_clk, mclk);
if (ret < 0) {
@@ -348,6 +350,7 @@ static int sun4i_spdif_hw_params(struct snd_pcm_substream *substream,
default:
return -EINVAL;
}
+ mclk_div *= host->quirks->mclk_multiplier;
reg_val = 0;
reg_val |= SUN4I_SPDIF_TXCFG_ASS;
@@ -541,24 +544,28 @@ static struct snd_soc_dai_driver sun4i_spdif_dai = {
static const struct sun4i_spdif_quirks sun4i_a10_spdif_quirks = {
.reg_dac_txdata = SUN4I_SPDIF_TXFIFO,
.val_fctl_ftx = SUN4I_SPDIF_FCTL_FTX,
+ .mclk_multiplier = 1,
};
static const struct sun4i_spdif_quirks sun6i_a31_spdif_quirks = {
.reg_dac_txdata = SUN4I_SPDIF_TXFIFO,
.val_fctl_ftx = SUN4I_SPDIF_FCTL_FTX,
.has_reset = true,
+ .mclk_multiplier = 1,
};
static const struct sun4i_spdif_quirks sun8i_h3_spdif_quirks = {
.reg_dac_txdata = SUN8I_SPDIF_TXFIFO,
.val_fctl_ftx = SUN4I_SPDIF_FCTL_FTX,
.has_reset = true,
+ .mclk_multiplier = 4,
};
static const struct sun4i_spdif_quirks sun50i_h6_spdif_quirks = {
.reg_dac_txdata = SUN8I_SPDIF_TXFIFO,
.val_fctl_ftx = SUN50I_H6_SPDIF_FCTL_FTX,
.has_reset = true,
+ .mclk_multiplier = 1,
};
static const struct of_device_id sun4i_spdif_of_match[] = {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 106/578] perf header: Fix one memory leakage in process_bpf_btf()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 105/578] ASoC: sun4i-spdif: Add clock multiplier settings Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 107/578] perf header: Fix one memory leakage in process_bpf_prog_info() Greg Kroah-Hartman
` (480 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namhyung Kim, Zhongqiu Han,
Adrian Hunter, Alexander Shishkin, Ian Rogers, Ingo Molnar,
James Clark, Jiri Olsa, Kan Liang, Mark Rutland, Peter Zijlstra,
Song Liu, Yicong Yang, Arnaldo Carvalho de Melo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhongqiu Han <quic_zhonhan@quicinc.com>
[ Upstream commit 875d22980a062521beed7b5df71fb13a1af15d83 ]
If __perf_env__insert_btf() returns false due to a duplicate btf node
insertion, the temporary node will leak. Add a check to ensure the memory
is freed if the function returns false.
Fixes: a70a1123174ab592 ("perf bpf: Save BTF information as headers to perf.data")
Reviewed-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Zhongqiu Han <quic_zhonhan@quicinc.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Clark <james.clark@linaro.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <song@kernel.org>
Cc: Yicong Yang <yangyicong@hisilicon.com>
Link: https://lore.kernel.org/r/20241205084500.823660-2-quic_zhonhan@quicinc.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
| 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--git a/tools/perf/util/header.c b/tools/perf/util/header.c
index b2b0293567f07..c4c8a04f3acad 100644
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -3183,7 +3183,8 @@ static int process_bpf_btf(struct feat_fd *ff, void *data __maybe_unused)
if (__do_read(ff, node->data, data_size))
goto out;
- __perf_env__insert_btf(env, node);
+ if (!__perf_env__insert_btf(env, node))
+ free(node);
node = NULL;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 107/578] perf header: Fix one memory leakage in process_bpf_prog_info()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 106/578] perf header: Fix one memory leakage in process_bpf_btf() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 108/578] perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Greg Kroah-Hartman
` (479 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namhyung Kim, Zhongqiu Han,
Adrian Hunter, Alexander Shishkin, Ian Rogers, Ingo Molnar,
James Clark, Jiri Olsa, Kan Liang, Mark Rutland, Peter Zijlstra,
Song Liu, Yicong Yang, Arnaldo Carvalho de Melo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhongqiu Han <quic_zhonhan@quicinc.com>
[ Upstream commit a7da6c7030e1aec32f0a41c7b4fa70ec96042019 ]
Function __perf_env__insert_bpf_prog_info() will return without inserting
bpf prog info node into perf env again due to a duplicate bpf prog info
node insertion, causing the temporary info_linear and info_node memory to
leak. Modify the return type of this function to bool and add a check to
ensure the memory is freed if the function returns false.
Fixes: 606f972b1361f477 ("perf bpf: Save bpf_prog_info information as headers to perf.data")
Reviewed-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Zhongqiu Han <quic_zhonhan@quicinc.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Clark <james.clark@linaro.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <song@kernel.org>
Cc: Yicong Yang <yangyicong@hisilicon.com>
Link: https://lore.kernel.org/r/20241205084500.823660-3-quic_zhonhan@quicinc.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/env.c | 5 +++--
tools/perf/util/env.h | 2 +-
| 5 ++++-
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/tools/perf/util/env.c b/tools/perf/util/env.c
index 5d878bae7d9a5..a0393f9c5fda7 100644
--- a/tools/perf/util/env.c
+++ b/tools/perf/util/env.c
@@ -27,7 +27,7 @@ void perf_env__insert_bpf_prog_info(struct perf_env *env,
up_write(&env->bpf_progs.lock);
}
-void __perf_env__insert_bpf_prog_info(struct perf_env *env, struct bpf_prog_info_node *info_node)
+bool __perf_env__insert_bpf_prog_info(struct perf_env *env, struct bpf_prog_info_node *info_node)
{
__u32 prog_id = info_node->info_linear->info.id;
struct bpf_prog_info_node *node;
@@ -45,13 +45,14 @@ void __perf_env__insert_bpf_prog_info(struct perf_env *env, struct bpf_prog_info
p = &(*p)->rb_right;
} else {
pr_debug("duplicated bpf prog info %u\n", prog_id);
- return;
+ return false;
}
}
rb_link_node(&info_node->rb_node, parent, p);
rb_insert_color(&info_node->rb_node, &env->bpf_progs.infos);
env->bpf_progs.infos_cnt++;
+ return true;
}
struct bpf_prog_info_node *perf_env__find_bpf_prog_info(struct perf_env *env,
diff --git a/tools/perf/util/env.h b/tools/perf/util/env.h
index 359eff51cb85b..7d1360ff79fd8 100644
--- a/tools/perf/util/env.h
+++ b/tools/perf/util/env.h
@@ -164,7 +164,7 @@ const char *perf_env__raw_arch(struct perf_env *env);
int perf_env__nr_cpus_avail(struct perf_env *env);
void perf_env__init(struct perf_env *env);
-void __perf_env__insert_bpf_prog_info(struct perf_env *env,
+bool __perf_env__insert_bpf_prog_info(struct perf_env *env,
struct bpf_prog_info_node *info_node);
void perf_env__insert_bpf_prog_info(struct perf_env *env,
struct bpf_prog_info_node *info_node);
--git a/tools/perf/util/header.c b/tools/perf/util/header.c
index c4c8a04f3acad..f0885d9781cf2 100644
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -3136,7 +3136,10 @@ static int process_bpf_prog_info(struct feat_fd *ff, void *data __maybe_unused)
/* after reading from file, translate offset to address */
bpil_offs_to_addr(info_linear);
info_node->info_linear = info_linear;
- __perf_env__insert_bpf_prog_info(env, info_node);
+ if (!__perf_env__insert_bpf_prog_info(env, info_node)) {
+ free(info_linear);
+ free(info_node);
+ }
}
up_write(&env->bpf_progs.lock);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 108/578] perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 107/578] perf header: Fix one memory leakage in process_bpf_prog_info() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 109/578] ASoC: renesas: rz-ssi: Use only the proper amount of dividers Greg Kroah-Hartman
` (478 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namhyung Kim, Zhongqiu Han,
Adrian Hunter, Alexander Shishkin, Ian Rogers, Ingo Molnar,
James Clark, Jiri Olsa, Kan Liang, Mark Rutland, Peter Zijlstra,
Song Liu, Yicong Yang, Arnaldo Carvalho de Melo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhongqiu Han <quic_zhonhan@quicinc.com>
[ Upstream commit 03edb7020bb920f1935c3f30acad0bb27fdb99af ]
If perf_env__insert_bpf_prog_info() returns false due to a duplicate bpf
prog info node insertion, the temporary info_node and info_linear memory
will leak. Add a check to ensure the memory is freed if the function
returns false.
Fixes: d56354dc49091e33 ("perf tools: Save bpf_prog_info and BTF of new BPF programs")
Reviewed-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Zhongqiu Han <quic_zhonhan@quicinc.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Clark <james.clark@linaro.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <song@kernel.org>
Cc: Yicong Yang <yangyicong@hisilicon.com>
Link: https://lore.kernel.org/r/20241205084500.823660-4-quic_zhonhan@quicinc.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/bpf-event.c | 10 ++++++++--
tools/perf/util/env.c | 8 ++++++--
tools/perf/util/env.h | 2 +-
3 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/tools/perf/util/bpf-event.c b/tools/perf/util/bpf-event.c
index 91c7bfa82a50a..6cc1b9adc65c6 100644
--- a/tools/perf/util/bpf-event.c
+++ b/tools/perf/util/bpf-event.c
@@ -352,7 +352,10 @@ static int perf_event__synthesize_one_bpf_prog(struct perf_session *session,
}
info_node->info_linear = info_linear;
- perf_env__insert_bpf_prog_info(env, info_node);
+ if (!perf_env__insert_bpf_prog_info(env, info_node)) {
+ free(info_linear);
+ free(info_node);
+ }
info_linear = NULL;
/*
@@ -540,7 +543,10 @@ static void perf_env__add_bpf_info(struct perf_env *env, u32 id)
info_node = malloc(sizeof(struct bpf_prog_info_node));
if (info_node) {
info_node->info_linear = info_linear;
- perf_env__insert_bpf_prog_info(env, info_node);
+ if (!perf_env__insert_bpf_prog_info(env, info_node)) {
+ free(info_linear);
+ free(info_node);
+ }
} else
free(info_linear);
diff --git a/tools/perf/util/env.c b/tools/perf/util/env.c
index a0393f9c5fda7..fa08f82f88e7a 100644
--- a/tools/perf/util/env.c
+++ b/tools/perf/util/env.c
@@ -19,12 +19,16 @@ struct perf_env perf_env;
#include "bpf-utils.h"
#include <bpf/libbpf.h>
-void perf_env__insert_bpf_prog_info(struct perf_env *env,
+bool perf_env__insert_bpf_prog_info(struct perf_env *env,
struct bpf_prog_info_node *info_node)
{
+ bool ret;
+
down_write(&env->bpf_progs.lock);
- __perf_env__insert_bpf_prog_info(env, info_node);
+ ret = __perf_env__insert_bpf_prog_info(env, info_node);
up_write(&env->bpf_progs.lock);
+
+ return ret;
}
bool __perf_env__insert_bpf_prog_info(struct perf_env *env, struct bpf_prog_info_node *info_node)
diff --git a/tools/perf/util/env.h b/tools/perf/util/env.h
index 7d1360ff79fd8..bc2d0ef351997 100644
--- a/tools/perf/util/env.h
+++ b/tools/perf/util/env.h
@@ -166,7 +166,7 @@ int perf_env__nr_cpus_avail(struct perf_env *env);
void perf_env__init(struct perf_env *env);
bool __perf_env__insert_bpf_prog_info(struct perf_env *env,
struct bpf_prog_info_node *info_node);
-void perf_env__insert_bpf_prog_info(struct perf_env *env,
+bool perf_env__insert_bpf_prog_info(struct perf_env *env,
struct bpf_prog_info_node *info_node);
struct bpf_prog_info_node *perf_env__find_bpf_prog_info(struct perf_env *env,
__u32 prog_id);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 109/578] ASoC: renesas: rz-ssi: Use only the proper amount of dividers
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 108/578] perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 110/578] ktest.pl: Remove unused declarations in run_bisect_test function Greg Kroah-Hartman
` (477 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Claudiu Beznea, Geert Uytterhoeven,
Mark Brown, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
[ Upstream commit 55c209cd4318c701e6e88e0b2512a0f12dd02a7d ]
There is no need to populate the ckdv[] with invalid dividers as that
part will not be indexed anyway. The ssi->audio_mck/bclk_rate should
always be >= 0. While at it, change the ckdv type as u8, as the divider
128 was previously using the s8 sign bit.
Signed-off-by: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
Fixes: 03e786bd43410fa9 ("ASoC: sh: Add RZ/G2L SSIF-2 driver")
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://patch.msgid.link/20241210170953.2936724-6-claudiu.beznea.uj@bp.renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sh/rz-ssi.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sound/soc/sh/rz-ssi.c b/sound/soc/sh/rz-ssi.c
index 5d6bae33ae34c..468050467bb39 100644
--- a/sound/soc/sh/rz-ssi.c
+++ b/sound/soc/sh/rz-ssi.c
@@ -244,8 +244,7 @@ static void rz_ssi_stream_quit(struct rz_ssi_priv *ssi,
static int rz_ssi_clk_setup(struct rz_ssi_priv *ssi, unsigned int rate,
unsigned int channels)
{
- static s8 ckdv[16] = { 1, 2, 4, 8, 16, 32, 64, 128,
- 6, 12, 24, 48, 96, -1, -1, -1 };
+ static u8 ckdv[] = { 1, 2, 4, 8, 16, 32, 64, 128, 6, 12, 24, 48, 96 };
unsigned int channel_bits = 32; /* System Word Length */
unsigned long bclk_rate = rate * channels * channel_bits;
unsigned int div;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 110/578] ktest.pl: Remove unused declarations in run_bisect_test function
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 109/578] ASoC: renesas: rz-ssi: Use only the proper amount of dividers Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 111/578] crypto: hisilicon/sec2 - optimize the error return process Greg Kroah-Hartman
` (476 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ba Jing, Steven Rostedt, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ba Jing <bajing@cmss.chinamobile.com>
[ Upstream commit 776735b954f49f85fd19e1198efa421fae2ad77c ]
Since $output and $ret are not used in the subsequent code, the declarations
should be removed.
Fixes: a75fececff3c ("ktest: Added sample.conf, new %default option format")
Link: https://lore.kernel.org/20240902130735.6034-1-bajing@cmss.chinamobile.com
Signed-off-by: Ba Jing <bajing@cmss.chinamobile.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/ktest/ktest.pl | 2 --
1 file changed, 2 deletions(-)
diff --git a/tools/testing/ktest/ktest.pl b/tools/testing/ktest/ktest.pl
index 99e17a0a13649..f7f371a91ed97 100755
--- a/tools/testing/ktest/ktest.pl
+++ b/tools/testing/ktest/ktest.pl
@@ -2939,8 +2939,6 @@ sub run_bisect_test {
my $failed = 0;
my $result;
- my $output;
- my $ret;
$in_bisect = 1;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 111/578] crypto: hisilicon/sec2 - optimize the error return process
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 110/578] ktest.pl: Remove unused declarations in run_bisect_test function Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 112/578] crypto: hisilicon/sec2 - fix for aead icv error Greg Kroah-Hartman
` (475 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chenghai Huang, Herbert Xu,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chenghai Huang <huangchenghai2@huawei.com>
[ Upstream commit 1bed82257b1881b689ee41f14ecb4c20a273cac0 ]
Add the printf of an error message and optimized the handling
process of ret.
Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: fd337f852b26 ("crypto: hisilicon/sec2 - fix for aead icv error")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/hisilicon/sec2/sec_crypto.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/hisilicon/sec2/sec_crypto.c b/drivers/crypto/hisilicon/sec2/sec_crypto.c
index 09a20307d01e3..3bfc183a7ec4c 100644
--- a/drivers/crypto/hisilicon/sec2/sec_crypto.c
+++ b/drivers/crypto/hisilicon/sec2/sec_crypto.c
@@ -850,6 +850,7 @@ static int sec_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
ret = sec_skcipher_aes_sm4_setkey(c_ctx, keylen, c_mode);
break;
default:
+ dev_err(dev, "sec c_alg err!\n");
return -EINVAL;
}
@@ -1175,7 +1176,8 @@ static int sec_aead_setkey(struct crypto_aead *tfm, const u8 *key,
return 0;
}
- if (crypto_authenc_extractkeys(&keys, key, keylen))
+ ret = crypto_authenc_extractkeys(&keys, key, keylen);
+ if (ret)
goto bad_key;
ret = sec_aead_aes_set_key(c_ctx, &keys);
@@ -1192,6 +1194,7 @@ static int sec_aead_setkey(struct crypto_aead *tfm, const u8 *key,
if ((ctx->a_ctx.mac_len & SEC_SQE_LEN_RATE_MASK) ||
(ctx->a_ctx.a_key_len & SEC_SQE_LEN_RATE_MASK)) {
+ ret = -EINVAL;
dev_err(dev, "MAC or AUTH key length error!\n");
goto bad_key;
}
@@ -1200,7 +1203,7 @@ static int sec_aead_setkey(struct crypto_aead *tfm, const u8 *key,
bad_key:
memzero_explicit(&keys, sizeof(struct crypto_authenc_keys));
- return -EINVAL;
+ return ret;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 112/578] crypto: hisilicon/sec2 - fix for aead icv error
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 111/578] crypto: hisilicon/sec2 - optimize the error return process Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 113/578] crypto: hisilicon/sec2 - fix for aead invalid authsize Greg Kroah-Hartman
` (474 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wenkai Lin, Chenghai Huang,
Herbert Xu, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wenkai Lin <linwenkai6@hisilicon.com>
[ Upstream commit fd337f852b2677b53d0859a47b58e6e6bd189f30 ]
When the AEAD algorithm is used for encryption or decryption,
the input authentication length varies, the hardware needs to
obtain the input length to pass the integrity check verification.
Currently, the driver uses a fixed authentication length,which
causes decryption failure, so the length configuration is modified.
In addition, the step of setting the auth length is unnecessary,
so it was deleted from the setkey function.
Fixes: 2f072d75d1ab ("crypto: hisilicon - Add aead support on SEC2")
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/hisilicon/sec2/sec.h | 1 -
drivers/crypto/hisilicon/sec2/sec_crypto.c | 101 +++++++++------------
drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 ---
3 files changed, 44 insertions(+), 69 deletions(-)
diff --git a/drivers/crypto/hisilicon/sec2/sec.h b/drivers/crypto/hisilicon/sec2/sec.h
index 410c83712e285..714bfd7c28752 100644
--- a/drivers/crypto/hisilicon/sec2/sec.h
+++ b/drivers/crypto/hisilicon/sec2/sec.h
@@ -90,7 +90,6 @@ struct sec_auth_ctx {
dma_addr_t a_key_dma;
u8 *a_key;
u8 a_key_len;
- u8 mac_len;
u8 a_alg;
bool fallback;
struct crypto_shash *hash_tfm;
diff --git a/drivers/crypto/hisilicon/sec2/sec_crypto.c b/drivers/crypto/hisilicon/sec2/sec_crypto.c
index 3bfc183a7ec4c..2d77b89bedb52 100644
--- a/drivers/crypto/hisilicon/sec2/sec_crypto.c
+++ b/drivers/crypto/hisilicon/sec2/sec_crypto.c
@@ -954,15 +954,14 @@ static int sec_aead_mac_init(struct sec_aead_req *req)
struct aead_request *aead_req = req->aead_req;
struct crypto_aead *tfm = crypto_aead_reqtfm(aead_req);
size_t authsize = crypto_aead_authsize(tfm);
- u8 *mac_out = req->out_mac;
struct scatterlist *sgl = aead_req->src;
+ u8 *mac_out = req->out_mac;
size_t copy_size;
off_t skip_size;
/* Copy input mac */
skip_size = aead_req->assoclen + aead_req->cryptlen - authsize;
- copy_size = sg_pcopy_to_buffer(sgl, sg_nents(sgl), mac_out,
- authsize, skip_size);
+ copy_size = sg_pcopy_to_buffer(sgl, sg_nents(sgl), mac_out, authsize, skip_size);
if (unlikely(copy_size != authsize))
return -EINVAL;
@@ -1144,7 +1143,6 @@ static int sec_aead_fallback_setkey(struct sec_auth_ctx *a_ctx,
static int sec_aead_setkey(struct crypto_aead *tfm, const u8 *key,
const u32 keylen, const enum sec_hash_alg a_alg,
const enum sec_calg c_alg,
- const enum sec_mac_len mac_len,
const enum sec_cmode c_mode)
{
struct sec_ctx *ctx = crypto_aead_ctx(tfm);
@@ -1156,7 +1154,6 @@ static int sec_aead_setkey(struct crypto_aead *tfm, const u8 *key,
ctx->a_ctx.a_alg = a_alg;
ctx->c_ctx.c_alg = c_alg;
- ctx->a_ctx.mac_len = mac_len;
c_ctx->c_mode = c_mode;
if (c_mode == SEC_CMODE_CCM || c_mode == SEC_CMODE_GCM) {
@@ -1192,10 +1189,9 @@ static int sec_aead_setkey(struct crypto_aead *tfm, const u8 *key,
goto bad_key;
}
- if ((ctx->a_ctx.mac_len & SEC_SQE_LEN_RATE_MASK) ||
- (ctx->a_ctx.a_key_len & SEC_SQE_LEN_RATE_MASK)) {
+ if (ctx->a_ctx.a_key_len & SEC_SQE_LEN_RATE_MASK) {
ret = -EINVAL;
- dev_err(dev, "MAC or AUTH key length error!\n");
+ dev_err(dev, "AUTH key length error!\n");
goto bad_key;
}
@@ -1207,27 +1203,19 @@ static int sec_aead_setkey(struct crypto_aead *tfm, const u8 *key,
}
-#define GEN_SEC_AEAD_SETKEY_FUNC(name, aalg, calg, maclen, cmode) \
-static int sec_setkey_##name(struct crypto_aead *tfm, const u8 *key, \
- u32 keylen) \
-{ \
- return sec_aead_setkey(tfm, key, keylen, aalg, calg, maclen, cmode);\
-}
-
-GEN_SEC_AEAD_SETKEY_FUNC(aes_cbc_sha1, SEC_A_HMAC_SHA1,
- SEC_CALG_AES, SEC_HMAC_SHA1_MAC, SEC_CMODE_CBC)
-GEN_SEC_AEAD_SETKEY_FUNC(aes_cbc_sha256, SEC_A_HMAC_SHA256,
- SEC_CALG_AES, SEC_HMAC_SHA256_MAC, SEC_CMODE_CBC)
-GEN_SEC_AEAD_SETKEY_FUNC(aes_cbc_sha512, SEC_A_HMAC_SHA512,
- SEC_CALG_AES, SEC_HMAC_SHA512_MAC, SEC_CMODE_CBC)
-GEN_SEC_AEAD_SETKEY_FUNC(aes_ccm, 0, SEC_CALG_AES,
- SEC_HMAC_CCM_MAC, SEC_CMODE_CCM)
-GEN_SEC_AEAD_SETKEY_FUNC(aes_gcm, 0, SEC_CALG_AES,
- SEC_HMAC_GCM_MAC, SEC_CMODE_GCM)
-GEN_SEC_AEAD_SETKEY_FUNC(sm4_ccm, 0, SEC_CALG_SM4,
- SEC_HMAC_CCM_MAC, SEC_CMODE_CCM)
-GEN_SEC_AEAD_SETKEY_FUNC(sm4_gcm, 0, SEC_CALG_SM4,
- SEC_HMAC_GCM_MAC, SEC_CMODE_GCM)
+#define GEN_SEC_AEAD_SETKEY_FUNC(name, aalg, calg, cmode) \
+static int sec_setkey_##name(struct crypto_aead *tfm, const u8 *key, u32 keylen) \
+{ \
+ return sec_aead_setkey(tfm, key, keylen, aalg, calg, cmode); \
+}
+
+GEN_SEC_AEAD_SETKEY_FUNC(aes_cbc_sha1, SEC_A_HMAC_SHA1, SEC_CALG_AES, SEC_CMODE_CBC)
+GEN_SEC_AEAD_SETKEY_FUNC(aes_cbc_sha256, SEC_A_HMAC_SHA256, SEC_CALG_AES, SEC_CMODE_CBC)
+GEN_SEC_AEAD_SETKEY_FUNC(aes_cbc_sha512, SEC_A_HMAC_SHA512, SEC_CALG_AES, SEC_CMODE_CBC)
+GEN_SEC_AEAD_SETKEY_FUNC(aes_ccm, 0, SEC_CALG_AES, SEC_CMODE_CCM)
+GEN_SEC_AEAD_SETKEY_FUNC(aes_gcm, 0, SEC_CALG_AES, SEC_CMODE_GCM)
+GEN_SEC_AEAD_SETKEY_FUNC(sm4_ccm, 0, SEC_CALG_SM4, SEC_CMODE_CCM)
+GEN_SEC_AEAD_SETKEY_FUNC(sm4_gcm, 0, SEC_CALG_SM4, SEC_CMODE_GCM)
static int sec_aead_sgl_map(struct sec_ctx *ctx, struct sec_req *req)
{
@@ -1476,9 +1464,10 @@ static void sec_skcipher_callback(struct sec_ctx *ctx, struct sec_req *req,
static void set_aead_auth_iv(struct sec_ctx *ctx, struct sec_req *req)
{
struct aead_request *aead_req = req->aead_req.aead_req;
- struct sec_cipher_req *c_req = &req->c_req;
+ struct crypto_aead *tfm = crypto_aead_reqtfm(aead_req);
+ size_t authsize = crypto_aead_authsize(tfm);
struct sec_aead_req *a_req = &req->aead_req;
- size_t authsize = ctx->a_ctx.mac_len;
+ struct sec_cipher_req *c_req = &req->c_req;
u32 data_size = aead_req->cryptlen;
u8 flage = 0;
u8 cm, cl;
@@ -1519,10 +1508,8 @@ static void set_aead_auth_iv(struct sec_ctx *ctx, struct sec_req *req)
static void sec_aead_set_iv(struct sec_ctx *ctx, struct sec_req *req)
{
struct aead_request *aead_req = req->aead_req.aead_req;
- struct crypto_aead *tfm = crypto_aead_reqtfm(aead_req);
- size_t authsize = crypto_aead_authsize(tfm);
- struct sec_cipher_req *c_req = &req->c_req;
struct sec_aead_req *a_req = &req->aead_req;
+ struct sec_cipher_req *c_req = &req->c_req;
memcpy(c_req->c_ivin, aead_req->iv, ctx->c_ctx.ivsize);
@@ -1530,15 +1517,11 @@ static void sec_aead_set_iv(struct sec_ctx *ctx, struct sec_req *req)
/*
* CCM 16Byte Cipher_IV: {1B_Flage,13B_IV,2B_counter},
* the counter must set to 0x01
+ * CCM 16Byte Auth_IV: {1B_AFlage,13B_IV,2B_Ptext_length}
*/
- ctx->a_ctx.mac_len = authsize;
- /* CCM 16Byte Auth_IV: {1B_AFlage,13B_IV,2B_Ptext_length} */
set_aead_auth_iv(ctx, req);
- }
-
- /* GCM 12Byte Cipher_IV == Auth_IV */
- if (ctx->c_ctx.c_mode == SEC_CMODE_GCM) {
- ctx->a_ctx.mac_len = authsize;
+ } else if (ctx->c_ctx.c_mode == SEC_CMODE_GCM) {
+ /* GCM 12Byte Cipher_IV == Auth_IV */
memcpy(a_req->a_ivin, c_req->c_ivin, SEC_AIV_SIZE);
}
}
@@ -1548,9 +1531,11 @@ static void sec_auth_bd_fill_xcm(struct sec_auth_ctx *ctx, int dir,
{
struct sec_aead_req *a_req = &req->aead_req;
struct aead_request *aq = a_req->aead_req;
+ struct crypto_aead *tfm = crypto_aead_reqtfm(aq);
+ size_t authsize = crypto_aead_authsize(tfm);
/* C_ICV_Len is MAC size, 0x4 ~ 0x10 */
- sec_sqe->type2.icvw_kmode |= cpu_to_le16((u16)ctx->mac_len);
+ sec_sqe->type2.icvw_kmode |= cpu_to_le16((u16)authsize);
/* mode set to CCM/GCM, don't set {A_Alg, AKey_Len, MAC_Len} */
sec_sqe->type2.a_key_addr = sec_sqe->type2.c_key_addr;
@@ -1574,9 +1559,11 @@ static void sec_auth_bd_fill_xcm_v3(struct sec_auth_ctx *ctx, int dir,
{
struct sec_aead_req *a_req = &req->aead_req;
struct aead_request *aq = a_req->aead_req;
+ struct crypto_aead *tfm = crypto_aead_reqtfm(aq);
+ size_t authsize = crypto_aead_authsize(tfm);
/* C_ICV_Len is MAC size, 0x4 ~ 0x10 */
- sqe3->c_icv_key |= cpu_to_le16((u16)ctx->mac_len << SEC_MAC_OFFSET_V3);
+ sqe3->c_icv_key |= cpu_to_le16((u16)authsize << SEC_MAC_OFFSET_V3);
/* mode set to CCM/GCM, don't set {A_Alg, AKey_Len, MAC_Len} */
sqe3->a_key_addr = sqe3->c_key_addr;
@@ -1600,11 +1587,12 @@ static void sec_auth_bd_fill_ex(struct sec_auth_ctx *ctx, int dir,
struct sec_aead_req *a_req = &req->aead_req;
struct sec_cipher_req *c_req = &req->c_req;
struct aead_request *aq = a_req->aead_req;
+ struct crypto_aead *tfm = crypto_aead_reqtfm(aq);
+ size_t authsize = crypto_aead_authsize(tfm);
sec_sqe->type2.a_key_addr = cpu_to_le64(ctx->a_key_dma);
- sec_sqe->type2.mac_key_alg =
- cpu_to_le32(ctx->mac_len / SEC_SQE_LEN_RATE);
+ sec_sqe->type2.mac_key_alg = cpu_to_le32(authsize / SEC_SQE_LEN_RATE);
sec_sqe->type2.mac_key_alg |=
cpu_to_le32((u32)((ctx->a_key_len) /
@@ -1654,11 +1642,13 @@ static void sec_auth_bd_fill_ex_v3(struct sec_auth_ctx *ctx, int dir,
struct sec_aead_req *a_req = &req->aead_req;
struct sec_cipher_req *c_req = &req->c_req;
struct aead_request *aq = a_req->aead_req;
+ struct crypto_aead *tfm = crypto_aead_reqtfm(aq);
+ size_t authsize = crypto_aead_authsize(tfm);
sqe3->a_key_addr = cpu_to_le64(ctx->a_key_dma);
sqe3->auth_mac_key |=
- cpu_to_le32((u32)(ctx->mac_len /
+ cpu_to_le32((u32)(authsize /
SEC_SQE_LEN_RATE) << SEC_MAC_OFFSET_V3);
sqe3->auth_mac_key |=
@@ -1709,9 +1699,9 @@ static void sec_aead_callback(struct sec_ctx *c, struct sec_req *req, int err)
{
struct aead_request *a_req = req->aead_req.aead_req;
struct crypto_aead *tfm = crypto_aead_reqtfm(a_req);
+ size_t authsize = crypto_aead_authsize(tfm);
struct sec_aead_req *aead_req = &req->aead_req;
struct sec_cipher_req *c_req = &req->c_req;
- size_t authsize = crypto_aead_authsize(tfm);
struct sec_qp_ctx *qp_ctx = req->qp_ctx;
struct aead_request *backlog_aead_req;
struct sec_req *backlog_req;
@@ -1724,10 +1714,8 @@ static void sec_aead_callback(struct sec_ctx *c, struct sec_req *req, int err)
if (!err && c_req->encrypt) {
struct scatterlist *sgl = a_req->dst;
- sz = sg_pcopy_from_buffer(sgl, sg_nents(sgl),
- aead_req->out_mac,
- authsize, a_req->cryptlen +
- a_req->assoclen);
+ sz = sg_pcopy_from_buffer(sgl, sg_nents(sgl), aead_req->out_mac,
+ authsize, a_req->cryptlen + a_req->assoclen);
if (unlikely(sz != authsize)) {
dev_err(c->dev, "copy out mac err!\n");
err = -EINVAL;
@@ -2267,7 +2255,7 @@ static int sec_aead_spec_check(struct sec_ctx *ctx, struct sec_req *sreq)
{
struct aead_request *req = sreq->aead_req.aead_req;
struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- size_t authsize = crypto_aead_authsize(tfm);
+ size_t sz = crypto_aead_authsize(tfm);
u8 c_mode = ctx->c_ctx.c_mode;
struct device *dev = ctx->dev;
int ret;
@@ -2278,9 +2266,8 @@ static int sec_aead_spec_check(struct sec_ctx *ctx, struct sec_req *sreq)
return -EINVAL;
}
- if (unlikely((c_mode == SEC_CMODE_GCM && authsize < DES_BLOCK_SIZE) ||
- (c_mode == SEC_CMODE_CCM && (authsize < MIN_MAC_LEN ||
- authsize & MAC_LEN_MASK)))) {
+ if (unlikely((c_mode == SEC_CMODE_GCM && sz < DES_BLOCK_SIZE) ||
+ (c_mode == SEC_CMODE_CCM && (sz < MIN_MAC_LEN || sz & MAC_LEN_MASK)))) {
dev_err(dev, "aead input mac length error!\n");
return -EINVAL;
}
@@ -2300,7 +2287,7 @@ static int sec_aead_spec_check(struct sec_ctx *ctx, struct sec_req *sreq)
if (sreq->c_req.encrypt)
sreq->c_req.c_len = req->cryptlen;
else
- sreq->c_req.c_len = req->cryptlen - authsize;
+ sreq->c_req.c_len = req->cryptlen - sz;
if (c_mode == SEC_CMODE_CBC) {
if (unlikely(sreq->c_req.c_len & (AES_BLOCK_SIZE - 1))) {
dev_err(dev, "aead crypto length error!\n");
@@ -2326,7 +2313,7 @@ static int sec_aead_param_check(struct sec_ctx *ctx, struct sec_req *sreq)
if (ctx->sec->qm.ver == QM_HW_V2) {
if (unlikely(!req->cryptlen || (!sreq->c_req.encrypt &&
- req->cryptlen <= authsize))) {
+ req->cryptlen <= authsize))) {
ctx->a_ctx.fallback = true;
return -EINVAL;
}
diff --git a/drivers/crypto/hisilicon/sec2/sec_crypto.h b/drivers/crypto/hisilicon/sec2/sec_crypto.h
index d033f63b583f8..db3fceb88e693 100644
--- a/drivers/crypto/hisilicon/sec2/sec_crypto.h
+++ b/drivers/crypto/hisilicon/sec2/sec_crypto.h
@@ -23,17 +23,6 @@ enum sec_hash_alg {
SEC_A_HMAC_SHA512 = 0x15,
};
-enum sec_mac_len {
- SEC_HMAC_CCM_MAC = 16,
- SEC_HMAC_GCM_MAC = 16,
- SEC_SM3_MAC = 32,
- SEC_HMAC_SM3_MAC = 32,
- SEC_HMAC_MD5_MAC = 16,
- SEC_HMAC_SHA1_MAC = 20,
- SEC_HMAC_SHA256_MAC = 32,
- SEC_HMAC_SHA512_MAC = 64,
-};
-
enum sec_cmode {
SEC_CMODE_ECB = 0x0,
SEC_CMODE_CBC = 0x1,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 113/578] crypto: hisilicon/sec2 - fix for aead invalid authsize
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 112/578] crypto: hisilicon/sec2 - fix for aead icv error Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 114/578] crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() Greg Kroah-Hartman
` (473 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wenkai Lin, Chenghai Huang,
Herbert Xu, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wenkai Lin <linwenkai6@hisilicon.com>
[ Upstream commit a5a9d959936499a3106a1bf3b9070875d0d3dec4 ]
When the digest alg is HMAC-SHAx or another, the authsize may be less
than 4 bytes and mac_len of the BD is set to zero, the hardware considers
it a BD configuration error and reports a ras error, so the sec driver
needs to switch to software calculation in this case, this patch add a
check for it and remove unnecessary check that has been done by crypto.
Fixes: 2f072d75d1ab ("crypto: hisilicon - Add aead support on SEC2")
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/hisilicon/sec2/sec.h | 2 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 64 +++++++++++-----------
2 files changed, 34 insertions(+), 32 deletions(-)
diff --git a/drivers/crypto/hisilicon/sec2/sec.h b/drivers/crypto/hisilicon/sec2/sec.h
index 714bfd7c28752..30c2b1a64695c 100644
--- a/drivers/crypto/hisilicon/sec2/sec.h
+++ b/drivers/crypto/hisilicon/sec2/sec.h
@@ -37,6 +37,7 @@ struct sec_aead_req {
u8 *a_ivin;
dma_addr_t a_ivin_dma;
struct aead_request *aead_req;
+ bool fallback;
};
/* SEC request of Crypto */
@@ -91,7 +92,6 @@ struct sec_auth_ctx {
u8 *a_key;
u8 a_key_len;
u8 a_alg;
- bool fallback;
struct crypto_shash *hash_tfm;
struct crypto_aead *fallback_aead_tfm;
};
diff --git a/drivers/crypto/hisilicon/sec2/sec_crypto.c b/drivers/crypto/hisilicon/sec2/sec_crypto.c
index 2d77b89bedb52..55b95968ecb70 100644
--- a/drivers/crypto/hisilicon/sec2/sec_crypto.c
+++ b/drivers/crypto/hisilicon/sec2/sec_crypto.c
@@ -1124,10 +1124,7 @@ static int sec_aead_setauthsize(struct crypto_aead *aead, unsigned int authsize)
struct sec_ctx *ctx = crypto_tfm_ctx(tfm);
struct sec_auth_ctx *a_ctx = &ctx->a_ctx;
- if (unlikely(a_ctx->fallback_aead_tfm))
- return crypto_aead_setauthsize(a_ctx->fallback_aead_tfm, authsize);
-
- return 0;
+ return crypto_aead_setauthsize(a_ctx->fallback_aead_tfm, authsize);
}
static int sec_aead_fallback_setkey(struct sec_auth_ctx *a_ctx,
@@ -1164,13 +1161,7 @@ static int sec_aead_setkey(struct crypto_aead *tfm, const u8 *key,
}
memcpy(c_ctx->c_key, key, keylen);
- if (unlikely(a_ctx->fallback_aead_tfm)) {
- ret = sec_aead_fallback_setkey(a_ctx, tfm, key, keylen);
- if (ret)
- return ret;
- }
-
- return 0;
+ return sec_aead_fallback_setkey(a_ctx, tfm, key, keylen);
}
ret = crypto_authenc_extractkeys(&keys, key, keylen);
@@ -1195,6 +1186,12 @@ static int sec_aead_setkey(struct crypto_aead *tfm, const u8 *key,
goto bad_key;
}
+ ret = sec_aead_fallback_setkey(a_ctx, tfm, key, keylen);
+ if (ret) {
+ dev_err(dev, "set sec fallback key err!\n");
+ goto bad_key;
+ }
+
return 0;
bad_key:
@@ -1924,8 +1921,10 @@ static void sec_aead_exit(struct crypto_aead *tfm)
static int sec_aead_ctx_init(struct crypto_aead *tfm, const char *hash_name)
{
+ struct aead_alg *alg = crypto_aead_alg(tfm);
struct sec_ctx *ctx = crypto_aead_ctx(tfm);
- struct sec_auth_ctx *auth_ctx = &ctx->a_ctx;
+ struct sec_auth_ctx *a_ctx = &ctx->a_ctx;
+ const char *aead_name = alg->base.cra_name;
int ret;
ret = sec_aead_init(tfm);
@@ -1934,11 +1933,20 @@ static int sec_aead_ctx_init(struct crypto_aead *tfm, const char *hash_name)
return ret;
}
- auth_ctx->hash_tfm = crypto_alloc_shash(hash_name, 0, 0);
- if (IS_ERR(auth_ctx->hash_tfm)) {
+ a_ctx->hash_tfm = crypto_alloc_shash(hash_name, 0, 0);
+ if (IS_ERR(a_ctx->hash_tfm)) {
dev_err(ctx->dev, "aead alloc shash error!\n");
sec_aead_exit(tfm);
- return PTR_ERR(auth_ctx->hash_tfm);
+ return PTR_ERR(a_ctx->hash_tfm);
+ }
+
+ a_ctx->fallback_aead_tfm = crypto_alloc_aead(aead_name, 0,
+ CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC);
+ if (IS_ERR(a_ctx->fallback_aead_tfm)) {
+ dev_err(ctx->dev, "aead driver alloc fallback tfm error!\n");
+ crypto_free_shash(ctx->a_ctx.hash_tfm);
+ sec_aead_exit(tfm);
+ return PTR_ERR(a_ctx->fallback_aead_tfm);
}
return 0;
@@ -1948,6 +1956,7 @@ static void sec_aead_ctx_exit(struct crypto_aead *tfm)
{
struct sec_ctx *ctx = crypto_aead_ctx(tfm);
+ crypto_free_aead(ctx->a_ctx.fallback_aead_tfm);
crypto_free_shash(ctx->a_ctx.hash_tfm);
sec_aead_exit(tfm);
}
@@ -1974,7 +1983,6 @@ static int sec_aead_xcm_ctx_init(struct crypto_aead *tfm)
sec_aead_exit(tfm);
return PTR_ERR(a_ctx->fallback_aead_tfm);
}
- a_ctx->fallback = false;
return 0;
}
@@ -2260,15 +2268,15 @@ static int sec_aead_spec_check(struct sec_ctx *ctx, struct sec_req *sreq)
struct device *dev = ctx->dev;
int ret;
- if (unlikely(req->cryptlen + req->assoclen > MAX_INPUT_DATA_LEN ||
- req->assoclen > SEC_MAX_AAD_LEN)) {
- dev_err(dev, "aead input spec error!\n");
+ /* Hardware does not handle cases where authsize is less than 4 bytes */
+ if (unlikely(sz < MIN_MAC_LEN)) {
+ sreq->aead_req.fallback = true;
return -EINVAL;
}
- if (unlikely((c_mode == SEC_CMODE_GCM && sz < DES_BLOCK_SIZE) ||
- (c_mode == SEC_CMODE_CCM && (sz < MIN_MAC_LEN || sz & MAC_LEN_MASK)))) {
- dev_err(dev, "aead input mac length error!\n");
+ if (unlikely(req->cryptlen + req->assoclen > MAX_INPUT_DATA_LEN ||
+ req->assoclen > SEC_MAX_AAD_LEN)) {
+ dev_err(dev, "aead input spec error!\n");
return -EINVAL;
}
@@ -2314,7 +2322,7 @@ static int sec_aead_param_check(struct sec_ctx *ctx, struct sec_req *sreq)
if (ctx->sec->qm.ver == QM_HW_V2) {
if (unlikely(!req->cryptlen || (!sreq->c_req.encrypt &&
req->cryptlen <= authsize))) {
- ctx->a_ctx.fallback = true;
+ sreq->aead_req.fallback = true;
return -EINVAL;
}
}
@@ -2342,16 +2350,9 @@ static int sec_aead_soft_crypto(struct sec_ctx *ctx,
bool encrypt)
{
struct sec_auth_ctx *a_ctx = &ctx->a_ctx;
- struct device *dev = ctx->dev;
struct aead_request *subreq;
int ret;
- /* Kunpeng920 aead mode not support input 0 size */
- if (!a_ctx->fallback_aead_tfm) {
- dev_err(dev, "aead fallback tfm is NULL!\n");
- return -EINVAL;
- }
-
subreq = aead_request_alloc(a_ctx->fallback_aead_tfm, GFP_KERNEL);
if (!subreq)
return -ENOMEM;
@@ -2383,10 +2384,11 @@ static int sec_aead_crypto(struct aead_request *a_req, bool encrypt)
req->aead_req.aead_req = a_req;
req->c_req.encrypt = encrypt;
req->ctx = ctx;
+ req->aead_req.fallback = false;
ret = sec_aead_param_check(ctx, req);
if (unlikely(ret)) {
- if (ctx->a_ctx.fallback)
+ if (req->aead_req.fallback)
return sec_aead_soft_crypto(ctx, a_req, encrypt);
return -EINVAL;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 114/578] crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 113/578] crypto: hisilicon/sec2 - fix for aead invalid authsize Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 115/578] padata: fix sysfs store callback check Greg Kroah-Hartman
` (472 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Joe Hattori, Herbert Xu, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit 472a989029aac2b78ef2f0b18b27c568bf76d104 ]
init_ixp_crypto() calls of_parse_phandle_with_fixed_args() multiple
times, but does not release all the obtained refcounts. Fix it by adding
of_node_put() calls.
This bug was found by an experimental static analysis tool that I am
developing.
Fixes: 76f24b4f46b8 ("crypto: ixp4xx - Add device tree support")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/ixp4xx_crypto.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c
index d39a386b31ac7..cfb149302e0a9 100644
--- a/drivers/crypto/ixp4xx_crypto.c
+++ b/drivers/crypto/ixp4xx_crypto.c
@@ -469,6 +469,7 @@ static int init_ixp_crypto(struct device *dev)
return -ENODEV;
}
npe_id = npe_spec.args[0];
+ of_node_put(npe_spec.np);
ret = of_parse_phandle_with_fixed_args(np, "queue-rx", 1, 0,
&queue_spec);
@@ -477,6 +478,7 @@ static int init_ixp_crypto(struct device *dev)
return -ENODEV;
}
recv_qid = queue_spec.args[0];
+ of_node_put(queue_spec.np);
ret = of_parse_phandle_with_fixed_args(np, "queue-txready", 1, 0,
&queue_spec);
@@ -485,6 +487,7 @@ static int init_ixp_crypto(struct device *dev)
return -ENODEV;
}
send_qid = queue_spec.args[0];
+ of_node_put(queue_spec.np);
} else {
/*
* Hardcoded engine when using platform data, this goes away
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 115/578] padata: fix sysfs store callback check
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 114/578] crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() Greg Kroah-Hartman
@ 2025-02-19 8:21 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 116/578] perf top: Dont complain about lack of vmlinux when not resolving some kernel samples Greg Kroah-Hartman
` (471 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Weißschuh, Herbert Xu,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Weißschuh <linux@weissschuh.net>
[ Upstream commit 9ff6e943bce67d125781fe4780a5d6f072dc44c0 ]
padata_sysfs_store() was copied from padata_sysfs_show() but this check
was not adapted. Today there is no attribute which can fail this
check, but if there is one it may as well be correct.
Fixes: 5e017dc3f8bc ("padata: Added sysfs primitives to padata subsystem")
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/padata.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/padata.c b/kernel/padata.c
index 3e7bf1bbc6c26..46b75d6b3618c 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -959,7 +959,7 @@ static ssize_t padata_sysfs_store(struct kobject *kobj, struct attribute *attr,
pinst = kobj2pinst(kobj);
pentry = attr2pentry(attr);
- if (pentry->show)
+ if (pentry->store)
ret = pentry->store(pinst, attr, buf, count);
return ret;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 116/578] perf top: Dont complain about lack of vmlinux when not resolving some kernel samples
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2025-02-19 8:21 ` [PATCH 6.1 115/578] padata: fix sysfs store callback check Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 117/578] perf namespaces: Introduce nsinfo__set_in_pidns() Greg Kroah-Hartman
` (470 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namhyung Kim, Adrian Hunter,
Ian Rogers, Christophe Leroy, James Clark, Jiri Olsa, Kan Liang,
Arnaldo Carvalho de Melo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 058b38ccd2af9e5c95590b018e8425fa148d7aca ]
Recently we got a case where a kernel sample wasn't being resolved due
to a bug that was not setting the end address on kernel functions
implemented in assembly (see Link: tag), and then those were not being
found by machine__resolve() -> map__find_symbol().
So we ended up with:
# perf top --stdio
PerfTop: 0 irqs/s kernel: 0% exact: 0% lost: 0/0 drop: 0/0 [cycles/P]
-----------------------------------------------------------------------
Warning:
A vmlinux file was not found.
Kernel samples will not be resolved.
^Z
[1]+ Stopped perf top --stdio
#
But then resolving all other kernel symbols.
So just fixup the logic to only print that warning when there are no
symbols in the kernel map.
Fixes: d88205db9caa0e9d ("perf dso: Add dso__has_symbols() method")
Reviewed-by: Namhyung Kim <namhyung@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: James Clark <james.clark@linaro.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Link: https://lore.kernel.org/lkml/Z3buKhcCsZi3_aGb@x1
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-top.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/builtin-top.c b/tools/perf/builtin-top.c
index f9917848cdad0..d24e495062a84 100644
--- a/tools/perf/builtin-top.c
+++ b/tools/perf/builtin-top.c
@@ -807,7 +807,7 @@ static void perf_event__process_sample(struct perf_tool *tool,
* invalid --vmlinux ;-)
*/
if (!machine->kptr_restrict_warned && !top->vmlinux_warned &&
- __map__is_kernel(al.map) && map__has_symbols(al.map)) {
+ __map__is_kernel(al.map) && !map__has_symbols(al.map)) {
if (symbol_conf.vmlinux_name) {
char serr[256];
dso__strerror_load(al.map->dso, serr, sizeof(serr));
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 117/578] perf namespaces: Introduce nsinfo__set_in_pidns()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 116/578] perf top: Dont complain about lack of vmlinux when not resolving some kernel samples Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 118/578] perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool Greg Kroah-Hartman
` (469 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Francesco Nigro, Ilan Green,
Adrian Hunter, Clark Williams, Ian Rogers, Ingo Molnar,
James Clark, Jiri Olsa, Kan Liang, Namhyung Kim, Stephane Eranian,
Thomas Gleixner, Yonatan Goldschmidt, Arnaldo Carvalho de Melo,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 9c6a585d257f6845731f4e36b45fe42b5c3162f5 ]
When we're processing a perf.data file we will, for every thread in that
file do a machine__findnew_thread(machine, pid, tid) that when that pid
is seen for the first time will create a 'struct thread' representing
it.
That in turn will call nsinfo__new() -> nsinfo__init() and there it will
assume we're running live, which is wrong and will need to be addressed
in a followup patch.
The nsinfo__new() assumes that if we can't access that thread it has
already finished and will ignore the -1 return from nsinfo__init(), just
taking notes to avoid trying to enter in that namespace, since it isn't
there anymore, a race.
When doing this from 'perf inject', tho, we can fill in parts of that
nsinfo from what we get from the PERF_RECORD_MMAP2 (pid, tid) and in the
jitdump file name, that has the form of jit-<PID>.dump.
So if the pid in the jitdump file name is not the one in the
PERF_RECORD_MMAP2, we can assume that its the pid of the process
_inside_ the namespace, and that perf was runing outside that namespace.
This will be done in the following patch.
Reported-by: Francesco Nigro <fnigro@redhat.com>
Reported-by: Ilan Green <igreen@redhat.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Clark Williams <williams@redhat.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: James Clark <james.clark@linaro.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yonatan Goldschmidt <yonatan.goldschmidt@granulate.io>
Link: https://lore.kernel.org/r/20241206204828.507527-4-acme@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Stable-dep-of: 64a7617efd5a ("perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/namespaces.c | 5 +++++
tools/perf/util/namespaces.h | 1 +
2 files changed, 6 insertions(+)
diff --git a/tools/perf/util/namespaces.c b/tools/perf/util/namespaces.c
index dd536220cdb9e..fe59c2b9cd624 100644
--- a/tools/perf/util/namespaces.c
+++ b/tools/perf/util/namespaces.c
@@ -242,6 +242,11 @@ pid_t nsinfo__in_pidns(const struct nsinfo *nsi)
return nsi->in_pidns;
}
+void nsinfo__set_in_pidns(struct nsinfo *nsi)
+{
+ RC_CHK_ACCESS(nsi)->in_pidns = true;
+}
+
void nsinfo__mountns_enter(struct nsinfo *nsi,
struct nscookie *nc)
{
diff --git a/tools/perf/util/namespaces.h b/tools/perf/util/namespaces.h
index 567829262c428..62a9145a6ffba 100644
--- a/tools/perf/util/namespaces.h
+++ b/tools/perf/util/namespaces.h
@@ -58,6 +58,7 @@ pid_t nsinfo__tgid(const struct nsinfo *nsi);
pid_t nsinfo__nstgid(const struct nsinfo *nsi);
pid_t nsinfo__pid(const struct nsinfo *nsi);
pid_t nsinfo__in_pidns(const struct nsinfo *nsi);
+void nsinfo__set_in_pidns(struct nsinfo *nsi);
void nsinfo__mountns_enter(struct nsinfo *nsi, struct nscookie *nc);
void nsinfo__mountns_exit(struct nscookie *nc);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 118/578] perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 117/578] perf namespaces: Introduce nsinfo__set_in_pidns() Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 119/578] ASoC: Intel: avs: Fix theoretical infinite loop Greg Kroah-Hartman
` (468 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Francesco Nigro, Ilan Green,
Adrian Hunter, Clark Williams, Ian Rogers, Ingo Molnar,
James Clark, Jiri Olsa, Kan Liang, Namhyung Kim, Stephane Eranian,
Thomas Gleixner, Yonatan Goldschmidt, Arnaldo Carvalho de Melo,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 64a7617efd5ae1d57a75e464d7134eec947c3fe3 ]
When adding support for refconunt checking a cut'n'paste made this
function, that is just an accessor to a bool member of 'struct nsinfo',
return a pid_t, when that member is a boolean, fix it.
Fixes: bcaf0a97858de7ab ("perf namespaces: Add functions to access nsinfo")
Reported-by: Francesco Nigro <fnigro@redhat.com>
Reported-by: Ilan Green <igreen@redhat.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Clark Williams <williams@redhat.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: James Clark <james.clark@linaro.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yonatan Goldschmidt <yonatan.goldschmidt@granulate.io>
Link: https://lore.kernel.org/r/20241206204828.507527-6-acme@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/namespaces.c | 2 +-
tools/perf/util/namespaces.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/perf/util/namespaces.c b/tools/perf/util/namespaces.c
index fe59c2b9cd624..33cf78a4a28b5 100644
--- a/tools/perf/util/namespaces.c
+++ b/tools/perf/util/namespaces.c
@@ -237,7 +237,7 @@ pid_t nsinfo__pid(const struct nsinfo *nsi)
return nsi->pid;
}
-pid_t nsinfo__in_pidns(const struct nsinfo *nsi)
+bool nsinfo__in_pidns(const struct nsinfo *nsi)
{
return nsi->in_pidns;
}
diff --git a/tools/perf/util/namespaces.h b/tools/perf/util/namespaces.h
index 62a9145a6ffba..c108972a97ef5 100644
--- a/tools/perf/util/namespaces.h
+++ b/tools/perf/util/namespaces.h
@@ -57,7 +57,7 @@ void nsinfo__clear_need_setns(struct nsinfo *nsi);
pid_t nsinfo__tgid(const struct nsinfo *nsi);
pid_t nsinfo__nstgid(const struct nsinfo *nsi);
pid_t nsinfo__pid(const struct nsinfo *nsi);
-pid_t nsinfo__in_pidns(const struct nsinfo *nsi);
+bool nsinfo__in_pidns(const struct nsinfo *nsi);
void nsinfo__set_in_pidns(struct nsinfo *nsi);
void nsinfo__mountns_enter(struct nsinfo *nsi, struct nscookie *nc);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 119/578] ASoC: Intel: avs: Fix theoretical infinite loop
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 118/578] perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 120/578] perf report: Fix misleading help message about --demangle Greg Kroah-Hartman
` (467 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cezary Rojewski, Mark Brown,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cezary Rojewski <cezary.rojewski@intel.com>
[ Upstream commit cf4d74256fe103ece7b2647550e6c063048e5682 ]
While 'stack_dump_size' is a u32 bitfield of 16 bits, u32 has a bigger
upper bound than the type u16 of loop counter 'offset' what in theory
may lead to infinite loop condition.
Found out by Coverity static analyzer.
Fixes: c8c960c10971 ("ASoC: Intel: avs: APL-based platforms support")
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://patch.msgid.link/20250109122216.3667847-4-cezary.rojewski@intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/avs/apl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/intel/avs/apl.c b/sound/soc/intel/avs/apl.c
index f366478a875de..c4a0b9104151e 100644
--- a/sound/soc/intel/avs/apl.c
+++ b/sound/soc/intel/avs/apl.c
@@ -112,7 +112,7 @@ static int apl_coredump(struct avs_dev *adev, union avs_notify_msg *msg)
struct apl_log_buffer_layout layout;
void __iomem *addr, *buf;
size_t dump_size;
- u16 offset = 0;
+ u32 offset = 0;
u8 *dump, *pos;
dump_size = AVS_FW_REGS_SIZE + msg->ext.coredump.stack_dump_size;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 120/578] perf report: Fix misleading help message about --demangle
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 119/578] ASoC: Intel: avs: Fix theoretical infinite loop Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 121/578] pinctrl: stm32: set default gpio line names using pin names Greg Kroah-Hartman
` (466 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namhyung Kim, Jiachen Zhang,
Adrian Hunter, Alexander Shishkin, Ian Rogers, Ingo Molnar,
Jiri Olsa, Kan Liang, Mark Rutland, Namhyung Kim, Peter Zijlstra,
Arnaldo Carvalho de Melo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiachen Zhang <me@jcix.top>
[ Upstream commit ac0ac75189a4d6a29a2765a7adbb62bc6cc650c7 ]
The wrong help message may mislead users. This commit fixes it.
Fixes: 328ccdace8855289 ("perf report: Add --no-demangle option")
Reviewed-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Jiachen Zhang <me@jcix.top>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung.kim@lge.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20250109152220.1869581-1-me@jcix.top
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-report.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/builtin-report.c b/tools/perf/builtin-report.c
index 155f119b3db5c..64e38a81bc0a0 100644
--- a/tools/perf/builtin-report.c
+++ b/tools/perf/builtin-report.c
@@ -1335,7 +1335,7 @@ int cmd_report(int argc, const char **argv)
OPT_STRING(0, "objdump", &report.annotation_opts.objdump_path, "path",
"objdump binary to use for disassembly and annotations"),
OPT_BOOLEAN(0, "demangle", &symbol_conf.demangle,
- "Disable symbol demangling"),
+ "Symbol demangling. Enabled by default, use --no-demangle to disable."),
OPT_BOOLEAN(0, "demangle-kernel", &symbol_conf.demangle_kernel,
"Enable kernel symbol demangling"),
OPT_BOOLEAN(0, "mem-mode", &report.mem_mode, "mem access profile"),
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 121/578] pinctrl: stm32: set default gpio line names using pin names
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 120/578] perf report: Fix misleading help message about --demangle Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 122/578] pinctrl: stm32: Add check for devm_kcalloc Greg Kroah-Hartman
` (465 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Valentin Caron, Alexandre TORGUE,
Linus Walleij, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Valentin Caron <valentin.caron@foss.st.com>
[ Upstream commit 32c170ff15b044579b1f8b8cdabf543406dde9da ]
Add stm32_pctrl_get_desc_pin_from_gpio function to find a stm32 pin
descriptor which is matching with a gpio.
Most of the time pin number is equal to pin index in array. So the first
part of the function is useful to speed up.
And during gpio bank register, we set default gpio names with pin names.
Signed-off-by: Valentin Caron <valentin.caron@foss.st.com>
Acked-by: Alexandre TORGUE <alexandre.torgue@foss.st.com>
Link: https://lore.kernel.org/r/20230620104349.834687-1-valentin.caron@foss.st.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Stable-dep-of: 451bc9aea9a1 ("pinctrl: stm32: Add check for clk_enable()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/stm32/pinctrl-stm32.c | 35 +++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.c b/drivers/pinctrl/stm32/pinctrl-stm32.c
index e198233c10bad..ae2b146544758 100644
--- a/drivers/pinctrl/stm32/pinctrl-stm32.c
+++ b/drivers/pinctrl/stm32/pinctrl-stm32.c
@@ -1273,6 +1273,28 @@ static const struct pinconf_ops stm32_pconf_ops = {
.pin_config_dbg_show = stm32_pconf_dbg_show,
};
+static struct stm32_desc_pin *stm32_pctrl_get_desc_pin_from_gpio(struct stm32_pinctrl *pctl,
+ struct stm32_gpio_bank *bank,
+ unsigned int offset)
+{
+ unsigned int stm32_pin_nb = bank->bank_nr * STM32_GPIO_PINS_PER_BANK + offset;
+ struct stm32_desc_pin *pin_desc;
+ int i;
+
+ /* With few exceptions (e.g. bank 'Z'), pin number matches with pin index in array */
+ pin_desc = pctl->pins + stm32_pin_nb;
+ if (pin_desc->pin.number == stm32_pin_nb)
+ return pin_desc;
+
+ /* Otherwise, loop all array to find the pin with the right number */
+ for (i = 0; i < pctl->npins; i++) {
+ pin_desc = pctl->pins + i;
+ if (pin_desc->pin.number == stm32_pin_nb)
+ return pin_desc;
+ }
+ return NULL;
+}
+
static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, struct fwnode_handle *fwnode)
{
struct stm32_gpio_bank *bank = &pctl->banks[pctl->nbanks];
@@ -1283,6 +1305,8 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, struct fwnode
struct resource res;
int npins = STM32_GPIO_PINS_PER_BANK;
int bank_nr, err, i = 0;
+ struct stm32_desc_pin *stm32_pin;
+ char **names;
if (!IS_ERR(bank->rstc))
reset_control_deassert(bank->rstc);
@@ -1352,6 +1376,17 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, struct fwnode
}
}
+ names = devm_kcalloc(dev, npins, sizeof(char *), GFP_KERNEL);
+ for (i = 0; i < npins; i++) {
+ stm32_pin = stm32_pctrl_get_desc_pin_from_gpio(pctl, bank, i);
+ if (stm32_pin && stm32_pin->pin.name)
+ names[i] = devm_kasprintf(dev, GFP_KERNEL, "%s", stm32_pin->pin.name);
+ else
+ names[i] = NULL;
+ }
+
+ bank->gpio_chip.names = (const char * const *)names;
+
err = gpiochip_add_data(&bank->gpio_chip, bank);
if (err) {
dev_err(dev, "Failed to add gpiochip(%d)!\n", bank_nr);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 122/578] pinctrl: stm32: Add check for devm_kcalloc
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 121/578] pinctrl: stm32: set default gpio line names using pin names Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 123/578] pinctrl: stm32: check devm_kasprintf() returned value Greg Kroah-Hartman
` (464 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Ni, Valentin Caron,
Linus Walleij, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Ni <nichen@iscas.ac.cn>
[ Upstream commit b0eeba527e704d6023a6cd9103f929226e326b03 ]
Add check for the return value of devm_kcalloc() and return the error
if it fails in order to avoid NULL pointer dereference.
Fixes: 32c170ff15b0 ("pinctrl: stm32: set default gpio line names using pin names")
Signed-off-by: Chen Ni <nichen@iscas.ac.cn>
Acked-by: Valentin Caron <valentin.caron@foss.st.com>
Link: https://lore.kernel.org/r/20231031080807.3600656-1-nichen@iscas.ac.cn
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Stable-dep-of: 451bc9aea9a1 ("pinctrl: stm32: Add check for clk_enable()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/stm32/pinctrl-stm32.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.c b/drivers/pinctrl/stm32/pinctrl-stm32.c
index ae2b146544758..7599c66abdf06 100644
--- a/drivers/pinctrl/stm32/pinctrl-stm32.c
+++ b/drivers/pinctrl/stm32/pinctrl-stm32.c
@@ -1377,6 +1377,11 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, struct fwnode
}
names = devm_kcalloc(dev, npins, sizeof(char *), GFP_KERNEL);
+ if (!names) {
+ err = -ENOMEM;
+ goto err_clk;
+ }
+
for (i = 0; i < npins; i++) {
stm32_pin = stm32_pctrl_get_desc_pin_from_gpio(pctl, bank, i);
if (stm32_pin && stm32_pin->pin.name)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 123/578] pinctrl: stm32: check devm_kasprintf() returned value
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 122/578] pinctrl: stm32: Add check for devm_kcalloc Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 124/578] pinctrl: stm32: Add check for clk_enable() Greg Kroah-Hartman
` (463 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ma Ke, Linus Walleij, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ma Ke <make24@iscas.ac.cn>
[ Upstream commit b0f0e3f0552a566def55c844b0d44250c58e4df6 ]
devm_kasprintf() can return a NULL pointer on failure but this returned
value is not checked. Fix this lack and check the returned value.
Found by code review.
Cc: stable@vger.kernel.org
Fixes: 32c170ff15b0 ("pinctrl: stm32: set default gpio line names using pin names")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
Link: https://lore.kernel.org/20240906100326.624445-1-make24@iscas.ac.cn
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Stable-dep-of: 451bc9aea9a1 ("pinctrl: stm32: Add check for clk_enable()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/stm32/pinctrl-stm32.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.c b/drivers/pinctrl/stm32/pinctrl-stm32.c
index 7599c66abdf06..755dcf1fa767e 100644
--- a/drivers/pinctrl/stm32/pinctrl-stm32.c
+++ b/drivers/pinctrl/stm32/pinctrl-stm32.c
@@ -1384,10 +1384,15 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, struct fwnode
for (i = 0; i < npins; i++) {
stm32_pin = stm32_pctrl_get_desc_pin_from_gpio(pctl, bank, i);
- if (stm32_pin && stm32_pin->pin.name)
+ if (stm32_pin && stm32_pin->pin.name) {
names[i] = devm_kasprintf(dev, GFP_KERNEL, "%s", stm32_pin->pin.name);
- else
+ if (!names[i]) {
+ err = -ENOMEM;
+ goto err_clk;
+ }
+ } else {
names[i] = NULL;
+ }
}
bank->gpio_chip.names = (const char * const *)names;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 124/578] pinctrl: stm32: Add check for clk_enable()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 123/578] pinctrl: stm32: check devm_kasprintf() returned value Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 125/578] bpf: Send signals asynchronously if !preemptible Greg Kroah-Hartman
` (462 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mingwei Zheng, Jiasheng Jiang,
Antonio Borneo, Linus Walleij, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mingwei Zheng <zmw12306@gmail.com>
[ Upstream commit 451bc9aea9a1a6fe53969e81a5cb1bd785c0d989 ]
Convert the driver to clk_bulk*() API.
Add check for the return value of clk_bulk_enable() to catch
the potential error.
Fixes: 05d8af449d93 ("pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested")
Signed-off-by: Mingwei Zheng <zmw12306@gmail.com>
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Reviewed-by: Antonio Borneo <antonio.borneo@foss.st.com>
Link: https://lore.kernel.org/20250106220659.2640365-1-zmw12306@gmail.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/stm32/pinctrl-stm32.c | 76 +++++++++++++--------------
1 file changed, 38 insertions(+), 38 deletions(-)
diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.c b/drivers/pinctrl/stm32/pinctrl-stm32.c
index 755dcf1fa767e..a4f628675dbb7 100644
--- a/drivers/pinctrl/stm32/pinctrl-stm32.c
+++ b/drivers/pinctrl/stm32/pinctrl-stm32.c
@@ -85,7 +85,6 @@ struct stm32_pinctrl_group {
struct stm32_gpio_bank {
void __iomem *base;
- struct clk *clk;
struct reset_control *rstc;
spinlock_t lock;
struct gpio_chip gpio_chip;
@@ -107,6 +106,7 @@ struct stm32_pinctrl {
unsigned ngroups;
const char **grp_names;
struct stm32_gpio_bank *banks;
+ struct clk_bulk_data *clks;
unsigned nbanks;
const struct stm32_pinctrl_match_data *match_data;
struct irq_domain *domain;
@@ -1318,12 +1318,6 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, struct fwnode
if (IS_ERR(bank->base))
return PTR_ERR(bank->base);
- err = clk_prepare_enable(bank->clk);
- if (err) {
- dev_err(dev, "failed to prepare_enable clk (%d)\n", err);
- return err;
- }
-
bank->gpio_chip = stm32_gpio_template;
fwnode_property_read_string(fwnode, "st,bank-name", &bank->gpio_chip.label);
@@ -1370,26 +1364,20 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, struct fwnode
bank->fwnode, &stm32_gpio_domain_ops,
bank);
- if (!bank->domain) {
- err = -ENODEV;
- goto err_clk;
- }
+ if (!bank->domain)
+ return -ENODEV;
}
names = devm_kcalloc(dev, npins, sizeof(char *), GFP_KERNEL);
- if (!names) {
- err = -ENOMEM;
- goto err_clk;
- }
+ if (!names)
+ return -ENOMEM;
for (i = 0; i < npins; i++) {
stm32_pin = stm32_pctrl_get_desc_pin_from_gpio(pctl, bank, i);
if (stm32_pin && stm32_pin->pin.name) {
names[i] = devm_kasprintf(dev, GFP_KERNEL, "%s", stm32_pin->pin.name);
- if (!names[i]) {
- err = -ENOMEM;
- goto err_clk;
- }
+ if (!names[i])
+ return -ENOMEM;
} else {
names[i] = NULL;
}
@@ -1400,15 +1388,11 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, struct fwnode
err = gpiochip_add_data(&bank->gpio_chip, bank);
if (err) {
dev_err(dev, "Failed to add gpiochip(%d)!\n", bank_nr);
- goto err_clk;
+ return err;
}
dev_info(dev, "%s bank added\n", bank->gpio_chip.label);
return 0;
-
-err_clk:
- clk_disable_unprepare(bank->clk);
- return err;
}
static struct irq_domain *stm32_pctrl_get_irq_domain(struct platform_device *pdev)
@@ -1636,6 +1620,11 @@ int stm32_pctl_probe(struct platform_device *pdev)
if (!pctl->banks)
return -ENOMEM;
+ pctl->clks = devm_kcalloc(dev, banks, sizeof(*pctl->clks),
+ GFP_KERNEL);
+ if (!pctl->clks)
+ return -ENOMEM;
+
i = 0;
for_each_gpiochip_node(dev, child) {
struct stm32_gpio_bank *bank = &pctl->banks[i];
@@ -1647,24 +1636,27 @@ int stm32_pctl_probe(struct platform_device *pdev)
return -EPROBE_DEFER;
}
- bank->clk = of_clk_get_by_name(np, NULL);
- if (IS_ERR(bank->clk)) {
+ pctl->clks[i].clk = of_clk_get_by_name(np, NULL);
+ if (IS_ERR(pctl->clks[i].clk)) {
fwnode_handle_put(child);
- return dev_err_probe(dev, PTR_ERR(bank->clk),
+ return dev_err_probe(dev, PTR_ERR(pctl->clks[i].clk),
"failed to get clk\n");
}
+ pctl->clks[i].id = "pctl";
i++;
}
+ ret = clk_bulk_prepare_enable(banks, pctl->clks);
+ if (ret) {
+ dev_err(dev, "failed to prepare_enable clk (%d)\n", ret);
+ return ret;
+ }
+
for_each_gpiochip_node(dev, child) {
ret = stm32_gpiolib_register_bank(pctl, child);
if (ret) {
fwnode_handle_put(child);
-
- for (i = 0; i < pctl->nbanks; i++)
- clk_disable_unprepare(pctl->banks[i].clk);
-
- return ret;
+ goto err_register;
}
pctl->nbanks++;
@@ -1673,6 +1665,15 @@ int stm32_pctl_probe(struct platform_device *pdev)
dev_info(dev, "Pinctrl STM32 initialized\n");
return 0;
+err_register:
+ for (i = 0; i < pctl->nbanks; i++) {
+ struct stm32_gpio_bank *bank = &pctl->banks[i];
+
+ gpiochip_remove(&bank->gpio_chip);
+ }
+
+ clk_bulk_disable_unprepare(banks, pctl->clks);
+ return ret;
}
static int __maybe_unused stm32_pinctrl_restore_gpio_regs(
@@ -1741,10 +1742,8 @@ static int __maybe_unused stm32_pinctrl_restore_gpio_regs(
int __maybe_unused stm32_pinctrl_suspend(struct device *dev)
{
struct stm32_pinctrl *pctl = dev_get_drvdata(dev);
- int i;
- for (i = 0; i < pctl->nbanks; i++)
- clk_disable(pctl->banks[i].clk);
+ clk_bulk_disable(pctl->nbanks, pctl->clks);
return 0;
}
@@ -1753,10 +1752,11 @@ int __maybe_unused stm32_pinctrl_resume(struct device *dev)
{
struct stm32_pinctrl *pctl = dev_get_drvdata(dev);
struct stm32_pinctrl_group *g = pctl->groups;
- int i;
+ int i, ret;
- for (i = 0; i < pctl->nbanks; i++)
- clk_enable(pctl->banks[i].clk);
+ ret = clk_bulk_enable(pctl->nbanks, pctl->clks);
+ if (ret)
+ return ret;
for (i = 0; i < pctl->ngroups; i++, g++)
stm32_pinctrl_restore_gpio_regs(pctl, g->pin);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 125/578] bpf: Send signals asynchronously if !preemptible
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 124/578] pinctrl: stm32: Add check for clk_enable() Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 126/578] bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Greg Kroah-Hartman
` (461 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+97da3d7e0112d59971de,
Puranjay Mohan, Yonghong Song, Alexei Starovoitov, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Puranjay Mohan <puranjay@kernel.org>
[ Upstream commit 87c544108b612512b254c8f79aa5c0a8546e2cc4 ]
BPF programs can execute in all kinds of contexts and when a program
running in a non-preemptible context uses the bpf_send_signal() kfunc,
it will cause issues because this kfunc can sleep.
Change `irqs_disabled()` to `!preemptible()`.
Reported-by: syzbot+97da3d7e0112d59971de@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/67486b09.050a0220.253251.0084.GAE@google.com/
Fixes: 1bc7896e9ef4 ("bpf: Fix deadlock with rq_lock in bpf_send_signal()")
Signed-off-by: Puranjay Mohan <puranjay@kernel.org>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20250115103647.38487-1-puranjay@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/bpf_trace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index f46903c1142b5..af48f66466e81 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -857,7 +857,7 @@ static int bpf_send_signal_common(u32 sig, enum pid_type type)
if (unlikely(is_global_init(current)))
return -EPERM;
- if (irqs_disabled()) {
+ if (!preemptible()) {
/* Do an early check on signal validity. Otherwise,
* the error is lost in deferred irq_work.
*/
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 126/578] bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 125/578] bpf: Send signals asynchronously if !preemptible Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 127/578] ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Greg Kroah-Hartman
` (460 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin KaFai Lau, Daniel Xu,
Alexei Starovoitov, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Xu <dxu@dxuuu.xyz>
[ Upstream commit 8ac412a3361173e3000b16167af3d1f6f90af613 ]
MEM_WRITE attribute is defined as: "Non-presence of MEM_WRITE means that
MEM is only being read". bpf_load_hdr_opt() both reads and writes from
its arg2 - void *search_res.
This matters a lot for the next commit where we more precisely track
stack accesses. Without this annotation, the verifier will make false
assumptions about the contents of memory written to by helpers and
possibly prune valid branches.
Fixes: 6fad274f06f0 ("bpf: Add MEM_WRITE attribute")
Acked-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Link: https://lore.kernel.org/r/730e45f8c39be2a5f3d8c4406cceca9d574cbf14.1736886479.git.dxu@dxuuu.xyz
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/filter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index b35615c469e27..370f61f9bf4ba 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -7529,7 +7529,7 @@ static const struct bpf_func_proto bpf_sock_ops_load_hdr_opt_proto = {
.gpl_only = false,
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_PTR_TO_MEM | MEM_WRITE,
.arg3_type = ARG_CONST_SIZE,
.arg4_type = ARG_ANYTHING,
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 127/578] ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 126/578] bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 128/578] padata: fix UAF in padata_reorder Greg Kroah-Hartman
` (459 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kailang Yang, Takashi Iwai,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kailang Yang <kailang@realtek.com>
[ Upstream commit 5cb4e5b056772e341b590755a976081776422053 ]
Sound played through headphones is distorted.
Fixes: 34ab5bbc6e82 ("ALSA: hda/realtek - Add Headset Mic supported Acer NB platform")
Closes: https://lore.kernel.org/linux-sound/e142749b-7714-4733-9452-918fbe328c8f@gmail.com/
Signed-off-by: Kailang Yang <kailang@realtek.com>
Link: https://lore.kernel.org/0a89b6c18ed94378a105fa61e9f290e4@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index eec488aa7890d..8da964c3856fe 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9583,6 +9583,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x1025, 0x1308, "Acer Aspire Z24-890", ALC286_FIXUP_ACER_AIO_HEADSET_MIC),
SND_PCI_QUIRK(0x1025, 0x132a, "Acer TravelMate B114-21", ALC233_FIXUP_ACER_HEADSET_MIC),
SND_PCI_QUIRK(0x1025, 0x1330, "Acer TravelMate X514-51T", ALC255_FIXUP_ACER_HEADSET_MIC),
+ SND_PCI_QUIRK(0x1025, 0x1360, "Acer Aspire A115", ALC255_FIXUP_ACER_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1025, 0x141f, "Acer Spin SP513-54N", ALC255_FIXUP_ACER_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1025, 0x142b, "Acer Swift SF314-42", ALC255_FIXUP_ACER_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1025, 0x1430, "Acer TravelMate B311R-31", ALC256_FIXUP_ACER_MIC_NO_PRESENCE),
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 128/578] padata: fix UAF in padata_reorder
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 127/578] ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 129/578] padata: add pd get/put refcnt helper Greg Kroah-Hartman
` (458 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Ridong, Qu Zicheng,
Daniel Jordan, Herbert Xu, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Ridong <chenridong@huawei.com>
[ Upstream commit e01780ea4661172734118d2a5f41bc9720765668 ]
A bug was found when run ltp test:
BUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0
Read of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206
CPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+
Workqueue: pdecrypt_parallel padata_parallel_worker
Call Trace:
<TASK>
dump_stack_lvl+0x32/0x50
print_address_description.constprop.0+0x6b/0x3d0
print_report+0xdd/0x2c0
kasan_report+0xa5/0xd0
padata_find_next+0x29/0x1a0
padata_reorder+0x131/0x220
padata_parallel_worker+0x3d/0xc0
process_one_work+0x2ec/0x5a0
If 'mdelay(10)' is added before calling 'padata_find_next' in the
'padata_reorder' function, this issue could be reproduced easily with
ltp test (pcrypt_aead01).
This can be explained as bellow:
pcrypt_aead_encrypt
...
padata_do_parallel
refcount_inc(&pd->refcnt); // add refcnt
...
padata_do_serial
padata_reorder // pd
while (1) {
padata_find_next(pd, true); // using pd
queue_work_on
...
padata_serial_worker crypto_del_alg
padata_put_pd_cnt // sub refcnt
padata_free_shell
padata_put_pd(ps->pd);
// pd is freed
// loop again, but pd is freed
// call padata_find_next, UAF
}
In the padata_reorder function, when it loops in 'while', if the alg is
deleted, the refcnt may be decreased to 0 before entering
'padata_find_next', which leads to UAF.
As mentioned in [1], do_serial is supposed to be called with BHs disabled
and always happen under RCU protection, to address this issue, add
synchronize_rcu() in 'padata_free_shell' wait for all _do_serial calls
to finish.
[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/
[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/
Fixes: b128a3040935 ("padata: allocate workqueue internally")
Signed-off-by: Chen Ridong <chenridong@huawei.com>
Signed-off-by: Qu Zicheng <quzicheng@huawei.com>
Acked-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/padata.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/kernel/padata.c b/kernel/padata.c
index 46b75d6b3618c..5f3069907d497 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -1110,6 +1110,12 @@ void padata_free_shell(struct padata_shell *ps)
if (!ps)
return;
+ /*
+ * Wait for all _do_serial calls to finish to avoid touching
+ * freed pd's and ps's.
+ */
+ synchronize_rcu();
+
mutex_lock(&ps->pinst->lock);
list_del(&ps->list);
pd = rcu_dereference_protected(ps->pd, 1);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 129/578] padata: add pd get/put refcnt helper
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 128/578] padata: fix UAF in padata_reorder Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 130/578] padata: avoid UAF for reorder_work Greg Kroah-Hartman
` (457 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Ridong, Daniel Jordan,
Herbert Xu, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Ridong <chenridong@huawei.com>
[ Upstream commit ae154202cc6a189b035359f3c4e143d5c24d5352 ]
Add helpers for pd to get/put refcnt to make code consice.
Signed-off-by: Chen Ridong <chenridong@huawei.com>
Acked-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: dd7d37ccf6b1 ("padata: avoid UAF for reorder_work")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/padata.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/kernel/padata.c b/kernel/padata.c
index 5f3069907d497..b3f9ecb3b6711 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -47,6 +47,22 @@ struct padata_mt_job_state {
static void padata_free_pd(struct parallel_data *pd);
static void __init padata_mt_helper(struct work_struct *work);
+static inline void padata_get_pd(struct parallel_data *pd)
+{
+ refcount_inc(&pd->refcnt);
+}
+
+static inline void padata_put_pd_cnt(struct parallel_data *pd, int cnt)
+{
+ if (refcount_sub_and_test(cnt, &pd->refcnt))
+ padata_free_pd(pd);
+}
+
+static inline void padata_put_pd(struct parallel_data *pd)
+{
+ padata_put_pd_cnt(pd, 1);
+}
+
static int padata_index_to_cpu(struct parallel_data *pd, int cpu_index)
{
int cpu, target_cpu;
@@ -198,7 +214,7 @@ int padata_do_parallel(struct padata_shell *ps,
if ((pinst->flags & PADATA_RESET))
goto out;
- refcount_inc(&pd->refcnt);
+ padata_get_pd(pd);
padata->pd = pd;
padata->cb_cpu = *cb_cpu;
@@ -372,8 +388,7 @@ static void padata_serial_worker(struct work_struct *serial_work)
}
local_bh_enable();
- if (refcount_sub_and_test(cnt, &pd->refcnt))
- padata_free_pd(pd);
+ padata_put_pd_cnt(pd, cnt);
}
/**
@@ -670,8 +685,7 @@ static int padata_replace(struct padata_instance *pinst)
synchronize_rcu();
list_for_each_entry_continue_reverse(ps, &pinst->pslist, list)
- if (refcount_dec_and_test(&ps->opd->refcnt))
- padata_free_pd(ps->opd);
+ padata_put_pd(ps->opd);
pinst->flags &= ~PADATA_RESET;
@@ -1119,8 +1133,7 @@ void padata_free_shell(struct padata_shell *ps)
mutex_lock(&ps->pinst->lock);
list_del(&ps->list);
pd = rcu_dereference_protected(ps->pd, 1);
- if (refcount_dec_and_test(&pd->refcnt))
- padata_free_pd(pd);
+ padata_put_pd(pd);
mutex_unlock(&ps->pinst->lock);
kfree(ps);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 130/578] padata: avoid UAF for reorder_work
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 129/578] padata: add pd get/put refcnt helper Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 131/578] smb: client: fix oops due to unset link speed Greg Kroah-Hartman
` (456 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Ridong, Daniel Jordan,
Herbert Xu, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Ridong <chenridong@huawei.com>
[ Upstream commit dd7d37ccf6b11f3d95e797ebe4e9e886d0332600 ]
Although the previous patch can avoid ps and ps UAF for _do_serial, it
can not avoid potential UAF issue for reorder_work. This issue can
happen just as below:
crypto_request crypto_request crypto_del_alg
padata_do_serial
...
padata_reorder
// processes all remaining
// requests then breaks
while (1) {
if (!padata)
break;
...
}
padata_do_serial
// new request added
list_add
// sees the new request
queue_work(reorder_work)
padata_reorder
queue_work_on(squeue->work)
...
<kworker context>
padata_serial_worker
// completes new request,
// no more outstanding
// requests
crypto_del_alg
// free pd
<kworker context>
invoke_padata_reorder
// UAF of pd
To avoid UAF for 'reorder_work', get 'pd' ref before put 'reorder_work'
into the 'serial_wq' and put 'pd' ref until the 'serial_wq' finish.
Fixes: bbefa1dd6a6d ("crypto: pcrypt - Avoid deadlock by using per-instance padata queues")
Signed-off-by: Chen Ridong <chenridong@huawei.com>
Acked-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/padata.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/kernel/padata.c b/kernel/padata.c
index b3f9ecb3b6711..e2bef90e6fd0c 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -344,8 +344,14 @@ static void padata_reorder(struct parallel_data *pd)
smp_mb();
reorder = per_cpu_ptr(pd->reorder_list, pd->cpu);
- if (!list_empty(&reorder->list) && padata_find_next(pd, false))
+ if (!list_empty(&reorder->list) && padata_find_next(pd, false)) {
+ /*
+ * Other context(eg. the padata_serial_worker) can finish the request.
+ * To avoid UAF issue, add pd ref here, and put pd ref after reorder_work finish.
+ */
+ padata_get_pd(pd);
queue_work(pinst->serial_wq, &pd->reorder_work);
+ }
}
static void invoke_padata_reorder(struct work_struct *work)
@@ -356,6 +362,8 @@ static void invoke_padata_reorder(struct work_struct *work)
pd = container_of(work, struct parallel_data, reorder_work);
padata_reorder(pd);
local_bh_enable();
+ /* Pairs with putting the reorder_work in the serial_wq */
+ padata_put_pd(pd);
}
static void padata_serial_worker(struct work_struct *serial_work)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 131/578] smb: client: fix oops due to unset link speed
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 130/578] padata: avoid UAF for reorder_work Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 132/578] soc: atmel: fix device_node release in atmel_soc_device_init() Greg Kroah-Hartman
` (455 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shyam Prasad N, Tom Talpey,
Frank Sorenson, Jay Shin, Paulo Alcantara (Red Hat), Steve French,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paulo Alcantara <pc@manguebit.com>
[ Upstream commit be7a6a77669588bfa5022a470989702bbbb11e7f ]
It isn't guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always
be set by the server, so the client must handle any values and then
prevent oopses like below from happening:
Oops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41
04/01/2014
RIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48
89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8
e7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 <48> f7 74 24 18 48 89
c3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24
RSP: 0018:ffffc90001817be0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99
RDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228
RBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac
R10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200
R13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58
FS: 00007fe27119e740(0000) GS:ffff888148600000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? __die_body.cold+0x19/0x27
? die+0x2e/0x50
? do_trap+0x159/0x1b0
? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]
? do_error_trap+0x90/0x130
? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]
? exc_divide_error+0x39/0x50
? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]
? asm_exc_divide_error+0x1a/0x20
? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]
? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]
? seq_read_iter+0x42e/0x790
seq_read_iter+0x19a/0x790
proc_reg_read_iter+0xbe/0x110
? __pfx_proc_reg_read_iter+0x10/0x10
vfs_read+0x469/0x570
? do_user_addr_fault+0x398/0x760
? __pfx_vfs_read+0x10/0x10
? find_held_lock+0x8a/0xa0
? __pfx_lock_release+0x10/0x10
ksys_read+0xd3/0x170
? __pfx_ksys_read+0x10/0x10
? __rcu_read_unlock+0x50/0x270
? mark_held_locks+0x1a/0x90
do_syscall_64+0xbb/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe271288911
Code: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8
20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 <48> 3d
00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec
RSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911
RDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003
RBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380
R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000
R13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000
</TASK>
Fix this by setting cifs_server_iface::speed to a sane value (1Gbps)
by default when link speed is unset.
Cc: Shyam Prasad N <nspmangalore@gmail.com>
Cc: Tom Talpey <tom@talpey.com>
Fixes: a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed")
Reported-by: Frank Sorenson <sorenson@redhat.com>
Reported-by: Jay Shin <jaeshin@redhat.com>
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/smb2ops.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index 4b9cd9893ac61..e368b10a9034d 100644
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -615,7 +615,8 @@ parse_server_interfaces(struct network_interface_info_ioctl_rsp *buf,
while (bytes_left >= (ssize_t)sizeof(*p)) {
memset(&tmp_iface, 0, sizeof(tmp_iface));
- tmp_iface.speed = le64_to_cpu(p->LinkSpeed);
+ /* default to 1Gbps when link speed is unset */
+ tmp_iface.speed = le64_to_cpu(p->LinkSpeed) ?: 1000000000;
tmp_iface.rdma_capable = le32_to_cpu(p->Capability & RDMA_CAPABLE) ? 1 : 0;
tmp_iface.rss_capable = le32_to_cpu(p->Capability & RSS_CAPABLE) ? 1 : 0;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 132/578] soc: atmel: fix device_node release in atmel_soc_device_init()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 131/578] smb: client: fix oops due to unset link speed Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 133/578] ARM: at91: pm: change BU Power Switch to automatic mode Greg Kroah-Hartman
` (454 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Javier Carrasco, Claudiu Beznea,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
[ Upstream commit d3455ab798100f40af77123e7c2443ec979c546b ]
A device_node acquired via of_find_node_by_path() requires explicit
calls to of_node_put() when it is no longer needed to avoid leaking the
resource.
Instead of adding the missing calls to of_node_put() in all execution
paths, use the cleanup attribute for 'np' by means of the __free()
macro, which automatically calls of_node_put() when the variable goes
out of scope.
Fixes: 960ddf70cc11 ("drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Link: https://lore.kernel.org/r/20241031-soc-atmel-soc-cleanup-v2-1-73f2d235fd98@gmail.com
Signed-off-by: Claudiu Beznea <claudiu.beznea@tuxon.dev>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/atmel/soc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/soc/atmel/soc.c b/drivers/soc/atmel/soc.c
index dae8a2e0f7455..78cb2c4bd3929 100644
--- a/drivers/soc/atmel/soc.c
+++ b/drivers/soc/atmel/soc.c
@@ -367,7 +367,7 @@ static const struct of_device_id at91_soc_allowed_list[] __initconst = {
static int __init atmel_soc_device_init(void)
{
- struct device_node *np = of_find_node_by_path("/");
+ struct device_node *np __free(device_node) = of_find_node_by_path("/");
if (!of_match_node(at91_soc_allowed_list, np))
return 0;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 133/578] ARM: at91: pm: change BU Power Switch to automatic mode
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 132/578] soc: atmel: fix device_node release in atmel_soc_device_init() Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 134/578] arm64: dts: mt8183: set DMIC one-wire mode on Damu Greg Kroah-Hartman
` (453 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nicolas Ferre, Claudiu Beznea,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolas Ferre <nicolas.ferre@microchip.com>
[ Upstream commit 6fc5bdfa872b7da51b5507a1327a17c3db2fcf95 ]
Change how the Backup Unit Power is configured and force the
automatic/hardware mode.
This change eliminates the need for software management of the power
switch, ensuring it transitions to the backup power source before
entering low power modes.
This is done in the only location where this switch was configured. It's
usually done in the bootloader.
Previously, the loss of the VDDANA (or VDDIN33) power source was not
automatically compensated by an alternative power source. This resulted
in the loss of Backup Unit content, including Backup Self-refresh low
power mode information, OTP emulation configuration, and boot
configuration, for instance.
Fixes: ac809e7879b1 ("ARM: at91: pm: switch backup area to vbat in backup mode")
Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Link: https://lore.kernel.org/r/20241125165648.509162-1-nicolas.ferre@microchip.com
Signed-off-by: Claudiu Beznea <claudiu.beznea@tuxon.dev>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-at91/pm.c | 31 ++++++++++++++++++++-----------
1 file changed, 20 insertions(+), 11 deletions(-)
diff --git a/arch/arm/mach-at91/pm.c b/arch/arm/mach-at91/pm.c
index 437dd0352fd44..4d0d0d49a7442 100644
--- a/arch/arm/mach-at91/pm.c
+++ b/arch/arm/mach-at91/pm.c
@@ -590,7 +590,21 @@ static int at91_suspend_finish(unsigned long val)
return 0;
}
-static void at91_pm_switch_ba_to_vbat(void)
+/**
+ * at91_pm_switch_ba_to_auto() - Configure Backup Unit Power Switch
+ * to automatic/hardware mode.
+ *
+ * The Backup Unit Power Switch can be managed either by software or hardware.
+ * Enabling hardware mode allows the automatic transition of power between
+ * VDDANA (or VDDIN33) and VDDBU (or VBAT, respectively), based on the
+ * availability of these power sources.
+ *
+ * If the Backup Unit Power Switch is already in automatic mode, no action is
+ * required. If it is in software-controlled mode, it is switched to automatic
+ * mode to enhance safety and eliminate the need for toggling between power
+ * sources.
+ */
+static void at91_pm_switch_ba_to_auto(void)
{
unsigned int offset = offsetof(struct at91_pm_sfrbu_regs, pswbu);
unsigned int val;
@@ -601,24 +615,19 @@ static void at91_pm_switch_ba_to_vbat(void)
val = readl(soc_pm.data.sfrbu + offset);
- /* Already on VBAT. */
- if (!(val & soc_pm.sfrbu_regs.pswbu.state))
+ /* Already on auto/hardware. */
+ if (!(val & soc_pm.sfrbu_regs.pswbu.ctrl))
return;
- val &= ~soc_pm.sfrbu_regs.pswbu.softsw;
- val |= soc_pm.sfrbu_regs.pswbu.key | soc_pm.sfrbu_regs.pswbu.ctrl;
+ val &= ~soc_pm.sfrbu_regs.pswbu.ctrl;
+ val |= soc_pm.sfrbu_regs.pswbu.key;
writel(val, soc_pm.data.sfrbu + offset);
-
- /* Wait for update. */
- val = readl(soc_pm.data.sfrbu + offset);
- while (val & soc_pm.sfrbu_regs.pswbu.state)
- val = readl(soc_pm.data.sfrbu + offset);
}
static void at91_pm_suspend(suspend_state_t state)
{
if (soc_pm.data.mode == AT91_PM_BACKUP) {
- at91_pm_switch_ba_to_vbat();
+ at91_pm_switch_ba_to_auto();
cpu_suspend(0, at91_suspend_finish);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 134/578] arm64: dts: mt8183: set DMIC one-wire mode on Damu
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 133/578] ARM: at91: pm: change BU Power Switch to automatic mode Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 135/578] arm64: dts: mediatek: mt8516: fix GICv2 range Greg Kroah-Hartman
` (452 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hsin-Yi Wang,
AngeloGioacchino Del Regno, Hsin-Te Yuan, Matthias Brugger,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hsin-Yi Wang <hsinyi@chromium.org>
[ Upstream commit 6c379e8b984815fc8f876e4bc78c4d563f13ddae ]
Sets DMIC one-wire mode on Damu.
Fixes: cabc71b08eb5 ("arm64: dts: mt8183: Add kukui-jacuzzi-damu board")
Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Hsin-Te Yuan <yuanhsinte@chromium.org>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Link: https://lore.kernel.org/r/20241113-damu-v4-1-6911b69610dd@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts
index 5cbb5a1ae3f2f..ca4196870f9db 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts
@@ -26,6 +26,10 @@
hid-descr-addr = <0x0001>;
};
+&mt6358codec {
+ mediatek,dmic-mode = <1>; /* one-wire */
+};
+
&qca_wifi {
qcom,ath10k-calibration-variant = "GO_DAMU";
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 135/578] arm64: dts: mediatek: mt8516: fix GICv2 range
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 134/578] arm64: dts: mt8183: set DMIC one-wire mode on Damu Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 136/578] arm64: dts: mediatek: mt8516: fix wdt irq type Greg Kroah-Hartman
` (451 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Val Packett,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Val Packett <val@packett.cool>
[ Upstream commit e3ee31e4409f051c021a30122f3c470f093a7386 ]
On the MT8167 which is based on the MT8516 DTS, the following error
was appearing on boot, breaking interrupt operation:
GICv2 detected, but range too small and irqchip.gicv2_force_probe not set
Similar to what's been proposed for MT7622 which has the same issue,
fix by using the range reported by force_probe.
Link: https://lore.kernel.org/all/YmhNSLgp%2Fyg8Vr1F@makrotopia.org/
Fixes: 5236347bde42 ("arm64: dts: mediatek: add dtsi for MT8516")
Signed-off-by: Val Packett <val@packett.cool>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241204190524.21862-2-val@packett.cool
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8516.dtsi b/arch/arm64/boot/dts/mediatek/mt8516.dtsi
index d1b67c82d7617..81ac7f2f710b4 100644
--- a/arch/arm64/boot/dts/mediatek/mt8516.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8516.dtsi
@@ -269,7 +269,7 @@
interrupt-parent = <&gic>;
interrupt-controller;
reg = <0 0x10310000 0 0x1000>,
- <0 0x10320000 0 0x1000>,
+ <0 0x1032f000 0 0x2000>,
<0 0x10340000 0 0x2000>,
<0 0x10360000 0 0x2000>;
interrupts = <GIC_PPI 9
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 136/578] arm64: dts: mediatek: mt8516: fix wdt irq type
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 135/578] arm64: dts: mediatek: mt8516: fix GICv2 range Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 137/578] arm64: dts: mediatek: mt8516: add i2c clock-div property Greg Kroah-Hartman
` (450 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Val Packett,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Val Packett <val@packett.cool>
[ Upstream commit 03a80442030e7147391738fb6cbe5fa0b3b91bb1 ]
The GICv2 does not support EDGE_FALLING interrupts, so the watchdog
would refuse to attach due to a failing check coming from the GIC driver.
Fixes: 5236347bde42 ("arm64: dts: mediatek: add dtsi for MT8516")
Signed-off-by: Val Packett <val@packett.cool>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241204190524.21862-3-val@packett.cool
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8516.dtsi b/arch/arm64/boot/dts/mediatek/mt8516.dtsi
index 81ac7f2f710b4..558f7e744113d 100644
--- a/arch/arm64/boot/dts/mediatek/mt8516.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8516.dtsi
@@ -206,7 +206,7 @@
compatible = "mediatek,mt8516-wdt",
"mediatek,mt6589-wdt";
reg = <0 0x10007000 0 0x1000>;
- interrupts = <GIC_SPI 198 IRQ_TYPE_EDGE_FALLING>;
+ interrupts = <GIC_SPI 198 IRQ_TYPE_LEVEL_LOW>;
#reset-cells = <1>;
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 137/578] arm64: dts: mediatek: mt8516: add i2c clock-div property
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 136/578] arm64: dts: mediatek: mt8516: fix wdt irq type Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 138/578] arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Greg Kroah-Hartman
` (449 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Val Packett,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Val Packett <val@packett.cool>
[ Upstream commit eb72341fd92b7af510d236e5a8554d855ed38d3c ]
Move the clock-div property from the pumpkin board dtsi to the SoC's
since it belongs to the SoC itself and is required on other devices.
Fixes: 5236347bde42 ("arm64: dts: mediatek: add dtsi for MT8516")
Signed-off-by: Val Packett <val@packett.cool>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241204190524.21862-4-val@packett.cool
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 3 +++
arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 --
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8516.dtsi b/arch/arm64/boot/dts/mediatek/mt8516.dtsi
index 558f7e744113d..0b86863381cf3 100644
--- a/arch/arm64/boot/dts/mediatek/mt8516.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8516.dtsi
@@ -345,6 +345,7 @@
reg = <0 0x11009000 0 0x90>,
<0 0x11000180 0 0x80>;
interrupts = <GIC_SPI 80 IRQ_TYPE_LEVEL_LOW>;
+ clock-div = <2>;
clocks = <&topckgen CLK_TOP_I2C0>,
<&topckgen CLK_TOP_APDMA>;
clock-names = "main", "dma";
@@ -359,6 +360,7 @@
reg = <0 0x1100a000 0 0x90>,
<0 0x11000200 0 0x80>;
interrupts = <GIC_SPI 81 IRQ_TYPE_LEVEL_LOW>;
+ clock-div = <2>;
clocks = <&topckgen CLK_TOP_I2C1>,
<&topckgen CLK_TOP_APDMA>;
clock-names = "main", "dma";
@@ -373,6 +375,7 @@
reg = <0 0x1100b000 0 0x90>,
<0 0x11000280 0 0x80>;
interrupts = <GIC_SPI 82 IRQ_TYPE_LEVEL_LOW>;
+ clock-div = <2>;
clocks = <&topckgen CLK_TOP_I2C2>,
<&topckgen CLK_TOP_APDMA>;
clock-names = "main", "dma";
diff --git a/arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi b/arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi
index ec8dfb3d1c6d6..a356db5fcc5f3 100644
--- a/arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi
+++ b/arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi
@@ -47,7 +47,6 @@
};
&i2c0 {
- clock-div = <2>;
pinctrl-names = "default";
pinctrl-0 = <&i2c0_pins_a>;
status = "okay";
@@ -156,7 +155,6 @@
};
&i2c2 {
- clock-div = <2>;
pinctrl-names = "default";
pinctrl-0 = <&i2c2_pins_a>;
status = "okay";
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 138/578] arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 137/578] arm64: dts: mediatek: mt8516: add i2c clock-div property Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 139/578] RDMA/mlx4: Avoid false error about access to uninitialized gids array Greg Kroah-Hartman
` (448 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Val Packett,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Val Packett <val@packett.cool>
[ Upstream commit 2561c7d5d497b988deccc36fe5eac7fd50b937f8 ]
The Android DTB for the related MT8167 reserves 0x30000. This is likely
correct for MT8516 Android devices as well, and there's never any harm
in reserving 64KiB more.
Fixes: 5236347bde42 ("arm64: dts: mediatek: add dtsi for MT8516")
Signed-off-by: Val Packett <val@packett.cool>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241204190524.21862-5-val@packett.cool
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8516.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8516.dtsi b/arch/arm64/boot/dts/mediatek/mt8516.dtsi
index 0b86863381cf3..5655f12723f14 100644
--- a/arch/arm64/boot/dts/mediatek/mt8516.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8516.dtsi
@@ -144,10 +144,10 @@
#size-cells = <2>;
ranges;
- /* 128 KiB reserved for ARM Trusted Firmware (BL31) */
+ /* 192 KiB reserved for ARM Trusted Firmware (BL31) */
bl31_secmon_reserved: secmon@43000000 {
no-map;
- reg = <0 0x43000000 0 0x20000>;
+ reg = <0 0x43000000 0 0x30000>;
};
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 139/578] RDMA/mlx4: Avoid false error about access to uninitialized gids array
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 138/578] arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 140/578] rdma/cxgb4: Prevent potential integer overflow on 32bit Greg Kroah-Hartman
` (447 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Leon Romanovsky, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Leon Romanovsky <leonro@nvidia.com>
[ Upstream commit 1f53d88cbb0dcc7df235bf6611ae632b254fccd8 ]
Smatch generates the following false error report:
drivers/infiniband/hw/mlx4/main.c:393 mlx4_ib_del_gid() error: uninitialized symbol 'gids'.
Traditionally, we are not changing kernel code and asking people to fix
the tools. However in this case, the fix can be done by simply rearranging
the code to be more clear.
Fixes: e26be1bfef81 ("IB/mlx4: Implement ib_device callbacks")
Link: https://patch.msgid.link/6a3a1577463da16962463fcf62883a87506e9b62.1733233426.git.leonro@nvidia.com
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx4/main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/hw/mlx4/main.c b/drivers/infiniband/hw/mlx4/main.c
index ba47874f90d38..7c3dc86ab7f04 100644
--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -384,10 +384,10 @@ static int mlx4_ib_del_gid(const struct ib_gid_attr *attr, void **context)
}
spin_unlock_bh(&iboe->lock);
- if (!ret && hw_update) {
+ if (gids)
ret = mlx4_ib_update_gids(gids, ibdev, attr->port_num);
- kfree(gids);
- }
+
+ kfree(gids);
return ret;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 140/578] rdma/cxgb4: Prevent potential integer overflow on 32bit
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 139/578] RDMA/mlx4: Avoid false error about access to uninitialized gids array Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 141/578] arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Greg Kroah-Hartman
` (446 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Jason Gunthorpe,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit bd96a3935e89486304461a21752f824fc25e0f0b ]
The "gl->tot_len" variable is controlled by the user. It comes from
process_responses(). On 32bit systems, the "gl->tot_len + sizeof(struct
cpl_pass_accept_req) + sizeof(struct rss_header)" addition could have an
integer wrapping bug. Use size_add() to prevent this.
Fixes: 1cab775c3e75 ("RDMA/cxgb4: Fix LE hash collision bug for passive open connection")
Link: https://patch.msgid.link/r/86b404e1-4a75-4a35-a34e-e3054fa554c7@stanley.mountain
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/cxgb4/device.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/hw/cxgb4/device.c b/drivers/infiniband/hw/cxgb4/device.c
index 80970a1738f8a..034b85c422555 100644
--- a/drivers/infiniband/hw/cxgb4/device.c
+++ b/drivers/infiniband/hw/cxgb4/device.c
@@ -1114,8 +1114,10 @@ static inline struct sk_buff *copy_gl_to_skb_pkt(const struct pkt_gl *gl,
* The math here assumes sizeof cpl_pass_accept_req >= sizeof
* cpl_rx_pkt.
*/
- skb = alloc_skb(gl->tot_len + sizeof(struct cpl_pass_accept_req) +
- sizeof(struct rss_header) - pktshift, GFP_ATOMIC);
+ skb = alloc_skb(size_add(gl->tot_len,
+ sizeof(struct cpl_pass_accept_req) +
+ sizeof(struct rss_header)) - pktshift,
+ GFP_ATOMIC);
if (unlikely(!skb))
return NULL;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 141/578] arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 140/578] rdma/cxgb4: Prevent potential integer overflow on 32bit Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 142/578] arm64: dts: mediatek: mt8173-elm: " Greg Kroah-Hartman
` (445 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit a6d5983e40f5d5b219337569cdd269727f5a3e2e ]
The "regulator-compatible" property has been deprecated since 2012 in
commit 13511def87b9 ("regulator: deprecate regulator-compatible DT
property"), which is so old it's not even mentioned in the converted
regulator bindings YAML file. It is also not listed in the MT6397
regulator bindings. Having them present produces a whole bunch of
validation errors:
Unevaluated properties are not allowed ('regulator-compatible' was unexpected)
Drop the "regulator-compatible" property from the board dts. The
property values are the same as the node name, so everything should
continue to work.
Fixes: 16ea61fc5614 ("arm64: dts: mt8173-evb: Add PMIC support")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241211052427.4178367-3-wenst@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 23 ---------------------
1 file changed, 23 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8173-evb.dts b/arch/arm64/boot/dts/mediatek/mt8173-evb.dts
index 49c7185243cc1..52b1114ca77e8 100644
--- a/arch/arm64/boot/dts/mediatek/mt8173-evb.dts
+++ b/arch/arm64/boot/dts/mediatek/mt8173-evb.dts
@@ -311,7 +311,6 @@
compatible = "mediatek,mt6397-regulator";
mt6397_vpca15_reg: buck_vpca15 {
- regulator-compatible = "buck_vpca15";
regulator-name = "vpca15";
regulator-min-microvolt = < 700000>;
regulator-max-microvolt = <1350000>;
@@ -320,7 +319,6 @@
};
mt6397_vpca7_reg: buck_vpca7 {
- regulator-compatible = "buck_vpca7";
regulator-name = "vpca7";
regulator-min-microvolt = < 700000>;
regulator-max-microvolt = <1350000>;
@@ -329,7 +327,6 @@
};
mt6397_vsramca15_reg: buck_vsramca15 {
- regulator-compatible = "buck_vsramca15";
regulator-name = "vsramca15";
regulator-min-microvolt = < 700000>;
regulator-max-microvolt = <1350000>;
@@ -338,7 +335,6 @@
};
mt6397_vsramca7_reg: buck_vsramca7 {
- regulator-compatible = "buck_vsramca7";
regulator-name = "vsramca7";
regulator-min-microvolt = < 700000>;
regulator-max-microvolt = <1350000>;
@@ -347,7 +343,6 @@
};
mt6397_vcore_reg: buck_vcore {
- regulator-compatible = "buck_vcore";
regulator-name = "vcore";
regulator-min-microvolt = < 700000>;
regulator-max-microvolt = <1350000>;
@@ -356,7 +351,6 @@
};
mt6397_vgpu_reg: buck_vgpu {
- regulator-compatible = "buck_vgpu";
regulator-name = "vgpu";
regulator-min-microvolt = < 700000>;
regulator-max-microvolt = <1350000>;
@@ -365,7 +359,6 @@
};
mt6397_vdrm_reg: buck_vdrm {
- regulator-compatible = "buck_vdrm";
regulator-name = "vdrm";
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <1400000>;
@@ -374,7 +367,6 @@
};
mt6397_vio18_reg: buck_vio18 {
- regulator-compatible = "buck_vio18";
regulator-name = "vio18";
regulator-min-microvolt = <1620000>;
regulator-max-microvolt = <1980000>;
@@ -383,19 +375,16 @@
};
mt6397_vtcxo_reg: ldo_vtcxo {
- regulator-compatible = "ldo_vtcxo";
regulator-name = "vtcxo";
regulator-always-on;
};
mt6397_va28_reg: ldo_va28 {
- regulator-compatible = "ldo_va28";
regulator-name = "va28";
regulator-always-on;
};
mt6397_vcama_reg: ldo_vcama {
- regulator-compatible = "ldo_vcama";
regulator-name = "vcama";
regulator-min-microvolt = <1500000>;
regulator-max-microvolt = <2800000>;
@@ -403,18 +392,15 @@
};
mt6397_vio28_reg: ldo_vio28 {
- regulator-compatible = "ldo_vio28";
regulator-name = "vio28";
regulator-always-on;
};
mt6397_vusb_reg: ldo_vusb {
- regulator-compatible = "ldo_vusb";
regulator-name = "vusb";
};
mt6397_vmc_reg: ldo_vmc {
- regulator-compatible = "ldo_vmc";
regulator-name = "vmc";
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <3300000>;
@@ -422,7 +408,6 @@
};
mt6397_vmch_reg: ldo_vmch {
- regulator-compatible = "ldo_vmch";
regulator-name = "vmch";
regulator-min-microvolt = <3000000>;
regulator-max-microvolt = <3300000>;
@@ -430,7 +415,6 @@
};
mt6397_vemc_3v3_reg: ldo_vemc3v3 {
- regulator-compatible = "ldo_vemc3v3";
regulator-name = "vemc_3v3";
regulator-min-microvolt = <3000000>;
regulator-max-microvolt = <3300000>;
@@ -438,7 +422,6 @@
};
mt6397_vgp1_reg: ldo_vgp1 {
- regulator-compatible = "ldo_vgp1";
regulator-name = "vcamd";
regulator-min-microvolt = <1220000>;
regulator-max-microvolt = <3300000>;
@@ -446,7 +429,6 @@
};
mt6397_vgp2_reg: ldo_vgp2 {
- regulator-compatible = "ldo_vgp2";
regulator-name = "vcamio";
regulator-min-microvolt = <1000000>;
regulator-max-microvolt = <3300000>;
@@ -454,7 +436,6 @@
};
mt6397_vgp3_reg: ldo_vgp3 {
- regulator-compatible = "ldo_vgp3";
regulator-name = "vcamaf";
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <3300000>;
@@ -462,7 +443,6 @@
};
mt6397_vgp4_reg: ldo_vgp4 {
- regulator-compatible = "ldo_vgp4";
regulator-name = "vgp4";
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <3300000>;
@@ -470,7 +450,6 @@
};
mt6397_vgp5_reg: ldo_vgp5 {
- regulator-compatible = "ldo_vgp5";
regulator-name = "vgp5";
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <3000000>;
@@ -478,7 +457,6 @@
};
mt6397_vgp6_reg: ldo_vgp6 {
- regulator-compatible = "ldo_vgp6";
regulator-name = "vgp6";
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <3300000>;
@@ -486,7 +464,6 @@
};
mt6397_vibr_reg: ldo_vibr {
- regulator-compatible = "ldo_vibr";
regulator-name = "vibr";
regulator-min-microvolt = <1300000>;
regulator-max-microvolt = <3300000>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 142/578] arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 141/578] arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 143/578] arm64: dts: mediatek: mt8192-asurada: " Greg Kroah-Hartman
` (444 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit 4b907b3ea5fba240808136cc5599d14b52230b39 ]
The "regulator-compatible" property has been deprecated since 2012 in
commit 13511def87b9 ("regulator: deprecate regulator-compatible DT
property"), which is so old it's not even mentioned in the converted
regulator bindings YAML file. It is also not listed in the MT6397
regulator bindings. Having them present produces a whole bunch of
validation errors:
Unevaluated properties are not allowed ('regulator-compatible' was unexpected)
Drop the "regulator-compatible" property from the board dts. The
property values are the same as the node name, so everything should
continue to work.
Fixes: 689b937bedde ("arm64: dts: mediatek: add mt8173 elm and hana board")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241211052427.4178367-4-wenst@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 23 --------------------
1 file changed, 23 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi b/arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi
index e21feb85d822b..6e82aea16c729 100644
--- a/arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi
@@ -938,7 +938,6 @@
compatible = "mediatek,mt6397-regulator";
mt6397_vpca15_reg: buck_vpca15 {
- regulator-compatible = "buck_vpca15";
regulator-name = "vpca15";
regulator-min-microvolt = < 700000>;
regulator-max-microvolt = <1350000>;
@@ -948,7 +947,6 @@
};
mt6397_vpca7_reg: buck_vpca7 {
- regulator-compatible = "buck_vpca7";
regulator-name = "vpca7";
regulator-min-microvolt = < 700000>;
regulator-max-microvolt = <1350000>;
@@ -958,7 +956,6 @@
};
mt6397_vsramca15_reg: buck_vsramca15 {
- regulator-compatible = "buck_vsramca15";
regulator-name = "vsramca15";
regulator-min-microvolt = < 700000>;
regulator-max-microvolt = <1350000>;
@@ -967,7 +964,6 @@
};
mt6397_vsramca7_reg: buck_vsramca7 {
- regulator-compatible = "buck_vsramca7";
regulator-name = "vsramca7";
regulator-min-microvolt = < 700000>;
regulator-max-microvolt = <1350000>;
@@ -976,7 +972,6 @@
};
mt6397_vcore_reg: buck_vcore {
- regulator-compatible = "buck_vcore";
regulator-name = "vcore";
regulator-min-microvolt = < 700000>;
regulator-max-microvolt = <1350000>;
@@ -985,7 +980,6 @@
};
mt6397_vgpu_reg: buck_vgpu {
- regulator-compatible = "buck_vgpu";
regulator-name = "vgpu";
regulator-min-microvolt = < 700000>;
regulator-max-microvolt = <1350000>;
@@ -994,7 +988,6 @@
};
mt6397_vdrm_reg: buck_vdrm {
- regulator-compatible = "buck_vdrm";
regulator-name = "vdrm";
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <1400000>;
@@ -1003,7 +996,6 @@
};
mt6397_vio18_reg: buck_vio18 {
- regulator-compatible = "buck_vio18";
regulator-name = "vio18";
regulator-min-microvolt = <1620000>;
regulator-max-microvolt = <1980000>;
@@ -1012,18 +1004,15 @@
};
mt6397_vtcxo_reg: ldo_vtcxo {
- regulator-compatible = "ldo_vtcxo";
regulator-name = "vtcxo";
regulator-always-on;
};
mt6397_va28_reg: ldo_va28 {
- regulator-compatible = "ldo_va28";
regulator-name = "va28";
};
mt6397_vcama_reg: ldo_vcama {
- regulator-compatible = "ldo_vcama";
regulator-name = "vcama";
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
@@ -1031,18 +1020,15 @@
};
mt6397_vio28_reg: ldo_vio28 {
- regulator-compatible = "ldo_vio28";
regulator-name = "vio28";
regulator-always-on;
};
mt6397_vusb_reg: ldo_vusb {
- regulator-compatible = "ldo_vusb";
regulator-name = "vusb";
};
mt6397_vmc_reg: ldo_vmc {
- regulator-compatible = "ldo_vmc";
regulator-name = "vmc";
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <3300000>;
@@ -1050,7 +1036,6 @@
};
mt6397_vmch_reg: ldo_vmch {
- regulator-compatible = "ldo_vmch";
regulator-name = "vmch";
regulator-min-microvolt = <3000000>;
regulator-max-microvolt = <3300000>;
@@ -1058,7 +1043,6 @@
};
mt6397_vemc_3v3_reg: ldo_vemc3v3 {
- regulator-compatible = "ldo_vemc3v3";
regulator-name = "vemc_3v3";
regulator-min-microvolt = <3000000>;
regulator-max-microvolt = <3300000>;
@@ -1066,7 +1050,6 @@
};
mt6397_vgp1_reg: ldo_vgp1 {
- regulator-compatible = "ldo_vgp1";
regulator-name = "vcamd";
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
@@ -1074,7 +1057,6 @@
};
mt6397_vgp2_reg: ldo_vgp2 {
- regulator-compatible = "ldo_vgp2";
regulator-name = "vcamio";
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
@@ -1082,7 +1064,6 @@
};
mt6397_vgp3_reg: ldo_vgp3 {
- regulator-compatible = "ldo_vgp3";
regulator-name = "vcamaf";
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
@@ -1090,7 +1071,6 @@
};
mt6397_vgp4_reg: ldo_vgp4 {
- regulator-compatible = "ldo_vgp4";
regulator-name = "vgp4";
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <3300000>;
@@ -1098,7 +1078,6 @@
};
mt6397_vgp5_reg: ldo_vgp5 {
- regulator-compatible = "ldo_vgp5";
regulator-name = "vgp5";
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <3000000>;
@@ -1106,7 +1085,6 @@
};
mt6397_vgp6_reg: ldo_vgp6 {
- regulator-compatible = "ldo_vgp6";
regulator-name = "vgp6";
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
@@ -1115,7 +1093,6 @@
};
mt6397_vibr_reg: ldo_vibr {
- regulator-compatible = "ldo_vibr";
regulator-name = "vibr";
regulator-min-microvolt = <1300000>;
regulator-max-microvolt = <3300000>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 143/578] arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 142/578] arm64: dts: mediatek: mt8173-elm: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 144/578] arm64: dts: mediatek: mt8195-cherry: " Greg Kroah-Hartman
` (443 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit d1fb968551c8688652b8b817bb081fdc9c25cd48 ]
The "regulator-compatible" property has been deprecated since 2012 in
commit 13511def87b9 ("regulator: deprecate regulator-compatible DT
property"), which is so old it's not even mentioned in the converted
regulator bindings YAML file. It should not have been used for new
submissions such as the MT6315.
Drop the "regulator-compatible" property from the board dts. The
property values are the same as the node name, so everything should
continue to work.
Fixes: 3183cb62b033 ("arm64: dts: mediatek: asurada: Add SPMI regulators")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241211052427.4178367-5-wenst@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 ---
1 file changed, 3 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi b/arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi
index 0814ed6a7272d..7e5230581a1c7 100644
--- a/arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi
@@ -901,7 +901,6 @@
regulators {
mt6315_6_vbuck1: vbuck1 {
- regulator-compatible = "vbuck1";
regulator-name = "Vbcpu";
regulator-min-microvolt = <400000>;
regulator-max-microvolt = <1193750>;
@@ -911,7 +910,6 @@
};
mt6315_6_vbuck3: vbuck3 {
- regulator-compatible = "vbuck3";
regulator-name = "Vlcpu";
regulator-min-microvolt = <400000>;
regulator-max-microvolt = <1193750>;
@@ -928,7 +926,6 @@
regulators {
mt6315_7_vbuck1: vbuck1 {
- regulator-compatible = "vbuck1";
regulator-name = "Vgpu";
regulator-min-microvolt = <400000>;
regulator-max-microvolt = <800000>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 144/578] arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 143/578] arm64: dts: mediatek: mt8192-asurada: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 145/578] arm64: dts: mediatek: mt8195-demo: " Greg Kroah-Hartman
` (442 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit 4dbaa5d5def2c49e44efaa5e796c23d9b904be09 ]
The "regulator-compatible" property has been deprecated since 2012 in
commit 13511def87b9 ("regulator: deprecate regulator-compatible DT
property"), which is so old it's not even mentioned in the converted
regulator bindings YAML file. It should not have been used for new
submissions such as the MT6315.
Drop the "regulator-compatible" property from the board dts. The
property values are the same as the node name, so everything should
continue to work.
Fixes: 260c04d425eb ("arm64: dts: mediatek: cherry: Enable MT6315 regulators on SPMI bus")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241211052427.4178367-6-wenst@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 --
1 file changed, 2 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi b/arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi
index 0243da99d9c69..e4861c6cd78e1 100644
--- a/arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi
@@ -843,7 +843,6 @@
regulators {
mt6315_6_vbuck1: vbuck1 {
- regulator-compatible = "vbuck1";
regulator-name = "Vbcpu";
regulator-min-microvolt = <400000>;
regulator-max-microvolt = <1193750>;
@@ -861,7 +860,6 @@
regulators {
mt6315_7_vbuck1: vbuck1 {
- regulator-compatible = "vbuck1";
regulator-name = "Vgpu";
regulator-min-microvolt = <400000>;
regulator-max-microvolt = <1193750>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 145/578] arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 144/578] arm64: dts: mediatek: mt8195-cherry: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 146/578] arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names Greg Kroah-Hartman
` (441 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit 2a8af9b95f504260a6d8200a11f0ae5c90e9f787 ]
The "regulator-compatible" property has been deprecated since 2012 in
commit 13511def87b9 ("regulator: deprecate regulator-compatible DT
property"), which is so old it's not even mentioned in the converted
regulator bindings YAML file. It is also not listed in the MT6360
regulator and charger bindings.
Drop the "regulator-compatible" property from the board dts. The MT6360
bindings actually require the lowercase name, so with the property
present the regulators were likely not actually working.
Fixes: 6147314aeedc ("arm64: dts: mediatek: Add device-tree for MT8195 Demo board")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241211052427.4178367-7-wenst@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8195-demo.dts b/arch/arm64/boot/dts/mediatek/mt8195-demo.dts
index 998c2e78168a6..4e1803ab99634 100644
--- a/arch/arm64/boot/dts/mediatek/mt8195-demo.dts
+++ b/arch/arm64/boot/dts/mediatek/mt8195-demo.dts
@@ -120,7 +120,6 @@
richtek,vinovp-microvolt = <14500000>;
otg_vbus_regulator: usb-otg-vbus-regulator {
- regulator-compatible = "usb-otg-vbus";
regulator-name = "usb-otg-vbus";
regulator-min-microvolt = <4425000>;
regulator-max-microvolt = <5825000>;
@@ -132,7 +131,6 @@
LDO_VIN3-supply = <&mt6360_buck2>;
mt6360_buck1: buck1 {
- regulator-compatible = "BUCK1";
regulator-name = "mt6360,buck1";
regulator-min-microvolt = <300000>;
regulator-max-microvolt = <1300000>;
@@ -143,7 +141,6 @@
};
mt6360_buck2: buck2 {
- regulator-compatible = "BUCK2";
regulator-name = "mt6360,buck2";
regulator-min-microvolt = <300000>;
regulator-max-microvolt = <1300000>;
@@ -154,7 +151,6 @@
};
mt6360_ldo1: ldo1 {
- regulator-compatible = "LDO1";
regulator-name = "mt6360,ldo1";
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <3600000>;
@@ -163,7 +159,6 @@
};
mt6360_ldo2: ldo2 {
- regulator-compatible = "LDO2";
regulator-name = "mt6360,ldo2";
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <3600000>;
@@ -172,7 +167,6 @@
};
mt6360_ldo3: ldo3 {
- regulator-compatible = "LDO3";
regulator-name = "mt6360,ldo3";
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <3600000>;
@@ -181,7 +175,6 @@
};
mt6360_ldo5: ldo5 {
- regulator-compatible = "LDO5";
regulator-name = "mt6360,ldo5";
regulator-min-microvolt = <2700000>;
regulator-max-microvolt = <3600000>;
@@ -190,7 +183,6 @@
};
mt6360_ldo6: ldo6 {
- regulator-compatible = "LDO6";
regulator-name = "mt6360,ldo6";
regulator-min-microvolt = <500000>;
regulator-max-microvolt = <2100000>;
@@ -199,7 +191,6 @@
};
mt6360_ldo7: ldo7 {
- regulator-compatible = "LDO7";
regulator-name = "mt6360,ldo7";
regulator-min-microvolt = <500000>;
regulator-max-microvolt = <2100000>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 146/578] arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 145/578] arm64: dts: mediatek: mt8195-demo: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 147/578] arm64: dts: mediatek: mt8173-evb: " Greg Kroah-Hartman
` (440 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit beb06b727194f68b0a4b5183e50c88265ce185af ]
The MT6397 PMIC bindings specify exact names for its sub-nodes. The
names used in the current dts don't match, causing a validation error.
Fix up the names. Also drop the label for the regulators node, since
any reference should be against the individual regulator sub-nodes.
Fixes: 689b937bedde ("arm64: dts: mediatek: add mt8173 elm and hana board")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Link: https://lore.kernel.org/r/20241210092614.3951748-1-wenst@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi b/arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi
index 6e82aea16c729..1135ed0bf90c4 100644
--- a/arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi
@@ -922,7 +922,7 @@
interrupt-controller;
#interrupt-cells = <2>;
- clock: mt6397clock {
+ clock: clocks {
compatible = "mediatek,mt6397-clk";
#clock-cells = <1>;
};
@@ -934,7 +934,7 @@
#gpio-cells = <2>;
};
- regulator: mt6397regulator {
+ regulators {
compatible = "mediatek,mt6397-regulator";
mt6397_vpca15_reg: buck_vpca15 {
@@ -1100,7 +1100,7 @@
};
};
- rtc: mt6397rtc {
+ rtc: rtc {
compatible = "mediatek,mt6397-rtc";
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 147/578] arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 146/578] arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 148/578] arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen Greg Kroah-Hartman
` (439 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit 9545ba142865b9099d43c972b9ebcf463606499a ]
The MT6397 PMIC bindings specify exact names for its sub-nodes. The
names used in the current dts don't match, causing a validation error.
Fix up the names. Also drop the label for the regulators node, since
any reference should be against the individual regulator sub-nodes.
Fixes: 16ea61fc5614 ("arm64: dts: mt8173-evb: Add PMIC support")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Link: https://lore.kernel.org/r/20241210092614.3951748-2-wenst@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8173-evb.dts b/arch/arm64/boot/dts/mediatek/mt8173-evb.dts
index 52b1114ca77e8..8bc3ea1a7fbcd 100644
--- a/arch/arm64/boot/dts/mediatek/mt8173-evb.dts
+++ b/arch/arm64/boot/dts/mediatek/mt8173-evb.dts
@@ -307,7 +307,7 @@
interrupt-controller;
#interrupt-cells = <2>;
- mt6397regulator: mt6397regulator {
+ regulators {
compatible = "mediatek,mt6397-regulator";
mt6397_vpca15_reg: buck_vpca15 {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 148/578] arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 147/578] arm64: dts: mediatek: mt8173-evb: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 149/578] arm64: dts: mediatek: mt8183: willow: " Greg Kroah-Hartman
` (438 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hsin-Te Yuan,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hsin-Te Yuan <yuanhsinte@chromium.org>
[ Upstream commit 5ec5dc73c5ac0c6e06803dc3b5aea4493e856568 ]
Some kenzo devices use second source touchscreen.
Fixes: 0a9cefe21aec ("arm64: dts: mt8183: Add kukui-jacuzzi-kenzo board")
Signed-off-by: Hsin-Te Yuan <yuanhsinte@chromium.org>
Link: https://lore.kernel.org/r/20241213-touchscreen-v3-1-7c1f670913f9@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts
index 8fa89db03e639..328294245a79d 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts
@@ -11,3 +11,18 @@
model = "Google kenzo sku17 board";
compatible = "google,juniper-sku17", "google,juniper", "mediatek,mt8183";
};
+
+&i2c0 {
+ touchscreen@40 {
+ compatible = "hid-over-i2c";
+ reg = <0x40>;
+
+ pinctrl-names = "default";
+ pinctrl-0 = <&touchscreen_pins>;
+
+ interrupts-extended = <&pio 155 IRQ_TYPE_LEVEL_LOW>;
+
+ post-power-on-delay-ms = <70>;
+ hid-descr-addr = <0x0001>;
+ };
+};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 149/578] arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 148/578] arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 150/578] RDMA/srp: Fix error handling in srp_add_port Greg Kroah-Hartman
` (437 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hsin-Te Yuan,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hsin-Te Yuan <yuanhsinte@chromium.org>
[ Upstream commit 9594935260d76bffe200bea6cfab6ba0752e70d9 ]
Some willow devices use second source touchscreen.
Fixes: f006bcf1c972 ("arm64: dts: mt8183: Add kukui-jacuzzi-willow board")
Signed-off-by: Hsin-Te Yuan <yuanhsinte@chromium.org>
Link: https://lore.kernel.org/r/20241213-touchscreen-v3-2-7c1f670913f9@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi
index 76d33540166f9..c942e461a177e 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi
@@ -6,6 +6,21 @@
/dts-v1/;
#include "mt8183-kukui-jacuzzi.dtsi"
+&i2c0 {
+ touchscreen@40 {
+ compatible = "hid-over-i2c";
+ reg = <0x40>;
+
+ pinctrl-names = "default";
+ pinctrl-0 = <&touchscreen_pins>;
+
+ interrupts-extended = <&pio 155 IRQ_TYPE_LEVEL_LOW>;
+
+ post-power-on-delay-ms = <70>;
+ hid-descr-addr = <0x0001>;
+ };
+};
+
&i2c2 {
trackpad@2c {
compatible = "hid-over-i2c";
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 150/578] RDMA/srp: Fix error handling in srp_add_port
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 149/578] arm64: dts: mediatek: mt8183: willow: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 151/578] memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() Greg Kroah-Hartman
` (436 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ma Ke, Bart Van Assche,
Leon Romanovsky, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ma Ke <make_ruc2021@163.com>
[ Upstream commit a3cbf68c69611188cd304229e346bffdabfd4277 ]
As comment of device_add() says, if device_add() succeeds, you should
call device_del() when you want to get rid of it. If device_add() has
not succeeded, use only put_device() to drop the reference count.
Add a put_device() call before returning from the function to decrement
reference count for cleanup.
Found by code review.
Fixes: c8e4c2397655 ("RDMA/srp: Rework the srp_add_port() error path")
Signed-off-by: Ma Ke <make_ruc2021@163.com>
Link: https://patch.msgid.link/20241217075538.2909996-1-make_ruc2021@163.com
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/srp/ib_srp.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index c4dcef76e9646..8df23ab974c16 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -3983,7 +3983,6 @@ static struct srp_host *srp_add_port(struct srp_device *device, u32 port)
return host;
put_host:
- device_del(&host->dev);
put_device(&host->dev);
return NULL;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 151/578] memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 150/578] RDMA/srp: Fix error handling in srp_add_port Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 152/578] arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Greg Kroah-Hartman
` (435 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joe Hattori, Krzysztof Kozlowski,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit b9784e5cde1f9fb83661a70e580e381ae1264d12 ]
As of_find_node_by_name() release the reference of the argument device
node, tegra_emc_find_node_by_ram_code() releases some device nodes while
still in use, resulting in possible UAFs. According to the bindings and
the in-tree DTS files, the "emc-tables" node is always device's child
node with the property "nvidia,use-ram-code", and the "lpddr2" node is a
child of the "emc-tables" node. Thus utilize the
for_each_child_of_node() macro and of_get_child_by_name() instead of
of_find_node_by_name() to simplify the code.
This bug was found by an experimental verification tool that I am
developing.
Fixes: 96e5da7c8424 ("memory: tegra: Introduce Tegra20 EMC driver")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Link: https://lore.kernel.org/r/20241217091434.1993597-1-joe@pf.is.s.u-tokyo.ac.jp
Link: https://lore.kernel.org/r/20241218024415.2494267-3-joe@pf.is.s.u-tokyo.ac.jp
[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memory/tegra/tegra20-emc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/memory/tegra/tegra20-emc.c b/drivers/memory/tegra/tegra20-emc.c
index d1f01f80dcbdf..a68e281b78961 100644
--- a/drivers/memory/tegra/tegra20-emc.c
+++ b/drivers/memory/tegra/tegra20-emc.c
@@ -477,14 +477,15 @@ tegra_emc_find_node_by_ram_code(struct tegra_emc *emc)
ram_code = tegra_read_ram_code();
- for (np = of_find_node_by_name(dev->of_node, "emc-tables"); np;
- np = of_find_node_by_name(np, "emc-tables")) {
+ for_each_child_of_node(dev->of_node, np) {
+ if (!of_node_name_eq(np, "emc-tables"))
+ continue;
err = of_property_read_u32(np, "nvidia,ram-code", &value);
if (err || value != ram_code) {
struct device_node *lpddr2_np;
bool cfg_mismatches = false;
- lpddr2_np = of_find_node_by_name(np, "lpddr2");
+ lpddr2_np = of_get_child_by_name(np, "lpddr2");
if (lpddr2_np) {
const struct lpddr2_info *info;
@@ -521,7 +522,6 @@ tegra_emc_find_node_by_ram_code(struct tegra_emc *emc)
}
if (cfg_mismatches) {
- of_node_put(np);
continue;
}
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 152/578] arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 151/578] memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 153/578] arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Greg Kroah-Hartman
` (434 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit 0b5b1c881a909f17c05ef4b1ccb421e077f6e466 ]
The pp3300_panel fixed regulator is just a load switch. It does not have
any regulating capabilities. Thus having voltage constraints on it is
wrong.
Remove the voltage constraints.
Fixes: cabc71b08eb5 ("arm64: dts: mt8183: Add kukui-jacuzzi-damu board")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Link: https://lore.kernel.org/r/20241030070224.1006331-2-wenst@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 --
1 file changed, 2 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi
index 629c4b7ecbc62..8e0575f8c1b27 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi
@@ -39,8 +39,6 @@
pp3300_panel: pp3300-panel {
compatible = "regulator-fixed";
regulator-name = "pp3300_panel";
- regulator-min-microvolt = <3300000>;
- regulator-max-microvolt = <3300000>;
pinctrl-names = "default";
pinctrl-0 = <&pp3300_panel_pins>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 153/578] arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 152/578] arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 154/578] arm64: dts: qcom: msm8996: Fix up USB3 interrupts Greg Kroah-Hartman
` (433 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Vasut, Dmitry Baryshkov,
Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Vasut <marex@denx.de>
[ Upstream commit 02e784c5023232c48c6ec79b52ac8929d4e4db34 ]
The LP5562 led@1 reg property should likely be set to 1 to match
the unit. Fix it.
Fixes: 4ac46b3682c5 ("arm64: dts: qcom: msm8996: xiaomi-gemini: Add support for Xiaomi Mi 5")
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20241006022012.366601-1-marex@denx.de
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts b/arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts
index 3bbafb68ba5c5..543282fe2abbd 100644
--- a/arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts
+++ b/arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts
@@ -65,7 +65,7 @@
};
led@1 {
- reg = <0>;
+ reg = <1>;
chan-name = "button-backlight1";
led-cur = /bits/ 8 <0x32>;
max-cur = /bits/ 8 <0xC8>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 154/578] arm64: dts: qcom: msm8996: Fix up USB3 interrupts
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 153/578] arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 155/578] arm64: dts: qcom: msm8994: Describe USB interrupts Greg Kroah-Hartman
` (432 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Bjorn Andersson,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
[ Upstream commit 9cb9c9f4e1380da317a056afd26d66a835c5796c ]
Add the missing interrupt lines and fix qusb2_phy being an impostor
of hs_phy_irq.
This happens to also fix warnings such as:
usb@6af8800: interrupt-names: ['hs_phy_irq', 'ss_phy_irq'] is too short
Fixes: 4753492de9df ("arm64: dts: qcom: msm8996: Add usb3 interrupts")
Signed-off-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Link: https://lore.kernel.org/r/20241129-topic-qcom_usb_dtb_fixup-v1-3-cba24120c058@oss.qualcomm.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8996.dtsi b/arch/arm64/boot/dts/qcom/msm8996.dtsi
index 3b9a4bf897014..b3ebd0298f645 100644
--- a/arch/arm64/boot/dts/qcom/msm8996.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8996.dtsi
@@ -2968,9 +2968,14 @@
#size-cells = <1>;
ranges;
- interrupts = <GIC_SPI 347 IRQ_TYPE_LEVEL_HIGH>,
+ interrupts = <GIC_SPI 180 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 347 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 133 IRQ_TYPE_LEVEL_HIGH>,
<GIC_SPI 243 IRQ_TYPE_LEVEL_HIGH>;
- interrupt-names = "hs_phy_irq", "ss_phy_irq";
+ interrupt-names = "pwr_event",
+ "qusb2_phy",
+ "hs_phy_irq",
+ "ss_phy_irq";
clocks = <&gcc GCC_SYS_NOC_USB3_AXI_CLK>,
<&gcc GCC_USB30_MASTER_CLK>,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 155/578] arm64: dts: qcom: msm8994: Describe USB interrupts
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 154/578] arm64: dts: qcom: msm8996: Fix up USB3 interrupts Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 156/578] arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value Greg Kroah-Hartman
` (431 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Petr Vorel,
Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
[ Upstream commit c910544d2234709660d60f80345c285616e73b1c ]
Previously the interrupt lanes were not described, fix that.
Fixes: d9be0bc95f25 ("arm64: dts: qcom: msm8994: Add USB support")
Signed-off-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
Link: https://lore.kernel.org/r/20241129-topic-qcom_usb_dtb_fixup-v1-4-cba24120c058@oss.qualcomm.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8994.dtsi | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/arm64/boot/dts/qcom/msm8994.dtsi b/arch/arm64/boot/dts/qcom/msm8994.dtsi
index 3c6c2cf99fb9d..5fe9a9be7903a 100644
--- a/arch/arm64/boot/dts/qcom/msm8994.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8994.dtsi
@@ -434,6 +434,15 @@
#size-cells = <1>;
ranges;
+ interrupts = <GIC_SPI 180 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 311 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 133 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 310 IRQ_TYPE_LEVEL_HIGH>;
+ interrupt-names = "pwr_event",
+ "qusb2_phy",
+ "hs_phy_irq",
+ "ss_phy_irq";
+
clocks = <&gcc GCC_USB30_MASTER_CLK>,
<&gcc GCC_SYS_NOC_USB3_AXI_CLK>,
<&gcc GCC_USB30_SLEEP_CLK>,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 156/578] arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 155/578] arm64: dts: qcom: msm8994: Describe USB interrupts Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 157/578] arm64: dts: qcom: msm8916: correct sleep clock frequency Greg Kroah-Hartman
` (430 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luca Weiss, Konrad Dybcio,
Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luca Weiss <luca.weiss@fairphone.com>
[ Upstream commit 7fb88e0d4dc1a40a29d49b603faa1484334c60f3 ]
The ID 434 is for SM6350 while 459 is for SM7225. Fairphone 4 is only
SM7225, so drop the unused 434 entry.
Fixes: 4cbea668767d ("arm64: dts: qcom: sm7225: Add device tree for Fairphone 4")
Signed-off-by: Luca Weiss <luca.weiss@fairphone.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Link: https://lore.kernel.org/r/20241220-fp4-msm-id-v1-1-2b75af02032a@fairphone.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts b/arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts
index 30c94fd4fe61f..be47e34da9906 100644
--- a/arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts
+++ b/arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts
@@ -20,7 +20,7 @@
chassis-type = "handset";
/* required for bootloader to select correct board */
- qcom,msm-id = <434 0x10000>, <459 0x10000>;
+ qcom,msm-id = <459 0x10000>;
qcom,board-id = <8 32>;
aliases {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 157/578] arm64: dts: qcom: msm8916: correct sleep clock frequency
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 156/578] arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 158/578] arm64: dts: qcom: msm8994: " Greg Kroah-Hartman
` (429 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Bjorn Andersson,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit f088b921890cef28862913e5627bb2e2b5f82125 ]
The MSM8916 platform uses PM8916 to provide sleep clock. According to the
documentation, that clock has 32.7645 kHz frequency. Correct the sleep
clock definition.
Fixes: f4fb6aeafaaa ("arm64: dts: qcom: msm8916: Add fixed rate on-board oscillators")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20241224-fix-board-clocks-v3-1-e9b08fbeadd3@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8916.dtsi b/arch/arm64/boot/dts/qcom/msm8916.dtsi
index 987cebbda0571..571ed1abdad4f 100644
--- a/arch/arm64/boot/dts/qcom/msm8916.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8916.dtsi
@@ -109,7 +109,7 @@
sleep_clk: sleep-clk {
compatible = "fixed-clock";
#clock-cells = <0>;
- clock-frequency = <32768>;
+ clock-frequency = <32764>;
};
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 158/578] arm64: dts: qcom: msm8994: correct sleep clock frequency
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 157/578] arm64: dts: qcom: msm8916: correct sleep clock frequency Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 159/578] arm64: dts: qcom: sc7280: " Greg Kroah-Hartman
` (428 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Bjorn Andersson,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit a4148d869d47d8c86da0291dd95d411a5ebe90c8 ]
The MSM8994 platform uses PM8994/6 to provide sleep clock. According to the
documentation, that clock has 32.7645 kHz frequency. Correct the sleep
clock definition.
Fixes: feeaf56ac78d ("arm64: dts: msm8994 SoC and Huawei Angler (Nexus 6P) support")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20241224-fix-board-clocks-v3-3-e9b08fbeadd3@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8994.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8994.dtsi b/arch/arm64/boot/dts/qcom/msm8994.dtsi
index 5fe9a9be7903a..0eb8eca13ad9d 100644
--- a/arch/arm64/boot/dts/qcom/msm8994.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8994.dtsi
@@ -33,7 +33,7 @@
sleep_clk: sleep-clk {
compatible = "fixed-clock";
#clock-cells = <0>;
- clock-frequency = <32768>;
+ clock-frequency = <32764>;
clock-output-names = "sleep_clk";
};
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 159/578] arm64: dts: qcom: sc7280: correct sleep clock frequency
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 158/578] arm64: dts: qcom: msm8994: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 160/578] arm64: dts: qcom: sm6125: " Greg Kroah-Hartman
` (427 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Bjorn Andersson,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit f6ccdca14eac545320ab03d6ca91ca343e7372e5 ]
The SC7280 platform uses PMK8350 to provide sleep clock. According to the
documentation, that clock has 32.7645 kHz frequency. Correct the sleep
clock definition.
Fixes: 7a1f4e7f740d ("arm64: dts: qcom: sc7280: Add basic dts/dtsi files for sc7280 soc")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20241224-fix-board-clocks-v3-8-e9b08fbeadd3@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7280.dtsi b/arch/arm64/boot/dts/qcom/sc7280.dtsi
index b5cd24d59ad9a..b778728390e53 100644
--- a/arch/arm64/boot/dts/qcom/sc7280.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7280.dtsi
@@ -79,7 +79,7 @@
sleep_clk: sleep-clk {
compatible = "fixed-clock";
- clock-frequency = <32000>;
+ clock-frequency = <32764>;
#clock-cells = <0>;
};
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 160/578] arm64: dts: qcom: sm6125: correct sleep clock frequency
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 159/578] arm64: dts: qcom: sc7280: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 161/578] arm64: dts: qcom: sm8250: " Greg Kroah-Hartman
` (426 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Bjorn Andersson,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit b3c547e1507862f0e4d46432b665c5c6e61e14d6 ]
The SM6125 platform uses PM6125 to provide sleep clock. According to the
documentation, that clock has 32.7645 kHz frequency. Correct the sleep
clock definition.
Fixes: cff4bbaf2a2d ("arm64: dts: qcom: Add support for SM6125")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20241224-fix-board-clocks-v3-11-e9b08fbeadd3@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sm6125.dtsi b/arch/arm64/boot/dts/qcom/sm6125.dtsi
index 271247b371759..a3876a322baa0 100644
--- a/arch/arm64/boot/dts/qcom/sm6125.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm6125.dtsi
@@ -27,7 +27,7 @@
sleep_clk: sleep-clk {
compatible = "fixed-clock";
#clock-cells = <0>;
- clock-frequency = <32000>;
+ clock-frequency = <32764>;
clock-output-names = "sleep_clk";
};
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 161/578] arm64: dts: qcom: sm8250: correct sleep clock frequency
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 160/578] arm64: dts: qcom: sm6125: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 162/578] arm64: dts: qcom: sm8350: " Greg Kroah-Hartman
` (425 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Bjorn Andersson,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 75420e437eed69fa95d1d7c339dad86dea35319a ]
The SM8250 platform uses PM8150 to provide sleep clock. According to the
documentation, that clock has 32.7645 kHz frequency. Correct the sleep
clock definition.
Fixes: 9ff8b0591fcf ("arm64: dts: qcom: sm8250: use the right clock-freqency for sleep-clk")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20241224-fix-board-clocks-v3-13-e9b08fbeadd3@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sm8250.dtsi b/arch/arm64/boot/dts/qcom/sm8250.dtsi
index c9780b2afd2f5..e0935da96cd6a 100644
--- a/arch/arm64/boot/dts/qcom/sm8250.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8250.dtsi
@@ -84,7 +84,7 @@
sleep_clk: sleep-clk {
compatible = "fixed-clock";
- clock-frequency = <32768>;
+ clock-frequency = <32764>;
#clock-cells = <0>;
};
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 162/578] arm64: dts: qcom: sm8350: correct sleep clock frequency
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 161/578] arm64: dts: qcom: sm8250: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 163/578] arm64: dts: qcom: sm8450: " Greg Kroah-Hartman
` (424 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Bjorn Andersson,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit f4cc8c75cfc5d06084a31da2ff67e477565f0cae ]
The SM8350 platform uses PMK8350 to provide sleep clock. According to the
documentation, that clock has 32.7645 kHz frequency. Correct the sleep
clock definition.
Fixes: b7e8f433a673 ("arm64: dts: qcom: Add basic devicetree support for SM8350 SoC")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20241224-fix-board-clocks-v3-14-e9b08fbeadd3@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sm8350.dtsi b/arch/arm64/boot/dts/qcom/sm8350.dtsi
index 888bf4cd73c31..5e97ede46a3e2 100644
--- a/arch/arm64/boot/dts/qcom/sm8350.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8350.dtsi
@@ -34,7 +34,7 @@
sleep_clk: sleep-clk {
compatible = "fixed-clock";
- clock-frequency = <32000>;
+ clock-frequency = <32764>;
#clock-cells = <0>;
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 163/578] arm64: dts: qcom: sm8450: correct sleep clock frequency
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 162/578] arm64: dts: qcom: sm8350: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 164/578] arm64: dts: ti: k3-am62: Remove duplicate GICR reg Greg Kroah-Hartman
` (423 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Bjorn Andersson,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit c375ff3b887abf376607d4769c1114c5e3b6ea72 ]
The SM8450 platform uses PMK8350 to provide sleep clock. According to the
documentation, that clock has 32.7645 kHz frequency. Correct the sleep
clock definition.
Fixes: 5188049c9b36 ("arm64: dts: qcom: Add base SM8450 DTSI")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20241224-fix-board-clocks-v3-15-e9b08fbeadd3@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sm8450.dtsi b/arch/arm64/boot/dts/qcom/sm8450.dtsi
index aa0977af9411a..46f2e67ce6236 100644
--- a/arch/arm64/boot/dts/qcom/sm8450.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8450.dtsi
@@ -33,7 +33,7 @@
sleep_clk: sleep-clk {
compatible = "fixed-clock";
#clock-cells = <0>;
- clock-frequency = <32000>;
+ clock-frequency = <32764>;
};
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 164/578] arm64: dts: ti: k3-am62: Remove duplicate GICR reg
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 163/578] arm64: dts: qcom: sm8450: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 165/578] arm64: dts: ti: k3-am62a: " Greg Kroah-Hartman
` (422 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bin Liu, Bryan Brattlof,
Nishanth Menon, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bryan Brattlof <bb@ti.com>
[ Upstream commit 72c691d77ea5d0c4636fd3e9f0ad80d813c7d1a7 ]
The GIC Redistributor control register range is mapped twice. Remove
the extra entry from the reg range.
Fixes: f1d17330a5be ("arm64: dts: ti: Introduce base support for AM62x SoC")
Reported-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Link: https://lore.kernel.org/r/20241210-am62-gic-fixup-v1-1-758b4d5b4a0a@ti.com
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/arm64/boot/dts/ti/k3-am62-main.dtsi b/arch/arm64/boot/dts/ti/k3-am62-main.dtsi
index eb8690a6be168..04222028e53e2 100644
--- a/arch/arm64/boot/dts/ti/k3-am62-main.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-am62-main.dtsi
@@ -23,7 +23,6 @@
interrupt-controller;
reg = <0x00 0x01800000 0x00 0x10000>, /* GICD */
<0x00 0x01880000 0x00 0xc0000>, /* GICR */
- <0x00 0x01880000 0x00 0xc0000>, /* GICR */
<0x01 0x00000000 0x00 0x2000>, /* GICC */
<0x01 0x00010000 0x00 0x1000>, /* GICH */
<0x01 0x00020000 0x00 0x2000>; /* GICV */
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 165/578] arm64: dts: ti: k3-am62a: Remove duplicate GICR reg
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 164/578] arm64: dts: ti: k3-am62: Remove duplicate GICR reg Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 166/578] arm64: dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl Greg Kroah-Hartman
` (421 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bin Liu, Bryan Brattlof,
Nishanth Menon, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bryan Brattlof <bb@ti.com>
[ Upstream commit 6f0232577e260cdbc25508e27bb0b75ade7e7ebc ]
The GIC Redistributor control range is mapped twice. Remove the extra
entry from the reg range.
Fixes: 5fc6b1b62639 ("arm64: dts: ti: Introduce AM62A7 family of SoCs")
Reported-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Link: https://lore.kernel.org/r/20241210-am62-gic-fixup-v1-2-758b4d5b4a0a@ti.com
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/arm64/boot/dts/ti/k3-am62a-main.dtsi b/arch/arm64/boot/dts/ti/k3-am62a-main.dtsi
index 9301ea3888021..4b349d73da21f 100644
--- a/arch/arm64/boot/dts/ti/k3-am62a-main.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-am62a-main.dtsi
@@ -18,7 +18,6 @@
compatible = "arm,gic-v3";
reg = <0x00 0x01800000 0x00 0x10000>, /* GICD */
<0x00 0x01880000 0x00 0xc0000>, /* GICR */
- <0x00 0x01880000 0x00 0xc0000>, /* GICR */
<0x01 0x00000000 0x00 0x2000>, /* GICC */
<0x01 0x00010000 0x00 0x1000>, /* GICH */
<0x01 0x00020000 0x00 0x2000>; /* GICV */
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 166/578] arm64: dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 165/578] arm64: dts: ti: k3-am62a: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 167/578] arm64: dts: qcom: sc7180-idp: use just "port" in panel Greg Kroah-Hartman
` (420 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Dmitry Baryshkov,
Bryan ODonoghue, Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
[ Upstream commit a45d0641d110e81826710aa92711e1c2eedecb43 ]
Add silicon specific compatible qcom,sc7180-dsi-ctrl to the
mdss-dsi-ctrl block. This allows us to differentiate the specific bindings
for sc7180 against the yaml documentation.
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20221223021025.1646636-14-bryan.odonoghue@linaro.org
Stable-dep-of: aa09de104d42 ("arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7180.dtsi | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7180.dtsi b/arch/arm64/boot/dts/qcom/sc7180.dtsi
index 13fe1c92bf351..b4775159dde0b 100644
--- a/arch/arm64/boot/dts/qcom/sc7180.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180.dtsi
@@ -2985,7 +2985,8 @@
};
dsi0: dsi@ae94000 {
- compatible = "qcom,mdss-dsi-ctrl";
+ compatible = "qcom,sc7180-dsi-ctrl",
+ "qcom,mdss-dsi-ctrl";
reg = <0 0x0ae94000 0 0x400>;
reg-names = "dsi_ctrl";
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 167/578] arm64: dts: qcom: sc7180-idp: use just "port" in panel
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 166/578] arm64: dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 168/578] arm64: dts: qcom: sc7180-trogdor-quackingstick: " Greg Kroah-Hartman
` (419 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski,
Dmitry Baryshkov, Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 746bda7d9dd9518793034d7008a19e4cf5c3004d ]
The panel bindings expect to have only one port, thus they do not allow
to use "ports" node:
sc7180-idp.dtb: panel@0: 'ports' does not match any of the regexes: 'pinctrl-[0-9]+'
sc7180-idp.dtb: panel@0: 'port' is a required property
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230326155753.92007-4-krzysztof.kozlowski@linaro.org
Stable-dep-of: aa09de104d42 ("arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7180-idp.dts | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7180-idp.dts b/arch/arm64/boot/dts/qcom/sc7180-idp.dts
index 9dee131b1e245..ebb4f4541e14d 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-idp.dts
+++ b/arch/arm64/boot/dts/qcom/sc7180-idp.dts
@@ -306,14 +306,9 @@
reset-gpios = <&pm6150l_gpio 3 GPIO_ACTIVE_HIGH>;
- ports {
- #address-cells = <1>;
- #size-cells = <0>;
- port@0 {
- reg = <0>;
- panel0_in: endpoint {
- remote-endpoint = <&dsi0_out>;
- };
+ port {
+ panel0_in: endpoint {
+ remote-endpoint = <&dsi0_out>;
};
};
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 168/578] arm64: dts: qcom: sc7180-trogdor-quackingstick: use just "port" in panel
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 167/578] arm64: dts: qcom: sc7180-idp: use just "port" in panel Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 169/578] arm64: dts: qcom: sc7180-trogdor-wormdingler: " Greg Kroah-Hartman
` (418 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski,
Dmitry Baryshkov, Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 88904a12fbcbd97e56d341080845ce0807164fb5 ]
The panel bindings expect to have only one port, thus they do not allow
to use "ports" node:
sc7180-trogdor-quackingstick-r0.dtb: panel@0: 'ports' does not match any of the regexes: 'pinctrl-[0-9]+'
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230326155753.92007-5-krzysztof.kozlowski@linaro.org
Stable-dep-of: aa09de104d42 ("arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi
index 695b04fe7221f..4ec3e578a1120 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi
@@ -65,14 +65,9 @@
backlight = <&backlight>;
rotation = <270>;
- ports {
- #address-cells = <1>;
- #size-cells = <0>;
- port@0 {
- reg = <0>;
- panel_in: endpoint {
- remote-endpoint = <&dsi0_out>;
- };
+ port {
+ panel_in: endpoint {
+ remote-endpoint = <&dsi0_out>;
};
};
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 169/578] arm64: dts: qcom: sc7180-trogdor-wormdingler: use just "port" in panel
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 168/578] arm64: dts: qcom: sc7180-trogdor-quackingstick: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 170/578] arm64: dts: qcom: sc7180: Dont enable lpass clocks by default Greg Kroah-Hartman
` (417 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski,
Dmitry Baryshkov, Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit c28d9029f3b68a42794a0527696c91f7b31e81f3 ]
The panel bindings expect to have only one port, thus they do not allow
to use "ports" node:
sc7180-trogdor-wormdingler-rev1-boe.dtb: panel@0: 'ports' does not match any of the regexes: 'pinctrl-[0-9]+'
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230326155753.92007-6-krzysztof.kozlowski@linaro.org
Stable-dep-of: aa09de104d42 ("arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi
index 6312108e8b3ed..0b5b0449299bd 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi
@@ -124,14 +124,9 @@
backlight = <&backlight>;
rotation = <270>;
- ports {
- #address-cells = <1>;
- #size-cells = <0>;
- port@0 {
- reg = <0>;
- panel_in: endpoint {
- remote-endpoint = <&dsi0_out>;
- };
+ port {
+ panel_in: endpoint {
+ remote-endpoint = <&dsi0_out>;
};
};
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 170/578] arm64: dts: qcom: sc7180: Dont enable lpass clocks by default
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 169/578] arm64: dts: qcom: sc7180-trogdor-wormdingler: " Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 171/578] arm64: dts: qcom: sc7180: Drop redundant disable in mdp Greg Kroah-Hartman
` (416 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nikita Travkin, Konrad Dybcio,
Douglas Anderson, Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nikita Travkin <nikita@trvn.ru>
[ Upstream commit 43926a3cb19180b4fc6cd0d72bbefc7e93592f91 ]
lpass clocks are usually blocked from HLOS by the firmware and
instead are managed by the ADSP. Mark them as reserved and explicitly
enable in the CrOS boards that have special, cooperative firmware.
The IDP board gets lpass clocks disabled as it doesn't make use of sound
anyway and might use Qualcomm firmware that blocks those clocks. [1]
[1] https://lore.kernel.org/all/ZBJhmDd3zK%2FAiwBD@google.com/
Signed-off-by: Nikita Travkin <nikita@trvn.ru>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230515093744.289045-2-nikita@trvn.ru
Stable-dep-of: aa09de104d42 ("arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 8 ++++++++
arch/arm64/boot/dts/qcom/sc7180.dtsi | 4 ++++
2 files changed, 12 insertions(+)
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi
index f55ce6f2fdc28..75f05ae095be2 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi
@@ -777,6 +777,10 @@ hp_i2c: &i2c9 {
};
};
+&lpasscc {
+ status = "okay";
+};
+
&lpass_cpu {
status = "okay";
@@ -802,6 +806,10 @@ hp_i2c: &i2c9 {
};
};
+&lpass_hm {
+ status = "okay";
+};
+
&mdp {
status = "okay";
};
diff --git a/arch/arm64/boot/dts/qcom/sc7180.dtsi b/arch/arm64/boot/dts/qcom/sc7180.dtsi
index b4775159dde0b..12982fa848c68 100644
--- a/arch/arm64/boot/dts/qcom/sc7180.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180.dtsi
@@ -3577,6 +3577,8 @@
power-domains = <&lpass_hm LPASS_CORE_HM_GDSCR>;
#clock-cells = <1>;
#power-domain-cells = <1>;
+
+ status = "reserved"; /* Controlled by ADSP */
};
lpass_cpu: lpass@62d87000 {
@@ -3622,6 +3624,8 @@
clock-names = "iface", "bi_tcxo";
#clock-cells = <1>;
#power-domain-cells = <1>;
+
+ status = "reserved"; /* Controlled by ADSP */
};
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 171/578] arm64: dts: qcom: sc7180: Drop redundant disable in mdp
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 170/578] arm64: dts: qcom: sc7180: Dont enable lpass clocks by default Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 172/578] arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply Greg Kroah-Hartman
` (415 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nikita Travkin, Konrad Dybcio,
Douglas Anderson, Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nikita Travkin <nikita@trvn.ru>
[ Upstream commit 39238382c4991d7d9442de4aa6636b19355be1e9 ]
mdss is useless without a display controller which makes explicitly
enabling mdp redundant. Have it enabled by default to drop the extra
node for all users.
Signed-off-by: Nikita Travkin <nikita@trvn.ru>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230515093744.289045-3-nikita@trvn.ru
Stable-dep-of: aa09de104d42 ("arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7180-idp.dts | 4 ----
arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 4 ----
arch/arm64/boot/dts/qcom/sc7180.dtsi | 2 --
3 files changed, 10 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7180-idp.dts b/arch/arm64/boot/dts/qcom/sc7180-idp.dts
index ebb4f4541e14d..02b507691cc33 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-idp.dts
+++ b/arch/arm64/boot/dts/qcom/sc7180-idp.dts
@@ -328,10 +328,6 @@
vdds-supply = <&vreg_l4a_0p8>;
};
-&mdp {
- status = "okay";
-};
-
&mdss {
status = "okay";
};
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi
index 75f05ae095be2..d537b8784b472 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi
@@ -810,10 +810,6 @@ hp_i2c: &i2c9 {
status = "okay";
};
-&mdp {
- status = "okay";
-};
-
&mdss {
status = "okay";
};
diff --git a/arch/arm64/boot/dts/qcom/sc7180.dtsi b/arch/arm64/boot/dts/qcom/sc7180.dtsi
index 12982fa848c68..3a13cc02c9832 100644
--- a/arch/arm64/boot/dts/qcom/sc7180.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180.dtsi
@@ -2937,8 +2937,6 @@
interrupt-parent = <&mdss>;
interrupts = <0>;
- status = "disabled";
-
ports {
#address-cells = <1>;
#size-cells = <0>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 172/578] arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 171/578] arm64: dts: qcom: sc7180: Drop redundant disable in mdp Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 173/578] arm64: dts: qcom: pm6150l: add temp sensor and thermal zone config Greg Kroah-Hartman
` (414 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Neil Armstrong,
Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Neil Armstrong <neil.armstrong@linaro.org>
[ Upstream commit aa09de104d421e7ff8d8cde9af98568ce62a002c ]
The bindings requires the avee-supply, use the same regulator as
the avdd (positive voltage) which would also provide the negative
voltage by definition.
The fixes:
sc7180-trogdor-quackingstick-r0.dts: panel@0: 'avee-supply' is a required property
from schema $id: http://devicetree.org/schemas/display/panel/boe,tv101wum-nl6.yaml#
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://lore.kernel.org/r/20241230-topic-misc-dt-fixes-v4-3-1e6880e9dda3@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi
index 4ec3e578a1120..a2906126242cb 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor-quackingstick.dtsi
@@ -60,6 +60,7 @@
pinctrl-names = "default";
pinctrl-0 = <&lcd_rst>;
avdd-supply = <&ppvar_lcd>;
+ avee-supply = <&ppvar_lcd>;
pp1800-supply = <&v1p8_disp>;
pp3300-supply = <&pp3300_dx_edp>;
backlight = <&backlight>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 173/578] arm64: dts: qcom: pm6150l: add temp sensor and thermal zone config
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 172/578] arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 174/578] arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays Greg Kroah-Hartman
` (413 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luca Weiss, Bjorn Andersson,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luca Weiss <luca.weiss@fairphone.com>
[ Upstream commit ce1b5eb74b3ef042b1c797f04e8683e7cad34ae6 ]
Add temp-alarm device tree node and a default configuration for the
corresponding thermal zone for this PMIC. Temperatures are based on
downstream values, except for trip2 where 125°C is used instead of 145°C
due to limitations without a configured ADC.
Signed-off-by: Luca Weiss <luca.weiss@fairphone.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20221028075405.124809-2-luca.weiss@fairphone.com
Stable-dep-of: 9180b38d706c ("arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/pm6150l.dtsi | 38 +++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/arch/arm64/boot/dts/qcom/pm6150l.dtsi b/arch/arm64/boot/dts/qcom/pm6150l.dtsi
index 06d729ff65a9d..ac3c6456c47c7 100644
--- a/arch/arm64/boot/dts/qcom/pm6150l.dtsi
+++ b/arch/arm64/boot/dts/qcom/pm6150l.dtsi
@@ -5,6 +5,37 @@
#include <dt-bindings/interrupt-controller/irq.h>
#include <dt-bindings/spmi/spmi.h>
+/ {
+ thermal-zones {
+ pm6150l-thermal {
+ polling-delay-passive = <0>;
+ polling-delay = <0>;
+
+ thermal-sensors = <&pm6150l_temp>;
+
+ trips {
+ trip0 {
+ temperature = <95000>;
+ hysteresis = <0>;
+ type = "passive";
+ };
+
+ trip1 {
+ temperature = <115000>;
+ hysteresis = <0>;
+ type = "hot";
+ };
+
+ trip2 {
+ temperature = <125000>;
+ hysteresis = <0>;
+ type = "critical";
+ };
+ };
+ };
+ };
+};
+
&spmi_bus {
pm6150l_lsid4: pmic@4 {
compatible = "qcom,pm6150l", "qcom,spmi-pmic";
@@ -12,6 +43,13 @@
#address-cells = <1>;
#size-cells = <0>;
+ pm6150l_temp: temp-alarm@2400 {
+ compatible = "qcom,spmi-temp-alarm";
+ reg = <0x2400>;
+ interrupts = <0x4 0x24 0x0 IRQ_TYPE_EDGE_BOTH>;
+ #thermal-sensor-cells = <0>;
+ };
+
pm6150l_adc: adc@3100 {
compatible = "qcom,spmi-adc5";
reg = <0x3100>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 174/578] arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 173/578] arm64: dts: qcom: pm6150l: add temp sensor and thermal zone config Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 175/578] arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone Greg Kroah-Hartman
` (412 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Bjorn Andersson,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konrad Dybcio <konrad.dybcio@linaro.org>
[ Upstream commit 7cd2d9080a6eb281701f7303b1699719640380d0 ]
All of the thermal zone suppliers are interrupt-driven, remove the
bogus and unnecessary polling that only wastes CPU time.
Signed-off-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Link: https://lore.kernel.org/r/20240510-topic-msm-polling-cleanup-v2-16-436ca4218da2@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Stable-dep-of: 9180b38d706c ("arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/pm6150.dtsi | 2 +-
arch/arm64/boot/dts/qcom/pm6150l.dtsi | 3 ---
.../boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 1 -
.../dts/qcom/sc7180-trogdor-homestar.dtsi | 1 -
.../boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 3 ---
.../dts/qcom/sc7180-trogdor-wormdingler.dtsi | 1 -
arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3 ---
arch/arm64/boot/dts/qcom/sc7180.dtsi | 25 -------------------
8 files changed, 1 insertion(+), 38 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/pm6150.dtsi b/arch/arm64/boot/dts/qcom/pm6150.dtsi
index 8a4972e6a24c1..b45ffd7d3b364 100644
--- a/arch/arm64/boot/dts/qcom/pm6150.dtsi
+++ b/arch/arm64/boot/dts/qcom/pm6150.dtsi
@@ -11,7 +11,7 @@
thermal-zones {
pm6150_thermal: pm6150-thermal {
polling-delay-passive = <100>;
- polling-delay = <0>;
+
thermal-sensors = <&pm6150_temp>;
trips {
diff --git a/arch/arm64/boot/dts/qcom/pm6150l.dtsi b/arch/arm64/boot/dts/qcom/pm6150l.dtsi
index ac3c6456c47c7..e7526a7f41e28 100644
--- a/arch/arm64/boot/dts/qcom/pm6150l.dtsi
+++ b/arch/arm64/boot/dts/qcom/pm6150l.dtsi
@@ -8,9 +8,6 @@
/ {
thermal-zones {
pm6150l-thermal {
- polling-delay-passive = <0>;
- polling-delay = <0>;
-
thermal-sensors = <&pm6150l_temp>;
trips {
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi
index 7ee407f7b6bb5..f98162d3a0812 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi
@@ -26,7 +26,6 @@
thermal-zones {
skin_temp_thermal: skin-temp-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&pm6150_adc_tm 1>;
sustainable-power = <965>;
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor-homestar.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor-homestar.dtsi
index bfab67f4a7c9c..a7b41498ba88c 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor-homestar.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor-homestar.dtsi
@@ -43,7 +43,6 @@
thermal-zones {
skin_temp_thermal: skin-temp-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&pm6150_adc_tm 1>;
sustainable-power = <965>;
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi
index a7582fb547eea..d363a8b6906aa 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi
@@ -13,9 +13,6 @@
/ {
thermal-zones {
5v-choke-thermal {
- polling-delay-passive = <0>;
- polling-delay = <250>;
-
thermal-sensors = <&pm6150_adc_tm 1>;
trips {
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi
index 0b5b0449299bd..ebb64b91c09f7 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi
@@ -50,7 +50,6 @@
thermal-zones {
skin_temp_thermal: skin-temp-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&pm6150_adc_tm 1>;
sustainable-power = <574>;
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi
index d537b8784b472..06b6774ef0106 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi
@@ -20,9 +20,6 @@
/ {
thermal-zones {
charger_thermal: charger-thermal {
- polling-delay-passive = <0>;
- polling-delay = <0>;
-
thermal-sensors = <&pm6150_adc_tm 0>;
trips {
diff --git a/arch/arm64/boot/dts/qcom/sc7180.dtsi b/arch/arm64/boot/dts/qcom/sc7180.dtsi
index 3a13cc02c9832..a9f937b068479 100644
--- a/arch/arm64/boot/dts/qcom/sc7180.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180.dtsi
@@ -3630,7 +3630,6 @@
thermal-zones {
cpu0_thermal: cpu0-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 1>;
sustainable-power = <1052>;
@@ -3679,7 +3678,6 @@
cpu1_thermal: cpu1-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 2>;
sustainable-power = <1052>;
@@ -3728,7 +3726,6 @@
cpu2_thermal: cpu2-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 3>;
sustainable-power = <1052>;
@@ -3777,7 +3774,6 @@
cpu3_thermal: cpu3-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 4>;
sustainable-power = <1052>;
@@ -3826,7 +3822,6 @@
cpu4_thermal: cpu4-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 5>;
sustainable-power = <1052>;
@@ -3875,7 +3870,6 @@
cpu5_thermal: cpu5-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 6>;
sustainable-power = <1052>;
@@ -3924,7 +3918,6 @@
cpu6_thermal: cpu6-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 9>;
sustainable-power = <1425>;
@@ -3965,7 +3958,6 @@
cpu7_thermal: cpu7-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 10>;
sustainable-power = <1425>;
@@ -4006,7 +3998,6 @@
cpu8_thermal: cpu8-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 11>;
sustainable-power = <1425>;
@@ -4047,7 +4038,6 @@
cpu9_thermal: cpu9-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 12>;
sustainable-power = <1425>;
@@ -4088,7 +4078,6 @@
aoss0-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 0>;
@@ -4109,7 +4098,6 @@
cpuss0-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 7>;
@@ -4129,7 +4117,6 @@
cpuss1-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 8>;
@@ -4149,7 +4136,6 @@
gpuss0-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 13>;
@@ -4177,7 +4163,6 @@
gpuss1-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens0 14>;
@@ -4205,7 +4190,6 @@
aoss1-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens1 0>;
@@ -4226,7 +4210,6 @@
cwlan-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens1 1>;
@@ -4247,7 +4230,6 @@
audio-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens1 2>;
@@ -4268,7 +4250,6 @@
ddr-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens1 3>;
@@ -4289,7 +4270,6 @@
q6-hvx-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens1 4>;
@@ -4310,7 +4290,6 @@
camera-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens1 5>;
@@ -4331,7 +4310,6 @@
mdm-core-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens1 6>;
@@ -4352,7 +4330,6 @@
mdm-dsp-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens1 7>;
@@ -4373,7 +4350,6 @@
npu-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens1 8>;
@@ -4394,7 +4370,6 @@
video-thermal {
polling-delay-passive = <250>;
- polling-delay = <0>;
thermal-sensors = <&tsens1 9>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 175/578] arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 174/578] arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays Greg Kroah-Hartman
@ 2025-02-19 8:22 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 176/578] arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Greg Kroah-Hartman
` (411 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Dmitry Baryshkov,
Neil Armstrong, Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Neil Armstrong <neil.armstrong@linaro.org>
[ Upstream commit 9180b38d706c29ed212181a77999c35ae9ff6879 ]
Rename the 5v-choke thermal zone to satisfy the bindings.
This fixes:
sc7180-trogdor-pompom-r2-lte.dts: thermal-zones: '5v-choke-thermal' does not match any of the regexes: '^[a-zA-Z][a-zA-Z0-9\\-]{1,10}-thermal$', 'pinctrl-[0-9]+'
from schema $id: http://devicetree.org/schemas/thermal/thermal-zones.yaml#
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://lore.kernel.org/r/20241230-topic-misc-dt-fixes-v4-4-1e6880e9dda3@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi
index d363a8b6906aa..31f91f4e97360 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi
@@ -12,11 +12,11 @@
/ {
thermal-zones {
- 5v-choke-thermal {
+ choke-5v-thermal {
thermal-sensors = <&pm6150_adc_tm 1>;
trips {
- 5v-choke-crit {
+ choke-5v-crit {
temperature = <125000>;
hysteresis = <1000>;
type = "critical";
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 176/578] arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2025-02-19 8:22 ` [PATCH 6.1 175/578] arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 177/578] arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Greg Kroah-Hartman
` (410 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Neil Armstrong,
Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Neil Armstrong <neil.armstrong@linaro.org>
[ Upstream commit 9875adffb87da5c40f4013e55104f5e2fc071c2a ]
The dlg,const-op-mode & dlg,periodic-op-mode were mis-names with twice
the "dlg," prefix, drop one to match the bindings.
This fixes:
sm8150-microsoft-surface-duo.dtb: da7280@4a: 'dlg,const-op-mode' is a required property
from schema $id: http://devicetree.org/schemas/input/dlg,da7280.yaml#
m8150-microsoft-surface-duo.dtb: da7280@4a: 'dlg,periodic-op-mode' is a required property
from schema $id: http://devicetree.org/schemas/input/dlg,da7280.yaml#
sm8150-microsoft-surface-duo.dtb: da7280@4a: 'dlg,dlg,const-op-mode', 'dlg,dlg,periodic-op-mode' do not match any of the regexes: 'pinctrl-[0-9]+'
from schema $id: http://devicetree.org/schemas/input/dlg,da7280.yaml#
With the dlg,da7280.yaml converted from dlg,da7280.txt at [1].
[1] https://lore.kernel.org/all/20241206-topic-misc-da7280-convert-v2-1-1c3539f75604@linaro.org/
Fixes: d1f781db47a8 ("arm64: dts: qcom: add initial device-tree for Microsoft Surface Duo")
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://lore.kernel.org/r/20241230-topic-misc-dt-fixes-v4-6-1e6880e9dda3@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts b/arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts
index 5397fba9417bb..51ddbac3cfe56 100644
--- a/arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts
+++ b/arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts
@@ -376,8 +376,8 @@
pinctrl-0 = <&da7280_intr_default>;
dlg,actuator-type = "LRA";
- dlg,dlg,const-op-mode = <1>;
- dlg,dlg,periodic-op-mode = <1>;
+ dlg,const-op-mode = <1>;
+ dlg,periodic-op-mode = <1>;
dlg,nom-microvolt = <2000000>;
dlg,abs-max-microvolt = <2000000>;
dlg,imax-microamp = <129000>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 177/578] arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 176/578] arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 178/578] dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Greg Kroah-Hartman
` (409 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Bryan ODonoghue,
Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
[ Upstream commit 7ec7e327286182c65d0b5b81dff498d620fe9e8c ]
Make sure the remoteproc reg ranges reflect the entire register space
they refer to.
Since they're unused by the driver, there's no functional change.
Fixes: 152d1faf1e2f ("arm64: dts: qcom: add SC8280XP platform")
Signed-off-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Link: https://lore.kernel.org/r/20241212-topic-8280_rproc_reg-v1-1-bd1c696e91b0@oss.qualcomm.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
index 7e3aaf5de3f5c..6b0d4bc6c5419 100644
--- a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
@@ -1119,7 +1119,7 @@
remoteproc_adsp: remoteproc@3000000 {
compatible = "qcom,sc8280xp-adsp-pas";
- reg = <0 0x03000000 0 0x100>;
+ reg = <0 0x03000000 0 0x10000>;
interrupts-extended = <&intc GIC_SPI 162 IRQ_TYPE_LEVEL_HIGH>,
<&smp2p_adsp_in 0 IRQ_TYPE_EDGE_RISING>,
@@ -1806,7 +1806,7 @@
remoteproc_nsp0: remoteproc@1b300000 {
compatible = "qcom,sc8280xp-nsp0-pas";
- reg = <0 0x1b300000 0 0x100>;
+ reg = <0 0x1b300000 0 0x10000>;
interrupts-extended = <&intc GIC_SPI 578 IRQ_TYPE_LEVEL_HIGH>,
<&smp2p_nsp0_in 0 IRQ_TYPE_EDGE_RISING>,
@@ -1937,7 +1937,7 @@
remoteproc_nsp1: remoteproc@21300000 {
compatible = "qcom,sc8280xp-nsp1-pas";
- reg = <0 0x21300000 0 0x100>;
+ reg = <0 0x21300000 0 0x10000>;
interrupts-extended = <&intc GIC_SPI 887 IRQ_TYPE_LEVEL_HIGH>,
<&smp2p_nsp1_in 0 IRQ_TYPE_EDGE_RISING>,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 178/578] dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 177/578] arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 179/578] arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Greg Kroah-Hartman
` (408 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, AngeloGioacchino Del Regno,
Jason-JH.Lin, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason-JH.Lin <jason-jh.lin@mediatek.com>
[ Upstream commit ce3dbc46d7e30a84b8e99c730e3172dd5efbf094 ]
The OVL hardware capabilities have changed starting from MT8195,
making the MT8183 compatible no longer applicable.
Therefore, it is necessary to remove the MT8183 compatible for OVL.
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Fixes: b852ee68fd72 ("arm64: dts: mt8195: Add display node for vdosys0")
Link: https://lore.kernel.org/r/20241219181531.4282-5-jason-jh.lin@mediatek.com
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8195.dtsi b/arch/arm64/boot/dts/mediatek/mt8195.dtsi
index aa8fbaf15e629..274edce5d5e6e 100644
--- a/arch/arm64/boot/dts/mediatek/mt8195.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8195.dtsi
@@ -2000,7 +2000,7 @@
};
ovl0: ovl@1c000000 {
- compatible = "mediatek,mt8195-disp-ovl", "mediatek,mt8183-disp-ovl";
+ compatible = "mediatek,mt8195-disp-ovl";
reg = <0 0x1c000000 0 0x1000>;
interrupts = <GIC_SPI 636 IRQ_TYPE_LEVEL_HIGH 0>;
power-domains = <&spm MT8195_POWER_DOMAIN_VDOSYS0>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 179/578] arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 178/578] dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 180/578] arm64: dts: qcom: sm8250: " Greg Kroah-Hartman
` (407 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Zapolskiy, Bryan ODonoghue,
Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
[ Upstream commit cb96722b728e81ad97f5b5b20dea64cd294a5452 ]
Qualcomm IP catalog says that all CAMSS interrupts is edge rising,
fix it in the CAMSS device tree node for sdm845 SoC.
Fixes: d48a6698a6b7 ("arm64: dts: qcom: sdm845: Add CAMSS ISP node")
Signed-off-by: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Link: https://lore.kernel.org/r/20241127122950.885982-6-vladimir.zapolskiy@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi
index 71644b9b8866a..a5df310ce7f39 100644
--- a/arch/arm64/boot/dts/qcom/sdm845.dtsi
+++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi
@@ -4234,16 +4234,16 @@
"vfe1",
"vfe_lite";
- interrupts = <GIC_SPI 464 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 466 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 468 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 477 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 478 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 479 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 448 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 465 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 467 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 469 IRQ_TYPE_LEVEL_HIGH>;
+ interrupts = <GIC_SPI 464 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 466 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 468 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 477 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 478 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 479 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 448 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 465 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 467 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 469 IRQ_TYPE_EDGE_RISING>;
interrupt-names = "csid0",
"csid1",
"csid2",
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 180/578] arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 179/578] arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 181/578] ARM: dts: mediatek: mt7623: fix IR nodename Greg Kroah-Hartman
` (406 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Zapolskiy, Bryan ODonoghue,
Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
[ Upstream commit 6c7bba42ebc3da56e64d4aec4c4a31dd454e05fd ]
Qualcomm IP catalog says that all CAMSS interrupts is edge rising,
fix it in the CAMSS device tree node for sm8250 SoC.
Fixes: 30325603b910 ("arm64: dts: qcom: sm8250: camss: Add CAMSS block definition")
Signed-off-by: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Link: https://lore.kernel.org/r/20241127122950.885982-7-vladimir.zapolskiy@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8250.dtsi | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sm8250.dtsi b/arch/arm64/boot/dts/qcom/sm8250.dtsi
index e0935da96cd6a..eb500cb67c86c 100644
--- a/arch/arm64/boot/dts/qcom/sm8250.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8250.dtsi
@@ -3291,20 +3291,20 @@
"vfe_lite0",
"vfe_lite1";
- interrupts = <GIC_SPI 477 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 478 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 479 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 448 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 86 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 89 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 464 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 466 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 468 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 359 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 465 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 467 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 469 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 360 IRQ_TYPE_LEVEL_HIGH>;
+ interrupts = <GIC_SPI 477 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 478 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 479 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 448 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 86 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 89 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 464 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 466 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 468 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 359 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 465 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 467 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 469 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 360 IRQ_TYPE_EDGE_RISING>;
interrupt-names = "csiphy0",
"csiphy1",
"csiphy2",
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 181/578] ARM: dts: mediatek: mt7623: fix IR nodename
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 180/578] arm64: dts: qcom: sm8250: " Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 182/578] fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Greg Kroah-Hartman
` (405 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-media, Rafał Miłecki,
Matthias Brugger, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafał Miłecki <rafal@milecki.pl>
[ Upstream commit 90234cf9b37c57201a24b78c217a91a8af774109 ]
Fix following validation error:
arch/arm/boot/dts/mediatek/mt7623a-rfb-emmc.dtb: cir@10013000: $nodename:0: 'cir@10013000' does not match '^ir(-receiver)?(@[a-f0-9]+)?$'
from schema $id: http://devicetree.org/schemas/media/mediatek,mt7622-cir.yaml#
Fixes: 91044f38dae7 ("arm: dts: mt7623: add ir nodes to the mt7623.dtsi file")
Cc: linux-media@vger.kernel.org
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Link: https://lore.kernel.org/r/20240617094634.23173-1-zajec5@gmail.com
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/mt7623.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/mt7623.dtsi b/arch/arm/boot/dts/mt7623.dtsi
index 25d31e40a5535..74767b6703720 100644
--- a/arch/arm/boot/dts/mt7623.dtsi
+++ b/arch/arm/boot/dts/mt7623.dtsi
@@ -309,7 +309,7 @@
clock-names = "spi", "wrap";
};
- cir: cir@10013000 {
+ cir: ir-receiver@10013000 {
compatible = "mediatek,mt7623-cir";
reg = <0 0x10013000 0 0x1000>;
interrupts = <GIC_SPI 87 IRQ_TYPE_LEVEL_LOW>;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 182/578] fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 181/578] ARM: dts: mediatek: mt7623: fix IR nodename Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 183/578] RDMA/mlx5: Fix indirect mkey ODP page count Greg Kroah-Hartman
` (404 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joe Hattori, Laurent Pinchart,
Helge Deller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit de124b61e179e690277116e6be512e4f422b5dd8 ]
dss_of_port_get_parent_device() leaks an OF node reference when i >= 2
and struct device_node *np is present. Since of_get_next_parent()
obtains a reference of the returned OF node, call of_node_put() before
returning NULL.
This was found by an experimental verifier that I am developing, and no
runtime test was able to be performed due to that lack of actual
devices.
Fixes: f76ee892a99e ("omapfb: copy omapdss & displays for omapfb")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/video/fbdev/omap2/omapfb/dss/dss-of.c b/drivers/video/fbdev/omap2/omapfb/dss/dss-of.c
index 0282d4eef139d..3b16c3342cb77 100644
--- a/drivers/video/fbdev/omap2/omapfb/dss/dss-of.c
+++ b/drivers/video/fbdev/omap2/omapfb/dss/dss-of.c
@@ -102,6 +102,7 @@ struct device_node *dss_of_port_get_parent_device(struct device_node *port)
np = of_get_next_parent(np);
}
+ of_node_put(np);
return NULL;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 183/578] RDMA/mlx5: Fix indirect mkey ODP page count
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 182/578] fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 184/578] of: reserved-memory: Do not make kmemleak ignore freed address Greg Kroah-Hartman
` (403 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Guralnik, Artemy Kovalyov,
Leon Romanovsky, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Guralnik <michaelgur@nvidia.com>
[ Upstream commit 235f238402194a78ac5fb882a46717eac817e5d1 ]
Restrict the check for the number of pages handled during an ODP page
fault to direct mkeys.
Perform the check right after handling the page fault and don't
propagate the number of handled pages to callers.
Indirect mkeys and their associated direct mkeys can have different
start addresses. As a result, the calculation of the number of pages to
handle for an indirect mkey may not match the actual page fault
handling done on the direct mkey.
For example:
A 4K sized page fault on a KSM mkey that has a start address that is not
aligned to a page will result a calculation that assumes the number of
pages required to handle are 2.
While the underlying MTT might be aligned will require fetching only a
single page.
Thus, do the calculation and compare number of pages handled only per
direct mkey.
Fixes: db570d7deafb ("IB/mlx5: Add ODP support to MW")
Signed-off-by: Michael Guralnik <michaelgur@nvidia.com>
Reviewed-by: Artemy Kovalyov <artemyko@nvidia.com>
Link: https://patch.msgid.link/86c483d9e75ce8fe14e9ff85b62df72b779f8ab1.1736187990.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx5/odp.c | 32 +++++++++++++++-----------------
1 file changed, 15 insertions(+), 17 deletions(-)
diff --git a/drivers/infiniband/hw/mlx5/odp.c b/drivers/infiniband/hw/mlx5/odp.c
index d3cada2ae5a5b..87fbee8061003 100644
--- a/drivers/infiniband/hw/mlx5/odp.c
+++ b/drivers/infiniband/hw/mlx5/odp.c
@@ -808,8 +808,7 @@ static bool mkey_is_eq(struct mlx5_ib_mkey *mmkey, u32 key)
/*
* Handle a single data segment in a page-fault WQE or RDMA region.
*
- * Returns number of OS pages retrieved on success. The caller may continue to
- * the next data segment.
+ * Returns zero on success. The caller may continue to the next data segment.
* Can return the following error codes:
* -EAGAIN to designate a temporary error. The caller will abort handling the
* page fault and resolve it.
@@ -822,7 +821,7 @@ static int pagefault_single_data_segment(struct mlx5_ib_dev *dev,
u32 *bytes_committed,
u32 *bytes_mapped)
{
- int npages = 0, ret, i, outlen, cur_outlen = 0, depth = 0;
+ int ret, i, outlen, cur_outlen = 0, depth = 0, pages_in_range;
struct pf_frame *head = NULL, *frame;
struct mlx5_ib_mkey *mmkey;
struct mlx5_ib_mr *mr;
@@ -865,13 +864,20 @@ static int pagefault_single_data_segment(struct mlx5_ib_dev *dev,
case MLX5_MKEY_MR:
mr = container_of(mmkey, struct mlx5_ib_mr, mmkey);
+ pages_in_range = (ALIGN(io_virt + bcnt, PAGE_SIZE) -
+ (io_virt & PAGE_MASK)) >>
+ PAGE_SHIFT;
ret = pagefault_mr(mr, io_virt, bcnt, bytes_mapped, 0, false);
if (ret < 0)
goto end;
mlx5_update_odp_stats(mr, faults, ret);
- npages += ret;
+ if (ret < pages_in_range) {
+ ret = -EFAULT;
+ goto end;
+ }
+
ret = 0;
break;
@@ -962,7 +968,7 @@ static int pagefault_single_data_segment(struct mlx5_ib_dev *dev,
kfree(out);
*bytes_committed = 0;
- return ret ? ret : npages;
+ return ret;
}
/*
@@ -981,8 +987,7 @@ static int pagefault_single_data_segment(struct mlx5_ib_dev *dev,
* the committed bytes).
* @receive_queue: receive WQE end of sg list
*
- * Returns the number of pages loaded if positive, zero for an empty WQE, or a
- * negative error code.
+ * Returns zero for success or a negative error code.
*/
static int pagefault_data_segments(struct mlx5_ib_dev *dev,
struct mlx5_pagefault *pfault,
@@ -990,7 +995,7 @@ static int pagefault_data_segments(struct mlx5_ib_dev *dev,
void *wqe_end, u32 *bytes_mapped,
u32 *total_wqe_bytes, bool receive_queue)
{
- int ret = 0, npages = 0;
+ int ret = 0;
u64 io_virt;
u32 key;
u32 byte_count;
@@ -1046,10 +1051,9 @@ static int pagefault_data_segments(struct mlx5_ib_dev *dev,
bytes_mapped);
if (ret < 0)
break;
- npages += ret;
}
- return ret < 0 ? ret : npages;
+ return ret;
}
/*
@@ -1285,12 +1289,6 @@ static void mlx5_ib_mr_wqe_pfault_handler(struct mlx5_ib_dev *dev,
free_page((unsigned long)wqe_start);
}
-static int pages_in_range(u64 address, u32 length)
-{
- return (ALIGN(address + length, PAGE_SIZE) -
- (address & PAGE_MASK)) >> PAGE_SHIFT;
-}
-
static void mlx5_ib_mr_rdma_pfault_handler(struct mlx5_ib_dev *dev,
struct mlx5_pagefault *pfault)
{
@@ -1329,7 +1327,7 @@ static void mlx5_ib_mr_rdma_pfault_handler(struct mlx5_ib_dev *dev,
if (ret == -EAGAIN) {
/* We're racing with an invalidation, don't prefetch */
prefetch_activated = 0;
- } else if (ret < 0 || pages_in_range(address, length) > ret) {
+ } else if (ret < 0) {
mlx5_ib_page_fault_resume(dev, pfault, 1);
if (ret != -ENOENT)
mlx5_ib_dbg(dev, "PAGE FAULT error %d. QP 0x%x, type: 0x%x\n",
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 184/578] of: reserved-memory: Do not make kmemleak ignore freed address
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 183/578] RDMA/mlx5: Fix indirect mkey ODP page count Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 185/578] efi: sysfb_efi: fix W=1 warnings when EFI is not set Greg Kroah-Hartman
` (402 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zijun Hu, Rob Herring (Arm),
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijun Hu <quic_zijuhu@quicinc.com>
[ Upstream commit 29091a52562bca4d6e678dd8f0085dac119d6a21 ]
early_init_dt_alloc_reserved_memory_arch() will free address @base when
suffers memblock_mark_nomap() error, but it still makes kmemleak ignore
the freed address @base via kmemleak_ignore_phys().
That is unnecessary, besides, also causes unnecessary warning messages:
kmemleak_ignore_phys()
-> make_black_object()
-> paint_ptr()
-> kmemleak_warn() // warning message here.
Fix by avoiding kmemleak_ignore_phys() when suffer the error.
Fixes: 658aafc8139c ("memblock: exclude MEMBLOCK_NOMAP regions from kmemleak")
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Link: https://lore.kernel.org/r/20250109-of_core_fix-v4-10-db8a72415b8c@quicinc.com
Signed-off-by: Rob Herring (Arm) <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/of_reserved_mem.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/of/of_reserved_mem.c b/drivers/of/of_reserved_mem.c
index f90975e004469..5a5d24eeb5f34 100644
--- a/drivers/of/of_reserved_mem.c
+++ b/drivers/of/of_reserved_mem.c
@@ -50,7 +50,8 @@ static int __init early_init_dt_alloc_reserved_memory_arch(phys_addr_t size,
memblock_phys_free(base, size);
}
- kmemleak_ignore_phys(base);
+ if (!err)
+ kmemleak_ignore_phys(base);
return err;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 185/578] efi: sysfb_efi: fix W=1 warnings when EFI is not set
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 184/578] of: reserved-memory: Do not make kmemleak ignore freed address Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 186/578] RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Greg Kroah-Hartman
` (401 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, kernel test robot,
David Rheinsberg, Hans de Goede, Javier Martinez Canillas,
Peter Jones, Simona Vetter, linux-fbdev, Ard Biesheuvel,
linux-efi, Thomas Zimmermann, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 19fdc68aa7b90b1d3d600e873a3e050a39e7663d ]
A build with W=1 fails because there are code and data that are not
needed or used when CONFIG_EFI is not set. Move the "#ifdef CONFIG_EFI"
block to earlier in the source file so that the unused code/data are
not built.
drivers/firmware/efi/sysfb_efi.c:345:39: warning: ‘efifb_fwnode_ops’ defined but not used [-Wunused-const-variable=]
345 | static const struct fwnode_operations efifb_fwnode_ops = {
| ^~~~~~~~~~~~~~~~
drivers/firmware/efi/sysfb_efi.c:238:35: warning: ‘efifb_dmi_swap_width_height’ defined but not used [-Wunused-const-variable=]
238 | static const struct dmi_system_id efifb_dmi_swap_width_height[] __initconst = {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/firmware/efi/sysfb_efi.c:188:35: warning: ‘efifb_dmi_system_table’ defined but not used [-Wunused-const-variable=]
188 | static const struct dmi_system_id efifb_dmi_system_table[] __initconst = {
| ^~~~~~~~~~~~~~~~~~~~~~
Fixes: 15d27b15de96 ("efi: sysfb_efi: fix build when EFI is not set")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202501071933.20nlmJJt-lkp@intel.com/
Cc: David Rheinsberg <david@readahead.eu>
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: Javier Martinez Canillas <javierm@redhat.com>
Cc: Peter Jones <pjones@redhat.com>
Cc: Simona Vetter <simona@ffwll.ch>
Cc: linux-fbdev@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: linux-efi@vger.kernel.org
Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/efi/sysfb_efi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/sysfb_efi.c b/drivers/firmware/efi/sysfb_efi.c
index 456d0e5eaf78b..f479680299838 100644
--- a/drivers/firmware/efi/sysfb_efi.c
+++ b/drivers/firmware/efi/sysfb_efi.c
@@ -91,6 +91,7 @@ void efifb_setup_from_dmi(struct screen_info *si, const char *opt)
_ret_; \
})
+#ifdef CONFIG_EFI
static int __init efifb_set_system(const struct dmi_system_id *id)
{
struct efifb_dmi_info *info = id->driver_data;
@@ -346,7 +347,6 @@ static const struct fwnode_operations efifb_fwnode_ops = {
.add_links = efifb_add_links,
};
-#ifdef CONFIG_EFI
static struct fwnode_handle efifb_fwnode;
__init void sysfb_apply_efi_quirks(void)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 186/578] RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 185/578] efi: sysfb_efi: fix W=1 warnings when EFI is not set Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 187/578] iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Greg Kroah-Hartman
` (400 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhu Yanjun, Joe Klein,
Leon Romanovsky, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhu Yanjun <yanjun.zhu@linux.dev>
[ Upstream commit edc4ef0e0154096d6c0cf5e06af6fc330dbad9d1 ]
The Call Trace is as below:
"
<TASK>
? show_regs.cold+0x1a/0x1f
? __rxe_cleanup+0x12c/0x170 [rdma_rxe]
? __warn+0x84/0xd0
? __rxe_cleanup+0x12c/0x170 [rdma_rxe]
? report_bug+0x105/0x180
? handle_bug+0x46/0x80
? exc_invalid_op+0x19/0x70
? asm_exc_invalid_op+0x1b/0x20
? __rxe_cleanup+0x12c/0x170 [rdma_rxe]
? __rxe_cleanup+0x124/0x170 [rdma_rxe]
rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]
ib_destroy_qp_user+0x118/0x190 [ib_core]
rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]
rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]
rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]
process_one_work+0x21d/0x3f0
worker_thread+0x4a/0x3c0
? process_one_work+0x3f0/0x3f0
kthread+0xf0/0x120
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x22/0x30
</TASK>
"
When too many rdma resources are allocated, rxe needs more time to
handle these rdma resources. Sometimes with the current timeout, rxe
can not release the rdma resources correctly.
Compared with other rdma drivers, a bigger timeout is used.
Fixes: 215d0a755e1b ("RDMA/rxe: Stop lookup of partially built objects")
Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Link: https://patch.msgid.link/20250110160927.55014-1-yanjun.zhu@linux.dev
Tested-by: Joe Klein <joe.klein812@gmail.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_pool.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_pool.c b/drivers/infiniband/sw/rxe/rxe_pool.c
index 1151c0b5cceab..02cf5e851eb0f 100644
--- a/drivers/infiniband/sw/rxe/rxe_pool.c
+++ b/drivers/infiniband/sw/rxe/rxe_pool.c
@@ -221,7 +221,6 @@ int __rxe_cleanup(struct rxe_pool_elem *elem, bool sleepable)
{
struct rxe_pool *pool = elem->pool;
struct xarray *xa = &pool->xa;
- static int timeout = RXE_POOL_TIMEOUT;
int ret, err = 0;
void *xa_ret;
@@ -245,19 +244,19 @@ int __rxe_cleanup(struct rxe_pool_elem *elem, bool sleepable)
* return to rdma-core
*/
if (sleepable) {
- if (!completion_done(&elem->complete) && timeout) {
+ if (!completion_done(&elem->complete)) {
ret = wait_for_completion_timeout(&elem->complete,
- timeout);
+ msecs_to_jiffies(50000));
/* Shouldn't happen. There are still references to
* the object but, rather than deadlock, free the
* object or pass back to rdma-core.
*/
if (WARN_ON(!ret))
- err = -EINVAL;
+ err = -ETIMEDOUT;
}
} else {
- unsigned long until = jiffies + timeout;
+ unsigned long until = jiffies + RXE_POOL_TIMEOUT;
/* AH objects are unique in that the destroy_ah verb
* can be called in atomic context. This delay
@@ -269,7 +268,7 @@ int __rxe_cleanup(struct rxe_pool_elem *elem, bool sleepable)
mdelay(1);
if (WARN_ON(!completion_done(&elem->complete)))
- err = -EINVAL;
+ err = -ETIMEDOUT;
}
if (pool->cleanup)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 187/578] iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 186/578] RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 188/578] media: rc: iguanair: handle timeouts Greg Kroah-Hartman
` (399 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Qasim Ijaz, Joao Martins,
Jason Gunthorpe, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qasim Ijaz <qasdev00@gmail.com>
[ Upstream commit e24c1551059268b37f6f40639883eafb281b8b9c ]
Resolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()
where shifting the constant "1" (of type int) by bitmap->mapped.pgshift
(an unsigned long value) could result in undefined behavior.
The constant "1" defaults to a 32-bit "int", and when "pgshift" exceeds
31 (e.g., pgshift = 63) the shift operation overflows, as the result
cannot be represented in a 32-bit type.
To resolve this, the constant is updated to "1UL", promoting it to an
unsigned long type to match the operand's type.
Fixes: 58ccf0190d19 ("vfio: Add an IOVA bitmap support")
Link: https://patch.msgid.link/r/20250113223820.10713-1-qasdev00@gmail.com
Reported-by: syzbot <syzbot+85992ace37d5b7b51635@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=85992ace37d5b7b51635
Signed-off-by: Qasim Ijaz <qasdev00@gmail.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/iova_bitmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/vfio/iova_bitmap.c b/drivers/vfio/iova_bitmap.c
index dfab5b742191a..76ef63b940d96 100644
--- a/drivers/vfio/iova_bitmap.c
+++ b/drivers/vfio/iova_bitmap.c
@@ -126,7 +126,7 @@ struct iova_bitmap {
static unsigned long iova_bitmap_offset_to_index(struct iova_bitmap *bitmap,
unsigned long iova)
{
- unsigned long pgsize = 1 << bitmap->mapped.pgshift;
+ unsigned long pgsize = 1UL << bitmap->mapped.pgshift;
return iova / (BITS_PER_TYPE(*bitmap->bitmap) * pgsize);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 188/578] media: rc: iguanair: handle timeouts
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 187/578] iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 189/578] media: lmedm04: Handle errors for lme2510_int_read Greg Kroah-Hartman
` (398 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Oliver Neukum,
syzbot+ffba8e636870dac0e0c0, Sean Young, Mauro Carvalho Chehab,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Neukum <oneukum@suse.com>
[ Upstream commit b98d5000c50544f14bacb248c34e5219fbe81287 ]
In case of a timeout the IO must be cancelled or
the next IO using the URB will fail and/or overwrite
an operational URB.
The automatic bisection fails because it arrives
at a commit that correctly lets the test case run
without an error.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Fixes: e99a7cfe93fd ("[media] iguanair: reuse existing urb callback for command responses")
Reported-by: syzbot+ffba8e636870dac0e0c0@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/66f5cc9a.050a0220.46d20.0004.GAE@google.com/
Tested-by: syzbot+ffba8e636870dac0e0c0@syzkaller.appspotmail.com
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/rc/iguanair.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/rc/iguanair.c b/drivers/media/rc/iguanair.c
index 276bf3c8a8cb4..8af94246e5916 100644
--- a/drivers/media/rc/iguanair.c
+++ b/drivers/media/rc/iguanair.c
@@ -194,8 +194,10 @@ static int iguanair_send(struct iguanair *ir, unsigned size)
if (rc)
return rc;
- if (wait_for_completion_timeout(&ir->completion, TIMEOUT) == 0)
+ if (wait_for_completion_timeout(&ir->completion, TIMEOUT) == 0) {
+ usb_kill_urb(ir->urb_out);
return -ETIMEDOUT;
+ }
return rc;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 189/578] media: lmedm04: Handle errors for lme2510_int_read
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 188/578] media: rc: iguanair: handle timeouts Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 190/578] PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Greg Kroah-Hartman
` (397 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Ni, Mauro Carvalho Chehab,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Ni <nichen@iscas.ac.cn>
[ Upstream commit a2836d3fe220220ff8c495ca9722f89cea8a67e7 ]
Add check for the return value of usb_pipe_endpoint() and
usb_submit_urb() in order to catch the errors.
Fixes: 15e1ce33182d ("[media] lmedm04: Fix usb_submit_urb BOGUS urb xfer, pipe 1 != type 3 in interrupt urb")
Signed-off-by: Chen Ni <nichen@iscas.ac.cn>
Link: https://lore.kernel.org/r/20240521091042.1769684-1-nichen@iscas.ac.cn
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/media/usb/dvb-usb-v2/lmedm04.c b/drivers/media/usb/dvb-usb-v2/lmedm04.c
index 8a34e6c0d6a6d..f0537b741d135 100644
--- a/drivers/media/usb/dvb-usb-v2/lmedm04.c
+++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c
@@ -373,6 +373,7 @@ static int lme2510_int_read(struct dvb_usb_adapter *adap)
struct dvb_usb_device *d = adap_to_d(adap);
struct lme2510_state *lme_int = adap_to_priv(adap);
struct usb_host_endpoint *ep;
+ int ret;
lme_int->lme_urb = usb_alloc_urb(0, GFP_KERNEL);
@@ -390,11 +391,20 @@ static int lme2510_int_read(struct dvb_usb_adapter *adap)
/* Quirk of pipe reporting PIPE_BULK but behaves as interrupt */
ep = usb_pipe_endpoint(d->udev, lme_int->lme_urb->pipe);
+ if (!ep) {
+ usb_free_urb(lme_int->lme_urb);
+ return -ENODEV;
+ }
if (usb_endpoint_type(&ep->desc) == USB_ENDPOINT_XFER_BULK)
lme_int->lme_urb->pipe = usb_rcvbulkpipe(d->udev, 0xa);
- usb_submit_urb(lme_int->lme_urb, GFP_KERNEL);
+ ret = usb_submit_urb(lme_int->lme_urb, GFP_KERNEL);
+ if (ret) {
+ usb_free_urb(lme_int->lme_urb);
+ return ret;
+ }
+
info("INT Interrupt Service Started");
return 0;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 190/578] PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 189/578] media: lmedm04: Handle errors for lme2510_int_read Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 191/578] media: marvell: Add check for clk_enable() Greg Kroah-Hartman
` (396 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zijun Hu, Bjorn Helgaas, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijun Hu <quic_zijuhu@quicinc.com>
[ Upstream commit d4929755e4d02bd3de3ae5569dab69cb9502c54f ]
The devm_pci_epc_destroy() comment says destroys the EPC device, but it
does not actually do that since devres_destroy() does not call
devm_pci_epc_release(), and it also can not fully undo what the API
devm_pci_epc_create() does, so it is faulty.
Fortunately, the faulty API has not been used by current kernel tree. Use
devres_release() instead of devres_destroy() so the EPC device will be
released.
Link: https://lore.kernel.org/r/20241210-pci-epc-core_fix-v3-1-4d86dd573e4b@quicinc.com
Fixes: 5e8cb4033807 ("PCI: endpoint: Add EP core layer to enable EP controller and EP functions")
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/endpoint/pci-epc-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c
index f5a5ec80d1943..eb502426ea6c0 100644
--- a/drivers/pci/endpoint/pci-epc-core.c
+++ b/drivers/pci/endpoint/pci-epc-core.c
@@ -740,7 +740,7 @@ void devm_pci_epc_destroy(struct device *dev, struct pci_epc *epc)
{
int r;
- r = devres_destroy(dev, devm_pci_epc_release, devm_pci_epc_match,
+ r = devres_release(dev, devm_pci_epc_release, devm_pci_epc_match,
epc);
dev_WARN_ONCE(dev, r, "couldn't find PCI EPC resource\n");
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 191/578] media: marvell: Add check for clk_enable()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 190/578] PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 192/578] media: i2c: imx412: Add missing newline to prints Greg Kroah-Hartman
` (395 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Sakari Ailus,
Mauro Carvalho Chehab, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
[ Upstream commit 11f68d2ba2e1521a608af773bf788e8cfa260f68 ]
Add check for the return value of clk_enable() to guarantee the success.
Fixes: 81a409bfd551 ("media: marvell-ccic: provide a clock for the sensor")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
[Sakari Ailus: Fix spelling in commit message.]
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/marvell/mcam-core.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/marvell/mcam-core.c b/drivers/media/platform/marvell/mcam-core.c
index ad4a7922d0d74..22d1d11cd195a 100644
--- a/drivers/media/platform/marvell/mcam-core.c
+++ b/drivers/media/platform/marvell/mcam-core.c
@@ -935,7 +935,12 @@ static int mclk_enable(struct clk_hw *hw)
ret = pm_runtime_resume_and_get(cam->dev);
if (ret < 0)
return ret;
- clk_enable(cam->clk[0]);
+ ret = clk_enable(cam->clk[0]);
+ if (ret) {
+ pm_runtime_put(cam->dev);
+ return ret;
+ }
+
mcam_reg_write(cam, REG_CLKCTRL, (mclk_src << 29) | mclk_div);
mcam_ctlr_power_up(cam);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 192/578] media: i2c: imx412: Add missing newline to prints
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 191/578] media: marvell: Add check for clk_enable() Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 193/578] media: i2c: ov9282: Correct the exposure offset Greg Kroah-Hartman
` (394 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luca Weiss, Sakari Ailus,
Mauro Carvalho Chehab, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luca Weiss <luca.weiss@fairphone.com>
[ Upstream commit 33f4a7fba7229232e294f4794503283e44cd03f2 ]
Add trailing \n to dev_dbg and dev_err prints where missing.
Signed-off-by: Luca Weiss <luca.weiss@fairphone.com>
Fixes: 9214e86c0cc1 ("media: i2c: Add imx412 camera sensor driver")
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/imx412.c | 42 +++++++++++++++++++-------------------
1 file changed, 21 insertions(+), 21 deletions(-)
diff --git a/drivers/media/i2c/imx412.c b/drivers/media/i2c/imx412.c
index 77fa6253ba3e3..ab543bb8a6214 100644
--- a/drivers/media/i2c/imx412.c
+++ b/drivers/media/i2c/imx412.c
@@ -549,7 +549,7 @@ static int imx412_update_exp_gain(struct imx412 *imx412, u32 exposure, u32 gain)
lpfr = imx412->vblank + imx412->cur_mode->height;
- dev_dbg(imx412->dev, "Set exp %u, analog gain %u, lpfr %u",
+ dev_dbg(imx412->dev, "Set exp %u, analog gain %u, lpfr %u\n",
exposure, gain, lpfr);
ret = imx412_write_reg(imx412, IMX412_REG_HOLD, 1, 1);
@@ -596,7 +596,7 @@ static int imx412_set_ctrl(struct v4l2_ctrl *ctrl)
case V4L2_CID_VBLANK:
imx412->vblank = imx412->vblank_ctrl->val;
- dev_dbg(imx412->dev, "Received vblank %u, new lpfr %u",
+ dev_dbg(imx412->dev, "Received vblank %u, new lpfr %u\n",
imx412->vblank,
imx412->vblank + imx412->cur_mode->height);
@@ -615,7 +615,7 @@ static int imx412_set_ctrl(struct v4l2_ctrl *ctrl)
exposure = ctrl->val;
analog_gain = imx412->again_ctrl->val;
- dev_dbg(imx412->dev, "Received exp %u, analog gain %u",
+ dev_dbg(imx412->dev, "Received exp %u, analog gain %u\n",
exposure, analog_gain);
ret = imx412_update_exp_gain(imx412, exposure, analog_gain);
@@ -624,7 +624,7 @@ static int imx412_set_ctrl(struct v4l2_ctrl *ctrl)
break;
default:
- dev_err(imx412->dev, "Invalid control %d", ctrl->id);
+ dev_err(imx412->dev, "Invalid control %d\n", ctrl->id);
ret = -EINVAL;
}
@@ -805,14 +805,14 @@ static int imx412_start_streaming(struct imx412 *imx412)
ret = imx412_write_regs(imx412, reg_list->regs,
reg_list->num_of_regs);
if (ret) {
- dev_err(imx412->dev, "fail to write initial registers");
+ dev_err(imx412->dev, "fail to write initial registers\n");
return ret;
}
/* Setup handler will write actual exposure and gain */
ret = __v4l2_ctrl_handler_setup(imx412->sd.ctrl_handler);
if (ret) {
- dev_err(imx412->dev, "fail to setup handler");
+ dev_err(imx412->dev, "fail to setup handler\n");
return ret;
}
@@ -823,7 +823,7 @@ static int imx412_start_streaming(struct imx412 *imx412)
ret = imx412_write_reg(imx412, IMX412_REG_MODE_SELECT,
1, IMX412_MODE_STREAMING);
if (ret) {
- dev_err(imx412->dev, "fail to start streaming");
+ dev_err(imx412->dev, "fail to start streaming\n");
return ret;
}
@@ -904,7 +904,7 @@ static int imx412_detect(struct imx412 *imx412)
return ret;
if (val != IMX412_ID) {
- dev_err(imx412->dev, "chip id mismatch: %x!=%x",
+ dev_err(imx412->dev, "chip id mismatch: %x!=%x\n",
IMX412_ID, val);
return -ENXIO;
}
@@ -936,7 +936,7 @@ static int imx412_parse_hw_config(struct imx412 *imx412)
imx412->reset_gpio = devm_gpiod_get_optional(imx412->dev, "reset",
GPIOD_OUT_LOW);
if (IS_ERR(imx412->reset_gpio)) {
- dev_err(imx412->dev, "failed to get reset gpio %ld",
+ dev_err(imx412->dev, "failed to get reset gpio %ld\n",
PTR_ERR(imx412->reset_gpio));
return PTR_ERR(imx412->reset_gpio);
}
@@ -944,13 +944,13 @@ static int imx412_parse_hw_config(struct imx412 *imx412)
/* Get sensor input clock */
imx412->inclk = devm_clk_get(imx412->dev, NULL);
if (IS_ERR(imx412->inclk)) {
- dev_err(imx412->dev, "could not get inclk");
+ dev_err(imx412->dev, "could not get inclk\n");
return PTR_ERR(imx412->inclk);
}
rate = clk_get_rate(imx412->inclk);
if (rate != IMX412_INCLK_RATE) {
- dev_err(imx412->dev, "inclk frequency mismatch");
+ dev_err(imx412->dev, "inclk frequency mismatch\n");
return -EINVAL;
}
@@ -975,14 +975,14 @@ static int imx412_parse_hw_config(struct imx412 *imx412)
if (bus_cfg.bus.mipi_csi2.num_data_lanes != IMX412_NUM_DATA_LANES) {
dev_err(imx412->dev,
- "number of CSI2 data lanes %d is not supported",
+ "number of CSI2 data lanes %d is not supported\n",
bus_cfg.bus.mipi_csi2.num_data_lanes);
ret = -EINVAL;
goto done_endpoint_free;
}
if (!bus_cfg.nr_of_link_frequencies) {
- dev_err(imx412->dev, "no link frequencies defined");
+ dev_err(imx412->dev, "no link frequencies defined\n");
ret = -EINVAL;
goto done_endpoint_free;
}
@@ -1040,7 +1040,7 @@ static int imx412_power_on(struct device *dev)
ret = clk_prepare_enable(imx412->inclk);
if (ret) {
- dev_err(imx412->dev, "fail to enable inclk");
+ dev_err(imx412->dev, "fail to enable inclk\n");
goto error_reset;
}
@@ -1151,7 +1151,7 @@ static int imx412_init_controls(struct imx412 *imx412)
imx412->hblank_ctrl->flags |= V4L2_CTRL_FLAG_READ_ONLY;
if (ctrl_hdlr->error) {
- dev_err(imx412->dev, "control init failed: %d",
+ dev_err(imx412->dev, "control init failed: %d\n",
ctrl_hdlr->error);
v4l2_ctrl_handler_free(ctrl_hdlr);
return ctrl_hdlr->error;
@@ -1184,7 +1184,7 @@ static int imx412_probe(struct i2c_client *client)
ret = imx412_parse_hw_config(imx412);
if (ret) {
- dev_err(imx412->dev, "HW configuration is not supported");
+ dev_err(imx412->dev, "HW configuration is not supported\n");
return ret;
}
@@ -1192,14 +1192,14 @@ static int imx412_probe(struct i2c_client *client)
ret = imx412_power_on(imx412->dev);
if (ret) {
- dev_err(imx412->dev, "failed to power-on the sensor");
+ dev_err(imx412->dev, "failed to power-on the sensor\n");
goto error_mutex_destroy;
}
/* Check module identity */
ret = imx412_detect(imx412);
if (ret) {
- dev_err(imx412->dev, "failed to find sensor: %d", ret);
+ dev_err(imx412->dev, "failed to find sensor: %d\n", ret);
goto error_power_off;
}
@@ -1209,7 +1209,7 @@ static int imx412_probe(struct i2c_client *client)
ret = imx412_init_controls(imx412);
if (ret) {
- dev_err(imx412->dev, "failed to init controls: %d", ret);
+ dev_err(imx412->dev, "failed to init controls: %d\n", ret);
goto error_power_off;
}
@@ -1221,14 +1221,14 @@ static int imx412_probe(struct i2c_client *client)
imx412->pad.flags = MEDIA_PAD_FL_SOURCE;
ret = media_entity_pads_init(&imx412->sd.entity, 1, &imx412->pad);
if (ret) {
- dev_err(imx412->dev, "failed to init entity pads: %d", ret);
+ dev_err(imx412->dev, "failed to init entity pads: %d\n", ret);
goto error_handler_free;
}
ret = v4l2_async_register_subdev_sensor(&imx412->sd);
if (ret < 0) {
dev_err(imx412->dev,
- "failed to register async subdev: %d", ret);
+ "failed to register async subdev: %d\n", ret);
goto error_media_entity;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 193/578] media: i2c: ov9282: Correct the exposure offset
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 192/578] media: i2c: imx412: Add missing newline to prints Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 194/578] media: mipi-csis: Add check for clk_enable() Greg Kroah-Hartman
` (393 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dave Stevenson, Kieran Bingham,
Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Stevenson <dave.stevenson@raspberrypi.com>
[ Upstream commit feaf4154d69657af2bf96e6e66cca794f88b1a61 ]
The datasheet lists that "Maximum exposure time is frame
length -25 row periods, where frame length is set by
registers {0x380E, 0x380F}".
However this driver had OV9282_EXPOSURE_OFFSET set to 12
which allowed that restriction to be violated, and would
result in very under-exposed images.
Correct the offset.
Fixes: 14ea315bbeb7 ("media: i2c: Add ov9282 camera sensor driver")
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov9282.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/i2c/ov9282.c b/drivers/media/i2c/ov9282.c
index df144a2f6eda3..0ba4edd24d64b 100644
--- a/drivers/media/i2c/ov9282.c
+++ b/drivers/media/i2c/ov9282.c
@@ -31,7 +31,7 @@
/* Exposure control */
#define OV9282_REG_EXPOSURE 0x3500
#define OV9282_EXPOSURE_MIN 1
-#define OV9282_EXPOSURE_OFFSET 12
+#define OV9282_EXPOSURE_OFFSET 25
#define OV9282_EXPOSURE_STEP 1
#define OV9282_EXPOSURE_DEFAULT 0x0282
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 194/578] media: mipi-csis: Add check for clk_enable()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 193/578] media: i2c: ov9282: Correct the exposure offset Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 195/578] media: camif-core: " Greg Kroah-Hartman
` (392 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Krzysztof Kozlowski,
Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
[ Upstream commit 125ad1aeec77eb55273b420be6894b284a01e4b6 ]
Add check for the return value of clk_enable() to gurantee the success.
Fixes: b5f1220d587d ("[media] v4l: Add v4l2 subdev driver for S5P/EXYNOS4 MIPI-CSI receivers")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/samsung/exynos4-is/mipi-csis.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/samsung/exynos4-is/mipi-csis.c b/drivers/media/platform/samsung/exynos4-is/mipi-csis.c
index 6a0d35f33e8c6..f308ef6189863 100644
--- a/drivers/media/platform/samsung/exynos4-is/mipi-csis.c
+++ b/drivers/media/platform/samsung/exynos4-is/mipi-csis.c
@@ -940,13 +940,19 @@ static int s5pcsis_pm_resume(struct device *dev, bool runtime)
state->supplies);
goto unlock;
}
- clk_enable(state->clock[CSIS_CLK_GATE]);
+ ret = clk_enable(state->clock[CSIS_CLK_GATE]);
+ if (ret) {
+ phy_power_off(state->phy);
+ regulator_bulk_disable(CSIS_NUM_SUPPLIES,
+ state->supplies);
+ goto unlock;
+ }
}
if (state->flags & ST_STREAMING)
s5pcsis_start_stream(state);
state->flags &= ~ST_SUSPENDED;
- unlock:
+unlock:
mutex_unlock(&state->lock);
return ret ? -EAGAIN : 0;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 195/578] media: camif-core: Add check for clk_enable()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 194/578] media: mipi-csis: Add check for clk_enable() Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 196/578] media: uvcvideo: Propagate buf->error to userspace Greg Kroah-Hartman
` (391 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Krzysztof Kozlowski,
Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
[ Upstream commit 77ed2470ac09c2b0a33cf3f98cc51d18ba9ed976 ]
Add check for the return value of clk_enable() to gurantee the success.
Fixes: babde1c243b2 ("[media] V4L: Add driver for S3C24XX/S3C64XX SoC series camera interface")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../media/platform/samsung/s3c-camif/camif-core.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/samsung/s3c-camif/camif-core.c b/drivers/media/platform/samsung/s3c-camif/camif-core.c
index 6e8ef86566b78..38c586b01b174 100644
--- a/drivers/media/platform/samsung/s3c-camif/camif-core.c
+++ b/drivers/media/platform/samsung/s3c-camif/camif-core.c
@@ -528,10 +528,19 @@ static int s3c_camif_remove(struct platform_device *pdev)
static int s3c_camif_runtime_resume(struct device *dev)
{
struct camif_dev *camif = dev_get_drvdata(dev);
+ int ret;
+
+ ret = clk_enable(camif->clock[CLK_GATE]);
+ if (ret)
+ return ret;
- clk_enable(camif->clock[CLK_GATE]);
/* null op on s3c244x */
- clk_enable(camif->clock[CLK_CAM]);
+ ret = clk_enable(camif->clock[CLK_CAM]);
+ if (ret) {
+ clk_disable(camif->clock[CLK_GATE]);
+ return ret;
+ }
+
return 0;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 196/578] media: uvcvideo: Propagate buf->error to userspace
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 195/578] media: camif-core: " Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 197/578] mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void Greg Kroah-Hartman
` (390 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Ricardo Ribalda,
Laurent Pinchart, Mauro Carvalho Chehab, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ricardo Ribalda <ribalda@chromium.org>
[ Upstream commit 87ce177654e388451850905a1d376658aebe8699 ]
Now we return VB2_BUF_STATE_DONE for valid and invalid frames. Propagate
the correct value, so the user can know if the frame is valid or not via
struct v4l2_buffer->flags.
Reported-by: Hans de Goede <hdegoede@redhat.com>
Closes: https://lore.kernel.org/linux-media/84b0f212-cd88-46bb-8e6f-b94ec3eccba6@redhat.com
Fixes: 6998b6fb4b1c ("[media] uvcvideo: Use videobuf2-vmalloc")
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20241218-uvc-deprecate-v2-1-ab814139e983@chromium.org
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/uvc/uvc_queue.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/media/usb/uvc/uvc_queue.c b/drivers/media/usb/uvc/uvc_queue.c
index 16fa17bbd15ea..83ed7821fa2a7 100644
--- a/drivers/media/usb/uvc/uvc_queue.c
+++ b/drivers/media/usb/uvc/uvc_queue.c
@@ -483,7 +483,8 @@ static void uvc_queue_buffer_complete(struct kref *ref)
buf->state = buf->error ? UVC_BUF_STATE_ERROR : UVC_BUF_STATE_DONE;
vb2_set_plane_payload(&buf->buf.vb2_buf, 0, buf->bytesused);
- vb2_buffer_done(&buf->buf.vb2_buf, VB2_BUF_STATE_DONE);
+ vb2_buffer_done(&buf->buf.vb2_buf, buf->error ? VB2_BUF_STATE_ERROR :
+ VB2_BUF_STATE_DONE);
}
/*
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 197/578] mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 196/578] media: uvcvideo: Propagate buf->error to userspace Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 198/578] mtd: hyperbus: hbmc-am654: fix an OF node reference leak Greg Kroah-Hartman
` (389 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König, Miquel Raynal,
Tudor Ambarus, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 59bd56760df17506bc2f828f19b40a2243edd0d0 ]
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.
To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new(), which already returns void. Eventually after all drivers
are converted, .remove_new() will be renamed to .remove().
Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Acked-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Link: https://lore.kernel.org/linux-mtd/20231008200143.196369-10-u.kleine-koenig@pengutronix.de
Stable-dep-of: bf5821909eb9 ("mtd: hyperbus: hbmc-am654: fix an OF node reference leak")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/hyperbus/hbmc-am654.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/mtd/hyperbus/hbmc-am654.c b/drivers/mtd/hyperbus/hbmc-am654.c
index a6161ce340d4e..dbe3eb361cca2 100644
--- a/drivers/mtd/hyperbus/hbmc-am654.c
+++ b/drivers/mtd/hyperbus/hbmc-am654.c
@@ -229,7 +229,7 @@ static int am654_hbmc_probe(struct platform_device *pdev)
return ret;
}
-static int am654_hbmc_remove(struct platform_device *pdev)
+static void am654_hbmc_remove(struct platform_device *pdev)
{
struct am654_hbmc_priv *priv = platform_get_drvdata(pdev);
struct am654_hbmc_device_priv *dev_priv = priv->hbdev.priv;
@@ -241,8 +241,6 @@ static int am654_hbmc_remove(struct platform_device *pdev)
if (dev_priv->rx_chan)
dma_release_channel(dev_priv->rx_chan);
-
- return 0;
}
static const struct of_device_id am654_hbmc_dt_ids[] = {
@@ -256,7 +254,7 @@ MODULE_DEVICE_TABLE(of, am654_hbmc_dt_ids);
static struct platform_driver am654_hbmc_platform_driver = {
.probe = am654_hbmc_probe,
- .remove = am654_hbmc_remove,
+ .remove_new = am654_hbmc_remove,
.driver = {
.name = "hbmc-am654",
.of_match_table = am654_hbmc_dt_ids,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 198/578] mtd: hyperbus: hbmc-am654: fix an OF node reference leak
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 197/578] mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 199/578] staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Greg Kroah-Hartman
` (388 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Joe Hattori, Miquel Raynal,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit bf5821909eb9c7f5d07d5c6e852ead2c373c94a0 ]
In am654_hbmc_platform_driver, .remove() and the error path of .probe()
do not decrement the refcount of an OF node obtained by
of_get_next_child(). Fix this by adding of_node_put() calls.
Fixes: aca31ce96814 ("mtd: hyperbus: hbmc-am654: Fix direct mapping setup flash access")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/hyperbus/hbmc-am654.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/drivers/mtd/hyperbus/hbmc-am654.c b/drivers/mtd/hyperbus/hbmc-am654.c
index dbe3eb361cca2..4b6cbee23fe89 100644
--- a/drivers/mtd/hyperbus/hbmc-am654.c
+++ b/drivers/mtd/hyperbus/hbmc-am654.c
@@ -174,26 +174,30 @@ static int am654_hbmc_probe(struct platform_device *pdev)
priv->hbdev.np = of_get_next_child(np, NULL);
ret = of_address_to_resource(priv->hbdev.np, 0, &res);
if (ret)
- return ret;
+ goto put_node;
if (of_property_read_bool(dev->of_node, "mux-controls")) {
struct mux_control *control = devm_mux_control_get(dev, NULL);
- if (IS_ERR(control))
- return PTR_ERR(control);
+ if (IS_ERR(control)) {
+ ret = PTR_ERR(control);
+ goto put_node;
+ }
ret = mux_control_select(control, 1);
if (ret) {
dev_err(dev, "Failed to select HBMC mux\n");
- return ret;
+ goto put_node;
}
priv->mux_ctrl = control;
}
priv->hbdev.map.size = resource_size(&res);
priv->hbdev.map.virt = devm_ioremap_resource(dev, &res);
- if (IS_ERR(priv->hbdev.map.virt))
- return PTR_ERR(priv->hbdev.map.virt);
+ if (IS_ERR(priv->hbdev.map.virt)) {
+ ret = PTR_ERR(priv->hbdev.map.virt);
+ goto disable_mux;
+ }
priv->ctlr.dev = dev;
priv->ctlr.ops = &am654_hbmc_ops;
@@ -226,6 +230,8 @@ static int am654_hbmc_probe(struct platform_device *pdev)
disable_mux:
if (priv->mux_ctrl)
mux_control_deselect(priv->mux_ctrl);
+put_node:
+ of_node_put(priv->hbdev.np);
return ret;
}
@@ -241,6 +247,7 @@ static void am654_hbmc_remove(struct platform_device *pdev)
if (dev_priv->rx_chan)
dma_release_channel(dev_priv->rx_chan);
+ of_node_put(priv->hbdev.np);
}
static const struct of_device_id am654_hbmc_dt_ids[] = {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 199/578] staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 198/578] mtd: hyperbus: hbmc-am654: fix an OF node reference leak Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 200/578] PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Greg Kroah-Hartman
` (387 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joe Hattori, Vladimir Zapolskiy,
Philipp Zabel, Hans Verkuil, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit 094f5c315f756b19198e6c401aa821ac0e868750 ]
imx_media_add_of_subdevs() calls of_parse_phandle() and passes the
obtained node to imx_media_of_add_csi(). The passed node is used in
v4l2_async_nf_add_fwnode(), which increments the refcount of the node.
Therefore, while the current implementation only releases the node when
imx_media_of_add_csi() fails, but should always release it. Call
of_node_put() right after imx_media_of_add_csi().
Fixes: dee747f88167 ("media: imx: Don't register IPU subdevs/links if CSI port missing")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Reviewed-by: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/imx/imx-media-of.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/media/imx/imx-media-of.c b/drivers/staging/media/imx/imx-media-of.c
index 59f1eb7b62bcd..3771bc410dff7 100644
--- a/drivers/staging/media/imx/imx-media-of.c
+++ b/drivers/staging/media/imx/imx-media-of.c
@@ -55,22 +55,18 @@ int imx_media_add_of_subdevs(struct imx_media_dev *imxmd,
break;
ret = imx_media_of_add_csi(imxmd, csi_np);
+ of_node_put(csi_np);
if (ret) {
/* unavailable or already added is not an error */
if (ret == -ENODEV || ret == -EEXIST) {
- of_node_put(csi_np);
continue;
}
/* other error, can't continue */
- goto err_out;
+ return ret;
}
}
return 0;
-
-err_out:
- of_node_put(csi_np);
- return ret;
}
EXPORT_SYMBOL_GPL(imx_media_add_of_subdevs);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 200/578] PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 199/578] staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 201/578] PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error Greg Kroah-Hartman
` (386 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lad Prabhakar, King Dix,
Krzysztof Wilczyński, Manivannan Sadhasivam, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: King Dix <kingdix10@qq.com>
[ Upstream commit 2d2da5a4c1b4509f6f7e5a8db015cd420144beb4 ]
The rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()
macro to request a needed resource. A string variable that lives on the
stack is then used to store a dynamically computed resource name, which
is then passed on as one of the macro arguments. This can lead to
undefined behavior.
Depending on the current contents of the memory, the manifestations of
errors may vary. One possible output may be as follows:
$ cat /proc/iomem
30000000-37ffffff :
38000000-3fffffff :
Sometimes, garbage may appear after the colon.
In very rare cases, if no NULL-terminator is found in memory, the system
might crash because the string iterator will overrun which can lead to
access of unmapped memory above the stack.
Thus, fix this by replacing outbound_name with the name of the previously
requested resource. With the changes applied, the output will be as
follows:
$ cat /proc/iomem
30000000-37ffffff : memory2
38000000-3fffffff : memory3
Fixes: 2a6d0d63d999 ("PCI: rcar: Add endpoint mode support")
Link: https://lore.kernel.org/r/tencent_DBDCC19D60F361119E76919ADAB25EC13C06@qq.com
Tested-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Signed-off-by: King Dix <kingdix10@qq.com>
[kwilczynski: commit log]
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pcie-rcar-ep.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/controller/pcie-rcar-ep.c b/drivers/pci/controller/pcie-rcar-ep.c
index f9682df1da619..209719fb6ddcc 100644
--- a/drivers/pci/controller/pcie-rcar-ep.c
+++ b/drivers/pci/controller/pcie-rcar-ep.c
@@ -107,7 +107,7 @@ static int rcar_pcie_parse_outbound_ranges(struct rcar_pcie_endpoint *ep,
}
if (!devm_request_mem_region(&pdev->dev, res->start,
resource_size(res),
- outbound_name)) {
+ res->name)) {
dev_err(pcie->dev, "Cannot request memory region %s.\n",
outbound_name);
return -EIO;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 201/578] PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 200/578] PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 202/578] PCI: epf-test: Simplify DMA support checks Greg Kroah-Hartman
` (385 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mohamed Khalfella,
Krzysztof Wilczyński, Bjorn Helgaas, Niklas Cassel,
Manivannan Sadhasivam, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mohamed Khalfella <khalfella@gmail.com>
[ Upstream commit b1b1f4b12969130c0a6ec0cf0299460cb01e799c ]
If dma_chan_tx allocation fails, set dma_chan_rx to NULL after it is
freed.
Link: https://lore.kernel.org/r/20241227160841.92382-1-khalfella@gmail.com
Fixes: 8353813c88ef ("PCI: endpoint: Enable DMA tests for endpoints with DMA capabilities")
Signed-off-by: Mohamed Khalfella <khalfella@gmail.com>
[kwilczynski: commit log]
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Niklas Cassel <cassel@kernel.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/endpoint/functions/pci-epf-test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/endpoint/functions/pci-epf-test.c b/drivers/pci/endpoint/functions/pci-epf-test.c
index 2e8a4de2ababd..be10d7b976e94 100644
--- a/drivers/pci/endpoint/functions/pci-epf-test.c
+++ b/drivers/pci/endpoint/functions/pci-epf-test.c
@@ -251,7 +251,7 @@ static int pci_epf_test_init_dma_chan(struct pci_epf_test *epf_test)
fail_back_rx:
dma_release_channel(epf_test->dma_chan_rx);
- epf_test->dma_chan_tx = NULL;
+ epf_test->dma_chan_rx = NULL;
fail_back_tx:
dma_cap_zero(mask);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 202/578] PCI: epf-test: Simplify DMA support checks
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 201/578] PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 203/578] PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Greg Kroah-Hartman
` (384 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Lorenzo Pieralisi,
Bjorn Helgaas, Manivannan Sadhasivam, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Damien Le Moal <dlemoal@kernel.org>
[ Upstream commit 2566cbea69ab8dad4996ab4b4840fd952e62e5b4 ]
There is no need to have each read, write and copy test functions check
for the FLAG_USE_DMA flag against the DMA support status indicated by
epf_test->dma_supported. Move this test to the command handler function
pci_epf_test_cmd_handler() to check once for all cases.
Link: https://lore.kernel.org/r/20230415023542.77601-13-dlemoal@kernel.org
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Stable-dep-of: 235c2b197a8d ("PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/endpoint/functions/pci-epf-test.c | 45 +++++++------------
1 file changed, 15 insertions(+), 30 deletions(-)
diff --git a/drivers/pci/endpoint/functions/pci-epf-test.c b/drivers/pci/endpoint/functions/pci-epf-test.c
index be10d7b976e94..950fe67f2d3cc 100644
--- a/drivers/pci/endpoint/functions/pci-epf-test.c
+++ b/drivers/pci/endpoint/functions/pci-epf-test.c
@@ -328,7 +328,6 @@ static void pci_epf_test_print_rate(const char *ops, u64 size,
static int pci_epf_test_copy(struct pci_epf_test *epf_test)
{
int ret;
- bool use_dma;
void __iomem *src_addr;
void __iomem *dst_addr;
phys_addr_t src_phys_addr;
@@ -373,14 +372,7 @@ static int pci_epf_test_copy(struct pci_epf_test *epf_test)
}
ktime_get_ts64(&start);
- use_dma = !!(reg->flags & FLAG_USE_DMA);
- if (use_dma) {
- if (!epf_test->dma_supported) {
- dev_err(dev, "Cannot transfer data using DMA\n");
- ret = -EINVAL;
- goto err_map_addr;
- }
-
+ if (reg->flags & FLAG_USE_DMA) {
if (epf_test->dma_private) {
dev_err(dev, "Cannot transfer data using DMA\n");
ret = -EINVAL;
@@ -406,7 +398,8 @@ static int pci_epf_test_copy(struct pci_epf_test *epf_test)
kfree(buf);
}
ktime_get_ts64(&end);
- pci_epf_test_print_rate("COPY", reg->size, &start, &end, use_dma);
+ pci_epf_test_print_rate("COPY", reg->size, &start, &end,
+ reg->flags & FLAG_USE_DMA);
err_map_addr:
pci_epc_unmap_addr(epc, epf->func_no, epf->vfunc_no, dst_phys_addr);
@@ -430,7 +423,6 @@ static int pci_epf_test_read(struct pci_epf_test *epf_test)
void __iomem *src_addr;
void *buf;
u32 crc32;
- bool use_dma;
phys_addr_t phys_addr;
phys_addr_t dst_phys_addr;
struct timespec64 start, end;
@@ -463,14 +455,7 @@ static int pci_epf_test_read(struct pci_epf_test *epf_test)
goto err_map_addr;
}
- use_dma = !!(reg->flags & FLAG_USE_DMA);
- if (use_dma) {
- if (!epf_test->dma_supported) {
- dev_err(dev, "Cannot transfer data using DMA\n");
- ret = -EINVAL;
- goto err_dma_map;
- }
-
+ if (reg->flags & FLAG_USE_DMA) {
dst_phys_addr = dma_map_single(dma_dev, buf, reg->size,
DMA_FROM_DEVICE);
if (dma_mapping_error(dma_dev, dst_phys_addr)) {
@@ -495,7 +480,8 @@ static int pci_epf_test_read(struct pci_epf_test *epf_test)
ktime_get_ts64(&end);
}
- pci_epf_test_print_rate("READ", reg->size, &start, &end, use_dma);
+ pci_epf_test_print_rate("READ", reg->size, &start, &end,
+ reg->flags & FLAG_USE_DMA);
crc32 = crc32_le(~0, buf, reg->size);
if (crc32 != reg->checksum)
@@ -519,7 +505,6 @@ static int pci_epf_test_write(struct pci_epf_test *epf_test)
int ret;
void __iomem *dst_addr;
void *buf;
- bool use_dma;
phys_addr_t phys_addr;
phys_addr_t src_phys_addr;
struct timespec64 start, end;
@@ -555,14 +540,7 @@ static int pci_epf_test_write(struct pci_epf_test *epf_test)
get_random_bytes(buf, reg->size);
reg->checksum = crc32_le(~0, buf, reg->size);
- use_dma = !!(reg->flags & FLAG_USE_DMA);
- if (use_dma) {
- if (!epf_test->dma_supported) {
- dev_err(dev, "Cannot transfer data using DMA\n");
- ret = -EINVAL;
- goto err_dma_map;
- }
-
+ if (reg->flags & FLAG_USE_DMA) {
src_phys_addr = dma_map_single(dma_dev, buf, reg->size,
DMA_TO_DEVICE);
if (dma_mapping_error(dma_dev, src_phys_addr)) {
@@ -589,7 +567,8 @@ static int pci_epf_test_write(struct pci_epf_test *epf_test)
ktime_get_ts64(&end);
}
- pci_epf_test_print_rate("WRITE", reg->size, &start, &end, use_dma);
+ pci_epf_test_print_rate("WRITE", reg->size, &start, &end,
+ reg->flags & FLAG_USE_DMA);
/*
* wait 1ms inorder for the write to complete. Without this delay L3
@@ -660,6 +639,12 @@ static void pci_epf_test_cmd_handler(struct work_struct *work)
reg->command = 0;
reg->status = 0;
+ if ((READ_ONCE(reg->flags) & FLAG_USE_DMA) &&
+ !epf_test->dma_supported) {
+ dev_err(dev, "Cannot transfer data using DMA\n");
+ goto reset_handler;
+ }
+
if (reg->irq_type > IRQ_TYPE_MSIX) {
dev_err(dev, "Failed to detect IRQ type\n");
goto reset_handler;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 203/578] PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 202/578] PCI: epf-test: Simplify DMA support checks Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 204/578] scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Greg Kroah-Hartman
` (383 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Niklas Cassel, Manivannan Sadhasivam,
Bjorn Helgaas, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 235c2b197a8de2887f13990094a3343d2392155b ]
Currently, if DMA MEMCPY test is requested by the host, and if the endpoint
DMA controller supports DMA_PRIVATE, the test will fail. This is not
correct since there is no check for DMA_MEMCPY capability and the DMA
controller can support both DMA_PRIVATE and DMA_MEMCPY.
Fix the check and also reword the error message.
Link: https://lore.kernel.org/r/20250116171650.33585-2-manivannan.sadhasivam@linaro.org
Fixes: 8353813c88ef ("PCI: endpoint: Enable DMA tests for endpoints with DMA capabilities")
Reported-by: Niklas Cassel <cassel@kernel.org>
Closes: https://lore.kernel.org/linux-pci/Z3QtEihbiKIGogWA@ryzen
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Tested-by: Niklas Cassel <cassel@kernel.org>
Reviewed-by: Niklas Cassel <cassel@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/endpoint/functions/pci-epf-test.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/endpoint/functions/pci-epf-test.c b/drivers/pci/endpoint/functions/pci-epf-test.c
index 950fe67f2d3cc..bcf4f2ca82b3f 100644
--- a/drivers/pci/endpoint/functions/pci-epf-test.c
+++ b/drivers/pci/endpoint/functions/pci-epf-test.c
@@ -373,8 +373,8 @@ static int pci_epf_test_copy(struct pci_epf_test *epf_test)
ktime_get_ts64(&start);
if (reg->flags & FLAG_USE_DMA) {
- if (epf_test->dma_private) {
- dev_err(dev, "Cannot transfer data using DMA\n");
+ if (!dma_has_cap(DMA_MEMCPY, epf_test->dma_chan_tx->device->cap_mask)) {
+ dev_err(dev, "DMA controller doesn't support MEMCPY\n");
ret = -EINVAL;
goto err_map_addr;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 204/578] scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 203/578] PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 205/578] scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Greg Kroah-Hartman
` (382 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sreekanth Reddy, Paul Menzel,
Martin K. Petersen, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Menzel <pmenzel@molgen.mpg.de>
[ Upstream commit ad7c3c0cb8f61d6d5a48b83e62ca4a9fd2f26153 ]
Currently, the code does:
if (x == 0) {
x &= ~0x3;
x |= 0x1;
}
Zeroing bits 0 and 1 of a variable that is 0 is not necessary. So directly
set the variable to 1.
Cc: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Fixes: f92363d12359 ("[SCSI] mpt3sas: add new driver supporting 12GB SAS")
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Link: https://lore.kernel.org/r/20241212221817.78940-2-pmenzel@molgen.mpg.de
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c
index 5c13358416c42..b5a3694bfe7f2 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_base.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_base.c
@@ -5649,8 +5649,7 @@ _base_static_config_pages(struct MPT3SAS_ADAPTER *ioc)
if (!ioc->is_gen35_ioc && ioc->manu_pg11.EEDPTagMode == 0) {
pr_err("%s: overriding NVDATA EEDPTagMode setting\n",
ioc->name);
- ioc->manu_pg11.EEDPTagMode &= ~0x3;
- ioc->manu_pg11.EEDPTagMode |= 0x1;
+ ioc->manu_pg11.EEDPTagMode = 0x1;
mpt3sas_config_set_manufacturing_pg11(ioc, &mpi_reply,
&ioc->manu_pg11);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 205/578] scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 204/578] scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 206/578] ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Greg Kroah-Hartman
` (381 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Guixin Liu, Avri Altman,
Martin K. Petersen, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guixin Liu <kanie@linux.alibaba.com>
[ Upstream commit fcf247deb3c3e1c6be5774e3fa03bbd018eff1a9 ]
We should remove the bsg device when bsg_setup_queue() fails to release the
resources.
Fixes: df032bf27a41 ("scsi: ufs: Add a bsg endpoint that supports UPIUs")
Signed-off-by: Guixin Liu <kanie@linux.alibaba.com>
Link: https://lore.kernel.org/r/20241218014214.64533-2-kanie@linux.alibaba.com
Reviewed-by: Avri Altman <avri.altman@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ufs/core/ufs_bsg.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c
index b99e3f3dc4efd..87d89136cab90 100644
--- a/drivers/ufs/core/ufs_bsg.c
+++ b/drivers/ufs/core/ufs_bsg.c
@@ -219,6 +219,7 @@ int ufs_bsg_probe(struct ufs_hba *hba)
q = bsg_setup_queue(bsg_dev, dev_name(bsg_dev), ufs_bsg_request, NULL, 0);
if (IS_ERR(q)) {
ret = PTR_ERR(q);
+ device_del(bsg_dev);
goto out;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 206/578] ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 205/578] scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 207/578] module: Extend the preempt disabled section in dereference_symbol_descriptor() Greg Kroah-Hartman
` (380 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Su Yue, Joseph Qi, Mark Fasheh,
Joel Becker, Junxiao Bi, Changwei Ge, Jun Piao, Andrew Morton,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Su Yue <glass.su@suse.com>
[ Upstream commit 276c61385f6bc3223a5ecd307cf4aba2dfbb9a31 ]
While running fstests generic/329, the kernel workqueue
quota_release_workfn is dead looping in calling ocfs2_release_dquot().
The ocfs2 state is already readonly but ocfs2_release_dquot wants to
start a transaction but fails and returns.
=====================================================================
[ 2918.123602 ][ T275 ] On-disk corruption discovered. Please run
fsck.ocfs2 once the filesystem is unmounted.
[ 2918.124034 ][ T275 ] (kworker/u135:1,275,11):ocfs2_release_dquot:765
ERROR: status = -30
[ 2918.124452 ][ T275 ] (kworker/u135:1,275,11):ocfs2_release_dquot:795
ERROR: status = -30
[ 2918.124883 ][ T275 ] (kworker/u135:1,275,11):ocfs2_start_trans:357
ERROR: status = -30
[ 2918.125276 ][ T275 ] OCFS2: abort (device dm-0): ocfs2_start_trans:
Detected aborted journal
[ 2918.125710 ][ T275 ] On-disk corruption discovered. Please run
fsck.ocfs2 once the filesystem is unmounted.
=====================================================================
ocfs2_release_dquot() is much like dquot_release(), which is called by
ext4 to handle similar situation. So here fix it by marking the dquot as
inactive like what dquot_release() does.
Link: https://lkml.kernel.org/r/20250106140653.92292-1-glass.su@suse.com
Fixes: 9e33d69f553a ("ocfs2: Implementation of local and global quota file handling")
Signed-off-by: Su Yue <glass.su@suse.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ocfs2/quota_global.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/ocfs2/quota_global.c b/fs/ocfs2/quota_global.c
index 0dffd6a44d39d..24b031dc44ee1 100644
--- a/fs/ocfs2/quota_global.c
+++ b/fs/ocfs2/quota_global.c
@@ -749,6 +749,11 @@ static int ocfs2_release_dquot(struct dquot *dquot)
handle = ocfs2_start_trans(osb,
ocfs2_calc_qdel_credits(dquot->dq_sb, dquot->dq_id.type));
if (IS_ERR(handle)) {
+ /*
+ * Mark dquot as inactive to avoid endless cycle in
+ * quota_release_workfn().
+ */
+ clear_bit(DQ_ACTIVE_B, &dquot->dq_flags);
status = PTR_ERR(handle);
mlog_errno(status);
goto out_ilock;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 207/578] module: Extend the preempt disabled section in dereference_symbol_descriptor().
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 206/578] ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 208/578] serial: 8250: Adjust the timeout for FIFO mode Greg Kroah-Hartman
` (379 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, James E.J. Bottomley,
Christophe Leroy, Helge Deller, Madhavan Srinivasan,
Michael Ellerman, Naveen N Rao, Nicholas Piggin,
Sergey Senozhatsky, linux-parisc, linuxppc-dev,
Sergey Senozhatsky, Peter Zijlstra (Intel),
Sebastian Andrzej Siewior, Petr Pavlu, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
[ Upstream commit a145c848d69f9c6f32008d8319edaa133360dd74 ]
dereference_symbol_descriptor() needs to obtain the module pointer
belonging to pointer in order to resolve that pointer.
The returned mod pointer is obtained under RCU-sched/ preempt_disable()
guarantees and needs to be used within this section to ensure that the
module is not removed in the meantime.
Extend the preempt_disable() section to also cover
dereference_module_function_descriptor().
Fixes: 04b8eb7a4ccd9 ("symbol lookup: introduce dereference_symbol_descriptor()")
Cc: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Helge Deller <deller@gmx.de>
Cc: Madhavan Srinivasan <maddy@linux.ibm.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Naveen N Rao <naveen@kernel.org>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: linux-parisc@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Link: https://lore.kernel.org/r/20250108090457.512198-2-bigeasy@linutronix.de
Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/kallsyms.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h
index 0cd33be7142ad..6d10bd2b9e0fe 100644
--- a/include/linux/kallsyms.h
+++ b/include/linux/kallsyms.h
@@ -57,10 +57,10 @@ static inline void *dereference_symbol_descriptor(void *ptr)
preempt_disable();
mod = __module_address((unsigned long)ptr);
- preempt_enable();
if (mod)
ptr = dereference_module_function_descriptor(mod, ptr);
+ preempt_enable();
#endif
return ptr;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 208/578] serial: 8250: Adjust the timeout for FIFO mode
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 207/578] module: Extend the preempt disabled section in dereference_symbol_descriptor() Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 209/578] NFSv4.2: fix COPY_NOTIFY xdr buf size calculation Greg Kroah-Hartman
` (378 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Ogness, Andy Shevchenko,
Wander Lairson Costa, Petr Mladek, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Ogness <john.ogness@linutronix.de>
[ Upstream commit d91f98be26510f5f81ec66425bb0306d1ccd571a ]
After a console has written a record into UART_TX, it uses
wait_for_xmitr() to wait until the data has been sent out before
returning. However, wait_for_xmitr() will timeout after 10ms,
regardless if the data has been transmitted or not.
For single bytes, this timeout is sufficient even at very slow
baud rates, such as 1200bps. However, when FIFO mode is used,
there may be 64 bytes pushed into the FIFO at once. At a baud
rate of 115200bps, the 10ms timeout is still sufficient. But
when using lower baud rates (such as 57600bps), the timeout
is _not_ sufficient. This causes longer lines to be cut off,
resulting in lost and horribly misformatted output on the
console.
When using FIFO mode, take the number of bytes into account to
determine an appropriate maximum timeout. Increasing the timeout
does not affect performance since ideally the timeout never
occurs.
Fixes: 8f3631f0f6eb ("serial/8250: Use fifo in 8250 console driver")
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Wander Lairson Costa <wander@redhat.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20250107212702.169493-2-john.ogness@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_port.c | 32 +++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index c744feabd7cdd..fb1ea2f448910 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -2091,7 +2091,8 @@ static void serial8250_break_ctl(struct uart_port *port, int break_state)
serial8250_rpm_put(up);
}
-static void wait_for_lsr(struct uart_8250_port *up, int bits)
+/* Returns true if @bits were set, false on timeout */
+static bool wait_for_lsr(struct uart_8250_port *up, int bits)
{
unsigned int status, tmout = 10000;
@@ -2106,11 +2107,11 @@ static void wait_for_lsr(struct uart_8250_port *up, int bits)
udelay(1);
touch_nmi_watchdog();
}
+
+ return (tmout != 0);
}
-/*
- * Wait for transmitter & holding register to empty
- */
+/* Wait for transmitter and holding register to empty with timeout */
static void wait_for_xmitr(struct uart_8250_port *up, int bits)
{
unsigned int tmout;
@@ -3349,6 +3350,16 @@ static void serial8250_console_restore(struct uart_8250_port *up)
serial8250_out_MCR(up, up->mcr | UART_MCR_DTR | UART_MCR_RTS);
}
+static void fifo_wait_for_lsr(struct uart_8250_port *up, unsigned int count)
+{
+ unsigned int i;
+
+ for (i = 0; i < count; i++) {
+ if (wait_for_lsr(up, UART_LSR_THRE))
+ return;
+ }
+}
+
/*
* Print a string to the serial port using the device FIFO
*
@@ -3358,13 +3369,15 @@ static void serial8250_console_restore(struct uart_8250_port *up)
static void serial8250_console_fifo_write(struct uart_8250_port *up,
const char *s, unsigned int count)
{
- int i;
const char *end = s + count;
unsigned int fifosize = up->tx_loadsz;
+ unsigned int tx_count = 0;
bool cr_sent = false;
+ unsigned int i;
while (s != end) {
- wait_for_lsr(up, UART_LSR_THRE);
+ /* Allow timeout for each byte of a possibly full FIFO */
+ fifo_wait_for_lsr(up, fifosize);
for (i = 0; i < fifosize && s != end; ++i) {
if (*s == '\n' && !cr_sent) {
@@ -3375,7 +3388,14 @@ static void serial8250_console_fifo_write(struct uart_8250_port *up,
cr_sent = false;
}
}
+ tx_count = i;
}
+
+ /*
+ * Allow timeout for each byte written since the caller will only wait
+ * for UART_LSR_BOTH_EMPTY using the timeout of a single character
+ */
+ fifo_wait_for_lsr(up, tx_count);
}
/*
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 209/578] NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 208/578] serial: 8250: Adjust the timeout for FIFO mode Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 210/578] NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Greg Kroah-Hartman
` (377 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Olga Kornievskaia, Anna Schumaker,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Olga Kornievskaia <okorniev@redhat.com>
[ Upstream commit e8380c2d06055665b3df6c03964911375d7f9290 ]
We need to include sequence size in the compound.
Fixes: 0491567b51ef ("NFS: add COPY_NOTIFY operation")
Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs42xdr.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/nfs/nfs42xdr.c b/fs/nfs/nfs42xdr.c
index 20aa5e746497d..fd51fd1cf5ff7 100644
--- a/fs/nfs/nfs42xdr.c
+++ b/fs/nfs/nfs42xdr.c
@@ -129,9 +129,11 @@
decode_putfh_maxsz + \
decode_offload_cancel_maxsz)
#define NFS4_enc_copy_notify_sz (compound_encode_hdr_maxsz + \
+ encode_sequence_maxsz + \
encode_putfh_maxsz + \
encode_copy_notify_maxsz)
#define NFS4_dec_copy_notify_sz (compound_decode_hdr_maxsz + \
+ decode_sequence_maxsz + \
decode_putfh_maxsz + \
decode_copy_notify_maxsz)
#define NFS4_enc_deallocate_sz (compound_encode_hdr_maxsz + \
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 210/578] NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 209/578] NFSv4.2: fix COPY_NOTIFY xdr buf size calculation Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 211/578] tools/bootconfig: Fix the wrong format specifier Greg Kroah-Hartman
` (376 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Olga Kornievskaia, Anna Schumaker,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Olga Kornievskaia <okorniev@redhat.com>
[ Upstream commit 668135b9348c53fd205f5e07d11e82b10f31b55b ]
OFFLOAD_CANCEL should be marked MOVEABLE for when we need to move
tasks off a non-functional transport.
Fixes: c975c2092657 ("NFS send OFFLOAD_CANCEL when COPY killed")
Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs42proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/nfs42proc.c b/fs/nfs/nfs42proc.c
index 89c32a963dd15..923ccd3b540f5 100644
--- a/fs/nfs/nfs42proc.c
+++ b/fs/nfs/nfs42proc.c
@@ -551,7 +551,7 @@ static int nfs42_do_offload_cancel_async(struct file *dst,
.rpc_message = &msg,
.callback_ops = &nfs42_offload_cancel_ops,
.workqueue = nfsiod_workqueue,
- .flags = RPC_TASK_ASYNC,
+ .flags = RPC_TASK_ASYNC | RPC_TASK_MOVEABLE,
};
int status;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 211/578] tools/bootconfig: Fix the wrong format specifier
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 210/578] NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 212/578] xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Greg Kroah-Hartman
` (375 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luo Yifan, Masami Hiramatsu (Google),
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luo Yifan <luoyifan@cmss.chinamobile.com>
[ Upstream commit f6ab7384d554ba80ff4793259d75535874b366f5 ]
Use '%u' instead of '%d' for unsigned int.
Link: https://lore.kernel.org/all/20241105011048.201629-1-luoyifan@cmss.chinamobile.com/
Fixes: 973780011106 ("tools/bootconfig: Suppress non-error messages")
Signed-off-by: Luo Yifan <luoyifan@cmss.chinamobile.com>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/bootconfig/main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/bootconfig/main.c b/tools/bootconfig/main.c
index 156b62a163c5a..8a48cc2536f56 100644
--- a/tools/bootconfig/main.c
+++ b/tools/bootconfig/main.c
@@ -226,7 +226,7 @@ static int load_xbc_from_initrd(int fd, char **buf)
/* Wrong Checksum */
rcsum = xbc_calc_checksum(*buf, size);
if (csum != rcsum) {
- pr_err("checksum error: %d != %d\n", csum, rcsum);
+ pr_err("checksum error: %u != %u\n", csum, rcsum);
return -EINVAL;
}
@@ -395,7 +395,7 @@ static int apply_xbc(const char *path, const char *xbc_path)
xbc_get_info(&ret, NULL);
printf("\tNumber of nodes: %d\n", ret);
printf("\tSize: %u bytes\n", (unsigned int)size);
- printf("\tChecksum: %d\n", (unsigned int)csum);
+ printf("\tChecksum: %u\n", (unsigned int)csum);
/* TODO: Check the options by schema */
xbc_exit();
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 212/578] xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 211/578] tools/bootconfig: Fix the wrong format specifier Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 213/578] dmaengine: ti: edma: fix OF node reference leaks in edma_driver Greg Kroah-Hartman
` (374 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jianbo Liu, Patrisious Haddad,
Leon Romanovsky, Steffen Klassert, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jianbo Liu <jianbol@nvidia.com>
[ Upstream commit c05c5e5aa163f4682ca97a2f0536575fc7dbdecb ]
When skb needs GSO and wrap around happens, if xo->seq.low (seqno of
the first skb segment) is before the last seq number but oseq (seqno
of the last segment) is after it, xo->seq.low is still bigger than
replay_esn->oseq while oseq is smaller than it, so the update of
replay_esn->oseq_hi is missed for this case wrap around because of
the change in the cited commit.
For example, if sending a packet with gso_segs=3 while old
replay_esn->oseq=0xfffffffe, we calculate:
xo->seq.low = 0xfffffffe + 1 = 0x0xffffffff
oseq = 0xfffffffe + 3 = 0x1
(oseq < replay_esn->oseq) is true, but (xo->seq.low <
replay_esn->oseq) is false, so replay_esn->oseq_hi is not incremented.
To fix this issue, change the outer checking back for the update of
replay_esn->oseq_hi. And add new checking inside for the update of
packet's oseq_hi.
Fixes: 4b549ccce941 ("xfrm: replay: Fix ESN wrap around for GSO")
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Reviewed-by: Patrisious Haddad <phaddad@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_replay.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index ce56d659c55a6..7f52bb2e14c13 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -714,10 +714,12 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
oseq += skb_shinfo(skb)->gso_segs;
}
- if (unlikely(xo->seq.low < replay_esn->oseq)) {
- XFRM_SKB_CB(skb)->seq.output.hi = ++oseq_hi;
- xo->seq.hi = oseq_hi;
- replay_esn->oseq_hi = oseq_hi;
+ if (unlikely(oseq < replay_esn->oseq)) {
+ replay_esn->oseq_hi = ++oseq_hi;
+ if (xo->seq.low < replay_esn->oseq) {
+ XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi;
+ xo->seq.hi = oseq_hi;
+ }
if (replay_esn->oseq_hi == 0) {
replay_esn->oseq--;
replay_esn->oseq_hi--;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 213/578] dmaengine: ti: edma: fix OF node reference leaks in edma_driver
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 212/578] xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 214/578] rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Greg Kroah-Hartman
` (373 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joe Hattori, Dan Carpenter,
Vinod Koul, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit e883c64778e5a9905fce955681f8ee38c7197e0f ]
The .probe() of edma_driver calls of_parse_phandle_with_fixed_args() but
does not release the obtained OF nodes. Thus add a of_node_put() call.
This bug was found by an experimental verification tool that I am
developing.
Fixes: 1be5336bc7ba ("dmaengine: edma: New device tree binding")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/20241219020507.1983124-3-joe@pf.is.s.u-tokyo.ac.jp
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/ti/edma.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/dma/ti/edma.c b/drivers/dma/ti/edma.c
index 9212ac9f978f2..89e06c87a258b 100644
--- a/drivers/dma/ti/edma.c
+++ b/drivers/dma/ti/edma.c
@@ -209,7 +209,6 @@ struct edma_desc {
struct edma_cc;
struct edma_tc {
- struct device_node *node;
u16 id;
};
@@ -2475,13 +2474,13 @@ static int edma_probe(struct platform_device *pdev)
if (ret || i == ecc->num_tc)
break;
- ecc->tc_list[i].node = tc_args.np;
ecc->tc_list[i].id = i;
queue_priority_mapping[i][1] = tc_args.args[0];
if (queue_priority_mapping[i][1] > lowest_priority) {
lowest_priority = queue_priority_mapping[i][1];
info->default_queue = i;
}
+ of_node_put(tc_args.np);
}
/* See if we have optional dma-channel-mask array */
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 214/578] rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 213/578] dmaengine: ti: edma: fix OF node reference leaks in edma_driver Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 215/578] ubifs: skip dumping tnc tree when zroot is null Greg Kroah-Hartman
` (372 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Oleksij Rempel, Ahmad Fatoum,
Alexandre Belloni, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleksij Rempel <o.rempel@pengutronix.de>
[ Upstream commit 3ab8c5ed4f84fa20cd16794fe8dc31f633fbc70c ]
The nvmem interface supports variable buffer sizes, while the regmap
interface operates with fixed-size storage. If an nvmem client uses a
buffer size less than 4 bytes, regmap_read will write out of bounds
as it expects the buffer to point at an unsigned int.
Fix this by using an intermediary unsigned int to hold the value.
Fixes: fadfd092ee91 ("rtc: pcf85063: add nvram support")
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.kernel.org/r/20241218-rtc-pcf85063-stack-corruption-v1-1-12fd0ee0f046@pengutronix.de
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-pcf85063.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/rtc/rtc-pcf85063.c b/drivers/rtc/rtc-pcf85063.c
index 754e03984f986..6ffdc10b32d32 100644
--- a/drivers/rtc/rtc-pcf85063.c
+++ b/drivers/rtc/rtc-pcf85063.c
@@ -322,7 +322,16 @@ static const struct rtc_class_ops pcf85063_rtc_ops = {
static int pcf85063_nvmem_read(void *priv, unsigned int offset,
void *val, size_t bytes)
{
- return regmap_read(priv, PCF85063_REG_RAM, val);
+ unsigned int tmp;
+ int ret;
+
+ ret = regmap_read(priv, PCF85063_REG_RAM, &tmp);
+ if (ret < 0)
+ return ret;
+
+ *(u8 *)val = tmp;
+
+ return 0;
}
static int pcf85063_nvmem_write(void *priv, unsigned int offset,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 215/578] ubifs: skip dumping tnc tree when zroot is null
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 214/578] rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 216/578] regulator: core: Add missing newline character Greg Kroah-Hartman
` (371 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, pangliyuan, Zhihao Cheng,
Richard Weinberger, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: pangliyuan <pangliyuan1@huawei.com>
[ Upstream commit bdb0ca39e0acccf6771db49c3f94ed787d05f2d7 ]
Clearing slab cache will free all znode in memory and make
c->zroot.znode = NULL, then dumping tnc tree will access
c->zroot.znode which cause null pointer dereference.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219624#c0
Fixes: 1e51764a3c2a ("UBIFS: add new flash file system")
Signed-off-by: pangliyuan <pangliyuan1@huawei.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ubifs/debug.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/fs/ubifs/debug.c b/fs/ubifs/debug.c
index 3f128b9fdfbb2..9613725ed1935 100644
--- a/fs/ubifs/debug.c
+++ b/fs/ubifs/debug.c
@@ -946,16 +946,20 @@ void ubifs_dump_tnc(struct ubifs_info *c)
pr_err("\n");
pr_err("(pid %d) start dumping TNC tree\n", current->pid);
- znode = ubifs_tnc_levelorder_next(c, c->zroot.znode, NULL);
- level = znode->level;
- pr_err("== Level %d ==\n", level);
- while (znode) {
- if (level != znode->level) {
- level = znode->level;
- pr_err("== Level %d ==\n", level);
+ if (c->zroot.znode) {
+ znode = ubifs_tnc_levelorder_next(c, c->zroot.znode, NULL);
+ level = znode->level;
+ pr_err("== Level %d ==\n", level);
+ while (znode) {
+ if (level != znode->level) {
+ level = znode->level;
+ pr_err("== Level %d ==\n", level);
+ }
+ ubifs_dump_znode(c, znode);
+ znode = ubifs_tnc_levelorder_next(c, c->zroot.znode, znode);
}
- ubifs_dump_znode(c, znode);
- znode = ubifs_tnc_levelorder_next(c, c->zroot.znode, znode);
+ } else {
+ pr_err("empty TNC tree in memory\n");
}
pr_err("(pid %d) finish dumping TNC tree\n", current->pid);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 216/578] regulator: core: Add missing newline character
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 215/578] ubifs: skip dumping tnc tree when zroot is null Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 217/578] net: hns3: fix oops when unload drivers paralleling Greg Kroah-Hartman
` (370 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Stein, Mark Brown,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 155c569fa4c3b340fbf8571a0e42dd415c025377 ]
dev_err_probe() error messages need newline character.
Fixes: 6eabfc018e8d ("regulator: core: Allow specifying an initial load w/ the bulk API")
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Link: https://patch.msgid.link/20250122072019.1926093-1-alexander.stein@ew.tq-group.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 518b64b2d69bc..fc52551aa265e 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -4897,7 +4897,7 @@ int regulator_bulk_get(struct device *dev, int num_consumers,
consumers[i].supply);
if (IS_ERR(consumers[i].consumer)) {
ret = dev_err_probe(dev, PTR_ERR(consumers[i].consumer),
- "Failed to get supply '%s'",
+ "Failed to get supply '%s'\n",
consumers[i].supply);
consumers[i].consumer = NULL;
goto err;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 217/578] net: hns3: fix oops when unload drivers paralleling
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 216/578] regulator: core: Add missing newline character Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 218/578] gpio: mxc: remove dead code after switch to DT-only Greg Kroah-Hartman
` (369 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jian Shen, Jijie Shao,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jian Shen <shenjian15@huawei.com>
[ Upstream commit 92e5995773774a3e70257e9c95ea03518268bea5 ]
When unload hclge driver, it tries to disable sriov first for each
ae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at
the time, because it removes all the ae_dev nodes, and it may cause
oops.
But we can't simply use hnae3_common_lock for this. Because in the
process flow of pci_disable_sriov(), it will trigger the remove flow
of VF, which will also take hnae3_common_lock.
To fixes it, introduce a new mutex to protect the unload process.
Fixes: 0dd8a25f355b ("net: hns3: disable sriov before unload hclge layer")
Signed-off-by: Jian Shen <shenjian15@huawei.com>
Signed-off-by: Jijie Shao <shaojijie@huawei.com>
Link: https://patch.msgid.link/20250118094741.3046663-1-shaojijie@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 +++++++++++++++
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 ++
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 ++
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 ++
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 ++
5 files changed, 23 insertions(+)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hnae3.c b/drivers/net/ethernet/hisilicon/hns3/hnae3.c
index 9a63fbc694083..b25fb400f4767 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hnae3.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hnae3.c
@@ -40,6 +40,21 @@ EXPORT_SYMBOL(hnae3_unregister_ae_algo_prepare);
*/
static DEFINE_MUTEX(hnae3_common_lock);
+/* ensure the drivers being unloaded one by one */
+static DEFINE_MUTEX(hnae3_unload_lock);
+
+void hnae3_acquire_unload_lock(void)
+{
+ mutex_lock(&hnae3_unload_lock);
+}
+EXPORT_SYMBOL(hnae3_acquire_unload_lock);
+
+void hnae3_release_unload_lock(void)
+{
+ mutex_unlock(&hnae3_unload_lock);
+}
+EXPORT_SYMBOL(hnae3_release_unload_lock);
+
static bool hnae3_client_match(enum hnae3_client_type client_type)
{
if (client_type == HNAE3_CLIENT_KNIC ||
diff --git a/drivers/net/ethernet/hisilicon/hns3/hnae3.h b/drivers/net/ethernet/hisilicon/hns3/hnae3.h
index 60b8d61af07f9..7f993b3f8038b 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hnae3.h
+++ b/drivers/net/ethernet/hisilicon/hns3/hnae3.h
@@ -929,4 +929,6 @@ int hnae3_register_client(struct hnae3_client *client);
void hnae3_set_client_init_flag(struct hnae3_client *client,
struct hnae3_ae_dev *ae_dev,
unsigned int inited);
+void hnae3_acquire_unload_lock(void);
+void hnae3_release_unload_lock(void);
#endif
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
index 0377a056aaecc..9d27fad9f35fe 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -6007,9 +6007,11 @@ module_init(hns3_init_module);
*/
static void __exit hns3_exit_module(void)
{
+ hnae3_acquire_unload_lock();
pci_unregister_driver(&hns3_driver);
hnae3_unregister_client(&client);
hns3_dbg_unregister_debugfs();
+ hnae3_release_unload_lock();
}
module_exit(hns3_exit_module);
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
index 45bd5c79e4da8..ed1b49a360165 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -13250,9 +13250,11 @@ static int __init hclge_init(void)
static void __exit hclge_exit(void)
{
+ hnae3_acquire_unload_lock();
hnae3_unregister_ae_algo_prepare(&ae_algo);
hnae3_unregister_ae_algo(&ae_algo);
destroy_workqueue(hclge_wq);
+ hnae3_release_unload_lock();
}
module_init(hclge_init);
module_exit(hclge_exit);
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
index aebb104f4c290..06493853b2b49 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
@@ -3468,8 +3468,10 @@ static int __init hclgevf_init(void)
static void __exit hclgevf_exit(void)
{
+ hnae3_acquire_unload_lock();
hnae3_unregister_ae_algo(&ae_algovf);
destroy_workqueue(hclgevf_wq);
+ hnae3_release_unload_lock();
}
module_init(hclgevf_init);
module_exit(hclgevf_exit);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 218/578] gpio: mxc: remove dead code after switch to DT-only
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 217/578] net: hns3: fix oops when unload drivers paralleling Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 219/578] net: fec: implement TSO descriptor cleanup Greg Kroah-Hartman
` (368 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ahmad Fatoum, Andy Shevchenko,
Bartosz Golaszewski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
[ Upstream commit b049e7abe9001a780d58e78e3833dcceee22f396 ]
struct platform_device::id was only set by board code, but since i.MX
became a devicetree-only platform, this will always be -1
(PLATFORM_DEVID_NONE).
Note: of_alias_get_id() returns a negative number on error and base
treats all negative errors the same, so we need not add any additional
error handling.
Fixes: 0f2c7af45d7e ("gpio: mxc: Convert the driver to DT-only")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20250113-b4-imx-gpio-base-warning-v1-3-0a28731a5cf6@pengutronix.de
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-mxc.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpio/gpio-mxc.c b/drivers/gpio/gpio-mxc.c
index 853d9aa6b3b1f..d456077c74f2f 100644
--- a/drivers/gpio/gpio-mxc.c
+++ b/drivers/gpio/gpio-mxc.c
@@ -445,8 +445,7 @@ static int mxc_gpio_probe(struct platform_device *pdev)
port->gc.request = gpiochip_generic_request;
port->gc.free = gpiochip_generic_free;
port->gc.to_irq = mxc_gpio_to_irq;
- port->gc.base = (pdev->id < 0) ? of_alias_get_id(np, "gpio") * 32 :
- pdev->id * 32;
+ port->gc.base = of_alias_get_id(np, "gpio") * 32;
err = devm_gpiochip_add_data(&pdev->dev, &port->gc, port);
if (err)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 219/578] net: fec: implement TSO descriptor cleanup
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 218/578] gpio: mxc: remove dead code after switch to DT-only Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 220/578] ipmr: do not call mr_mfc_uses_dev() for unres entries Greg Kroah-Hartman
` (367 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dheeraj Reddy Jonnalagadda, Wei Fang,
Paolo Abeni, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev@gmail.com>
[ Upstream commit 61dc1fd9205bc9d9918aa933a847b08e80b4dc20 ]
Implement cleanup of descriptors in the TSO error path of
fec_enet_txq_submit_tso(). The cleanup
- Unmaps DMA buffers for data descriptors skipping TSO header
- Clears all buffer descriptors
- Handles extended descriptors by clearing cbd_esc when enabled
Fixes: 79f339125ea3 ("net: fec: Add software TSO support")
Signed-off-by: Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev@gmail.com>
Reviewed-by: Wei Fang <wei.fang@nxp.com>
Link: https://patch.msgid.link/20250120085430.99318-1-dheeraj.linuxdev@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/fec_main.c | 31 ++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c
index aeab6c28892f2..018ce4f4be6f3 100644
--- a/drivers/net/ethernet/freescale/fec_main.c
+++ b/drivers/net/ethernet/freescale/fec_main.c
@@ -818,6 +818,8 @@ static int fec_enet_txq_submit_tso(struct fec_enet_priv_tx_q *txq,
struct fec_enet_private *fep = netdev_priv(ndev);
int hdr_len, total_len, data_left;
struct bufdesc *bdp = txq->bd.cur;
+ struct bufdesc *tmp_bdp;
+ struct bufdesc_ex *ebdp;
struct tso_t tso;
unsigned int index = 0;
int ret;
@@ -891,7 +893,34 @@ static int fec_enet_txq_submit_tso(struct fec_enet_priv_tx_q *txq,
return 0;
err_release:
- /* TODO: Release all used data descriptors for TSO */
+ /* Release all used data descriptors for TSO */
+ tmp_bdp = txq->bd.cur;
+
+ while (tmp_bdp != bdp) {
+ /* Unmap data buffers */
+ if (tmp_bdp->cbd_bufaddr &&
+ !IS_TSO_HEADER(txq, fec32_to_cpu(tmp_bdp->cbd_bufaddr)))
+ dma_unmap_single(&fep->pdev->dev,
+ fec32_to_cpu(tmp_bdp->cbd_bufaddr),
+ fec16_to_cpu(tmp_bdp->cbd_datlen),
+ DMA_TO_DEVICE);
+
+ /* Clear standard buffer descriptor fields */
+ tmp_bdp->cbd_sc = 0;
+ tmp_bdp->cbd_datlen = 0;
+ tmp_bdp->cbd_bufaddr = 0;
+
+ /* Handle extended descriptor if enabled */
+ if (fep->bufdesc_ex) {
+ ebdp = (struct bufdesc_ex *)tmp_bdp;
+ ebdp->cbd_esc = 0;
+ }
+
+ tmp_bdp = fec_enet_get_nextdesc(tmp_bdp, &txq->bd);
+ }
+
+ dev_kfree_skb_any(skb);
+
return ret;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 220/578] ipmr: do not call mr_mfc_uses_dev() for unres entries
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 219/578] net: fec: implement TSO descriptor cleanup Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 221/578] PM: hibernate: Add error handling for syscore_suspend() Greg Kroah-Hartman
` (366 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+5cfae50c0e5f2c500013,
Eric Dumazet, David Ahern, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 15a901361ec3fb1c393f91880e1cbf24ec0a88bd ]
syzbot found that calling mr_mfc_uses_dev() for unres entries
would crash [1], because c->mfc_un.res.minvif / c->mfc_un.res.maxvif
alias to "struct sk_buff_head unresolved", which contain two pointers.
This code never worked, lets remove it.
[1]
Unable to handle kernel paging request at virtual address ffff5fff2d536613
KASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]
Modules linked in:
CPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]
pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334
lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]
lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334
Call trace:
mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)
mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)
mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382
ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648
rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327
rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791
netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317
netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973
sock_recvmsg_nosec net/socket.c:1033 [inline]
sock_recvmsg net/socket.c:1055 [inline]
sock_read_iter+0x2d8/0x40c net/socket.c:1125
new_sync_read fs/read_write.c:484 [inline]
vfs_read+0x740/0x970 fs/read_write.c:565
ksys_read+0x15c/0x26c fs/read_write.c:708
Fixes: cb167893f41e ("net: Plumb support for filtering ipv4 and ipv6 multicast route dumps")
Reported-by: syzbot+5cfae50c0e5f2c500013@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/678fe2d1.050a0220.15cac.00b3.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20250121181241.841212-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/ipmr_base.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/ipv4/ipmr_base.c b/net/ipv4/ipmr_base.c
index f0af12a2f70bc..de98ce66d38f3 100644
--- a/net/ipv4/ipmr_base.c
+++ b/net/ipv4/ipmr_base.c
@@ -330,9 +330,6 @@ int mr_table_dump(struct mr_table *mrt, struct sk_buff *skb,
list_for_each_entry(mfc, &mrt->mfc_unres_queue, list) {
if (e < s_e)
goto next_entry2;
- if (filter->dev &&
- !mr_mfc_uses_dev(mrt, mfc, filter->dev))
- goto next_entry2;
err = fill(mrt, skb, NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq, mfc, RTM_NEWROUTE, flags);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 221/578] PM: hibernate: Add error handling for syscore_suspend()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 220/578] ipmr: do not call mr_mfc_uses_dev() for unres entries Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 222/578] iavf: allow changing VLAN state without calling PF Greg Kroah-Hartman
` (365 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wentao Liang, Rafael J. Wysocki,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wentao Liang <vulab@iscas.ac.cn>
[ Upstream commit e20a70c572539a486dbd91b225fa6a194a5e2122 ]
In hibernation_platform_enter(), the code did not check the
return value of syscore_suspend(), potentially leading to a
situation where syscore_resume() would be called even if
syscore_suspend() failed. This could cause unpredictable
behavior or system instability.
Modify the code sequence in question to properly handle errors returned
by syscore_suspend(). If an error occurs in the suspend path, the code
now jumps to label 'Enable_irqs' skipping the syscore_resume() call and
only enabling interrupts after setting the system state to SYSTEM_RUNNING.
Fixes: 40dc166cb5dd ("PM / Core: Introduce struct syscore_ops for core subsystems PM")
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
Link: https://patch.msgid.link/20250119143205.2103-1-vulab@iscas.ac.cn
[ rjw: Changelog edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/power/hibernate.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index 30d1274f03f62..ec34c96514b36 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -599,7 +599,11 @@ int hibernation_platform_enter(void)
local_irq_disable();
system_state = SYSTEM_SUSPEND;
- syscore_suspend();
+
+ error = syscore_suspend();
+ if (error)
+ goto Enable_irqs;
+
if (pm_wakeup_pending()) {
error = -EAGAIN;
goto Power_up;
@@ -611,6 +615,7 @@ int hibernation_platform_enter(void)
Power_up:
syscore_resume();
+ Enable_irqs:
system_state = SYSTEM_RUNNING;
local_irq_enable();
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 222/578] iavf: allow changing VLAN state without calling PF
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 221/578] PM: hibernate: Add error handling for syscore_suspend() Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 223/578] net: rose: fix timer races against user threads Greg Kroah-Hartman
` (364 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michal Swiatkowski, Przemek Kitszel,
Rafal Romanowski, Tony Nguyen, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
[ Upstream commit ee7d79433d783346430ee32f28c9df44a88b3bb6 ]
First case:
> ip l a l $VF name vlanx type vlan id 100
> ip l d vlanx
> ip l a l $VF name vlanx type vlan id 100
As workqueue can be execute after sometime, there is a window to have
call trace like that:
- iavf_del_vlan
- iavf_add_vlan
- iavf_del_vlans (wq)
It means that our VLAN 100 will change the state from IAVF_VLAN_ACTIVE
to IAVF_VLAN_REMOVE (iavf_del_vlan). After that in iavf_add_vlan state
won't be changed because VLAN 100 is on the filter list. The final
result is that the VLAN 100 filter isn't added in hardware (no
iavf_add_vlans call).
To fix that change the state if the filter wasn't removed yet directly
to active. It is save as IAVF_VLAN_REMOVE means that virtchnl message
wasn't sent yet.
Second case:
> ip l a l $VF name vlanx type vlan id 100
Any type of VF reset ex. change trust
> ip l s $PF vf $VF_NUM trust on
> ip l d vlanx
> ip l a l $VF name vlanx type vlan id 100
In case of reset iavf driver is responsible for readding all filters
that are being used. To do that all VLAN filters state are changed to
IAVF_VLAN_ADD. Here is even longer window for changing VLAN state from
kernel side, as workqueue isn't called immediately. We can have call
trace like that:
- changing to IAVF_VLAN_ADD (after reset)
- iavf_del_vlan (called from kernel ops)
- iavf_del_vlans (wq)
Not exsisitng VLAN filters will be removed from hardware. It isn't a
bug, ice driver will handle it fine. However, we can have call trace
like that:
- changing to IAVF_VLAN_ADD (after reset)
- iavf_del_vlan (called from kernel ops)
- iavf_add_vlan (called from kernel ops)
- iavf_del_vlans (wq)
With fix for previous case we end up with no VLAN filters in hardware.
We have to remove VLAN filters if the state is IAVF_VLAN_ADD and delete
VLAN was called. It is save as IAVF_VLAN_ADD means that virtchnl message
wasn't sent yet.
Fixes: 0c0da0e95105 ("iavf: refactor VLAN filter states")
Signed-off-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/iavf/iavf_main.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c
index 53b9fe35d8035..7119bce4c091a 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_main.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
@@ -830,6 +830,11 @@ iavf_vlan_filter *iavf_add_vlan(struct iavf_adapter *adapter,
f->state = IAVF_VLAN_ADD;
adapter->num_vlan_filters++;
iavf_schedule_aq_request(adapter, IAVF_FLAG_AQ_ADD_VLAN_FILTER);
+ } else if (f->state == IAVF_VLAN_REMOVE) {
+ /* IAVF_VLAN_REMOVE means that VLAN wasn't yet removed.
+ * We can safely only change the state here.
+ */
+ f->state = IAVF_VLAN_ACTIVE;
}
clearout:
@@ -850,8 +855,18 @@ static void iavf_del_vlan(struct iavf_adapter *adapter, struct iavf_vlan vlan)
f = iavf_find_vlan(adapter, vlan);
if (f) {
- f->state = IAVF_VLAN_REMOVE;
- iavf_schedule_aq_request(adapter, IAVF_FLAG_AQ_DEL_VLAN_FILTER);
+ /* IAVF_ADD_VLAN means that VLAN wasn't even added yet.
+ * Remove it from the list.
+ */
+ if (f->state == IAVF_VLAN_ADD) {
+ list_del(&f->list);
+ kfree(f);
+ adapter->num_vlan_filters--;
+ } else {
+ f->state = IAVF_VLAN_REMOVE;
+ iavf_schedule_aq_request(adapter,
+ IAVF_FLAG_AQ_DEL_VLAN_FILTER);
+ }
}
spin_unlock_bh(&adapter->mac_vlan_list_lock);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 223/578] net: rose: fix timer races against user threads
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 222/578] iavf: allow changing VLAN state without calling PF Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 224/578] net: netdevsim: try to close UDP port harness races Greg Kroah-Hartman
` (363 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Eric Dumazet, Jakub Kicinski,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 5de7665e0a0746b5ad7943554b34db8f8614a196 ]
Rose timers only acquire the socket spinlock, without
checking if the socket is owned by one user thread.
Add a check and rearm the timers if needed.
BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174
Read of size 2 at addr ffff88802f09b82a by task swapper/0/0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0x169/0x550 mm/kasan/report.c:489
kasan_report+0x143/0x180 mm/kasan/report.c:602
rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174
call_timer_fn+0x187/0x650 kernel/time/timer.c:1793
expire_timers kernel/time/timer.c:1844 [inline]
__run_timers kernel/time/timer.c:2418 [inline]
__run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430
run_timer_base kernel/time/timer.c:2439 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449
handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
__do_softirq kernel/softirq.c:595 [inline]
invoke_softirq kernel/softirq.c:435 [inline]
__irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
</IRQ>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20250122180244.1861468-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rose/rose_timer.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/net/rose/rose_timer.c b/net/rose/rose_timer.c
index f06ddbed3fed6..1525773e94aa1 100644
--- a/net/rose/rose_timer.c
+++ b/net/rose/rose_timer.c
@@ -122,6 +122,10 @@ static void rose_heartbeat_expiry(struct timer_list *t)
struct rose_sock *rose = rose_sk(sk);
bh_lock_sock(sk);
+ if (sock_owned_by_user(sk)) {
+ sk_reset_timer(sk, &sk->sk_timer, jiffies + HZ/20);
+ goto out;
+ }
switch (rose->state) {
case ROSE_STATE_0:
/* Magic here: If we listen() and a new link dies before it
@@ -152,6 +156,7 @@ static void rose_heartbeat_expiry(struct timer_list *t)
}
rose_start_heartbeat(sk);
+out:
bh_unlock_sock(sk);
sock_put(sk);
}
@@ -162,6 +167,10 @@ static void rose_timer_expiry(struct timer_list *t)
struct sock *sk = &rose->sock;
bh_lock_sock(sk);
+ if (sock_owned_by_user(sk)) {
+ sk_reset_timer(sk, &rose->timer, jiffies + HZ/20);
+ goto out;
+ }
switch (rose->state) {
case ROSE_STATE_1: /* T1 */
case ROSE_STATE_4: /* T2 */
@@ -182,6 +191,7 @@ static void rose_timer_expiry(struct timer_list *t)
}
break;
}
+out:
bh_unlock_sock(sk);
sock_put(sk);
}
@@ -192,6 +202,10 @@ static void rose_idletimer_expiry(struct timer_list *t)
struct sock *sk = &rose->sock;
bh_lock_sock(sk);
+ if (sock_owned_by_user(sk)) {
+ sk_reset_timer(sk, &rose->idletimer, jiffies + HZ/20);
+ goto out;
+ }
rose_clear_queues(sk);
rose_write_internal(sk, ROSE_CLEAR_REQUEST);
@@ -207,6 +221,7 @@ static void rose_idletimer_expiry(struct timer_list *t)
sk->sk_state_change(sk);
sock_set_flag(sk, SOCK_DEAD);
}
+out:
bh_unlock_sock(sk);
sock_put(sk);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 224/578] net: netdevsim: try to close UDP port harness races
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 223/578] net: rose: fix timer races against user threads Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 225/578] vxlan: Fix uninit-value in vxlan_vnifilter_dump() Greg Kroah-Hartman
` (362 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+2e5de9e3ab986b71d2bf,
Michal Swiatkowski, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 50bf398e1ceacb9a7f85bd3bdca065ebe5cb6159 ]
syzbot discovered that we remove the debugfs files after we free
the netdev. Try to clean up the relevant dir while the device
is still around.
Reported-by: syzbot+2e5de9e3ab986b71d2bf@syzkaller.appspotmail.com
Fixes: 424be63ad831 ("netdevsim: add UDP tunnel port offload support")
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Link: https://patch.msgid.link/20250122224503.762705-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/netdevsim/netdevsim.h | 1 +
drivers/net/netdevsim/udp_tunnels.c | 23 +++++++++++--------
.../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 ++++++-------
3 files changed, 23 insertions(+), 17 deletions(-)
diff --git a/drivers/net/netdevsim/netdevsim.h b/drivers/net/netdevsim/netdevsim.h
index 7d8ed8d8df5c9..02e3518e9a7e2 100644
--- a/drivers/net/netdevsim/netdevsim.h
+++ b/drivers/net/netdevsim/netdevsim.h
@@ -98,6 +98,7 @@ struct netdevsim {
u32 sleep;
u32 __ports[2][NSIM_UDP_TUNNEL_N_PORTS];
u32 (*ports)[NSIM_UDP_TUNNEL_N_PORTS];
+ struct dentry *ddir;
struct debugfs_u32_array dfs_ports[2];
} udp_ports;
diff --git a/drivers/net/netdevsim/udp_tunnels.c b/drivers/net/netdevsim/udp_tunnels.c
index 02dc3123eb6c1..640b4983a9a0d 100644
--- a/drivers/net/netdevsim/udp_tunnels.c
+++ b/drivers/net/netdevsim/udp_tunnels.c
@@ -112,9 +112,11 @@ nsim_udp_tunnels_info_reset_write(struct file *file, const char __user *data,
struct net_device *dev = file->private_data;
struct netdevsim *ns = netdev_priv(dev);
- memset(ns->udp_ports.ports, 0, sizeof(ns->udp_ports.__ports));
rtnl_lock();
- udp_tunnel_nic_reset_ntf(dev);
+ if (dev->reg_state == NETREG_REGISTERED) {
+ memset(ns->udp_ports.ports, 0, sizeof(ns->udp_ports.__ports));
+ udp_tunnel_nic_reset_ntf(dev);
+ }
rtnl_unlock();
return count;
@@ -144,23 +146,23 @@ int nsim_udp_tunnels_info_create(struct nsim_dev *nsim_dev,
else
ns->udp_ports.ports = nsim_dev->udp_ports.__ports;
- debugfs_create_u32("udp_ports_inject_error", 0600,
- ns->nsim_dev_port->ddir,
+ ns->udp_ports.ddir = debugfs_create_dir("udp_ports",
+ ns->nsim_dev_port->ddir);
+
+ debugfs_create_u32("inject_error", 0600, ns->udp_ports.ddir,
&ns->udp_ports.inject_error);
ns->udp_ports.dfs_ports[0].array = ns->udp_ports.ports[0];
ns->udp_ports.dfs_ports[0].n_elements = NSIM_UDP_TUNNEL_N_PORTS;
- debugfs_create_u32_array("udp_ports_table0", 0400,
- ns->nsim_dev_port->ddir,
+ debugfs_create_u32_array("table0", 0400, ns->udp_ports.ddir,
&ns->udp_ports.dfs_ports[0]);
ns->udp_ports.dfs_ports[1].array = ns->udp_ports.ports[1];
ns->udp_ports.dfs_ports[1].n_elements = NSIM_UDP_TUNNEL_N_PORTS;
- debugfs_create_u32_array("udp_ports_table1", 0400,
- ns->nsim_dev_port->ddir,
+ debugfs_create_u32_array("table1", 0400, ns->udp_ports.ddir,
&ns->udp_ports.dfs_ports[1]);
- debugfs_create_file("udp_ports_reset", 0200, ns->nsim_dev_port->ddir,
+ debugfs_create_file("reset", 0200, ns->udp_ports.ddir,
dev, &nsim_udp_tunnels_info_reset_fops);
/* Note: it's not normal to allocate the info struct like this!
@@ -196,6 +198,9 @@ int nsim_udp_tunnels_info_create(struct nsim_dev *nsim_dev,
void nsim_udp_tunnels_info_destroy(struct net_device *dev)
{
+ struct netdevsim *ns = netdev_priv(dev);
+
+ debugfs_remove_recursive(ns->udp_ports.ddir);
kfree(dev->udp_tunnel_nic_info);
dev->udp_tunnel_nic_info = NULL;
}
diff --git a/tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh b/tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh
index 185b02d2d4cd1..7af78990b5bb6 100755
--- a/tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh
+++ b/tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh
@@ -142,7 +142,7 @@ function pre_ethtool {
}
function check_table {
- local path=$NSIM_DEV_DFS/ports/$port/udp_ports_table$1
+ local path=$NSIM_DEV_DFS/ports/$port/udp_ports/table$1
local -n expected=$2
local last=$3
@@ -212,7 +212,7 @@ function check_tables {
}
function print_table {
- local path=$NSIM_DEV_DFS/ports/$port/udp_ports_table$1
+ local path=$NSIM_DEV_DFS/ports/$port/udp_ports/table$1
read -a have < $path
tree $NSIM_DEV_DFS/
@@ -640,7 +640,7 @@ for port in 0 1; do
NSIM_NETDEV=`get_netdev_name old_netdevs`
ifconfig $NSIM_NETDEV up
- echo 110 > $NSIM_DEV_DFS/ports/$port/udp_ports_inject_error
+ echo 110 > $NSIM_DEV_DFS/ports/$port/udp_ports/inject_error
msg="1 - create VxLANs v6"
exp0=( 0 0 0 0 )
@@ -662,7 +662,7 @@ for port in 0 1; do
new_geneve gnv0 20000
msg="2 - destroy GENEVE"
- echo 2 > $NSIM_DEV_DFS/ports/$port/udp_ports_inject_error
+ echo 2 > $NSIM_DEV_DFS/ports/$port/udp_ports/inject_error
exp1=( `mke 20000 2` 0 0 0 )
del_dev gnv0
@@ -763,7 +763,7 @@ for port in 0 1; do
msg="create VxLANs v4"
new_vxlan vxlan0 10000 $NSIM_NETDEV
- echo 1 > $NSIM_DEV_DFS/ports/$port/udp_ports_reset
+ echo 1 > $NSIM_DEV_DFS/ports/$port/udp_ports/reset
check_tables
msg="NIC device goes down"
@@ -774,7 +774,7 @@ for port in 0 1; do
fi
check_tables
- echo 1 > $NSIM_DEV_DFS/ports/$port/udp_ports_reset
+ echo 1 > $NSIM_DEV_DFS/ports/$port/udp_ports/reset
check_tables
msg="NIC device goes up again"
@@ -788,7 +788,7 @@ for port in 0 1; do
del_dev vxlan0
check_tables
- echo 1 > $NSIM_DEV_DFS/ports/$port/udp_ports_reset
+ echo 1 > $NSIM_DEV_DFS/ports/$port/udp_ports/reset
check_tables
msg="destroy NIC"
@@ -895,7 +895,7 @@ msg="vacate VxLAN in overflow table"
exp0=( `mke 10000 1` `mke 10004 1` 0 `mke 10003 1` )
del_dev vxlan2
-echo 1 > $NSIM_DEV_DFS/ports/$port/udp_ports_reset
+echo 1 > $NSIM_DEV_DFS/ports/$port/udp_ports/reset
check_tables
msg="tunnels destroyed 2"
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 225/578] vxlan: Fix uninit-value in vxlan_vnifilter_dump()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 224/578] net: netdevsim: try to close UDP port harness races Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 226/578] net: davicom: fix UAF in dm9000_drv_remove Greg Kroah-Hartman
` (361 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzkaller, Shigeru Yoshida,
Ido Schimmel, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shigeru Yoshida <syoshida@redhat.com>
[ Upstream commit 5066293b9b7046a906eff60e3949a887ae185a43 ]
KMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].
If the length of the netlink message payload is less than
sizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes
beyond the message. This can lead to uninit-value access. Fix this by
returning an error in such situations.
[1]
BUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422
vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422
rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786
netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317
__netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432
netlink_dump_start include/linux/netlink.h:340 [inline]
rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]
rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882
netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542
rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944
netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]
netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347
netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x330/0x3d0 net/socket.c:726
____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583
___sys_sendmsg+0x271/0x3b0 net/socket.c:2637
__sys_sendmsg net/socket.c:2669 [inline]
__do_sys_sendmsg net/socket.c:2674 [inline]
__se_sys_sendmsg net/socket.c:2672 [inline]
__x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672
x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
slab_post_alloc_hook mm/slub.c:4110 [inline]
slab_alloc_node mm/slub.c:4153 [inline]
kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205
kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587
__alloc_skb+0x347/0x7d0 net/core/skbuff.c:678
alloc_skb include/linux/skbuff.h:1323 [inline]
netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196
netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x330/0x3d0 net/socket.c:726
____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583
___sys_sendmsg+0x271/0x3b0 net/socket.c:2637
__sys_sendmsg net/socket.c:2669 [inline]
__do_sys_sendmsg net/socket.c:2674 [inline]
__se_sys_sendmsg net/socket.c:2672 [inline]
__x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672
x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014
Fixes: f9c4bb0b245c ("vxlan: vni filtering support on collect metadata device")
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Link: https://patch.msgid.link/20250123145746.785768-1-syoshida@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/vxlan/vxlan_vnifilter.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/vxlan/vxlan_vnifilter.c b/drivers/net/vxlan/vxlan_vnifilter.c
index 3d113d709d194..1ffc00e270802 100644
--- a/drivers/net/vxlan/vxlan_vnifilter.c
+++ b/drivers/net/vxlan/vxlan_vnifilter.c
@@ -411,6 +411,11 @@ static int vxlan_vnifilter_dump(struct sk_buff *skb, struct netlink_callback *cb
struct tunnel_msg *tmsg;
struct net_device *dev;
+ if (cb->nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct tunnel_msg))) {
+ NL_SET_ERR_MSG(cb->extack, "Invalid msg length");
+ return -EINVAL;
+ }
+
tmsg = nlmsg_data(cb->nlh);
if (tmsg->flags & ~TUNNEL_MSG_VALID_USER_FLAGS) {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 226/578] net: davicom: fix UAF in dm9000_drv_remove
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 225/578] vxlan: Fix uninit-value in vxlan_vnifilter_dump() Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 227/578] perf trace: Fix runtime error of index out of bounds Greg Kroah-Hartman
` (360 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chenyuan Yang, Uwe Kleine-König,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chenyuan Yang <chenyuan0y@gmail.com>
[ Upstream commit 19e65c45a1507a1a2926649d2db3583ed9d55fd9 ]
dm is netdev private data and it cannot be
used after free_netdev() call. Using dm after free_netdev()
can cause UAF bug. Fix it by moving free_netdev() at the end of the
function.
This is similar to the issue fixed in commit
ad297cd2db89 ("net: qcom/emac: fix UAF in emac_remove").
This bug is detected by our static analysis tool.
Fixes: cf9e60aa69ae ("net: davicom: Fix regulator not turned off on driver removal")
Signed-off-by: Chenyuan Yang <chenyuan0y@gmail.com>
CC: Uwe Kleine-König <u.kleine-koenig@baylibre.com>
Link: https://patch.msgid.link/20250123214213.623518-1-chenyuan0y@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/davicom/dm9000.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/davicom/dm9000.c b/drivers/net/ethernet/davicom/dm9000.c
index b21e56de61671..c79d97f4ee900 100644
--- a/drivers/net/ethernet/davicom/dm9000.c
+++ b/drivers/net/ethernet/davicom/dm9000.c
@@ -1778,10 +1778,11 @@ dm9000_drv_remove(struct platform_device *pdev)
unregister_netdev(ndev);
dm9000_release_board(pdev, dm);
- free_netdev(ndev); /* free device structure */
if (dm->power_supply)
regulator_disable(dm->power_supply);
+ free_netdev(ndev); /* free device structure */
+
dev_dbg(&pdev->dev, "released and freed device\n");
return 0;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 227/578] perf trace: Fix runtime error of index out of bounds
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 226/578] net: davicom: fix UAF in dm9000_drv_remove Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 228/578] bgmac: reduce max frame size to support just MTU 1500 Greg Kroah-Hartman
` (359 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Howard Chu, Namhyung Kim,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Howard Chu <howardchu95@gmail.com>
[ Upstream commit c7b87ce0dd10b64b68a0b22cb83bbd556e28fe81 ]
libtraceevent parses and returns an array of argument fields, sometimes
larger than RAW_SYSCALL_ARGS_NUM (6) because it includes "__syscall_nr",
idx will traverse to index 6 (7th element) whereas sc->fmt->arg holds 6
elements max, creating an out-of-bounds access. This runtime error is
found by UBsan. The error message:
$ sudo UBSAN_OPTIONS=print_stacktrace=1 ./perf trace -a --max-events=1
builtin-trace.c:1966:35: runtime error: index 6 out of bounds for type 'syscall_arg_fmt [6]'
#0 0x5c04956be5fe in syscall__alloc_arg_fmts /home/howard/hw/linux-perf/tools/perf/builtin-trace.c:1966
#1 0x5c04956c0510 in trace__read_syscall_info /home/howard/hw/linux-perf/tools/perf/builtin-trace.c:2110
#2 0x5c04956c372b in trace__syscall_info /home/howard/hw/linux-perf/tools/perf/builtin-trace.c:2436
#3 0x5c04956d2f39 in trace__init_syscalls_bpf_prog_array_maps /home/howard/hw/linux-perf/tools/perf/builtin-trace.c:3897
#4 0x5c04956d6d25 in trace__run /home/howard/hw/linux-perf/tools/perf/builtin-trace.c:4335
#5 0x5c04956e112e in cmd_trace /home/howard/hw/linux-perf/tools/perf/builtin-trace.c:5502
#6 0x5c04956eda7d in run_builtin /home/howard/hw/linux-perf/tools/perf/perf.c:351
#7 0x5c04956ee0a8 in handle_internal_command /home/howard/hw/linux-perf/tools/perf/perf.c:404
#8 0x5c04956ee37f in run_argv /home/howard/hw/linux-perf/tools/perf/perf.c:448
#9 0x5c04956ee8e9 in main /home/howard/hw/linux-perf/tools/perf/perf.c:556
#10 0x79eb3622a3b7 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#11 0x79eb3622a47a in __libc_start_main_impl ../csu/libc-start.c:360
#12 0x5c04955422d4 in _start (/home/howard/hw/linux-perf/tools/perf/perf+0x4e02d4) (BuildId: 5b6cab2d59e96a4341741765ad6914a4d784dbc6)
0.000 ( 0.014 ms): Chrome_ChildIO/117244 write(fd: 238, buf: !, count: 1) = 1
Fixes: 5e58fcfaf4c6 ("perf trace: Allow allocating sc->arg_fmt even without the syscall tracepoint")
Signed-off-by: Howard Chu <howardchu95@gmail.com>
Link: https://lore.kernel.org/r/20250122025519.361873-1-howardchu95@gmail.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-trace.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
index 441655e659c2b..4655e82c81e69 100644
--- a/tools/perf/builtin-trace.c
+++ b/tools/perf/builtin-trace.c
@@ -1822,8 +1822,12 @@ static int trace__read_syscall_info(struct trace *trace, int id)
return PTR_ERR(sc->tp_format);
}
+ /*
+ * The tracepoint format contains __syscall_nr field, so it's one more
+ * than the actual number of syscall arguments.
+ */
if (syscall__alloc_arg_fmts(sc, IS_ERR(sc->tp_format) ?
- RAW_SYSCALL_ARGS_NUM : sc->tp_format->format.nr_fields))
+ RAW_SYSCALL_ARGS_NUM : sc->tp_format->format.nr_fields - 1))
return -ENOMEM;
sc->args = sc->tp_format->format.fields;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 228/578] bgmac: reduce max frame size to support just MTU 1500
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 227/578] perf trace: Fix runtime error of index out of bounds Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 229/578] net: sh_eth: Fix missing rtnl lock in suspend/resume path Greg Kroah-Hartman
` (358 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafał Miłecki,
Simon Horman, Florian Fainelli, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafał Miłecki <rafal@milecki.pl>
[ Upstream commit 752e5fcc2e77358936d36ef8e522d6439372e201 ]
bgmac allocates new replacement buffer before handling each received
frame. Allocating & DMA-preparing 9724 B each time consumes a lot of CPU
time. Ideally bgmac should just respect currently set MTU but it isn't
the case right now. For now just revert back to the old limited frame
size.
This change bumps NAT masquerade speed by ~95%.
Since commit 8218f62c9c9b ("mm: page_frag: use initial zero offset for
page_frag_alloc_align()"), the bgmac driver fails to open its network
interface successfully and runs out of memory in the following call
stack:
bgmac_open
-> bgmac_dma_init
-> bgmac_dma_rx_skb_for_slot
-> netdev_alloc_frag
BGMAC_RX_ALLOC_SIZE = 10048 and PAGE_FRAG_CACHE_MAX_SIZE = 32768.
Eventually we land into __page_frag_alloc_align() with the following
parameters across multiple successive calls:
__page_frag_alloc_align: fragsz=10048, align_mask=-1, size=32768, offset=0
__page_frag_alloc_align: fragsz=10048, align_mask=-1, size=32768, offset=10048
__page_frag_alloc_align: fragsz=10048, align_mask=-1, size=32768, offset=20096
__page_frag_alloc_align: fragsz=10048, align_mask=-1, size=32768, offset=30144
So in that case we do indeed have offset + fragsz (40192) > size (32768)
and so we would eventually return NULL. Reverting to the older 1500
bytes MTU allows the network driver to be usable again.
Fixes: 8c7da63978f1 ("bgmac: configure MTU and add support for frames beyond 8192 byte size")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
[florian: expand commit message about recent commits]
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Link: https://patch.msgid.link/20250127175159.1788246-1-florian.fainelli@broadcom.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bgmac.h | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bgmac.h b/drivers/net/ethernet/broadcom/bgmac.h
index d73ef262991d6..6fee9a41839c0 100644
--- a/drivers/net/ethernet/broadcom/bgmac.h
+++ b/drivers/net/ethernet/broadcom/bgmac.h
@@ -328,8 +328,7 @@
#define BGMAC_RX_FRAME_OFFSET 30 /* There are 2 unused bytes between header and real data */
#define BGMAC_RX_BUF_OFFSET (NET_SKB_PAD + NET_IP_ALIGN - \
BGMAC_RX_FRAME_OFFSET)
-/* Jumbo frame size with FCS */
-#define BGMAC_RX_MAX_FRAME_SIZE 9724
+#define BGMAC_RX_MAX_FRAME_SIZE 1536
#define BGMAC_RX_BUF_SIZE (BGMAC_RX_FRAME_OFFSET + BGMAC_RX_MAX_FRAME_SIZE)
#define BGMAC_RX_ALLOC_SIZE (SKB_DATA_ALIGN(BGMAC_RX_BUF_SIZE + BGMAC_RX_BUF_OFFSET) + \
SKB_DATA_ALIGN(sizeof(struct skb_shared_info)))
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 229/578] net: sh_eth: Fix missing rtnl lock in suspend/resume path
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 228/578] bgmac: reduce max frame size to support just MTU 1500 Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 230/578] net: hsr: fix fill_frame_info() regression vs VLAN packets Greg Kroah-Hartman
` (357 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Niklas Söderlund,
Sergey Shtylyov, Kory Maincent, Paolo Abeni, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kory Maincent <kory.maincent@bootlin.com>
[ Upstream commit b95102215a8d0987789715ce11c0d4ec031cbfbe ]
Fix the suspend/resume path by ensuring the rtnl lock is held where
required. Calls to sh_eth_close, sh_eth_open and wol operations must be
performed under the rtnl lock to prevent conflicts with ongoing ndo
operations.
Fixes: b71af04676e9 ("sh_eth: add more PM methods")
Tested-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/renesas/sh_eth.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c
index 14dc5833c465c..5f4297e83aafe 100644
--- a/drivers/net/ethernet/renesas/sh_eth.c
+++ b/drivers/net/ethernet/renesas/sh_eth.c
@@ -3473,10 +3473,12 @@ static int sh_eth_suspend(struct device *dev)
netif_device_detach(ndev);
+ rtnl_lock();
if (mdp->wol_enabled)
ret = sh_eth_wol_setup(ndev);
else
ret = sh_eth_close(ndev);
+ rtnl_unlock();
return ret;
}
@@ -3490,10 +3492,12 @@ static int sh_eth_resume(struct device *dev)
if (!netif_running(ndev))
return 0;
+ rtnl_lock();
if (mdp->wol_enabled)
ret = sh_eth_wol_restore(ndev);
else
ret = sh_eth_open(ndev);
+ rtnl_unlock();
if (ret < 0)
return ret;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 230/578] net: hsr: fix fill_frame_info() regression vs VLAN packets
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 229/578] net: sh_eth: Fix missing rtnl lock in suspend/resume path Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 231/578] genksyms: fix memory leak when the same symbol is added from source Greg Kroah-Hartman
` (356 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stephan Wurm, Eric Dumazet,
Simon Horman, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 0f5697f1a3f99bc2b674b8aa3c5da822c5673c11 ]
Stephan Wurm reported that my recent patch broke VLAN support.
Apparently skb->mac_len is not correct for VLAN traffic as
shown by debug traces [1].
Use instead pskb_may_pull() to make sure the expected header
is present in skb->head.
Many thanks to Stephan for his help.
[1]
kernel: skb len=170 headroom=2 headlen=170 tailroom=20
mac=(2,14) mac_len=14 net=(16,-1) trans=-1
shinfo(txflags=0 nr_frags=0 gso(size=0 type=0 segs=0))
csum(0x0 start=0 offset=0 ip_summed=0 complete_sw=0 valid=0 level=0)
hash(0x0 sw=0 l4=0) proto=0x0000 pkttype=0 iif=0
priority=0x0 mark=0x0 alloc_cpu=0 vlan_all=0x0
encapsulation=0 inner(proto=0x0000, mac=0, net=0, trans=0)
kernel: dev name=prp0 feat=0x0000000000007000
kernel: sk family=17 type=3 proto=0
kernel: skb headroom: 00000000: 74 00
kernel: skb linear: 00000000: 01 0c cd 01 00 01 00 d0 93 53 9c cb 81 00 80 00
kernel: skb linear: 00000010: 88 b8 00 01 00 98 00 00 00 00 61 81 8d 80 16 52
kernel: skb linear: 00000020: 45 47 44 4e 43 54 52 4c 2f 4c 4c 4e 30 24 47 4f
kernel: skb linear: 00000030: 24 47 6f 43 62 81 01 14 82 16 52 45 47 44 4e 43
kernel: skb linear: 00000040: 54 52 4c 2f 4c 4c 4e 30 24 44 73 47 6f 6f 73 65
kernel: skb linear: 00000050: 83 07 47 6f 49 64 65 6e 74 84 08 67 8d f5 93 7e
kernel: skb linear: 00000060: 76 c8 00 85 01 01 86 01 00 87 01 00 88 01 01 89
kernel: skb linear: 00000070: 01 00 8a 01 02 ab 33 a2 15 83 01 00 84 03 03 00
kernel: skb linear: 00000080: 00 91 08 67 8d f5 92 77 4b c6 1f 83 01 00 a2 1a
kernel: skb linear: 00000090: a2 06 85 01 00 83 01 00 84 03 03 00 00 91 08 67
kernel: skb linear: 000000a0: 8d f5 92 77 4b c6 1f 83 01 00
kernel: skb tailroom: 00000000: 80 18 02 00 fe 4e 00 00 01 01 08 0a 4f fd 5e d1
kernel: skb tailroom: 00000010: 4f fd 5e cd
Fixes: b9653d19e556 ("net: hsr: avoid potential out-of-bound access in fill_frame_info()")
Reported-by: Stephan Wurm <stephan.wurm@a-eberle.de>
Tested-by: Stephan Wurm <stephan.wurm@a-eberle.de>
Closes: https://lore.kernel.org/netdev/Z4o_UC0HweBHJ_cw@PC-LX-SteWu/
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20250129130007.644084-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/hsr/hsr_forward.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/hsr/hsr_forward.c b/net/hsr/hsr_forward.c
index 2790f3964d6bd..9317f96127c1b 100644
--- a/net/hsr/hsr_forward.c
+++ b/net/hsr/hsr_forward.c
@@ -588,9 +588,12 @@ static int fill_frame_info(struct hsr_frame_info *frame,
frame->is_vlan = true;
if (frame->is_vlan) {
- if (skb->mac_len < offsetofend(struct hsr_vlan_ethhdr, vlanhdr))
+ /* Note: skb->mac_len might be wrong here. */
+ if (!pskb_may_pull(skb,
+ skb_mac_offset(skb) +
+ offsetofend(struct hsr_vlan_ethhdr, vlanhdr)))
return -EINVAL;
- vlan_hdr = (struct hsr_vlan_ethhdr *)ethhdr;
+ vlan_hdr = (struct hsr_vlan_ethhdr *)skb_mac_header(skb);
proto = vlan_hdr->vlanhdr.h_vlan_encapsulated_proto;
/* FIXME: */
netdev_warn_once(skb->dev, "VLAN not yet supported");
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 231/578] genksyms: fix memory leak when the same symbol is added from source
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 230/578] net: hsr: fix fill_frame_info() regression vs VLAN packets Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 232/578] genksyms: fix memory leak when the same symbol is read from *.symref file Greg Kroah-Hartman
` (355 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 45c9c4101d3d2fdfa00852274bbebba65fcc3cf2 ]
When a symbol that is already registered is added again, __add_symbol()
returns without freeing the symbol definition, making it unreachable.
The following test cases demonstrate different memory leak points.
[Test Case 1]
Forward declaration with exactly the same definition
$ cat foo.c
#include <linux/export.h>
void foo(void);
void foo(void) {}
EXPORT_SYMBOL(foo);
[Test Case 2]
Forward declaration with a different definition (e.g. attribute)
$ cat foo.c
#include <linux/export.h>
void foo(void);
__attribute__((__section__(".ref.text"))) void foo(void) {}
EXPORT_SYMBOL(foo);
[Test Case 3]
Preserving an overridden symbol (compile with KBUILD_PRESERVE=1)
$ cat foo.c
#include <linux/export.h>
void foo(void);
void foo(void) { }
EXPORT_SYMBOL(foo);
$ cat foo.symref
override foo void foo ( int )
The memory leaks in Test Case 1 and 2 have existed since the introduction
of genksyms into the kernel tree. [1]
The memory leak in Test Case 3 was introduced by commit 5dae9a550a74
("genksyms: allow to ignore symbol checksum changes").
When multiple init_declarators are reduced to an init_declarator_list,
the decl_spec must be duplicated. Otherwise, the following Test Case 4
would result in a double-free bug.
[Test Case 4]
$ cat foo.c
#include <linux/export.h>
extern int foo, bar;
int foo, bar;
EXPORT_SYMBOL(foo);
In this case, 'foo' and 'bar' share the same decl_spec, 'int'. It must
be unshared before being passed to add_symbol().
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/history/history.git/commit/?id=46bd1da672d66ccd8a639d3c1f8a166048cca608
Fixes: 5dae9a550a74 ("genksyms: allow to ignore symbol checksum changes")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/genksyms/genksyms.c | 3 +++
scripts/genksyms/parse.y | 14 ++++++++++++--
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/scripts/genksyms/genksyms.c b/scripts/genksyms/genksyms.c
index f5dfdb9d80e9d..6ddc8f406c75f 100644
--- a/scripts/genksyms/genksyms.c
+++ b/scripts/genksyms/genksyms.c
@@ -241,6 +241,7 @@ static struct symbol *__add_symbol(const char *name, enum symbol_type type,
"unchanged\n");
}
sym->is_declared = 1;
+ free_list(defn, NULL);
return sym;
} else if (!sym->is_declared) {
if (sym->is_override && flag_preserve) {
@@ -249,6 +250,7 @@ static struct symbol *__add_symbol(const char *name, enum symbol_type type,
print_type_name(type, name);
fprintf(stderr, " modversion change\n");
sym->is_declared = 1;
+ free_list(defn, NULL);
return sym;
} else {
status = is_unknown_symbol(sym) ?
@@ -256,6 +258,7 @@ static struct symbol *__add_symbol(const char *name, enum symbol_type type,
}
} else {
error_with_pos("redefinition of %s", name);
+ free_list(defn, NULL);
return sym;
}
break;
diff --git a/scripts/genksyms/parse.y b/scripts/genksyms/parse.y
index 8e9b5e69e8f01..840371d01bf48 100644
--- a/scripts/genksyms/parse.y
+++ b/scripts/genksyms/parse.y
@@ -152,14 +152,19 @@ simple_declaration:
;
init_declarator_list_opt:
- /* empty */ { $$ = NULL; }
- | init_declarator_list
+ /* empty */ { $$ = NULL; }
+ | init_declarator_list { free_list(decl_spec, NULL); $$ = $1; }
;
init_declarator_list:
init_declarator
{ struct string_list *decl = *$1;
*$1 = NULL;
+
+ /* avoid sharing among multiple init_declarators */
+ if (decl_spec)
+ decl_spec = copy_list_range(decl_spec, NULL);
+
add_symbol(current_name,
is_typedef ? SYM_TYPEDEF : SYM_NORMAL, decl, is_extern);
current_name = NULL;
@@ -170,6 +175,11 @@ init_declarator_list:
*$3 = NULL;
free_list(*$2, NULL);
*$2 = decl_spec;
+
+ /* avoid sharing among multiple init_declarators */
+ if (decl_spec)
+ decl_spec = copy_list_range(decl_spec, NULL);
+
add_symbol(current_name,
is_typedef ? SYM_TYPEDEF : SYM_NORMAL, decl, is_extern);
current_name = NULL;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 232/578] genksyms: fix memory leak when the same symbol is read from *.symref file
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 231/578] genksyms: fix memory leak when the same symbol is added from source Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 233/578] ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Greg Kroah-Hartman
` (354 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit be2fa44b5180a1f021efb40c55fdf63c249c3209 ]
When a symbol that is already registered is read again from *.symref
file, __add_symbol() removes the previous one from the hash table without
freeing it.
[Test Case]
$ cat foo.c
#include <linux/export.h>
void foo(void);
void foo(void) {}
EXPORT_SYMBOL(foo);
$ cat foo.symref
foo void foo ( void )
foo void foo ( void )
When a symbol is removed from the hash table, it must be freed along
with its ->name and ->defn members. However, sym->name cannot be freed
because it is sometimes shared with node->string, but not always. If
sym->name and node->string share the same memory, free(sym->name) could
lead to a double-free bug.
To resolve this issue, always assign a strdup'ed string to sym->name.
Fixes: 64e6c1e12372 ("genksyms: track symbol checksum changes")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/genksyms/genksyms.c | 8 ++++++--
scripts/genksyms/genksyms.h | 2 +-
scripts/genksyms/parse.y | 4 ++--
3 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/scripts/genksyms/genksyms.c b/scripts/genksyms/genksyms.c
index 6ddc8f406c75f..6b0eb3898e4ec 100644
--- a/scripts/genksyms/genksyms.c
+++ b/scripts/genksyms/genksyms.c
@@ -274,11 +274,15 @@ static struct symbol *__add_symbol(const char *name, enum symbol_type type,
break;
}
}
+
+ free_list(sym->defn, NULL);
+ free(sym->name);
+ free(sym);
--nsyms;
}
sym = xmalloc(sizeof(*sym));
- sym->name = name;
+ sym->name = xstrdup(name);
sym->type = type;
sym->defn = defn;
sym->expansion_trail = NULL;
@@ -485,7 +489,7 @@ static void read_reference(FILE *f)
defn = def;
def = read_node(f);
}
- subsym = add_reference_symbol(xstrdup(sym->string), sym->tag,
+ subsym = add_reference_symbol(sym->string, sym->tag,
defn, is_extern);
subsym->is_override = is_override;
free_node(sym);
diff --git a/scripts/genksyms/genksyms.h b/scripts/genksyms/genksyms.h
index 21ed2ec2d98ca..5621533dcb8e4 100644
--- a/scripts/genksyms/genksyms.h
+++ b/scripts/genksyms/genksyms.h
@@ -32,7 +32,7 @@ struct string_list {
struct symbol {
struct symbol *hash_next;
- const char *name;
+ char *name;
enum symbol_type type;
struct string_list *defn;
struct symbol *expansion_trail;
diff --git a/scripts/genksyms/parse.y b/scripts/genksyms/parse.y
index 840371d01bf48..689cb6bb40b65 100644
--- a/scripts/genksyms/parse.y
+++ b/scripts/genksyms/parse.y
@@ -482,12 +482,12 @@ enumerator_list:
enumerator:
IDENT
{
- const char *name = strdup((*$1)->string);
+ const char *name = (*$1)->string;
add_symbol(name, SYM_ENUM_CONST, NULL, 0);
}
| IDENT '=' EXPRESSION_PHRASE
{
- const char *name = strdup((*$1)->string);
+ const char *name = (*$1)->string;
struct string_list *expr = copy_list_range(*$3, *$2);
add_symbol(name, SYM_ENUM_CONST, expr, 0);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 233/578] ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 232/578] genksyms: fix memory leak when the same symbol is read from *.symref file Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 234/578] kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST Greg Kroah-Hartman
` (353 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Detlev Casanova, Mark Brown,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Detlev Casanova <detlev.casanova@collabora.com>
[ Upstream commit 5323186e2e8d33c073fad51e24f18e2d6dbae2da ]
In commit
9e2ab4b18ebd ("ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates"),
the set_sysclk callback was removed as considered unused as the mclk rate
can be set in the hw_params callback.
The difference between hw_params and set_sysclk is that the former is
called with the audio sampling rate set in the params (e.g.: 48000 Hz)
while the latter is called with a clock rate already computed with
sampling_rate * mclk-fs (e.g.: 48000 * 256)
For HDMI audio using the Rockchip I2S TDM driver, the mclk-fs value must
be set to 128 instead of the default 256, and that value is set in the
device tree at the machine driver level (like a simple-audio-card
compatible node).
Therefore, the i2s_tdm driver has no idea that another mclk-fs value can
be configured and simply computes the mclk rate in the hw_params callback
with DEFAULT_MCLK_FS * params_rate(params), which is wrong for HDMI
audio.
Re-add the set_sysclk callback so that the mclk rate is computed by the
machine driver which has the correct mclk-fs value set in its device tree
node.
Fixes: 9e2ab4b18ebd ("ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates")
Signed-off-by: Detlev Casanova <detlev.casanova@collabora.com>
Link: https://patch.msgid.link/20250117163102.65807-1-detlev.casanova@collabora.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +++++++++++++++++++++++++--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/sound/soc/rockchip/rockchip_i2s_tdm.c b/sound/soc/rockchip/rockchip_i2s_tdm.c
index bcea52fa45a50..d20438cf8fc4a 100644
--- a/sound/soc/rockchip/rockchip_i2s_tdm.c
+++ b/sound/soc/rockchip/rockchip_i2s_tdm.c
@@ -24,7 +24,6 @@
#define DRV_NAME "rockchip-i2s-tdm"
-#define DEFAULT_MCLK_FS 256
#define CH_GRP_MAX 4 /* The max channel 8 / 2 */
#define MULTIPLEX_CH_MAX 10
@@ -72,6 +71,8 @@ struct rk_i2s_tdm_dev {
bool has_playback;
bool has_capture;
struct snd_soc_dai_driver *dai;
+ unsigned int mclk_rx_freq;
+ unsigned int mclk_tx_freq;
};
static int to_ch_num(unsigned int val)
@@ -641,6 +642,27 @@ static int rockchip_i2s_trcm_mode(struct snd_pcm_substream *substream,
return 0;
}
+static int rockchip_i2s_tdm_set_sysclk(struct snd_soc_dai *cpu_dai, int stream,
+ unsigned int freq, int dir)
+{
+ struct rk_i2s_tdm_dev *i2s_tdm = to_info(cpu_dai);
+
+ if (i2s_tdm->clk_trcm) {
+ i2s_tdm->mclk_tx_freq = freq;
+ i2s_tdm->mclk_rx_freq = freq;
+ } else {
+ if (stream == SNDRV_PCM_STREAM_PLAYBACK)
+ i2s_tdm->mclk_tx_freq = freq;
+ else
+ i2s_tdm->mclk_rx_freq = freq;
+ }
+
+ dev_dbg(i2s_tdm->dev, "The target mclk_%s freq is: %d\n",
+ stream ? "rx" : "tx", freq);
+
+ return 0;
+}
+
static int rockchip_i2s_tdm_hw_params(struct snd_pcm_substream *substream,
struct snd_pcm_hw_params *params,
struct snd_soc_dai *dai)
@@ -655,15 +677,19 @@ static int rockchip_i2s_tdm_hw_params(struct snd_pcm_substream *substream,
if (i2s_tdm->clk_trcm == TRCM_TX) {
mclk = i2s_tdm->mclk_tx;
+ mclk_rate = i2s_tdm->mclk_tx_freq;
} else if (i2s_tdm->clk_trcm == TRCM_RX) {
mclk = i2s_tdm->mclk_rx;
+ mclk_rate = i2s_tdm->mclk_rx_freq;
} else if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) {
mclk = i2s_tdm->mclk_tx;
+ mclk_rate = i2s_tdm->mclk_tx_freq;
} else {
mclk = i2s_tdm->mclk_rx;
+ mclk_rate = i2s_tdm->mclk_rx_freq;
}
- err = clk_set_rate(mclk, DEFAULT_MCLK_FS * params_rate(params));
+ err = clk_set_rate(mclk, mclk_rate);
if (err)
return err;
@@ -822,6 +848,7 @@ static const struct snd_soc_dai_ops rockchip_i2s_tdm_dai_ops = {
.hw_params = rockchip_i2s_tdm_hw_params,
.set_bclk_ratio = rockchip_i2s_tdm_set_bclk_ratio,
.set_fmt = rockchip_i2s_tdm_set_fmt,
+ .set_sysclk = rockchip_i2s_tdm_set_sysclk,
.set_tdm_slot = rockchip_dai_tdm_slot,
.trigger = rockchip_i2s_tdm_trigger,
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 234/578] kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 233/578] ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 235/578] kconfig: add warn-unknown-symbols sanity check Greg Kroah-Hartman
` (352 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit a314f52a0210730d0d556de76bb7388e76d4597d ]
Most 'make *config' commands use .config as the base configuration file.
When .config does not exist, Kconfig tries to load a file listed in
KCONFIG_DEFCONFIG_LIST instead.
However, since commit b75b0a819af9 ("kconfig: change defconfig_list
option to environment variable"), warning messages have displayed an
incorrect file name in such cases.
Below is a demonstration using Debian Trixie. While loading
/boot/config-6.12.9-amd64, the warning messages incorrectly show .config
as the file name.
With this commit, the correct file name is displayed in warnings.
[Before]
$ rm -f .config
$ make config
#
# using defaults found in /boot/config-6.12.9-amd64
#
.config:6804:warning: symbol value 'm' invalid for FB_BACKLIGHT
.config:9895:warning: symbol value 'm' invalid for ANDROID_BINDER_IPC
[After]
$ rm -f .config
$ make config
#
# using defaults found in /boot/config-6.12.9-amd64
#
/boot/config-6.12.9-amd64:6804:warning: symbol value 'm' invalid for FB_BACKLIGHT
/boot/config-6.12.9-amd64:9895:warning: symbol value 'm' invalid for ANDROID_BINDER_IPC
Fixes: b75b0a819af9 ("kconfig: change defconfig_list option to environment variable")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/kconfig/confdata.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index 992575f1e9769..886698a5afba1 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -382,10 +382,12 @@ int conf_read_simple(const char *name, int def)
*p = '\0';
- in = zconf_fopen(env);
+ name = env;
+
+ in = zconf_fopen(name);
if (in) {
conf_message("using defaults found in %s",
- env);
+ name);
goto load;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 235/578] kconfig: add warn-unknown-symbols sanity check
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 234/578] kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST Greg Kroah-Hartman
@ 2025-02-19 8:23 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 236/578] kconfig: require a space after # for valid input Greg Kroah-Hartman
` (351 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sergey Senozhatsky, Masahiro Yamada,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sergey Senozhatsky <senozhatsky@chromium.org>
[ Upstream commit 7cd343008b967423b06af8f6d3236749c67d12e8 ]
Introduce KCONFIG_WARN_UNKNOWN_SYMBOLS environment variable,
which makes Kconfig warn about unknown config symbols.
This is especially useful for continuous kernel uprevs when
some symbols can be either removed or renamed between kernel
releases (which can go unnoticed otherwise).
By default KCONFIG_WARN_UNKNOWN_SYMBOLS generates warnings,
which are non-terminal. There is an additional environment
variable KCONFIG_WERROR that overrides this behaviour and
turns warnings into errors.
Signed-off-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Stable-dep-of: a409fc1463d6 ("kconfig: fix memory leak in sym_warn_unmet_dep()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/kbuild/kconfig.rst | 9 +++++++++
scripts/kconfig/confdata.c | 21 +++++++++++++++++++--
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/Documentation/kbuild/kconfig.rst b/Documentation/kbuild/kconfig.rst
index 5967c79c3baa7..eee0d298774ab 100644
--- a/Documentation/kbuild/kconfig.rst
+++ b/Documentation/kbuild/kconfig.rst
@@ -54,6 +54,15 @@ KCONFIG_OVERWRITECONFIG
If you set KCONFIG_OVERWRITECONFIG in the environment, Kconfig will not
break symlinks when .config is a symlink to somewhere else.
+KCONFIG_WARN_UNKNOWN_SYMBOLS
+----------------------------
+This environment variable makes Kconfig warn about all unrecognized
+symbols in the config input.
+
+KCONFIG_WERROR
+--------------
+If set, Kconfig treats warnings as errors.
+
`CONFIG_`
---------
If you set `CONFIG_` in the environment, Kconfig will prefix all symbols
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index 886698a5afba1..02ac250b8fe9e 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -349,7 +349,11 @@ int conf_read_simple(const char *name, int def)
char *p, *p2;
struct symbol *sym;
int i, def_flags;
+ const char *warn_unknown;
+ const char *werror;
+ warn_unknown = getenv("KCONFIG_WARN_UNKNOWN_SYMBOLS");
+ werror = getenv("KCONFIG_WERROR");
if (name) {
in = zconf_fopen(name);
} else {
@@ -439,6 +443,10 @@ int conf_read_simple(const char *name, int def)
if (def == S_DEF_USER) {
sym = sym_find(line + 2 + strlen(CONFIG_));
if (!sym) {
+ if (warn_unknown)
+ conf_warning("unknown symbol: %s",
+ line + 2 + strlen(CONFIG_));
+
conf_set_changed(true);
continue;
}
@@ -473,7 +481,7 @@ int conf_read_simple(const char *name, int def)
sym = sym_find(line + strlen(CONFIG_));
if (!sym) {
- if (def == S_DEF_AUTO)
+ if (def == S_DEF_AUTO) {
/*
* Reading from include/config/auto.conf
* If CONFIG_FOO previously existed in
@@ -481,8 +489,13 @@ int conf_read_simple(const char *name, int def)
* include/config/FOO must be touched.
*/
conf_touch_dep(line + strlen(CONFIG_));
- else
+ } else {
+ if (warn_unknown)
+ conf_warning("unknown symbol: %s",
+ line + strlen(CONFIG_));
+
conf_set_changed(true);
+ }
continue;
}
@@ -521,6 +534,10 @@ int conf_read_simple(const char *name, int def)
}
free(line);
fclose(in);
+
+ if (conf_warnings && werror)
+ exit(1);
+
return 0;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 236/578] kconfig: require a space after # for valid input
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2025-02-19 8:23 ` [PATCH 6.1 235/578] kconfig: add warn-unknown-symbols sanity check Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 237/578] kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() Greg Kroah-Hartman
` (350 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 4d137ab0107ead0f2590fc0314e627431e3b9e3f ]
Currently, when an input line starts with '#', (line + 2) is passed to
memcmp() without checking line[1].
It means that line[1] can be any arbitrary character. For example,
"#KCONFIG_FOO is not set" is accepted as valid input, functioning the
same as "# CONFIG_FOO is not set".
More importantly, this can potentially lead to a buffer overrun if
line[1] == '\0'. It occurs if the input only contains '#', as
(line + 2) points to an uninitialized buffer.
Check line[1], and skip the line if it is not a space.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Stable-dep-of: a409fc1463d6 ("kconfig: fix memory leak in sym_warn_unmet_dep()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/kconfig/confdata.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index 02ac250b8fe9e..8694ab1e04067 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -432,6 +432,8 @@ int conf_read_simple(const char *name, int def)
conf_lineno++;
sym = NULL;
if (line[0] == '#') {
+ if (line[1] != ' ')
+ continue;
if (memcmp(line + 2, CONFIG_, strlen(CONFIG_)))
continue;
p = strchr(line + 2 + strlen(CONFIG_), ' ');
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 237/578] kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 236/578] kconfig: require a space after # for valid input Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 238/578] kconfig: deduplicate code " Greg Kroah-Hartman
` (349 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 92d4fe0a48f1ab6cf20143dd0b376f4fe842854b ]
The 'else' arm here is unreachable in practical use cases.
include/config/auto.conf does not include "# CONFIG_... is not set"
line unless it is manually hacked.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Stable-dep-of: a409fc1463d6 ("kconfig: fix memory leak in sym_warn_unmet_dep()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/kconfig/confdata.c | 21 ++++++++-------------
1 file changed, 8 insertions(+), 13 deletions(-)
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index 8694ab1e04067..21a65ffe7c3db 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -442,20 +442,15 @@ int conf_read_simple(const char *name, int def)
*p++ = 0;
if (strncmp(p, "is not set", 10))
continue;
- if (def == S_DEF_USER) {
- sym = sym_find(line + 2 + strlen(CONFIG_));
- if (!sym) {
- if (warn_unknown)
- conf_warning("unknown symbol: %s",
- line + 2 + strlen(CONFIG_));
- conf_set_changed(true);
- continue;
- }
- } else {
- sym = sym_lookup(line + 2 + strlen(CONFIG_), 0);
- if (sym->type == S_UNKNOWN)
- sym->type = S_BOOLEAN;
+ sym = sym_find(line + 2 + strlen(CONFIG_));
+ if (!sym) {
+ if (warn_unknown)
+ conf_warning("unknown symbol: %s",
+ line + 2 + strlen(CONFIG_));
+
+ conf_set_changed(true);
+ continue;
}
if (sym->flags & def_flags) {
conf_warning("override: reassigning to symbol %s", sym->name);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 238/578] kconfig: deduplicate code in conf_read_simple()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 237/578] kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 239/578] kconfig: WERROR unmet symbol dependency Greg Kroah-Hartman
` (348 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit d854b4b21de684a16a7d6163c7b0e9c5ff8a09d3 ]
Kconfig accepts both "# CONFIG_FOO is not set" and "CONFIG_FOO=n" as
a valid input, but conf_read_simple() duplicates similar code to handle
them. Factor out the common code.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Stable-dep-of: a409fc1463d6 ("kconfig: fix memory leak in sym_warn_unmet_dep()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/kconfig/confdata.c | 89 +++++++++++++++-----------------------
1 file changed, 35 insertions(+), 54 deletions(-)
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index 21a65ffe7c3db..7e799060b6fe2 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -346,11 +346,10 @@ int conf_read_simple(const char *name, int def)
FILE *in = NULL;
char *line = NULL;
size_t line_asize = 0;
- char *p, *p2;
+ char *p, *p2, *val;
struct symbol *sym;
int i, def_flags;
- const char *warn_unknown;
- const char *werror;
+ const char *warn_unknown, *werror, *sym_name;
warn_unknown = getenv("KCONFIG_WARN_UNKNOWN_SYMBOLS");
werror = getenv("KCONFIG_WERROR");
@@ -430,77 +429,34 @@ int conf_read_simple(const char *name, int def)
while (compat_getline(&line, &line_asize, in) != -1) {
conf_lineno++;
- sym = NULL;
if (line[0] == '#') {
if (line[1] != ' ')
continue;
- if (memcmp(line + 2, CONFIG_, strlen(CONFIG_)))
+ p = line + 2;
+ if (memcmp(p, CONFIG_, strlen(CONFIG_)))
continue;
- p = strchr(line + 2 + strlen(CONFIG_), ' ');
+ sym_name = p + strlen(CONFIG_);
+ p = strchr(sym_name, ' ');
if (!p)
continue;
*p++ = 0;
if (strncmp(p, "is not set", 10))
continue;
- sym = sym_find(line + 2 + strlen(CONFIG_));
- if (!sym) {
- if (warn_unknown)
- conf_warning("unknown symbol: %s",
- line + 2 + strlen(CONFIG_));
-
- conf_set_changed(true);
- continue;
- }
- if (sym->flags & def_flags) {
- conf_warning("override: reassigning to symbol %s", sym->name);
- }
- switch (sym->type) {
- case S_BOOLEAN:
- case S_TRISTATE:
- sym->def[def].tri = no;
- sym->flags |= def_flags;
- break;
- default:
- ;
- }
+ val = "n";
} else if (memcmp(line, CONFIG_, strlen(CONFIG_)) == 0) {
- p = strchr(line + strlen(CONFIG_), '=');
+ sym_name = line + strlen(CONFIG_);
+ p = strchr(sym_name, '=');
if (!p)
continue;
*p++ = 0;
+ val = p;
p2 = strchr(p, '\n');
if (p2) {
*p2-- = 0;
if (*p2 == '\r')
*p2 = 0;
}
-
- sym = sym_find(line + strlen(CONFIG_));
- if (!sym) {
- if (def == S_DEF_AUTO) {
- /*
- * Reading from include/config/auto.conf
- * If CONFIG_FOO previously existed in
- * auto.conf but it is missing now,
- * include/config/FOO must be touched.
- */
- conf_touch_dep(line + strlen(CONFIG_));
- } else {
- if (warn_unknown)
- conf_warning("unknown symbol: %s",
- line + strlen(CONFIG_));
-
- conf_set_changed(true);
- }
- continue;
- }
-
- if (sym->flags & def_flags) {
- conf_warning("override: reassigning to symbol %s", sym->name);
- }
- if (conf_set_sym_val(sym, def, def_flags, p))
- continue;
} else {
if (line[0] != '\r' && line[0] != '\n')
conf_warning("unexpected data: %.*s",
@@ -509,6 +465,31 @@ int conf_read_simple(const char *name, int def)
continue;
}
+ sym = sym_find(sym_name);
+ if (!sym) {
+ if (def == S_DEF_AUTO) {
+ /*
+ * Reading from include/config/auto.conf.
+ * If CONFIG_FOO previously existed in auto.conf
+ * but it is missing now, include/config/FOO
+ * must be touched.
+ */
+ conf_touch_dep(sym_name);
+ } else {
+ if (warn_unknown)
+ conf_warning("unknown symbol: %s", sym_name);
+
+ conf_set_changed(true);
+ }
+ continue;
+ }
+
+ if (sym->flags & def_flags)
+ conf_warning("override: reassigning to symbol %s", sym->name);
+
+ if (conf_set_sym_val(sym, def, def_flags, val))
+ continue;
+
if (sym && sym_is_choice_value(sym)) {
struct symbol *cs = prop_get_symbol(sym_get_choice_prop(sym));
switch (sym->def[def].tri) {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 239/578] kconfig: WERROR unmet symbol dependency
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 238/578] kconfig: deduplicate code " Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 240/578] kconfig: fix memory leak in sym_warn_unmet_dep() Greg Kroah-Hartman
` (347 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Reinauer, Sergey Senozhatsky,
Masahiro Yamada, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sergey Senozhatsky <senozhatsky@chromium.org>
[ Upstream commit 15d3f7664d2776c086f813f1efbfe2ae20a85e89 ]
When KCONFIG_WERROR env variable is set treat unmet direct
symbol dependency as a terminal condition (error).
Suggested-by: Stefan Reinauer <reinauer@google.com>
Signed-off-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Stable-dep-of: a409fc1463d6 ("kconfig: fix memory leak in sym_warn_unmet_dep()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/kconfig/conf.c | 6 ++++++
scripts/kconfig/confdata.c | 13 ++++++++-----
scripts/kconfig/lkc_proto.h | 2 ++
scripts/kconfig/symbol.c | 9 +++++++++
4 files changed, 25 insertions(+), 5 deletions(-)
diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c
index 33d19e419908b..662a5e7c37c28 100644
--- a/scripts/kconfig/conf.c
+++ b/scripts/kconfig/conf.c
@@ -827,6 +827,9 @@ int main(int ac, char **av)
break;
}
+ if (conf_errors())
+ exit(1);
+
if (sync_kconfig) {
name = getenv("KCONFIG_NOSILENTUPDATE");
if (name && *name) {
@@ -890,6 +893,9 @@ int main(int ac, char **av)
break;
}
+ if (sym_dep_errors())
+ exit(1);
+
if (input_mode == savedefconfig) {
if (conf_write_defconfig(defconfig_file)) {
fprintf(stderr, "n*** Error while saving defconfig to: %s\n\n",
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index 7e799060b6fe2..f214e8d3762e0 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -155,6 +155,13 @@ static void conf_message(const char *fmt, ...)
static const char *conf_filename;
static int conf_lineno, conf_warnings;
+bool conf_errors(void)
+{
+ if (conf_warnings)
+ return getenv("KCONFIG_WERROR");
+ return false;
+}
+
static void conf_warning(const char *fmt, ...)
{
va_list ap;
@@ -349,10 +356,9 @@ int conf_read_simple(const char *name, int def)
char *p, *p2, *val;
struct symbol *sym;
int i, def_flags;
- const char *warn_unknown, *werror, *sym_name;
+ const char *warn_unknown, *sym_name;
warn_unknown = getenv("KCONFIG_WARN_UNKNOWN_SYMBOLS");
- werror = getenv("KCONFIG_WERROR");
if (name) {
in = zconf_fopen(name);
} else {
@@ -513,9 +519,6 @@ int conf_read_simple(const char *name, int def)
free(line);
fclose(in);
- if (conf_warnings && werror)
- exit(1);
-
return 0;
}
diff --git a/scripts/kconfig/lkc_proto.h b/scripts/kconfig/lkc_proto.h
index edd1e617b25c5..e4931bde7ca76 100644
--- a/scripts/kconfig/lkc_proto.h
+++ b/scripts/kconfig/lkc_proto.h
@@ -12,6 +12,7 @@ void conf_set_changed(bool val);
bool conf_get_changed(void);
void conf_set_changed_callback(void (*fn)(void));
void conf_set_message_callback(void (*fn)(const char *s));
+bool conf_errors(void);
/* symbol.c */
extern struct symbol * symbol_hash[SYMBOL_HASHSIZE];
@@ -22,6 +23,7 @@ void print_symbol_for_listconfig(struct symbol *sym);
struct symbol ** sym_re_search(const char *pattern);
const char * sym_type_name(enum symbol_type type);
void sym_calc_value(struct symbol *sym);
+bool sym_dep_errors(void);
enum symbol_type sym_get_type(struct symbol *sym);
bool sym_tristate_within_range(struct symbol *sym,tristate tri);
bool sym_set_tristate_value(struct symbol *sym,tristate tri);
diff --git a/scripts/kconfig/symbol.c b/scripts/kconfig/symbol.c
index 7b1df55b01767..758c42621f7a1 100644
--- a/scripts/kconfig/symbol.c
+++ b/scripts/kconfig/symbol.c
@@ -40,6 +40,7 @@ static struct symbol symbol_empty = {
struct symbol *modules_sym;
static tristate modules_val;
+static int sym_warnings;
enum symbol_type sym_get_type(struct symbol *sym)
{
@@ -320,6 +321,14 @@ static void sym_warn_unmet_dep(struct symbol *sym)
" Selected by [m]:\n");
fputs(str_get(&gs), stderr);
+ sym_warnings++;
+}
+
+bool sym_dep_errors(void)
+{
+ if (sym_warnings)
+ return getenv("KCONFIG_WERROR");
+ return false;
}
void sym_calc_value(struct symbol *sym)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 240/578] kconfig: fix memory leak in sym_warn_unmet_dep()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 239/578] kconfig: WERROR unmet symbol dependency Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 241/578] hexagon: fix using plain integer as NULL pointer warning in cmpxchg Greg Kroah-Hartman
` (346 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Petr Vorel,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit a409fc1463d664002ea9bf700ae4674df03de111 ]
The string allocated in sym_warn_unmet_dep() is never freed, leading
to a memory leak when an unmet dependency is detected.
Fixes: f8f69dc0b4e0 ("kconfig: make unmet dependency warnings readable")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/kconfig/symbol.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/scripts/kconfig/symbol.c b/scripts/kconfig/symbol.c
index 758c42621f7a1..1c0306c9d74e2 100644
--- a/scripts/kconfig/symbol.c
+++ b/scripts/kconfig/symbol.c
@@ -321,6 +321,7 @@ static void sym_warn_unmet_dep(struct symbol *sym)
" Selected by [m]:\n");
fputs(str_get(&gs), stderr);
+ str_free(&gs);
sym_warnings++;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 241/578] hexagon: fix using plain integer as NULL pointer warning in cmpxchg
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 240/578] kconfig: fix memory leak in sym_warn_unmet_dep() Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 242/578] hexagon: Fix unbalanced spinlock in die() Greg Kroah-Hartman
` (345 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Willem de Bruijn,
Christian Gmeiner, Brian Cain, Brian Cain, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Willem de Bruijn <willemb@google.com>
[ Upstream commit 8a20030038742b9915c6d811a4e6c14b126cafb4 ]
Sparse reports
net/ipv4/inet_diag.c:1511:17: sparse: sparse: Using plain integer as NULL pointer
Due to this code calling cmpxchg on a non-integer type
struct inet_diag_handler *
return !cmpxchg((const struct inet_diag_handler**)&inet_diag_table[type],
NULL, h) ? 0 : -EEXIST;
While hexagon's cmpxchg assigns an integer value to a variable of this
type.
__typeof__(*(ptr)) __oldval = 0;
Update this assignment to cast 0 to the correct type.
The original issue is easily reproduced at head with the below block,
and is absent after this change.
make LLVM=1 ARCH=hexagon defconfig
make C=1 LLVM=1 ARCH=hexagon net/ipv4/inet_diag.o
Fixes: 99a70aa051d2 ("Hexagon: Add processor and system headers")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202411091538.PGSTqUBi-lkp@intel.com/
Signed-off-by: Willem de Bruijn <willemb@google.com>
Tested-by: Christian Gmeiner <cgmeiner@igalia.com>
Link: https://lore.kernel.org/r/20241203221736.282020-1-willemdebruijn.kernel@gmail.com
Signed-off-by: Brian Cain <bcain@quicinc.com>
Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/hexagon/include/asm/cmpxchg.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/hexagon/include/asm/cmpxchg.h b/arch/hexagon/include/asm/cmpxchg.h
index cdb705e1496af..72c6e16c3f237 100644
--- a/arch/hexagon/include/asm/cmpxchg.h
+++ b/arch/hexagon/include/asm/cmpxchg.h
@@ -56,7 +56,7 @@ static inline unsigned long __xchg(unsigned long x, volatile void *ptr,
__typeof__(ptr) __ptr = (ptr); \
__typeof__(*(ptr)) __old = (old); \
__typeof__(*(ptr)) __new = (new); \
- __typeof__(*(ptr)) __oldval = 0; \
+ __typeof__(*(ptr)) __oldval = (__typeof__(*(ptr))) 0; \
\
asm volatile( \
"1: %0 = memw_locked(%1);\n" \
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 242/578] hexagon: Fix unbalanced spinlock in die()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 241/578] hexagon: fix using plain integer as NULL pointer warning in cmpxchg Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 243/578] f2fs: Introduce linear search for dentries Greg Kroah-Hartman
` (344 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lin Yujun, Brian Cain, Brian Cain,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lin Yujun <linyujun809@huawei.com>
[ Upstream commit 03410e87563a122075c3721acc7d5510e41d8332 ]
die executes holding the spinlock of &die.lock and unlock
it after printing the oops message.
However in the code if the notify_die() returns NOTIFY_STOP
, die() exit with returning 1 but never unlocked the spinlock.
Fix this by adding spin_unlock_irq(&die.lock) before returning.
Fixes: cf9750bae262 ("Hexagon: Provide basic debugging and system trap support.")
Signed-off-by: Lin Yujun <linyujun809@huawei.com>
Link: https://lore.kernel.org/r/20230522025608.2515558-1-linyujun809@huawei.com
Signed-off-by: Brian Cain <bcain@quicinc.com>
Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/hexagon/kernel/traps.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/hexagon/kernel/traps.c b/arch/hexagon/kernel/traps.c
index 6447763ce5a94..b7e394cebe20d 100644
--- a/arch/hexagon/kernel/traps.c
+++ b/arch/hexagon/kernel/traps.c
@@ -195,8 +195,10 @@ int die(const char *str, struct pt_regs *regs, long err)
printk(KERN_EMERG "Oops: %s[#%d]:\n", str, ++die.counter);
if (notify_die(DIE_OOPS, str, regs, err, pt_cause(regs), SIGSEGV) ==
- NOTIFY_STOP)
+ NOTIFY_STOP) {
+ spin_unlock_irq(&die.lock);
return 1;
+ }
print_modules();
show_regs(regs);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 243/578] f2fs: Introduce linear search for dentries
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 242/578] hexagon: Fix unbalanced spinlock in die() Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 244/578] NFSD: Reset cb_seq_status after NFS4ERR_DELAY Greg Kroah-Hartman
` (343 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Lee, Chao Yu, Jaegeuk Kim,
Daniel Rosenberg
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Lee <chullee@google.com>
commit 91b587ba79e1b68bb718d12b0758dbcdab4e9cb7 upstream.
This patch addresses an issue where some files in case-insensitive
directories become inaccessible due to changes in how the kernel function,
utf8_casefold(), generates case-folded strings from the commit 5c26d2f1d3f5
("unicode: Don't special case ignorable code points").
F2FS uses these case-folded names to calculate hash values for locating
dentries and stores them on disk. Since utf8_casefold() can produce
different output across kernel versions, stored hash values and newly
calculated hash values may differ. This results in affected files no
longer being found via the hash-based lookup.
To resolve this, the patch introduces a linear search fallback.
If the initial hash-based search fails, F2FS will sequentially scan the
directory entries.
Fixes: 5c26d2f1d3f5 ("unicode: Don't special case ignorable code points")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219586
Signed-off-by: Daniel Lee <chullee@google.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/dir.c | 53 ++++++++++++++++++++++++++++++++++++++---------------
fs/f2fs/f2fs.h | 6 ++++--
fs/f2fs/inline.c | 5 +++--
3 files changed, 45 insertions(+), 19 deletions(-)
--- a/fs/f2fs/dir.c
+++ b/fs/f2fs/dir.c
@@ -199,7 +199,8 @@ static unsigned long dir_block_index(uns
static struct f2fs_dir_entry *find_in_block(struct inode *dir,
struct page *dentry_page,
const struct f2fs_filename *fname,
- int *max_slots)
+ int *max_slots,
+ bool use_hash)
{
struct f2fs_dentry_block *dentry_blk;
struct f2fs_dentry_ptr d;
@@ -207,7 +208,7 @@ static struct f2fs_dir_entry *find_in_bl
dentry_blk = (struct f2fs_dentry_block *)page_address(dentry_page);
make_dentry_ptr_block(dir, &d, dentry_blk);
- return f2fs_find_target_dentry(&d, fname, max_slots);
+ return f2fs_find_target_dentry(&d, fname, max_slots, use_hash);
}
#if IS_ENABLED(CONFIG_UNICODE)
@@ -284,7 +285,8 @@ static inline int f2fs_match_name(const
}
struct f2fs_dir_entry *f2fs_find_target_dentry(const struct f2fs_dentry_ptr *d,
- const struct f2fs_filename *fname, int *max_slots)
+ const struct f2fs_filename *fname, int *max_slots,
+ bool use_hash)
{
struct f2fs_dir_entry *de;
unsigned long bit_pos = 0;
@@ -307,7 +309,7 @@ struct f2fs_dir_entry *f2fs_find_target_
continue;
}
- if (de->hash_code == fname->hash) {
+ if (!use_hash || de->hash_code == fname->hash) {
res = f2fs_match_name(d->inode, fname,
d->filename[bit_pos],
le16_to_cpu(de->name_len));
@@ -334,11 +336,12 @@ found:
static struct f2fs_dir_entry *find_in_level(struct inode *dir,
unsigned int level,
const struct f2fs_filename *fname,
- struct page **res_page)
+ struct page **res_page,
+ bool use_hash)
{
int s = GET_DENTRY_SLOTS(fname->disk_name.len);
unsigned int nbucket, nblock;
- unsigned int bidx, end_block;
+ unsigned int bidx, end_block, bucket_no;
struct page *dentry_page;
struct f2fs_dir_entry *de = NULL;
pgoff_t next_pgofs;
@@ -348,8 +351,11 @@ static struct f2fs_dir_entry *find_in_le
nbucket = dir_buckets(level, F2FS_I(dir)->i_dir_level);
nblock = bucket_blocks(level);
+ bucket_no = use_hash ? le32_to_cpu(fname->hash) % nbucket : 0;
+
+start_find_bucket:
bidx = dir_block_index(level, F2FS_I(dir)->i_dir_level,
- le32_to_cpu(fname->hash) % nbucket);
+ bucket_no);
end_block = bidx + nblock;
while (bidx < end_block) {
@@ -366,7 +372,7 @@ static struct f2fs_dir_entry *find_in_le
}
}
- de = find_in_block(dir, dentry_page, fname, &max_slots);
+ de = find_in_block(dir, dentry_page, fname, &max_slots, use_hash);
if (IS_ERR(de)) {
*res_page = ERR_CAST(de);
de = NULL;
@@ -383,12 +389,18 @@ static struct f2fs_dir_entry *find_in_le
bidx++;
}
- if (!de && room && F2FS_I(dir)->chash != fname->hash) {
- F2FS_I(dir)->chash = fname->hash;
- F2FS_I(dir)->clevel = level;
- }
+ if (de)
+ return de;
- return de;
+ if (likely(use_hash)) {
+ if (room && F2FS_I(dir)->chash != fname->hash) {
+ F2FS_I(dir)->chash = fname->hash;
+ F2FS_I(dir)->clevel = level;
+ }
+ } else if (++bucket_no < nbucket) {
+ goto start_find_bucket;
+ }
+ return NULL;
}
struct f2fs_dir_entry *__f2fs_find_entry(struct inode *dir,
@@ -399,11 +411,15 @@ struct f2fs_dir_entry *__f2fs_find_entry
struct f2fs_dir_entry *de = NULL;
unsigned int max_depth;
unsigned int level;
+ bool use_hash = true;
*res_page = NULL;
+#if IS_ENABLED(CONFIG_UNICODE)
+start_find_entry:
+#endif
if (f2fs_has_inline_dentry(dir)) {
- de = f2fs_find_in_inline_dir(dir, fname, res_page);
+ de = f2fs_find_in_inline_dir(dir, fname, res_page, use_hash);
goto out;
}
@@ -419,11 +435,18 @@ struct f2fs_dir_entry *__f2fs_find_entry
}
for (level = 0; level < max_depth; level++) {
- de = find_in_level(dir, level, fname, res_page);
+ de = find_in_level(dir, level, fname, res_page, use_hash);
if (de || IS_ERR(*res_page))
break;
}
+
out:
+#if IS_ENABLED(CONFIG_UNICODE)
+ if (IS_CASEFOLDED(dir) && !de && use_hash) {
+ use_hash = false;
+ goto start_find_entry;
+ }
+#endif
/* This is to increase the speed of f2fs_create */
if (!de)
F2FS_I(dir)->task = current;
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -3487,7 +3487,8 @@ int f2fs_prepare_lookup(struct inode *di
struct f2fs_filename *fname);
void f2fs_free_filename(struct f2fs_filename *fname);
struct f2fs_dir_entry *f2fs_find_target_dentry(const struct f2fs_dentry_ptr *d,
- const struct f2fs_filename *fname, int *max_slots);
+ const struct f2fs_filename *fname, int *max_slots,
+ bool use_hash);
int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d,
unsigned int start_pos, struct fscrypt_str *fstr);
void f2fs_do_make_empty_dir(struct inode *inode, struct inode *parent,
@@ -4100,7 +4101,8 @@ int f2fs_write_inline_data(struct inode
int f2fs_recover_inline_data(struct inode *inode, struct page *npage);
struct f2fs_dir_entry *f2fs_find_in_inline_dir(struct inode *dir,
const struct f2fs_filename *fname,
- struct page **res_page);
+ struct page **res_page,
+ bool use_hash);
int f2fs_make_empty_inline_dir(struct inode *inode, struct inode *parent,
struct page *ipage);
int f2fs_add_inline_entry(struct inode *dir, const struct f2fs_filename *fname,
--- a/fs/f2fs/inline.c
+++ b/fs/f2fs/inline.c
@@ -336,7 +336,8 @@ process_inline:
struct f2fs_dir_entry *f2fs_find_in_inline_dir(struct inode *dir,
const struct f2fs_filename *fname,
- struct page **res_page)
+ struct page **res_page,
+ bool use_hash)
{
struct f2fs_sb_info *sbi = F2FS_SB(dir->i_sb);
struct f2fs_dir_entry *de;
@@ -353,7 +354,7 @@ struct f2fs_dir_entry *f2fs_find_in_inli
inline_dentry = inline_data_addr(dir, ipage);
make_dentry_ptr_inline(dir, &d, inline_dentry);
- de = f2fs_find_target_dentry(&d, fname, NULL);
+ de = f2fs_find_target_dentry(&d, fname, NULL, use_hash);
unlock_page(ipage);
if (IS_ERR(de)) {
*res_page = ERR_CAST(de);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 244/578] NFSD: Reset cb_seq_status after NFS4ERR_DELAY
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 243/578] f2fs: Introduce linear search for dentries Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 245/578] kbuild: switch from lz4c to lz4 for compression Greg Kroah-Hartman
` (342 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jeff Layton, Benjamin Coddington,
Chuck Lever
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chuck Lever <chuck.lever@oracle.com>
commit 961b4b5e86bf56a2e4b567f81682defa5cba957e upstream.
I noticed that once an NFSv4.1 callback operation gets a
NFS4ERR_DELAY status on CB_SEQUENCE and then the connection is lost,
the callback client loops, resending it indefinitely.
The switch arm in nfsd4_cb_sequence_done() that handles
NFS4ERR_DELAY uses rpc_restart_call() to rearm the RPC state machine
for the retransmit, but that path does not call the rpc_prepare_call
callback again. Thus cb_seq_status is set to -10008 by the first
NFS4ERR_DELAY result, but is never set back to 1 for the retransmits.
nfsd4_cb_sequence_done() thinks it's getting nothing but a
long series of CB_SEQUENCE NFS4ERR_DELAY replies.
Fixes: 7ba6cad6c88f ("nfsd: New helper nfsd4_cb_sequence_done() for processing more cb errors")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4callback.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -1202,6 +1202,7 @@ static bool nfsd4_cb_sequence_done(struc
ret = false;
break;
case -NFS4ERR_DELAY:
+ cb->cb_seq_status = 1;
if (!rpc_restart_call(task))
goto out;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 245/578] kbuild: switch from lz4c to lz4 for compression
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 244/578] NFSD: Reset cb_seq_status after NFS4ERR_DELAY Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 246/578] netfilter: nf_tables: reject mismatching sum of field_len with set key length Greg Kroah-Hartman
` (341 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Francesco Dolcini, Parth Pancholi,
Masahiro Yamada, Salvatore Bonaccorso
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Parth Pancholi <parth.pancholi@toradex.com>
commit e397a603e49cc7c7c113fad9f55a09637f290c34 upstream.
Replace lz4c with lz4 for kernel image compression.
Although lz4 and lz4c are functionally similar, lz4c has been deprecated
upstream since 2018. Since as early as Ubuntu 16.04 and Fedora 25, lz4
and lz4c have been packaged together, making it safe to update the
requirement from lz4c to lz4.
Consequently, some distributions and build systems, such as OpenEmbedded,
have fully transitioned to using lz4. OpenEmbedded core adopted this
change in commit fe167e082cbd ("bitbake.conf: require lz4 instead of
lz4c"), causing compatibility issues when building the mainline kernel
in the latest OpenEmbedded environment, as seen in the errors below.
This change also updates the LZ4 compression commands to make it backward
compatible by replacing stdin and stdout with the '-' option, due to some
unclear reason, the stdout keyword does not work for lz4 and '-' works for
both. In addition, this modifies the legacy '-c1' with '-9' which is also
compatible with both. This fixes the mainline kernel build failures with
the latest master OpenEmbedded builds associated with the mentioned
compatibility issues.
LZ4 arch/arm/boot/compressed/piggy_data
/bin/sh: 1: lz4c: not found
...
...
ERROR: oe_runmake failed
Link: https://github.com/lz4/lz4/pull/553
Suggested-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Signed-off-by: Parth Pancholi <parth.pancholi@toradex.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Cc: Salvatore Bonaccorso <carnil@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Makefile | 2 +-
scripts/Makefile.lib | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/Makefile
+++ b/Makefile
@@ -528,7 +528,7 @@ KGZIP = gzip
KBZIP2 = bzip2
KLZOP = lzop
LZMA = lzma
-LZ4 = lz4c
+LZ4 = lz4
XZ = xz
ZSTD = zstd
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -459,10 +459,10 @@ quiet_cmd_lzo_with_size = LZO $@
cmd_lzo_with_size = { cat $(real-prereqs) | $(KLZOP) -9; $(size_append); } > $@
quiet_cmd_lz4 = LZ4 $@
- cmd_lz4 = cat $(real-prereqs) | $(LZ4) -l -c1 stdin stdout > $@
+ cmd_lz4 = cat $(real-prereqs) | $(LZ4) -l -9 - - > $@
quiet_cmd_lz4_with_size = LZ4 $@
- cmd_lz4_with_size = { cat $(real-prereqs) | $(LZ4) -l -c1 stdin stdout; \
+ cmd_lz4_with_size = { cat $(real-prereqs) | $(LZ4) -l -9 - -; \
$(size_append); } > $@
# U-Boot mkimage
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 246/578] netfilter: nf_tables: reject mismatching sum of field_len with set key length
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 245/578] kbuild: switch from lz4c to lz4 for compression Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 247/578] nvme: fix metadata handling in nvme-passthrough Greg Kroah-Hartman
` (340 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Noam Rathaus, Florian Westphal,
Pablo Neira Ayuso
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 1b9335a8000fb70742f7db10af314104b6ace220 upstream.
The field length description provides the length of each separated key
field in the concatenation, each field gets rounded up to 32-bits to
calculate the pipapo rule width from pipapo_init(). The set key length
provides the total size of the key aligned to 32-bits.
Register-based arithmetics still allows for combining mismatching set
key length and field length description, eg. set key length 10 and field
description [ 5, 4 ] leading to pipapo width of 12.
Cc: stable@vger.kernel.org
Fixes: 3ce67e3793f4 ("netfilter: nf_tables: do not allow mismatch field size and set key length")
Reported-by: Noam Rathaus <noamr@ssd-disclosure.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4567,7 +4567,7 @@ static int nft_set_desc_concat_parse(con
static int nft_set_desc_concat(struct nft_set_desc *desc,
const struct nlattr *nla)
{
- u32 num_regs = 0, key_num_regs = 0;
+ u32 len = 0, num_regs;
struct nlattr *attr;
int rem, err, i;
@@ -4581,12 +4581,12 @@ static int nft_set_desc_concat(struct nf
}
for (i = 0; i < desc->field_count; i++)
- num_regs += DIV_ROUND_UP(desc->field_len[i], sizeof(u32));
+ len += round_up(desc->field_len[i], sizeof(u32));
- key_num_regs = DIV_ROUND_UP(desc->klen, sizeof(u32));
- if (key_num_regs != num_regs)
+ if (len != desc->klen)
return -EINVAL;
+ num_regs = DIV_ROUND_UP(desc->klen, sizeof(u32));
if (num_regs > NFT_REG32_COUNT)
return -E2BIG;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 247/578] nvme: fix metadata handling in nvme-passthrough
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 246/578] netfilter: nf_tables: reject mismatching sum of field_len with set key length Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 248/578] drm/amd/display: fix double free issue during amdgpu module unload Greg Kroah-Hartman
` (339 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Puranjay Mohan,
Sagi Grimberg, Anuj Gupta, Keith Busch, Hagar Hemdan
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Puranjay Mohan <pjy@amazon.com>
commit 7c2fd76048e95dd267055b5f5e0a48e6e7c81fd9 upstream.
On an NVMe namespace that does not support metadata, it is possible to
send an IO command with metadata through io-passthru. This allows issues
like [1] to trigger in the completion code path.
nvme_map_user_request() doesn't check if the namespace supports metadata
before sending it forward. It also allows admin commands with metadata to
be processed as it ignores metadata when bdev == NULL and may report
success.
Reject an IO command with metadata when the NVMe namespace doesn't
support it and reject an admin command if it has metadata.
[1] https://lore.kernel.org/all/mb61pcylvnym8.fsf@amazon.com/
Suggested-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Puranjay Mohan <pjy@amazon.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Anuj Gupta <anuj20.g@samsung.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
[ Minor changes to make it work on 6.1 ]
Signed-off-by: Puranjay Mohan <pjy@amazon.com>
Signed-off-by: Hagar Hemdan <hagarhem@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/ioctl.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/nvme/host/ioctl.c
+++ b/drivers/nvme/host/ioctl.c
@@ -3,6 +3,7 @@
* Copyright (c) 2011-2014, Intel Corporation.
* Copyright (c) 2017-2021 Christoph Hellwig.
*/
+#include <linux/blk-integrity.h>
#include <linux/ptrace.h> /* for force_successful_syscall_return */
#include <linux/nvme_ioctl.h>
#include <linux/io_uring.h>
@@ -95,10 +96,15 @@ static int nvme_map_user_request(struct
struct request_queue *q = req->q;
struct nvme_ns *ns = q->queuedata;
struct block_device *bdev = ns ? ns->disk->part0 : NULL;
+ bool supports_metadata = bdev && blk_get_integrity(bdev->bd_disk);
+ bool has_metadata = meta_buffer && meta_len;
struct bio *bio = NULL;
void *meta = NULL;
int ret;
+ if (has_metadata && !supports_metadata)
+ return -EINVAL;
+
if (ioucmd && (ioucmd->flags & IORING_URING_CMD_FIXED)) {
struct iov_iter iter;
@@ -122,7 +128,7 @@ static int nvme_map_user_request(struct
if (bdev)
bio_set_dev(bio, bdev);
- if (bdev && meta_buffer && meta_len) {
+ if (has_metadata) {
meta = nvme_add_user_metadata(req, meta_buffer, meta_len,
meta_seed);
if (IS_ERR(meta)) {
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 248/578] drm/amd/display: fix double free issue during amdgpu module unload
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 247/578] nvme: fix metadata handling in nvme-passthrough Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 249/578] ktest.pl: Check kernelrelease return in get_version Greg Kroah-Hartman
` (338 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rodrigo Siqueira, Tim Huang,
Roman Li, Daniel Wheeler, Alex Deucher
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tim Huang <tim.huang@amd.com>
commit 20b5a8f9f4670a8503aa9fa95ca632e77c6bf55d upstream.
Flexible endpoints use DIGs from available inflexible endpoints,
so only the encoders of inflexible links need to be freed.
Otherwise, a double free issue may occur when unloading the
amdgpu module.
[ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0
[ 279.190577] Call Trace:
[ 279.190580] <TASK>
[ 279.190582] ? show_regs+0x69/0x80
[ 279.190590] ? die+0x3b/0x90
[ 279.190595] ? do_trap+0xc8/0xe0
[ 279.190601] ? do_error_trap+0x73/0xa0
[ 279.190605] ? __slab_free+0x152/0x2f0
[ 279.190609] ? exc_invalid_op+0x56/0x70
[ 279.190616] ? __slab_free+0x152/0x2f0
[ 279.190642] ? asm_exc_invalid_op+0x1f/0x30
[ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]
[ 279.191096] ? __slab_free+0x152/0x2f0
[ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]
[ 279.191469] kfree+0x260/0x2b0
[ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]
[ 279.191821] link_destroy+0xd7/0x130 [amdgpu]
[ 279.192248] dc_destruct+0x90/0x270 [amdgpu]
[ 279.192666] dc_destroy+0x19/0x40 [amdgpu]
[ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu]
[ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu]
[ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu]
[ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu]
[ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu]
[ 279.194632] pci_device_remove+0x3a/0xa0
[ 279.194638] device_remove+0x40/0x70
[ 279.194642] device_release_driver_internal+0x1ad/0x210
[ 279.194647] driver_detach+0x4e/0xa0
[ 279.194650] bus_remove_driver+0x6f/0xf0
[ 279.194653] driver_unregister+0x33/0x60
[ 279.194657] pci_unregister_driver+0x44/0x90
[ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu]
[ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0
[ 279.194946] __x64_sys_delete_module+0x16/0x20
[ 279.194950] do_syscall_64+0x58/0x120
[ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76
[ 279.194980] </TASK>
Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira@amd.com>
Signed-off-by: Tim Huang <tim.huang@amd.com>
Reviewed-by: Roman Li <roman.li@amd.com>
Signed-off-by: Roman Li <roman.li@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/core/dc_link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/display/dc/core/dc_link.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
@@ -83,7 +83,7 @@ static void dc_link_destruct(struct dc_l
if (link->panel_cntl)
link->panel_cntl->funcs->destroy(&link->panel_cntl);
- if (link->link_enc) {
+ if (link->link_enc && !link->is_dig_mapping_flexible) {
/* Update link encoder resource tracking variables. These are used for
* the dynamic assignment of link encoders to streams. Virtual links
* are not assigned encoder resources on creation.
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 249/578] ktest.pl: Check kernelrelease return in get_version
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 248/578] drm/amd/display: fix double free issue during amdgpu module unload Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 250/578] ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Greg Kroah-Hartman
` (337 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Hawley, Ricardo B. Marliere,
Steven Rostedt
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ricardo B. Marliere <rbm@suse.com>
commit a4e17a8f239a545c463f8ec27db4ed6e74b31841 upstream.
In the case of a test that uses the special option ${KERNEL_VERSION} in one
of its settings but has no configuration available in ${OUTPUT_DIR}, for
example if it's a new empty directory, then the `make kernelrelease` call
will fail and the subroutine will chomp an empty string, silently. Fix that
by adding an empty configuration and retrying.
Cc: stable@vger.kernel.org
Cc: John Hawley <warthog9@eaglescrag.net>
Fixes: 5f9b6ced04a4e ("ktest: Bisecting, install modules, add logging")
Link: https://lore.kernel.org/20241205-ktest_kver_fallback-v2-1-869dae4c7777@suse.com
Signed-off-by: Ricardo B. Marliere <rbm@suse.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/ktest/ktest.pl | 5 +++++
1 file changed, 5 insertions(+)
--- a/tools/testing/ktest/ktest.pl
+++ b/tools/testing/ktest/ktest.pl
@@ -2399,6 +2399,11 @@ sub get_version {
return if ($have_version);
doprint "$make kernelrelease ... ";
$version = `$make -s kernelrelease | tail -1`;
+ if (!length($version)) {
+ run_command "$make allnoconfig" or return 0;
+ doprint "$make kernelrelease ... ";
+ $version = `$make -s kernelrelease | tail -1`;
+ }
chomp($version);
doprint "$version\n";
$have_version = 1;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 250/578] ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 249/578] ktest.pl: Check kernelrelease return in get_version Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 251/578] net: usb: rtl8150: enable basic endpoint checking Greg Kroah-Hartman
` (336 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lianqin Hu, Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lianqin Hu <hulianqin@vivo.com>
commit d85fc52cbb9a719c8335d93a28d6a79d7acd419f upstream.
Audio control requests that sets sampling frequency sometimes fail on
this card. Adding delay between control messages eliminates that problem.
usb 1-1: New USB device found, idVendor=2fc6, idProduct=f0b7
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: iBasso DC07 Pro
usb 1-1: Manufacturer: iBasso
usb 1-1: SerialNumber: CTUA171130B
Signed-off-by: Lianqin Hu <hulianqin@vivo.com>
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/TYUPR06MB62174A48D04E09A37996DF84D2ED2@TYUPR06MB6217.apcprd06.prod.outlook.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/quirks.c | 2 ++
1 file changed, 2 insertions(+)
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -2241,6 +2241,8 @@ static const struct usb_audio_quirk_flag
QUIRK_FLAG_CTL_MSG_DELAY_1M),
DEVICE_FLG(0x2d95, 0x8021, /* VIVO USB-C-XE710 HEADSET */
QUIRK_FLAG_CTL_MSG_DELAY_1M),
+ DEVICE_FLG(0x2fc6, 0xf0b7, /* iBasso DC07 Pro */
+ QUIRK_FLAG_CTL_MSG_DELAY_1M),
DEVICE_FLG(0x30be, 0x0101, /* Schiit Hel */
QUIRK_FLAG_IGNORE_CTL_ERROR),
DEVICE_FLG(0x413c, 0xa506, /* Dell AE515 sound bar */
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 251/578] net: usb: rtl8150: enable basic endpoint checking
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 250/578] ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 252/578] usb: xhci: Fix NULL pointer dereference on certain command aborts Greg Kroah-Hartman
` (335 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nikita Zhandarovich, Paolo Abeni,
syzbot+d7e968426f644b567e31
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
commit 90b7f2961798793275b4844348619b622f983907 upstream.
Syzkaller reports [1] encountering a common issue of utilizing a wrong
usb endpoint type during URB submitting stage. This, in turn, triggers
a warning shown below.
For now, enable simple endpoint checking (specifically, bulk and
interrupt eps, testing control one is not essential) to mitigate
the issue with a view to do other related cosmetic changes later,
if they are necessary.
[1] Syzkaller report:
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv>
Modules linked in:
CPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617>
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503
Code: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8>
RSP: 0018:ffffc9000441f740 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9
RDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001
RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
R13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c
FS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733
__dev_open+0x2d4/0x4e0 net/core/dev.c:1474
__dev_change_flags+0x561/0x720 net/core/dev.c:8838
dev_change_flags+0x8f/0x160 net/core/dev.c:8910
devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177
inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003
sock_do_ioctl+0x116/0x280 net/socket.c:1222
sock_ioctl+0x22e/0x6c0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc04ef73d49
...
This change has not been tested on real hardware.
Reported-and-tested-by: syzbot+d7e968426f644b567e31@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=d7e968426f644b567e31
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Link: https://patch.msgid.link/20250124093020.234642-1-n.zhandarovich@fintech.ru
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/rtl8150.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
--- a/drivers/net/usb/rtl8150.c
+++ b/drivers/net/usb/rtl8150.c
@@ -71,6 +71,14 @@
#define MSR_SPEED (1<<3)
#define MSR_LINK (1<<2)
+/* USB endpoints */
+enum rtl8150_usb_ep {
+ RTL8150_USB_EP_CONTROL = 0,
+ RTL8150_USB_EP_BULK_IN = 1,
+ RTL8150_USB_EP_BULK_OUT = 2,
+ RTL8150_USB_EP_INT_IN = 3,
+};
+
/* Interrupt pipe data */
#define INT_TSR 0x00
#define INT_RSR 0x01
@@ -867,6 +875,13 @@ static int rtl8150_probe(struct usb_inte
struct usb_device *udev = interface_to_usbdev(intf);
rtl8150_t *dev;
struct net_device *netdev;
+ static const u8 bulk_ep_addr[] = {
+ RTL8150_USB_EP_BULK_IN | USB_DIR_IN,
+ RTL8150_USB_EP_BULK_OUT | USB_DIR_OUT,
+ 0};
+ static const u8 int_ep_addr[] = {
+ RTL8150_USB_EP_INT_IN | USB_DIR_IN,
+ 0};
netdev = alloc_etherdev(sizeof(rtl8150_t));
if (!netdev)
@@ -880,6 +895,13 @@ static int rtl8150_probe(struct usb_inte
return -ENOMEM;
}
+ /* Verify that all required endpoints are present */
+ if (!usb_check_bulk_endpoints(intf, bulk_ep_addr) ||
+ !usb_check_int_endpoints(intf, int_ep_addr)) {
+ dev_err(&intf->dev, "couldn't find required endpoints\n");
+ goto out;
+ }
+
tasklet_setup(&dev->tl, rx_fixup);
spin_lock_init(&dev->rx_pool_lock);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 252/578] usb: xhci: Fix NULL pointer dereference on certain command aborts
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 251/578] net: usb: rtl8150: enable basic endpoint checking Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 253/578] drivers/card_reader/rtsx_usb: Restore interrupt based detection Greg Kroah-Hartman
` (334 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michal Pecio, Mathias Nyman
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Pecio <michal.pecio@gmail.com>
commit 1e0a19912adb68a4b2b74fd77001c96cd83eb073 upstream.
If a command is queued to the final usable TRB of a ring segment, the
enqueue pointer is advanced to the subsequent link TRB and no further.
If the command is later aborted, when the abort completion is handled
the dequeue pointer is advanced to the first TRB of the next segment.
If no further commands are queued, xhci_handle_stopped_cmd_ring() sees
the ring pointers unequal and assumes that there is a pending command,
so it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.
Don't attempt timer setup if cur_cmd is NULL. The subsequent doorbell
ring likely is unnecessary too, but it's harmless. Leave it alone.
This is probably Bug 219532, but no confirmation has been received.
The issue has been independently reproduced and confirmed fixed using
a USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.
Everything continued working normally after several prevented crashes.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219532
Fixes: c311e391a7ef ("xhci: rework command timeout and cancellation,")
CC: stable@vger.kernel.org
Signed-off-by: Michal Pecio <michal.pecio@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20241227120142.1035206-4-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-ring.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -380,7 +380,8 @@ static void xhci_handle_stopped_cmd_ring
if ((xhci->cmd_ring->dequeue != xhci->cmd_ring->enqueue) &&
!(xhci->xhc_state & XHCI_STATE_DYING)) {
xhci->current_cmd = cur_cmd;
- xhci_mod_cmd_timer(xhci);
+ if (cur_cmd)
+ xhci_mod_cmd_timer(xhci);
xhci_ring_cmd_db(xhci);
}
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 253/578] drivers/card_reader/rtsx_usb: Restore interrupt based detection
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 252/578] usb: xhci: Fix NULL pointer dereference on certain command aborts Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 254/578] usb: gadget: f_tcm: Fix Get/SetInterface return value Greg Kroah-Hartman
` (333 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Sean Rhodes
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Rhodes <sean@starlabs.systems>
commit 235b630eda072d7e7b102ab346d6b8a2c028a772 upstream.
This commit reintroduces interrupt-based card detection previously
used in the rts5139 driver. This functionality was removed in commit
00d8521dcd23 ("staging: remove rts5139 driver code").
Reintroducing this mechanism fixes presence detection for certain card
readers, which with the current driver, will taken approximately 20
seconds to enter S3 as `mmc_rescan` has to be frozen.
Fixes: 00d8521dcd23 ("staging: remove rts5139 driver code")
Cc: stable@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Link: https://lore.kernel.org/r/20241119085815.11769-1-sean@starlabs.systems
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/cardreader/rtsx_usb.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/drivers/misc/cardreader/rtsx_usb.c
+++ b/drivers/misc/cardreader/rtsx_usb.c
@@ -286,6 +286,7 @@ static int rtsx_usb_get_status_with_bulk
int rtsx_usb_get_card_status(struct rtsx_ucr *ucr, u16 *status)
{
int ret;
+ u8 interrupt_val = 0;
u16 *buf;
if (!status)
@@ -308,6 +309,20 @@ int rtsx_usb_get_card_status(struct rtsx
ret = rtsx_usb_get_status_with_bulk(ucr, status);
}
+ rtsx_usb_read_register(ucr, CARD_INT_PEND, &interrupt_val);
+ /* Cross check presence with interrupts */
+ if (*status & XD_CD)
+ if (!(interrupt_val & XD_INT))
+ *status &= ~XD_CD;
+
+ if (*status & SD_CD)
+ if (!(interrupt_val & SD_INT))
+ *status &= ~SD_CD;
+
+ if (*status & MS_CD)
+ if (!(interrupt_val & MS_INT))
+ *status &= ~MS_CD;
+
/* usb_control_msg may return positive when success */
if (ret < 0)
return ret;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 254/578] usb: gadget: f_tcm: Fix Get/SetInterface return value
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 253/578] drivers/card_reader/rtsx_usb: Restore interrupt based detection Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 255/578] usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Greg Kroah-Hartman
` (332 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
commit 3b997089903b909684114aca6f79d683e5c64a0e upstream.
Check to make sure that the GetInterface and SetInterface are for valid
interface. Return proper alternate setting number on GetInterface.
Fixes: 0b8b1a1fede0 ("usb: gadget: f_tcm: Provide support to get alternate setting in tcm function")
Cc: stable@vger.kernel.org
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/ffd91b4640945ea4d3b4f4091cf1abbdbd9cf4fc.1733876548.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_tcm.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/drivers/usb/gadget/function/f_tcm.c
+++ b/drivers/usb/gadget/function/f_tcm.c
@@ -2079,9 +2079,14 @@ static void tcm_delayed_set_alt(struct w
static int tcm_get_alt(struct usb_function *f, unsigned intf)
{
- if (intf == bot_intf_desc.bInterfaceNumber)
+ struct f_uas *fu = to_f_uas(f);
+
+ if (fu->iface != intf)
+ return -EOPNOTSUPP;
+
+ if (fu->flags & USBG_IS_BOT)
return USB_G_ALT_INT_BBB;
- if (intf == uasp_intf_desc.bInterfaceNumber)
+ else if (fu->flags & USBG_IS_UAS)
return USB_G_ALT_INT_UAS;
return -EOPNOTSUPP;
@@ -2091,6 +2096,9 @@ static int tcm_set_alt(struct usb_functi
{
struct f_uas *fu = to_f_uas(f);
+ if (fu->iface != intf)
+ return -EOPNOTSUPP;
+
if ((alt == USB_G_ALT_INT_BBB) || (alt == USB_G_ALT_INT_UAS)) {
struct guas_setup_wq *work;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 255/578] usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 254/578] usb: gadget: f_tcm: Fix Get/SetInterface return value Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 256/578] usb: dwc3: core: Defer the probe until USB power supply ready Greg Kroah-Hartman
` (331 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Joe Hattori, Thinh Nguyen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
commit a266462b937beba065e934a563efe13dd246a164 upstream.
phy_syscon_pll_refclk() leaks an OF node obtained by
of_parse_phandle_with_fixed_args(), thus add an of_node_put() call.
Cc: stable <stable@kernel.org>
Fixes: e8784c0aec03 ("drivers: usb: dwc3: Add AM62 USB wrapper driver")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/20250109001638.70033-1-joe@pf.is.s.u-tokyo.ac.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/dwc3-am62.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/dwc3/dwc3-am62.c
+++ b/drivers/usb/dwc3/dwc3-am62.c
@@ -146,6 +146,7 @@ static int phy_syscon_pll_refclk(struct
if (ret)
return ret;
+ of_node_put(args.np);
am62->offset = args.args[0];
ret = regmap_update_bits(am62->syscon, am62->offset, PHY_PLL_REFCLK_MASK, am62->rate_code);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 256/578] usb: dwc3: core: Defer the probe until USB power supply ready
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 255/578] usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 257/578] usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Greg Kroah-Hartman
` (330 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Kyle Tso, Thinh Nguyen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kyle Tso <kyletso@google.com>
commit 66e0ea341a2a78d14336117f19763bd9be26d45d upstream.
Currently, DWC3 driver attempts to acquire the USB power supply only
once during the probe. If the USB power supply is not ready at that
time, the driver simply ignores the failure and continues the probe,
leading to permanent non-functioning of the gadget vbus_draw callback.
Address this problem by delaying the dwc3 driver initialization until
the USB power supply is registered.
Fixes: 6f0764b5adea ("usb: dwc3: add a power supply for current control")
Cc: stable <stable@kernel.org>
Signed-off-by: Kyle Tso <kyletso@google.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/20250115044548.2701138-1-kyletso@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/core.c | 30 +++++++++++++++++++++---------
1 file changed, 21 insertions(+), 9 deletions(-)
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -1532,8 +1532,6 @@ static void dwc3_get_properties(struct d
u8 tx_thr_num_pkt_prd = 0;
u8 tx_max_burst_prd = 0;
u8 tx_fifo_resize_max_num;
- const char *usb_psy_name;
- int ret;
/* default to highest possible threshold */
lpm_nyet_threshold = 0xf;
@@ -1566,13 +1564,6 @@ static void dwc3_get_properties(struct d
else
dwc->sysdev = dwc->dev;
- ret = device_property_read_string(dev, "usb-psy-name", &usb_psy_name);
- if (ret >= 0) {
- dwc->usb_psy = power_supply_get_by_name(usb_psy_name);
- if (!dwc->usb_psy)
- dev_err(dev, "couldn't get usb power supply\n");
- }
-
dwc->has_lpm_erratum = device_property_read_bool(dev,
"snps,has-lpm-erratum");
device_property_read_u8(dev, "snps,lpm-nyet-threshold",
@@ -1850,6 +1841,23 @@ static struct extcon_dev *dwc3_get_extco
return edev;
}
+static struct power_supply *dwc3_get_usb_power_supply(struct dwc3 *dwc)
+{
+ struct power_supply *usb_psy;
+ const char *usb_psy_name;
+ int ret;
+
+ ret = device_property_read_string(dwc->dev, "usb-psy-name", &usb_psy_name);
+ if (ret < 0)
+ return NULL;
+
+ usb_psy = power_supply_get_by_name(usb_psy_name);
+ if (!usb_psy)
+ return ERR_PTR(-EPROBE_DEFER);
+
+ return usb_psy;
+}
+
static int dwc3_probe(struct platform_device *pdev)
{
struct device *dev = &pdev->dev;
@@ -1894,6 +1902,10 @@ static int dwc3_probe(struct platform_de
dwc3_get_properties(dwc);
+ dwc->usb_psy = dwc3_get_usb_power_supply(dwc);
+ if (IS_ERR(dwc->usb_psy))
+ return dev_err_probe(dev, PTR_ERR(dwc->usb_psy), "couldn't get usb power supply\n");
+
dwc->reset = devm_reset_control_array_get_optional_shared(dev);
if (IS_ERR(dwc->reset)) {
ret = PTR_ERR(dwc->reset);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 257/578] usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 256/578] usb: dwc3: core: Defer the probe until USB power supply ready Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 258/578] usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Greg Kroah-Hartman
` (329 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jos Wang, Badhri Jagan Sridharan
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jos Wang <joswang@lenovo.com>
commit 2eb3da037c2c20fa30bc502bc092479b2a1aaae2 upstream.
As PD2.0 spec ("8.3.3.2.3 PE_SRC_Send_Capabilities state"), after the
Source receives the GoodCRC Message from the Sink in response to the
Source_Capabilities message, it should start the SenderResponseTimer,
after the timer times out, the state machine transitions to the
HARD_RESET state.
Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)")
Cc: stable@vger.kernel.org
Signed-off-by: Jos Wang <joswang@lenovo.com>
Reviewed-by: Badhri Jagan Sridharan <badhri@google.com>
Link: https://lore.kernel.org/r/20250105135245.7493-1-joswang1221@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/tcpm/tcpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/typec/tcpm/tcpm.c
+++ b/drivers/usb/typec/tcpm/tcpm.c
@@ -4114,7 +4114,7 @@ static void run_state_machine(struct tcp
port->caps_count = 0;
port->pd_capable = true;
tcpm_set_state_cond(port, SRC_SEND_CAPABILITIES_TIMEOUT,
- PD_T_SEND_SOURCE_CAP);
+ PD_T_SENDER_RESPONSE);
}
break;
case SRC_SEND_CAPABILITIES_TIMEOUT:
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 258/578] usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 257/578] usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 259/578] mptcp: consolidate suboption status Greg Kroah-Hartman
` (328 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Kyle Tso, Heikki Krogerus,
Badhri Jagan Sridharan
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kyle Tso <kyletso@google.com>
commit 4d27afbf256028a1f54363367f30efc8854433c3 upstream.
The Source can drop its output voltage to the minimum of the requested
PPS APDO voltage range when it is in Current Limit Mode. If this voltage
falls within the range of vPpsShutdown, the Source initiates a Hard
Reset and discharges Vbus. However, currently the Sink may disconnect
before the voltage reaches vPpsShutdown, leading to unexpected behavior.
Prevent premature disconnection by setting the Sink's disconnect
threshold to the minimum vPpsShutdown value. Additionally, consider the
voltage drop due to IR drop when calculating the appropriate threshold.
This ensures a robust and reliable interaction between the Source and
Sink during SPR PPS Current Limit Mode operation.
Fixes: 4288debeaa4e ("usb: typec: tcpci: Fix up sink disconnect thresholds for PD")
Cc: stable <stable@kernel.org>
Signed-off-by: Kyle Tso <kyletso@google.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Badhri Jagan Sridharan <badhri@google.com>
Link: https://lore.kernel.org/r/20250114142435.2093857-1-kyletso@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/tcpm/tcpci.c | 13 +++++++++----
drivers/usb/typec/tcpm/tcpm.c | 8 +++++---
include/linux/usb/tcpm.h | 3 ++-
3 files changed, 16 insertions(+), 8 deletions(-)
--- a/drivers/usb/typec/tcpm/tcpci.c
+++ b/drivers/usb/typec/tcpm/tcpci.c
@@ -26,6 +26,7 @@
#define VPPS_NEW_MIN_PERCENT 95
#define VPPS_VALID_MIN_MV 100
#define VSINKDISCONNECT_PD_MIN_PERCENT 90
+#define VPPS_SHUTDOWN_MIN_PERCENT 85
struct tcpci {
struct device *dev;
@@ -336,7 +337,8 @@ static int tcpci_enable_auto_vbus_discha
}
static int tcpci_set_auto_vbus_discharge_threshold(struct tcpc_dev *dev, enum typec_pwr_opmode mode,
- bool pps_active, u32 requested_vbus_voltage_mv)
+ bool pps_active, u32 requested_vbus_voltage_mv,
+ u32 apdo_min_voltage_mv)
{
struct tcpci *tcpci = tcpc_to_tcpci(dev);
unsigned int pwr_ctrl, threshold = 0;
@@ -358,9 +360,12 @@ static int tcpci_set_auto_vbus_discharge
threshold = AUTO_DISCHARGE_DEFAULT_THRESHOLD_MV;
} else if (mode == TYPEC_PWR_MODE_PD) {
if (pps_active)
- threshold = ((VPPS_NEW_MIN_PERCENT * requested_vbus_voltage_mv / 100) -
- VSINKPD_MIN_IR_DROP_MV - VPPS_VALID_MIN_MV) *
- VSINKDISCONNECT_PD_MIN_PERCENT / 100;
+ /*
+ * To prevent disconnect when the source is in Current Limit Mode.
+ * Set the threshold to the lowest possible voltage vPpsShutdown (min)
+ */
+ threshold = VPPS_SHUTDOWN_MIN_PERCENT * apdo_min_voltage_mv / 100 -
+ VSINKPD_MIN_IR_DROP_MV;
else
threshold = ((VSRC_NEW_MIN_PERCENT * requested_vbus_voltage_mv / 100) -
VSINKPD_MIN_IR_DROP_MV - VSRC_VALID_MIN_MV) *
--- a/drivers/usb/typec/tcpm/tcpm.c
+++ b/drivers/usb/typec/tcpm/tcpm.c
@@ -2320,10 +2320,12 @@ static int tcpm_set_auto_vbus_discharge_
return 0;
ret = port->tcpc->set_auto_vbus_discharge_threshold(port->tcpc, mode, pps_active,
- requested_vbus_voltage);
+ requested_vbus_voltage,
+ port->pps_data.min_volt);
tcpm_log_force(port,
- "set_auto_vbus_discharge_threshold mode:%d pps_active:%c vbus:%u ret:%d",
- mode, pps_active ? 'y' : 'n', requested_vbus_voltage, ret);
+ "set_auto_vbus_discharge_threshold mode:%d pps_active:%c vbus:%u pps_apdo_min_volt:%u ret:%d",
+ mode, pps_active ? 'y' : 'n', requested_vbus_voltage,
+ port->pps_data.min_volt, ret);
return ret;
}
--- a/include/linux/usb/tcpm.h
+++ b/include/linux/usb/tcpm.h
@@ -145,7 +145,8 @@ struct tcpc_dev {
void (*frs_sourcing_vbus)(struct tcpc_dev *dev);
int (*enable_auto_vbus_discharge)(struct tcpc_dev *dev, bool enable);
int (*set_auto_vbus_discharge_threshold)(struct tcpc_dev *dev, enum typec_pwr_opmode mode,
- bool pps_active, u32 requested_vbus_voltage);
+ bool pps_active, u32 requested_vbus_voltage,
+ u32 pps_apdo_min_voltage);
bool (*is_vbus_vsafe0v)(struct tcpc_dev *dev);
void (*set_partner_usb_comm_capable)(struct tcpc_dev *dev, bool enable);
};
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 259/578] mptcp: consolidate suboption status
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 258/578] usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 260/578] mptcp: handle fastopen disconnect correctly Greg Kroah-Hartman
` (327 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+23728c2df58b3bd175ad,
Paolo Abeni, Matthieu Baerts (NGI0), Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Abeni <pabeni@redhat.com>
commit c86b000782daba926c627d2fa00c3f60a75e7472 upstream.
MPTCP maintains the received sub-options status is the bitmask carrying
the received suboptions and in several bitfields carrying per suboption
additional info.
Zeroing the bitmask before parsing is not enough to ensure a consistent
status, and the MPTCP code has to additionally clear some bitfiled
depending on the actually parsed suboption.
The above schema is fragile, and syzbot managed to trigger a path where
a relevant bitfield is not cleared/initialized:
BUG: KMSAN: uninit-value in __mptcp_expand_seq net/mptcp/options.c:1030 [inline]
BUG: KMSAN: uninit-value in mptcp_expand_seq net/mptcp/protocol.h:864 [inline]
BUG: KMSAN: uninit-value in ack_update_msk net/mptcp/options.c:1060 [inline]
BUG: KMSAN: uninit-value in mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209
__mptcp_expand_seq net/mptcp/options.c:1030 [inline]
mptcp_expand_seq net/mptcp/protocol.h:864 [inline]
ack_update_msk net/mptcp/options.c:1060 [inline]
mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209
tcp_data_queue+0xb4/0x7be0 net/ipv4/tcp_input.c:5233
tcp_rcv_established+0x1061/0x2510 net/ipv4/tcp_input.c:6264
tcp_v4_do_rcv+0x7f3/0x11a0 net/ipv4/tcp_ipv4.c:1916
tcp_v4_rcv+0x51df/0x5750 net/ipv4/tcp_ipv4.c:2351
ip_protocol_deliver_rcu+0x2a3/0x13d0 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254
dst_input include/net/dst.h:460 [inline]
ip_rcv_finish+0x4a2/0x520 net/ipv4/ip_input.c:447
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_rcv+0xcd/0x380 net/ipv4/ip_input.c:567
__netif_receive_skb_one_core net/core/dev.c:5704 [inline]
__netif_receive_skb+0x319/0xa00 net/core/dev.c:5817
process_backlog+0x4ad/0xa50 net/core/dev.c:6149
__napi_poll+0xe7/0x980 net/core/dev.c:6902
napi_poll net/core/dev.c:6971 [inline]
net_rx_action+0xa5a/0x19b0 net/core/dev.c:7093
handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561
__do_softirq+0x14/0x1a kernel/softirq.c:595
do_softirq+0x9a/0x100 kernel/softirq.c:462
__local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]
__dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4493
dev_queue_xmit include/linux/netdevice.h:3168 [inline]
neigh_hh_output include/net/neighbour.h:523 [inline]
neigh_output include/net/neighbour.h:537 [inline]
ip_finish_output2+0x187c/0x1b70 net/ipv4/ip_output.c:236
__ip_finish_output+0x287/0x810
ip_finish_output+0x4b/0x600 net/ipv4/ip_output.c:324
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip_output+0x15f/0x3f0 net/ipv4/ip_output.c:434
dst_output include/net/dst.h:450 [inline]
ip_local_out net/ipv4/ip_output.c:130 [inline]
__ip_queue_xmit+0x1f2a/0x20d0 net/ipv4/ip_output.c:536
ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:550
__tcp_transmit_skb+0x3cea/0x4900 net/ipv4/tcp_output.c:1468
tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline]
tcp_write_xmit+0x3b90/0x9070 net/ipv4/tcp_output.c:2829
__tcp_push_pending_frames+0xc4/0x380 net/ipv4/tcp_output.c:3012
tcp_send_fin+0x9f6/0xf50 net/ipv4/tcp_output.c:3618
__tcp_close+0x140c/0x1550 net/ipv4/tcp.c:3130
__mptcp_close_ssk+0x74e/0x16f0 net/mptcp/protocol.c:2496
mptcp_close_ssk+0x26b/0x2c0 net/mptcp/protocol.c:2550
mptcp_pm_nl_rm_addr_or_subflow+0x635/0xd10 net/mptcp/pm_netlink.c:889
mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:924 [inline]
mptcp_pm_flush_addrs_and_subflows net/mptcp/pm_netlink.c:1688 [inline]
mptcp_nl_flush_addrs_list net/mptcp/pm_netlink.c:1709 [inline]
mptcp_pm_nl_flush_addrs_doit+0xe10/0x1630 net/mptcp/pm_netlink.c:1750
genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2542
genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]
netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1347
netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1891
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:726
____sys_sendmsg+0x877/0xb60 net/socket.c:2583
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2637
__sys_sendmsg net/socket.c:2669 [inline]
__do_sys_sendmsg net/socket.c:2674 [inline]
__se_sys_sendmsg net/socket.c:2672 [inline]
__x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2672
x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was stored to memory at:
mptcp_get_options+0x2c0f/0x2f20 net/mptcp/options.c:397
mptcp_incoming_options+0x19a/0x3d30 net/mptcp/options.c:1150
tcp_data_queue+0xb4/0x7be0 net/ipv4/tcp_input.c:5233
tcp_rcv_established+0x1061/0x2510 net/ipv4/tcp_input.c:6264
tcp_v4_do_rcv+0x7f3/0x11a0 net/ipv4/tcp_ipv4.c:1916
tcp_v4_rcv+0x51df/0x5750 net/ipv4/tcp_ipv4.c:2351
ip_protocol_deliver_rcu+0x2a3/0x13d0 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254
dst_input include/net/dst.h:460 [inline]
ip_rcv_finish+0x4a2/0x520 net/ipv4/ip_input.c:447
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_rcv+0xcd/0x380 net/ipv4/ip_input.c:567
__netif_receive_skb_one_core net/core/dev.c:5704 [inline]
__netif_receive_skb+0x319/0xa00 net/core/dev.c:5817
process_backlog+0x4ad/0xa50 net/core/dev.c:6149
__napi_poll+0xe7/0x980 net/core/dev.c:6902
napi_poll net/core/dev.c:6971 [inline]
net_rx_action+0xa5a/0x19b0 net/core/dev.c:7093
handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561
__do_softirq+0x14/0x1a kernel/softirq.c:595
Uninit was stored to memory at:
put_unaligned_be32 include/linux/unaligned.h:68 [inline]
mptcp_write_options+0x17f9/0x3100 net/mptcp/options.c:1417
mptcp_options_write net/ipv4/tcp_output.c:465 [inline]
tcp_options_write+0x6d9/0xe90 net/ipv4/tcp_output.c:759
__tcp_transmit_skb+0x294b/0x4900 net/ipv4/tcp_output.c:1414
tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline]
tcp_write_xmit+0x3b90/0x9070 net/ipv4/tcp_output.c:2829
__tcp_push_pending_frames+0xc4/0x380 net/ipv4/tcp_output.c:3012
tcp_send_fin+0x9f6/0xf50 net/ipv4/tcp_output.c:3618
__tcp_close+0x140c/0x1550 net/ipv4/tcp.c:3130
__mptcp_close_ssk+0x74e/0x16f0 net/mptcp/protocol.c:2496
mptcp_close_ssk+0x26b/0x2c0 net/mptcp/protocol.c:2550
mptcp_pm_nl_rm_addr_or_subflow+0x635/0xd10 net/mptcp/pm_netlink.c:889
mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:924 [inline]
mptcp_pm_flush_addrs_and_subflows net/mptcp/pm_netlink.c:1688 [inline]
mptcp_nl_flush_addrs_list net/mptcp/pm_netlink.c:1709 [inline]
mptcp_pm_nl_flush_addrs_doit+0xe10/0x1630 net/mptcp/pm_netlink.c:1750
genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2542
genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]
netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1347
netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1891
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:726
____sys_sendmsg+0x877/0xb60 net/socket.c:2583
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2637
__sys_sendmsg net/socket.c:2669 [inline]
__do_sys_sendmsg net/socket.c:2674 [inline]
__se_sys_sendmsg net/socket.c:2672 [inline]
__x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2672
x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was stored to memory at:
mptcp_pm_add_addr_signal+0x3d7/0x4c0
mptcp_established_options_add_addr net/mptcp/options.c:666 [inline]
mptcp_established_options+0x1b9b/0x3a00 net/mptcp/options.c:884
tcp_established_options+0x2c4/0x7d0 net/ipv4/tcp_output.c:1012
__tcp_transmit_skb+0x5b7/0x4900 net/ipv4/tcp_output.c:1333
tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline]
tcp_write_xmit+0x3b90/0x9070 net/ipv4/tcp_output.c:2829
__tcp_push_pending_frames+0xc4/0x380 net/ipv4/tcp_output.c:3012
tcp_send_fin+0x9f6/0xf50 net/ipv4/tcp_output.c:3618
__tcp_close+0x140c/0x1550 net/ipv4/tcp.c:3130
__mptcp_close_ssk+0x74e/0x16f0 net/mptcp/protocol.c:2496
mptcp_close_ssk+0x26b/0x2c0 net/mptcp/protocol.c:2550
mptcp_pm_nl_rm_addr_or_subflow+0x635/0xd10 net/mptcp/pm_netlink.c:889
mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:924 [inline]
mptcp_pm_flush_addrs_and_subflows net/mptcp/pm_netlink.c:1688 [inline]
mptcp_nl_flush_addrs_list net/mptcp/pm_netlink.c:1709 [inline]
mptcp_pm_nl_flush_addrs_doit+0xe10/0x1630 net/mptcp/pm_netlink.c:1750
genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2542
genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]
netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1347
netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1891
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:726
____sys_sendmsg+0x877/0xb60 net/socket.c:2583
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2637
__sys_sendmsg net/socket.c:2669 [inline]
__do_sys_sendmsg net/socket.c:2674 [inline]
__se_sys_sendmsg net/socket.c:2672 [inline]
__x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2672
x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was stored to memory at:
mptcp_pm_add_addr_received+0x95f/0xdd0 net/mptcp/pm.c:235
mptcp_incoming_options+0x2983/0x3d30 net/mptcp/options.c:1169
tcp_data_queue+0xb4/0x7be0 net/ipv4/tcp_input.c:5233
tcp_rcv_state_process+0x2a38/0x49d0 net/ipv4/tcp_input.c:6972
tcp_v4_do_rcv+0xbf9/0x11a0 net/ipv4/tcp_ipv4.c:1939
tcp_v4_rcv+0x51df/0x5750 net/ipv4/tcp_ipv4.c:2351
ip_protocol_deliver_rcu+0x2a3/0x13d0 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254
dst_input include/net/dst.h:460 [inline]
ip_rcv_finish+0x4a2/0x520 net/ipv4/ip_input.c:447
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_rcv+0xcd/0x380 net/ipv4/ip_input.c:567
__netif_receive_skb_one_core net/core/dev.c:5704 [inline]
__netif_receive_skb+0x319/0xa00 net/core/dev.c:5817
process_backlog+0x4ad/0xa50 net/core/dev.c:6149
__napi_poll+0xe7/0x980 net/core/dev.c:6902
napi_poll net/core/dev.c:6971 [inline]
net_rx_action+0xa5a/0x19b0 net/core/dev.c:7093
handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561
__do_softirq+0x14/0x1a kernel/softirq.c:595
Local variable mp_opt created at:
mptcp_incoming_options+0x119/0x3d30 net/mptcp/options.c:1127
tcp_data_queue+0xb4/0x7be0 net/ipv4/tcp_input.c:5233
The current schema is too fragile; address the issue grouping all the
state-related data together and clearing the whole group instead of
just the bitmask. This also cleans-up the code a bit, as there is no
need to individually clear "random" bitfield in a couple of places
any more.
Fixes: 84dfe3677a6f ("mptcp: send out dedicated ADD_ADDR packet")
Cc: stable@vger.kernel.org
Reported-by: syzbot+23728c2df58b3bd175ad@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/6786ac51.050a0220.216c54.00a7.GAE@google.com
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/541
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20250123-net-mptcp-syzbot-issues-v1-1-af73258a726f@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mptcp/options.c | 13 +++++--------
net/mptcp/protocol.h | 30 ++++++++++++++++--------------
2 files changed, 21 insertions(+), 22 deletions(-)
--- a/net/mptcp/options.c
+++ b/net/mptcp/options.c
@@ -103,7 +103,6 @@ static void mptcp_parse_option(const str
mp_opt->suboptions |= OPTION_MPTCP_DSS;
mp_opt->use_map = 1;
mp_opt->mpc_map = 1;
- mp_opt->use_ack = 0;
mp_opt->data_len = get_unaligned_be16(ptr);
ptr += 2;
}
@@ -152,11 +151,6 @@ static void mptcp_parse_option(const str
pr_debug("DSS\n");
ptr++;
- /* we must clear 'mpc_map' be able to detect MP_CAPABLE
- * map vs DSS map in mptcp_incoming_options(), and reconstruct
- * map info accordingly
- */
- mp_opt->mpc_map = 0;
flags = (*ptr++) & MPTCP_DSS_FLAG_MASK;
mp_opt->data_fin = (flags & MPTCP_DSS_DATA_FIN) != 0;
mp_opt->dsn64 = (flags & MPTCP_DSS_DSN64) != 0;
@@ -364,8 +358,11 @@ void mptcp_get_options(const struct sk_b
const unsigned char *ptr;
int length;
- /* initialize option status */
- mp_opt->suboptions = 0;
+ /* Ensure that casting the whole status to u32 is efficient and safe */
+ BUILD_BUG_ON(sizeof_field(struct mptcp_options_received, status) != sizeof(u32));
+ BUILD_BUG_ON(!IS_ALIGNED(offsetof(struct mptcp_options_received, status),
+ sizeof(u32)));
+ *(u32 *)&mp_opt->status = 0;
length = (th->doff * 4) - sizeof(struct tcphdr);
ptr = (const unsigned char *)(th + 1);
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -141,22 +141,24 @@ struct mptcp_options_received {
u32 subflow_seq;
u16 data_len;
__sum16 csum;
- u16 suboptions;
+ struct_group(status,
+ u16 suboptions;
+ u16 use_map:1,
+ dsn64:1,
+ data_fin:1,
+ use_ack:1,
+ ack64:1,
+ mpc_map:1,
+ reset_reason:4,
+ reset_transient:1,
+ echo:1,
+ backup:1,
+ deny_join_id0:1,
+ __unused:2;
+ );
+ u8 join_id;
u32 token;
u32 nonce;
- u16 use_map:1,
- dsn64:1,
- data_fin:1,
- use_ack:1,
- ack64:1,
- mpc_map:1,
- reset_reason:4,
- reset_transient:1,
- echo:1,
- backup:1,
- deny_join_id0:1,
- __unused:2;
- u8 join_id;
u64 thmac;
u8 hmac[MPTCPOPT_HMAC_LEN];
struct mptcp_addr_info addr;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 260/578] mptcp: handle fastopen disconnect correctly
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 259/578] mptcp: consolidate suboption status Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 261/578] remoteproc: core: Fix ida_free call while not allocated Greg Kroah-Hartman
` (326 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+ebc0b8ae5d3590b2c074,
Paolo Abeni, Matthieu Baerts (NGI0), Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Abeni <pabeni@redhat.com>
commit 619af16b3b57a3a4ee50b9a30add9ff155541e71 upstream.
Syzbot was able to trigger a data stream corruption:
WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024
Modules linked in:
CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0
Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024
Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 <0f> 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07
RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293
RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928
R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000
R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000
FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074
mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493
release_sock+0x1aa/0x1f0 net/core/sock.c:3640
inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]
__inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703
mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755
mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x1a6/0x270 net/socket.c:726
____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583
___sys_sendmsg net/socket.c:2637 [inline]
__sys_sendmsg+0x269/0x350 net/socket.c:2669
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6e86ebfe69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69
RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc
R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508
</TASK>
The root cause is the bad handling of disconnect() generated internally
by the MPTCP protocol in case of connect FASTOPEN errors.
Address the issue increasing the socket disconnect counter even on such
a case, to allow other threads waiting on the same socket lock to
properly error out.
Fixes: c2b2ae3925b6 ("mptcp: handle correctly disconnect() failures")
Cc: stable@vger.kernel.org
Reported-by: syzbot+ebc0b8ae5d3590b2c074@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/67605870.050a0220.37aaf.0137.GAE@google.com
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/537
Tested-by: syzbot+ebc0b8ae5d3590b2c074@syzkaller.appspotmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20250123-net-mptcp-syzbot-issues-v1-3-af73258a726f@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mptcp/protocol.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -1779,8 +1779,10 @@ static int mptcp_sendmsg_fastopen(struct
* see mptcp_disconnect().
* Attempt it again outside the problematic scope.
*/
- if (!mptcp_disconnect(sk, 0))
+ if (!mptcp_disconnect(sk, 0)) {
+ sk->sk_disconnects++;
sk->sk_socket->state = SS_UNCONNECTED;
+ }
}
return ret;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 261/578] remoteproc: core: Fix ida_free call while not allocated
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 260/578] mptcp: handle fastopen disconnect correctly Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 262/578] media: uvcvideo: Fix double free in error path Greg Kroah-Hartman
` (325 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Arnaud Pouliquen, Mathieu Poirier
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
commit 7378aeb664e5ebc396950b36a1f2dedf5aabec20 upstream.
In the rproc_alloc() function, on error, put_device(&rproc->dev) is
called, leading to the call of the rproc_type_release() function.
An error can occurs before ida_alloc is called.
In such case in rproc_type_release(), the condition (rproc->index >= 0) is
true as rproc->index has been initialized to 0.
ida_free() is called reporting a warning:
[ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164
[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0
[ 4.188854] ida_free called for id=0 which is not allocated.
[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000
[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)
[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442
[ 4.231481] Hardware name: STM32 (Device Tree Support)
[ 4.236627] Workqueue: events_unbound deferred_probe_work_func
[ 4.242504] Call trace:
[ 4.242522] unwind_backtrace from show_stack+0x10/0x14
[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64
[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c
[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188
[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164
[ 4.270565] ida_free from rproc_type_release+0x38/0x60
[ 4.275832] rproc_type_release from device_release+0x30/0xa0
[ 4.281601] device_release from kobject_put+0xc4/0x294
[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c
[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4
[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]
[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc
Calling ida_alloc earlier in rproc_alloc ensures that the rproc->index is
properly set.
Fixes: 08333b911f01 ("remoteproc: Directly use ida_alloc()/free()")
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20241122175127.2188037-1-arnaud.pouliquen@foss.st.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/remoteproc/remoteproc_core.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/drivers/remoteproc/remoteproc_core.c
+++ b/drivers/remoteproc/remoteproc_core.c
@@ -2464,6 +2464,13 @@ struct rproc *rproc_alloc(struct device
rproc->dev.driver_data = rproc;
idr_init(&rproc->notifyids);
+ /* Assign a unique device index and name */
+ rproc->index = ida_alloc(&rproc_dev_index, GFP_KERNEL);
+ if (rproc->index < 0) {
+ dev_err(dev, "ida_alloc failed: %d\n", rproc->index);
+ goto put_device;
+ }
+
rproc->name = kstrdup_const(name, GFP_KERNEL);
if (!rproc->name)
goto put_device;
@@ -2474,13 +2481,6 @@ struct rproc *rproc_alloc(struct device
if (rproc_alloc_ops(rproc, ops))
goto put_device;
- /* Assign a unique device index and name */
- rproc->index = ida_alloc(&rproc_dev_index, GFP_KERNEL);
- if (rproc->index < 0) {
- dev_err(dev, "ida_alloc failed: %d\n", rproc->index);
- goto put_device;
- }
-
dev_set_name(&rproc->dev, "remoteproc%d", rproc->index);
atomic_set(&rproc->power, 0);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 262/578] media: uvcvideo: Fix double free in error path
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 261/578] remoteproc: core: Fix ida_free call while not allocated Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 263/578] usb: gadget: f_tcm: Dont free command immediately Greg Kroah-Hartman
` (324 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Laurent Pinchart,
Mauro Carvalho Chehab
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
commit c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac upstream.
If the uvc_status_init() function fails to allocate the int_urb, it will
free the dev->status pointer but doesn't reset the pointer to NULL. This
results in the kfree() call in uvc_status_cleanup() trying to
double-free the memory. Fix it by resetting the dev->status pointer to
NULL after freeing it.
Fixes: a31a4055473b ("V4L/DVB:usbvideo:don't use part of buffer for USB transfer #4")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20241107235130.31372-1-laurent.pinchart@ideasonboard.com
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed by: Ricardo Ribalda <ribalda@chromium.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/uvc/uvc_status.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/media/usb/uvc/uvc_status.c
+++ b/drivers/media/usb/uvc/uvc_status.c
@@ -267,6 +267,7 @@ int uvc_status_init(struct uvc_device *d
dev->int_urb = usb_alloc_urb(0, GFP_KERNEL);
if (dev->int_urb == NULL) {
kfree(dev->status);
+ dev->status = NULL;
return -ENOMEM;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 263/578] usb: gadget: f_tcm: Dont free command immediately
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 262/578] media: uvcvideo: Fix double free in error path Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 264/578] staging: media: max96712: fix kernel oops when removing module Greg Kroah-Hartman
` (323 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
commit c225d006a31949d673e646d585d9569bc28feeb9 upstream.
Don't prematurely free the command. Wait for the status completion of
the sense status. It can be freed then. Otherwise we will double-free
the command.
Fixes: cff834c16d23 ("usb-gadget/tcm: Convert to TARGET_SCF_ACK_KREF I/O krefs")
Cc: stable@vger.kernel.org
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/ae919ac431f16275e05ec819bdffb3ac5f44cbe1.1733876548.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_tcm.c | 2 --
1 file changed, 2 deletions(-)
--- a/drivers/usb/gadget/function/f_tcm.c
+++ b/drivers/usb/gadget/function/f_tcm.c
@@ -1066,7 +1066,6 @@ static void usbg_cmd_work(struct work_st
out:
transport_send_check_condition_and_sense(se_cmd,
TCM_UNSUPPORTED_SCSI_OPCODE, 1);
- transport_generic_free_cmd(&cmd->se_cmd, 0);
}
static struct usbg_cmd *usbg_get_cmd(struct f_uas *fu,
@@ -1195,7 +1194,6 @@ static void bot_cmd_work(struct work_str
out:
transport_send_check_condition_and_sense(se_cmd,
TCM_UNSUPPORTED_SCSI_OPCODE, 1);
- transport_generic_free_cmd(&cmd->se_cmd, 0);
}
static int bot_submit_command(struct f_uas *fu,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 264/578] staging: media: max96712: fix kernel oops when removing module
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 263/578] usb: gadget: f_tcm: Dont free command immediately Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 265/578] media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Greg Kroah-Hartman
` (322 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Laurentiu Palcu,
Niklas Söderlund, Ricardo Ribalda, Sakari Ailus,
Mauro Carvalho Chehab
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Laurentiu Palcu <laurentiu.palcu@oss.nxp.com>
commit ee1b5046d5cd892a0754ab982aeaaad3702083a5 upstream.
The following kernel oops is thrown when trying to remove the max96712
module:
Unable to handle kernel paging request at virtual address 00007375746174db
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000
[00007375746174db] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan
snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2
imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev
snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils
max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse
[last unloaded: imx8_isi]
CPU: 0 UID: 0 PID: 754 Comm: rmmod
Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17
Tainted: [C]=CRAP
Hardware name: NXP i.MX95 19X19 board (DT)
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : led_put+0x1c/0x40
lr : v4l2_subdev_put_privacy_led+0x48/0x58
sp : ffff80008699bbb0
x29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
x23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8
x20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000
x11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010
x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d
x5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1
x2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473
Call trace:
led_put+0x1c/0x40
v4l2_subdev_put_privacy_led+0x48/0x58
v4l2_async_unregister_subdev+0x2c/0x1a4
max96712_remove+0x1c/0x38 [max96712]
i2c_device_remove+0x2c/0x9c
device_remove+0x4c/0x80
device_release_driver_internal+0x1cc/0x228
driver_detach+0x4c/0x98
bus_remove_driver+0x6c/0xbc
driver_unregister+0x30/0x60
i2c_del_driver+0x54/0x64
max96712_i2c_driver_exit+0x18/0x1d0 [max96712]
__arm64_sys_delete_module+0x1a4/0x290
invoke_syscall+0x48/0x10c
el0_svc_common.constprop.0+0xc0/0xe0
do_el0_svc+0x1c/0x28
el0_svc+0x34/0xd8
el0t_64_sync_handler+0x120/0x12c
el0t_64_sync+0x190/0x194
Code: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)
---[ end trace 0000000000000000 ]---
This happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()
is called again and the data is overwritten to point to sd, instead of
priv. So, in remove(), the wrong pointer is passed to
v4l2_async_unregister_subdev(), leading to a crash.
Fixes: 5814f32fef13 ("media: staging: max96712: Add basic support for MAX96712 GMSL2 deserializer")
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@oss.nxp.com>
Cc: stable@vger.kernel.org
Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Reviewed-by: Ricardo Ribalda <ribalda@chromium.org>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/media/max96712/max96712.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/staging/media/max96712/max96712.c
+++ b/drivers/staging/media/max96712/max96712.c
@@ -376,7 +376,6 @@ static int max96712_probe(struct i2c_cli
return -ENOMEM;
priv->client = client;
- i2c_set_clientdata(client, priv);
priv->regmap = devm_regmap_init_i2c(client, &max96712_i2c_regmap);
if (IS_ERR(priv->regmap))
@@ -409,7 +408,8 @@ static int max96712_probe(struct i2c_cli
static void max96712_remove(struct i2c_client *client)
{
- struct max96712_priv *priv = i2c_get_clientdata(client);
+ struct v4l2_subdev *sd = i2c_get_clientdata(client);
+ struct max96712_priv *priv = container_of(sd, struct max96712_priv, sd);
v4l2_async_unregister_subdev(&priv->sd);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 265/578] media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 264/578] staging: media: max96712: fix kernel oops when removing module Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 266/578] btrfs: output the reason for open_ctree() failure Greg Kroah-Hartman
` (321 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Ming Qian,
Hans Verkuil
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
commit 1378ffec30367233152b7dbf4fa6a25ee98585d1 upstream.
The proble is on the first line:
if (jpeg->pd_dev[i] && !pm_runtime_suspended(jpeg->pd_dev[i]))
If jpeg->pd_dev[i] is an error pointer, then passing it to
pm_runtime_suspended() will lead to an Oops. The other conditions
check for both error pointers and NULL, but it would be more clear to
use the IS_ERR_OR_NULL() check for that.
Fixes: fd0af4cd35da ("media: imx-jpeg: Ensure power suppliers be suspended before detach them")
Cc: <stable@vger.kernel.org>
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Ming Qian <ming.qian@nxp.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c
+++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c
@@ -2097,11 +2097,12 @@ static void mxc_jpeg_detach_pm_domains(s
int i;
for (i = 0; i < jpeg->num_domains; i++) {
- if (jpeg->pd_dev[i] && !pm_runtime_suspended(jpeg->pd_dev[i]))
+ if (!IS_ERR_OR_NULL(jpeg->pd_dev[i]) &&
+ !pm_runtime_suspended(jpeg->pd_dev[i]))
pm_runtime_force_suspend(jpeg->pd_dev[i]);
- if (jpeg->pd_link[i] && !IS_ERR(jpeg->pd_link[i]))
+ if (!IS_ERR_OR_NULL(jpeg->pd_link[i]))
device_link_del(jpeg->pd_link[i]);
- if (jpeg->pd_dev[i] && !IS_ERR(jpeg->pd_dev[i]))
+ if (!IS_ERR_OR_NULL(jpeg->pd_dev[i]))
dev_pm_domain_detach(jpeg->pd_dev[i], true);
jpeg->pd_dev[i] = NULL;
jpeg->pd_link[i] = NULL;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 266/578] btrfs: output the reason for open_ctree() failure
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 265/578] media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 267/578] ptp: Properly handle compat ioctls Greg Kroah-Hartman
` (320 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Anton Mitterer,
Filipe Manana, Qu Wenruo, David Sterba
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qu Wenruo <wqu@suse.com>
commit d0f038104fa37380e2a725e669508e43d0c503e9 upstream.
There is a recent ML report that mounting a large fs backed by hardware
RAID56 controller (with one device missing) took too much time, and
systemd seems to kill the mount attempt.
In that case, the only error message is:
BTRFS error (device sdj): open_ctree failed
There is no reason on why the failure happened, making it very hard to
understand the reason.
At least output the error number (in the particular case it should be
-EINTR) to provide some clue.
Link: https://lore.kernel.org/linux-btrfs/9b9c4d2810abcca2f9f76e32220ed9a90febb235.camel@scientia.org/
Reported-by: Christoph Anton Mitterer <calestyo@scientia.org>
Cc: stable@vger.kernel.org
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -1468,7 +1468,7 @@ static int btrfs_fill_super(struct super
err = open_ctree(sb, fs_devices, (char *)data);
if (err) {
- btrfs_err(fs_info, "open_ctree failed");
+ btrfs_err(fs_info, "open_ctree failed: %d", err);
return err;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 267/578] ptp: Properly handle compat ioctls
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 266/578] btrfs: output the reason for open_ctree() failure Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 268/578] s390: Add -std=gnu11 to decompressor and purgatory CFLAGS Greg Kroah-Hartman
` (319 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Thomas Weißschuh,
Cyrill Gorcunov, Richard Cochran, Paolo Abeni, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Weißschuh <linux@weissschuh.net>
[ Upstream commit 19ae40f572a9ce1ade9954990af709a03fd37010 ]
Pointer arguments passed to ioctls need to pass through compat_ptr() to
work correctly on s390; as explained in Documentation/driver-api/ioctl.rst.
Detect compat mode at runtime and call compat_ptr() for those commands
which do take pointer arguments.
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/lkml/1ba5d3a4-7931-455b-a3ce-85a968a7cb10@app.fastmail.com/
Fixes: d94ba80ebbea ("ptp: Added a brand new class driver for ptp clocks.")
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Reviewed-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Link: https://patch.msgid.link/20250125-posix-clock-compat_ioctl-v2-1-11c865c500eb@weissschuh.net
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ptp/ptp_chardev.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/ptp/ptp_chardev.c
+++ b/drivers/ptp/ptp_chardev.c
@@ -4,6 +4,7 @@
*
* Copyright (C) 2010 OMICRON electronics GmbH
*/
+#include <linux/compat.h>
#include <linux/module.h>
#include <linux/posix-clock.h>
#include <linux/poll.h>
@@ -124,6 +125,9 @@ long ptp_ioctl(struct posix_clock *pc, u
struct timespec64 ts;
int enable, err = 0;
+ if (in_compat_syscall() && cmd != PTP_ENABLE_PPS && cmd != PTP_ENABLE_PPS2)
+ arg = (unsigned long)compat_ptr(arg);
+
switch (cmd) {
case PTP_CLOCK_GETCAPS:
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 268/578] s390: Add -std=gnu11 to decompressor and purgatory CFLAGS
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 267/578] ptp: Properly handle compat ioctls Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 269/578] pinctrl: stm32: fix array read out of bound Greg Kroah-Hartman
` (318 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Heiko Carstens,
Alexander Gordeev
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
commit 3b8b80e993766dc96d1a1c01c62f5d15fafc79b9 upstream.
GCC changed the default C standard dialect from gnu17 to gnu23,
which should not have impacted the kernel because it explicitly requests
the gnu11 standard in the main Makefile. However, there are certain
places in the s390 code that use their own CFLAGS without a '-std='
value, which break with this dialect change because of the kernel's own
definitions of bool, false, and true conflicting with the C23 reserved
keywords.
include/linux/stddef.h:11:9: error: cannot use keyword 'false' as enumeration constant
11 | false = 0,
| ^~~~~
include/linux/stddef.h:11:9: note: 'false' is a keyword with '-std=c23' onwards
include/linux/types.h:35:33: error: 'bool' cannot be defined via 'typedef'
35 | typedef _Bool bool;
| ^~~~
include/linux/types.h:35:33: note: 'bool' is a keyword with '-std=c23' onwards
Add '-std=gnu11' to the decompressor and purgatory CFLAGS to eliminate
these errors and make the C standard version of these areas match the
rest of the kernel.
Cc: stable@vger.kernel.org
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Heiko Carstens <hca@linux.ibm.com>
Link: https://lore.kernel.org/r/20250122-s390-fix-std-for-gcc-15-v1-1-8b00cadee083@kernel.org
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/Makefile | 2 +-
arch/s390/purgatory/Makefile | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/arch/s390/Makefile
+++ b/arch/s390/Makefile
@@ -21,7 +21,7 @@ KBUILD_AFLAGS_DECOMPRESSOR := $(CLANG_FL
ifndef CONFIG_AS_IS_LLVM
KBUILD_AFLAGS_DECOMPRESSOR += $(if $(CONFIG_DEBUG_INFO),$(aflags_dwarf))
endif
-KBUILD_CFLAGS_DECOMPRESSOR := $(CLANG_FLAGS) -m64 -O2 -mpacked-stack
+KBUILD_CFLAGS_DECOMPRESSOR := $(CLANG_FLAGS) -m64 -O2 -mpacked-stack -std=gnu11
KBUILD_CFLAGS_DECOMPRESSOR += -DDISABLE_BRANCH_PROFILING -D__NO_FORTIFY
KBUILD_CFLAGS_DECOMPRESSOR += -fno-delete-null-pointer-checks -msoft-float -mbackchain
KBUILD_CFLAGS_DECOMPRESSOR += -fno-asynchronous-unwind-tables
--- a/arch/s390/purgatory/Makefile
+++ b/arch/s390/purgatory/Makefile
@@ -21,7 +21,7 @@ UBSAN_SANITIZE := n
KASAN_SANITIZE := n
KCSAN_SANITIZE := n
-KBUILD_CFLAGS := -fno-strict-aliasing -Wall -Wstrict-prototypes
+KBUILD_CFLAGS := -std=gnu11 -fno-strict-aliasing -Wall -Wstrict-prototypes
KBUILD_CFLAGS += -Wno-pointer-sign -Wno-sign-compare
KBUILD_CFLAGS += -fno-zero-initialized-in-bss -fno-builtin -ffreestanding
KBUILD_CFLAGS += -c -MD -Os -m64 -msoft-float -fno-common
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 269/578] pinctrl: stm32: fix array read out of bound
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 268/578] s390: Add -std=gnu11 to decompressor and purgatory CFLAGS Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 270/578] btrfs: fix use-after-free when attempting to join an aborted transaction Greg Kroah-Hartman
` (317 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Antonio Borneo, Linus Walleij
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Antonio Borneo <antonio.borneo@foss.st.com>
commit edd48fd9d45370d6c8ba0dd834fcc51ff688cc87 upstream.
The existing code does not verify if the "tentative" index exceeds
the size of the array, causing out of bound read.
Issue identified with kasan.
Check the index before using it.
Signed-off-by: Antonio Borneo <antonio.borneo@foss.st.com>
Fixes: 32c170ff15b0 ("pinctrl: stm32: set default gpio line names using pin names")
Link: https://lore.kernel.org/r/20231107110520.4449-1-antonio.borneo@foss.st.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/stm32/pinctrl-stm32.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/pinctrl/stm32/pinctrl-stm32.c
+++ b/drivers/pinctrl/stm32/pinctrl-stm32.c
@@ -1282,9 +1282,11 @@ static struct stm32_desc_pin *stm32_pctr
int i;
/* With few exceptions (e.g. bank 'Z'), pin number matches with pin index in array */
- pin_desc = pctl->pins + stm32_pin_nb;
- if (pin_desc->pin.number == stm32_pin_nb)
- return pin_desc;
+ if (stm32_pin_nb < pctl->npins) {
+ pin_desc = pctl->pins + stm32_pin_nb;
+ if (pin_desc->pin.number == stm32_pin_nb)
+ return pin_desc;
+ }
/* Otherwise, loop all array to find the pin with the right number */
for (i = 0; i < pctl->npins; i++) {
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 270/578] btrfs: fix use-after-free when attempting to join an aborted transaction
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 269/578] pinctrl: stm32: fix array read out of bound Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 271/578] arm64/mm: Ensure adequate HUGE_MAX_HSTATE Greg Kroah-Hartman
` (316 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+45212e9d87a98c3f5b42,
Dmitry Vyukov, Johannes Thumshirn, Qu Wenruo, Filipe Manana,
David Sterba, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit e2f0943cf37305dbdeaf9846e3c941451bcdef63 ]
When we are trying to join the current transaction and if it's aborted,
we read its 'aborted' field after unlocking fs_info->trans_lock and
without holding any extra reference count on it. This means that a
concurrent task that is aborting the transaction may free the transaction
before we read its 'aborted' field, leading to a use-after-free.
Fix this by reading the 'aborted' field while holding fs_info->trans_lock
since any freeing task must first acquire that lock and set
fs_info->running_transaction to NULL before freeing the transaction.
This was reported by syzbot and Dmitry with the following stack traces
from KASAN:
==================================================================
BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278
Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128
CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound btrfs_async_reclaim_data_space
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0x169/0x550 mm/kasan/report.c:489
kasan_report+0x143/0x180 mm/kasan/report.c:602
join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278
start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697
flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803
btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Allocated by task 5315:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394
kasan_kmalloc include/linux/kasan.h:260 [inline]
__kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329
kmalloc_noprof include/linux/slab.h:901 [inline]
join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308
start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697
btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572
lookup_open fs/namei.c:3649 [inline]
open_last_lookups fs/namei.c:3748 [inline]
path_openat+0x1c03/0x3590 fs/namei.c:3984
do_filp_open+0x27f/0x4e0 fs/namei.c:4014
do_sys_openat2+0x13e/0x1d0 fs/open.c:1402
do_sys_open fs/open.c:1417 [inline]
__do_sys_creat fs/open.c:1495 [inline]
__se_sys_creat fs/open.c:1489 [inline]
__x64_sys_creat+0x123/0x170 fs/open.c:1489
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Freed by task 5336:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582
poison_slab_object mm/kasan/common.c:247 [inline]
__kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
kasan_slab_free include/linux/kasan.h:233 [inline]
slab_free_hook mm/slub.c:2353 [inline]
slab_free mm/slub.c:4613 [inline]
kfree+0x196/0x430 mm/slub.c:4761
cleanup_transaction fs/btrfs/transaction.c:2063 [inline]
btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598
insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757
btrfs_balance+0x992/0x10c0 fs/btrfs/volumes.c:4633
btrfs_ioctl_balance+0x493/0x7c0 fs/btrfs/ioctl.c:3670
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The buggy address belongs to the object at ffff888011839000
which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 36 bytes inside of
freed 2048-byte region [ffff888011839000, ffff888011839800)
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11838
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801ac42000 ffffea0000493400 dead000000000002
raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
head: 00fff00000000040 ffff88801ac42000 ffffea0000493400 dead000000000002
head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
head: 00fff00000000003 ffffea0000460e01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 57, tgid 57 (kworker/0:2), ts 67248182943, free_ts 67229742023
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1558
prep_new_page mm/page_alloc.c:1566 [inline]
get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3476
__alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4753
alloc_pages_mpol_noprof+0x3e1/0x780 mm/mempolicy.c:2269
alloc_slab_page+0x6a/0x110 mm/slub.c:2423
allocate_slab+0x5a/0x2b0 mm/slub.c:2589
new_slab mm/slub.c:2642 [inline]
___slab_alloc+0xc27/0x14a0 mm/slub.c:3830
__slab_alloc+0x58/0xa0 mm/slub.c:3920
__slab_alloc_node mm/slub.c:3995 [inline]
slab_alloc_node mm/slub.c:4156 [inline]
__do_kmalloc_node mm/slub.c:4297 [inline]
__kmalloc_node_track_caller_noprof+0x2e9/0x4c0 mm/slub.c:4317
kmalloc_reserve+0x111/0x2a0 net/core/skbuff.c:609
__alloc_skb+0x1f3/0x440 net/core/skbuff.c:678
alloc_skb include/linux/skbuff.h:1323 [inline]
alloc_skb_with_frags+0xc3/0x820 net/core/skbuff.c:6612
sock_alloc_send_pskb+0x91a/0xa60 net/core/sock.c:2884
sock_alloc_send_skb include/net/sock.h:1803 [inline]
mld_newpack+0x1c3/0xaf0 net/ipv6/mcast.c:1747
add_grhead net/ipv6/mcast.c:1850 [inline]
add_grec+0x1492/0x19a0 net/ipv6/mcast.c:1988
mld_send_cr net/ipv6/mcast.c:2114 [inline]
mld_ifc_work+0x691/0xd90 net/ipv6/mcast.c:2651
page last free pid 5300 tgid 5300 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1127 [inline]
free_unref_page+0xd3f/0x1010 mm/page_alloc.c:2659
__slab_free+0x2c2/0x380 mm/slub.c:4524
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
kasan_slab_alloc include/linux/kasan.h:250 [inline]
slab_post_alloc_hook mm/slub.c:4119 [inline]
slab_alloc_node mm/slub.c:4168 [inline]
__do_kmalloc_node mm/slub.c:4297 [inline]
__kmalloc_noprof+0x236/0x4c0 mm/slub.c:4310
kmalloc_noprof include/linux/slab.h:905 [inline]
kzalloc_noprof include/linux/slab.h:1037 [inline]
fib_create_info+0xc14/0x25b0 net/ipv4/fib_semantics.c:1435
fib_table_insert+0x1f6/0x1f20 net/ipv4/fib_trie.c:1231
fib_magic+0x3d8/0x620 net/ipv4/fib_frontend.c:1112
fib_add_ifaddr+0x40c/0x5e0 net/ipv4/fib_frontend.c:1156
fib_netdev_event+0x375/0x490 net/ipv4/fib_frontend.c:1494
notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85
__dev_notify_flags+0x207/0x400
dev_change_flags+0xf0/0x1a0 net/core/dev.c:9045
do_setlink+0xc90/0x4210 net/core/rtnetlink.c:3109
rtnl_changelink net/core/rtnetlink.c:3723 [inline]
__rtnl_newlink net/core/rtnetlink.c:3875 [inline]
rtnl_newlink+0x1bb6/0x2210 net/core/rtnetlink.c:4012
Memory state around the buggy address:
ffff888011838f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff888011838f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888011839000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff888011839080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888011839100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Reported-by: syzbot+45212e9d87a98c3f5b42@syzkaller.appspotmail.com
Link: https://lore.kernel.org/linux-btrfs/678e7da5.050a0220.303755.007c.GAE@google.com/
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Link: https://lore.kernel.org/linux-btrfs/CACT4Y+ZFBdo7pT8L2AzM=vegZwjp-wNkVJZQf0Ta3vZqtExaSw@mail.gmail.com/
Fixes: 871383be592b ("btrfs: add missing unlocks to transaction abort paths")
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/transaction.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
index 604241e6e2c1e..ff3e0d4cf4b48 100644
--- a/fs/btrfs/transaction.c
+++ b/fs/btrfs/transaction.c
@@ -262,8 +262,10 @@ static noinline int join_transaction(struct btrfs_fs_info *fs_info,
cur_trans = fs_info->running_transaction;
if (cur_trans) {
if (TRANS_ABORTED(cur_trans)) {
+ const int abort_error = cur_trans->aborted;
+
spin_unlock(&fs_info->trans_lock);
- return cur_trans->aborted;
+ return abort_error;
}
if (btrfs_blocked_trans_types[cur_trans->state] & type) {
spin_unlock(&fs_info->trans_lock);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 271/578] arm64/mm: Ensure adequate HUGE_MAX_HSTATE
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 270/578] btrfs: fix use-after-free when attempting to join an aborted transaction Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 272/578] exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Greg Kroah-Hartman
` (315 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Catalin Marinas, Will Deacon,
Ard Biesheuvel, Ryan Roberts, Mark Rutland, linux-arm-kernel,
linux-kernel, Anshuman Khandual, Gavin Shan, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anshuman Khandual <anshuman.khandual@arm.com>
[ Upstream commit 1e5823c8e86de83a43d59a522b4de29066d3b306 ]
This asserts that HUGE_MAX_HSTATE is sufficient enough preventing potential
hugetlb_max_hstate runtime overflow in hugetlb_add_hstate() thus triggering
a BUG_ON() there after.
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Ryan Roberts <ryan.roberts@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
Reviewed-by: Gavin Shan <gshan@redhat.com>
Link: https://lore.kernel.org/r/20241202064407.53807-1-anshuman.khandual@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/mm/hugetlbpage.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c
index 134dcf6bc650c..99810310efdda 100644
--- a/arch/arm64/mm/hugetlbpage.c
+++ b/arch/arm64/mm/hugetlbpage.c
@@ -544,6 +544,18 @@ pte_t huge_ptep_clear_flush(struct vm_area_struct *vma,
static int __init hugetlbpage_init(void)
{
+ /*
+ * HugeTLB pages are supported on maximum four page table
+ * levels (PUD, CONT PMD, PMD, CONT PTE) for a given base
+ * page size, corresponding to hugetlb_add_hstate() calls
+ * here.
+ *
+ * HUGE_MAX_HSTATE should at least match maximum supported
+ * HugeTLB page sizes on the platform. Any new addition to
+ * supported HugeTLB page sizes will also require changing
+ * HUGE_MAX_HSTATE as well.
+ */
+ BUILD_BUG_ON(HUGE_MAX_HSTATE < 4);
if (pud_sect_supported())
hugetlb_add_hstate(PUD_SHIFT - PAGE_SHIFT);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 272/578] exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 271/578] arm64/mm: Ensure adequate HUGE_MAX_HSTATE Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 273/578] btrfs: fix data race when accessing the inodes disk_i_size at btrfs_drop_extents() Greg Kroah-Hartman
` (314 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zbigniew Jędrzejewski-Szmek,
Tycho Andersen, Al Viro, Linus Torvalds, Aleksa Sarai, Kees Cook,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kees Cook <kees@kernel.org>
[ Upstream commit 543841d1806029889c2f69f040e88b247aba8e22 ]
Zbigniew mentioned at Linux Plumber's that systemd is interested in
switching to execveat() for service execution, but can't, because the
contents of /proc/pid/comm are the file descriptor which was used,
instead of the path to the binary[1]. This makes the output of tools like
top and ps useless, especially in a world where most fds are opened
CLOEXEC so the number is truly meaningless.
When the filename passed in is empty (e.g. with AT_EMPTY_PATH), use the
dentry's filename for "comm" instead of using the useless numeral from
the synthetic fdpath construction. This way the actual exec machinery
is unchanged, but cosmetically the comm looks reasonable to admins
investigating things.
Instead of adding TASK_COMM_LEN more bytes to bprm, use one of the unused
flag bits to indicate that we need to set "comm" from the dentry.
Suggested-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Suggested-by: Tycho Andersen <tandersen@netflix.com>
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://github.com/uapi-group/kernel-features#set-comm-field-before-exec [1]
Reviewed-by: Aleksa Sarai <cyphar@cyphar.com>
Tested-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/exec.c | 29 ++++++++++++++++++++++++++---
include/linux/binfmts.h | 4 +++-
2 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index a42c9b8b070d7..2039414cc6621 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1362,7 +1362,28 @@ int begin_new_exec(struct linux_binprm * bprm)
set_dumpable(current->mm, SUID_DUMP_USER);
perf_event_exec();
- __set_task_comm(me, kbasename(bprm->filename), true);
+
+ /*
+ * If the original filename was empty, alloc_bprm() made up a path
+ * that will probably not be useful to admins running ps or similar.
+ * Let's fix it up to be something reasonable.
+ */
+ if (bprm->comm_from_dentry) {
+ /*
+ * Hold RCU lock to keep the name from being freed behind our back.
+ * Use acquire semantics to make sure the terminating NUL from
+ * __d_alloc() is seen.
+ *
+ * Note, we're deliberately sloppy here. We don't need to care about
+ * detecting a concurrent rename and just want a terminated name.
+ */
+ rcu_read_lock();
+ __set_task_comm(me, smp_load_acquire(&bprm->file->f_path.dentry->d_name.name),
+ true);
+ rcu_read_unlock();
+ } else {
+ __set_task_comm(me, kbasename(bprm->filename), true);
+ }
/* An exec changes our domain. We are no longer part of the thread
group */
@@ -1521,11 +1542,13 @@ static struct linux_binprm *alloc_bprm(int fd, struct filename *filename)
if (fd == AT_FDCWD || filename->name[0] == '/') {
bprm->filename = filename->name;
} else {
- if (filename->name[0] == '\0')
+ if (filename->name[0] == '\0') {
bprm->fdpath = kasprintf(GFP_KERNEL, "/dev/fd/%d", fd);
- else
+ bprm->comm_from_dentry = 1;
+ } else {
bprm->fdpath = kasprintf(GFP_KERNEL, "/dev/fd/%d/%s",
fd, filename->name);
+ }
if (!bprm->fdpath)
goto out_free;
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 8d51f69f9f5ef..af9056d78fadf 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -42,7 +42,9 @@ struct linux_binprm {
* Set when errors can no longer be returned to the
* original userspace.
*/
- point_of_no_return:1;
+ point_of_no_return:1,
+ /* Set when "comm" must come from the dentry. */
+ comm_from_dentry:1;
struct file *executable; /* Executable to pass to the interpreter */
struct file *interpreter;
struct file *file;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 273/578] btrfs: fix data race when accessing the inodes disk_i_size at btrfs_drop_extents()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 272/578] exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 274/578] btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Greg Kroah-Hartman
` (313 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Filipe Manana, Hao-ran Zheng,
David Sterba, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hao-ran Zheng <zhenghaoran154@gmail.com>
[ Upstream commit 5324c4e10e9c2ce307a037e904c0d9671d7137d9 ]
A data race occurs when the function `insert_ordered_extent_file_extent()`
and the function `btrfs_inode_safe_disk_i_size_write()` are executed
concurrently. The function `insert_ordered_extent_file_extent()` is not
locked when reading inode->disk_i_size, causing
`btrfs_inode_safe_disk_i_size_write()` to cause data competition when
writing inode->disk_i_size, thus affecting the value of `modify_tree`.
The specific call stack that appears during testing is as follows:
============DATA_RACE============
btrfs_drop_extents+0x89a/0xa060 [btrfs]
insert_reserved_file_extent+0xb54/0x2960 [btrfs]
insert_ordered_extent_file_extent+0xff5/0x1760 [btrfs]
btrfs_finish_one_ordered+0x1b85/0x36a0 [btrfs]
btrfs_finish_ordered_io+0x37/0x60 [btrfs]
finish_ordered_fn+0x3e/0x50 [btrfs]
btrfs_work_helper+0x9c9/0x27a0 [btrfs]
process_scheduled_works+0x716/0xf10
worker_thread+0xb6a/0x1190
kthread+0x292/0x330
ret_from_fork+0x4d/0x80
ret_from_fork_asm+0x1a/0x30
============OTHER_INFO============
btrfs_inode_safe_disk_i_size_write+0x4ec/0x600 [btrfs]
btrfs_finish_one_ordered+0x24c7/0x36a0 [btrfs]
btrfs_finish_ordered_io+0x37/0x60 [btrfs]
finish_ordered_fn+0x3e/0x50 [btrfs]
btrfs_work_helper+0x9c9/0x27a0 [btrfs]
process_scheduled_works+0x716/0xf10
worker_thread+0xb6a/0x1190
kthread+0x292/0x330
ret_from_fork+0x4d/0x80
ret_from_fork_asm+0x1a/0x30
=================================
The main purpose of the check of the inode's disk_i_size is to avoid
taking write locks on a btree path when we have a write at or beyond
EOF, since in these cases we don't expect to find extent items in the
root to drop. However if we end up taking write locks due to a data
race on disk_i_size, everything is still correct, we only add extra
lock contention on the tree in case there's concurrency from other tasks.
If the race causes us to not take write locks when we actually need them,
then everything is functionally correct as well, since if we find out we
have extent items to drop and we took read locks (modify_tree set to 0),
we release the path and retry again with write locks.
Since this data race does not affect the correctness of the function,
it is a harmless data race, use data_race() to check inode->disk_i_size.
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Hao-ran Zheng <zhenghaoran154@gmail.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index c8231677c79ef..bdb0f7c70752d 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -234,7 +234,7 @@ int btrfs_drop_extents(struct btrfs_trans_handle *trans,
if (args->drop_cache)
btrfs_drop_extent_map_range(inode, args->start, args->end - 1, false);
- if (args->start >= inode->disk_i_size && !args->replace_extent)
+ if (data_race(args->start >= inode->disk_i_size) && !args->replace_extent)
modify_tree = 0;
update_refs = (root->root_key.objectid != BTRFS_TREE_LOG_OBJECTID);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 274/578] btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 273/578] btrfs: fix data race when accessing the inodes disk_i_size at btrfs_drop_extents() Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 275/578] sched: Dont try to catch up excess steal time Greg Kroah-Hartman
` (312 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Boris Burkov, Josef Bacik,
David Sterba, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
[ Upstream commit 6a4730b325aaa48f7a5d5ba97aff0a955e2d9cec ]
This BUG_ON is meant to catch backref cache problems, but these can
arise from either bugs in the backref cache or corruption in the extent
tree. Fix it to be a proper error.
Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/relocation.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
index 4c6ba97299cd6..d6cda0b2e9256 100644
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -4423,8 +4423,18 @@ int btrfs_reloc_cow_block(struct btrfs_trans_handle *trans,
WARN_ON(!first_cow && level == 0);
node = rc->backref_cache.path[level];
- BUG_ON(node->bytenr != buf->start &&
- node->new_bytenr != buf->start);
+
+ /*
+ * If node->bytenr != buf->start and node->new_bytenr !=
+ * buf->start then we've got the wrong backref node for what we
+ * expected to see here and the cache is incorrect.
+ */
+ if (unlikely(node->bytenr != buf->start && node->new_bytenr != buf->start)) {
+ btrfs_err(fs_info,
+"bytenr %llu was found but our backref cache was expecting %llu or %llu",
+ buf->start, node->bytenr, node->new_bytenr);
+ return -EUCLEAN;
+ }
btrfs_backref_drop_node_buffer(node);
atomic_inc(&cow->refs);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 275/578] sched: Dont try to catch up excess steal time.
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 274/578] btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 276/578] lockdep: Fix upper limit for LOCKDEP_*_BITS configs Greg Kroah-Hartman
` (311 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Suleiman Souhlal,
Peter Zijlstra (Intel), Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Suleiman Souhlal <suleiman@google.com>
[ Upstream commit 108ad0999085df2366dd9ef437573955cb3f5586 ]
When steal time exceeds the measured delta when updating clock_task, we
currently try to catch up the excess in future updates.
However, this results in inaccurate run times for the future things using
clock_task, in some situations, as they end up getting additional steal
time that did not actually happen.
This is because there is a window between reading the elapsed time in
update_rq_clock() and sampling the steal time in update_rq_clock_task().
If the VCPU gets preempted between those two points, any additional
steal time is accounted to the outgoing task even though the calculated
delta did not actually contain any of that "stolen" time.
When this race happens, we can end up with steal time that exceeds the
calculated delta, and the previous code would try to catch up that excess
steal time in future clock updates, which is given to the next,
incoming task, even though it did not actually have any time stolen.
This behavior is particularly bad when steal time can be very long,
which we've seen when trying to extend steal time to contain the duration
that the host was suspended [0]. When this happens, clock_task stays
frozen, during which the running task stays running for the whole
duration, since its run time doesn't increase.
However the race can happen even under normal operation.
Ideally we would read the elapsed cpu time and the steal time atomically,
to prevent this race from happening in the first place, but doing so
is non-trivial.
Since the time between those two points isn't otherwise accounted anywhere,
neither to the outgoing task nor the incoming task (because the "end of
outgoing task" and "start of incoming task" timestamps are the same),
I would argue that the right thing to do is to simply drop any excess steal
time, in order to prevent these issues.
[0] https://lore.kernel.org/kvm/20240820043543.837914-1-suleiman@google.com/
Signed-off-by: Suleiman Souhlal <suleiman@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20241118043745.1857272-1-suleiman@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/core.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index f54d2da2f9a67..2f7519022c01c 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -704,13 +704,15 @@ static void update_rq_clock_task(struct rq *rq, s64 delta)
#endif
#ifdef CONFIG_PARAVIRT_TIME_ACCOUNTING
if (static_key_false((¶virt_steal_rq_enabled))) {
- steal = paravirt_steal_clock(cpu_of(rq));
+ u64 prev_steal;
+
+ steal = prev_steal = paravirt_steal_clock(cpu_of(rq));
steal -= rq->prev_steal_time_rq;
if (unlikely(steal > delta))
steal = delta;
- rq->prev_steal_time_rq += steal;
+ rq->prev_steal_time_rq = prev_steal;
delta -= steal;
}
#endif
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 276/578] lockdep: Fix upper limit for LOCKDEP_*_BITS configs
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 275/578] sched: Dont try to catch up excess steal time Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 277/578] x86/amd_nb: Restrict init function to AMD-based systems Greg Kroah-Hartman
` (310 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, J. R. Okajima, Peter Zijlstra,
Boqun Feng, Ingo Molnar, Waiman Long, Will Deacon, Carlos Llamas,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Carlos Llamas <cmllamas@google.com>
[ Upstream commit e638072e61726cae363d48812815197a2a0e097f ]
Lockdep has a set of configs used to determine the size of the static
arrays that it uses. However, the upper limit that was initially setup
for these configs is too high (30 bit shift). This equates to several
GiB of static memory for individual symbols. Using such high values
leads to linker errors:
$ make defconfig
$ ./scripts/config -e PROVE_LOCKING --set-val LOCKDEP_BITS 30
$ make olddefconfig all
[...]
ld: kernel image bigger than KERNEL_IMAGE_SIZE
ld: section .bss VMA wraps around address space
Adjust the upper limits to the maximum values that avoid these issues.
The need for anything more, likely points to a problem elsewhere. Note
that LOCKDEP_CHAINS_BITS was intentionally left out as its upper limit
had a different symptom and has already been fixed [1].
Reported-by: J. R. Okajima <hooanon05g@gmail.com>
Closes: https://lore.kernel.org/all/30795.1620913191@jrobl/ [1]
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Boqun Feng <boqun.feng@gmail.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Waiman Long <longman@redhat.com>
Cc: Will Deacon <will@kernel.org>
Acked-by: Waiman Long <longman@redhat.com>
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
Link: https://lore.kernel.org/r/20241024183631.643450-2-cmllamas@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/Kconfig.debug | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index b2dff19358938..e5fbae585e522 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -1409,7 +1409,7 @@ config LOCKDEP_SMALL
config LOCKDEP_BITS
int "Bitsize for MAX_LOCKDEP_ENTRIES"
depends on LOCKDEP && !LOCKDEP_SMALL
- range 10 30
+ range 10 24
default 15
help
Try increasing this value if you hit "BUG: MAX_LOCKDEP_ENTRIES too low!" message.
@@ -1425,7 +1425,7 @@ config LOCKDEP_CHAINS_BITS
config LOCKDEP_STACK_TRACE_BITS
int "Bitsize for MAX_STACK_TRACE_ENTRIES"
depends on LOCKDEP && !LOCKDEP_SMALL
- range 10 30
+ range 10 26
default 19
help
Try increasing this value if you hit "BUG: MAX_STACK_TRACE_ENTRIES too low!" message.
@@ -1433,7 +1433,7 @@ config LOCKDEP_STACK_TRACE_BITS
config LOCKDEP_STACK_TRACE_HASH_BITS
int "Bitsize for STACK_TRACE_HASH_SIZE"
depends on LOCKDEP && !LOCKDEP_SMALL
- range 10 30
+ range 10 26
default 14
help
Try increasing this value if you need large MAX_STACK_TRACE_ENTRIES.
@@ -1441,7 +1441,7 @@ config LOCKDEP_STACK_TRACE_HASH_BITS
config LOCKDEP_CIRCULAR_QUEUE_BITS
int "Bitsize for elements in circular_queue struct"
depends on LOCKDEP
- range 10 30
+ range 10 26
default 12
help
Try increasing this value if you hit "lockdep bfs error:-1" warning due to __cq_enqueue() failure.
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 277/578] x86/amd_nb: Restrict init function to AMD-based systems
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 276/578] lockdep: Fix upper limit for LOCKDEP_*_BITS configs Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 278/578] drm/virtio: New fence for every plane update Greg Kroah-Hartman
` (309 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yazen Ghannam, Borislav Petkov (AMD),
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yazen Ghannam <yazen.ghannam@amd.com>
[ Upstream commit bee9e840609cc67d0a7d82f22a2130fb7a0a766d ]
The code implicitly operates on AMD-based systems by matching on PCI
IDs. However, the use of these IDs is going away.
Add an explicit CPU vendor check instead of relying on PCI IDs.
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20241206161210.163701-3-yazen.ghannam@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/amd_nb.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c
index e8cc042e4905c..8992a6bce9f00 100644
--- a/arch/x86/kernel/amd_nb.c
+++ b/arch/x86/kernel/amd_nb.c
@@ -519,6 +519,10 @@ static __init void fix_erratum_688(void)
static __init int init_amd_nbs(void)
{
+ if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD &&
+ boot_cpu_data.x86_vendor != X86_VENDOR_HYGON)
+ return 0;
+
amd_cache_northbridges();
amd_cache_gart();
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 278/578] drm/virtio: New fence for every plane update
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 277/578] x86/amd_nb: Restrict init function to AMD-based systems Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 279/578] printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Greg Kroah-Hartman
` (308 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dongwon Kim, Dmitry Osipenko,
Vivek Kasireddy, Rob Clark, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dongwon Kim <dongwon.kim@intel.com>
[ Upstream commit d3c55b8ab6fe5fa2e7ab02efd36d09c39ee5022f ]
Having a fence linked to a virtio_gpu_framebuffer in the plane update
sequence would cause conflict when several planes referencing the same
framebuffer (e.g. Xorg screen covering multi-displays configured for an
extended mode) and those planes are updated concurrently. So it is needed
to allocate a fence for every plane state instead of the framebuffer.
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
[dmitry.osipenko@collabora.com: rebase, fix up, edit commit message]
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Acked-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Reviewed-by: Rob Clark <robdclark@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241020230803.247419-2-dmitry.osipenko@collabora.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/virtio/virtgpu_drv.h | 7 ++++
drivers/gpu/drm/virtio/virtgpu_plane.c | 58 +++++++++++++++++---------
2 files changed, 46 insertions(+), 19 deletions(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.h b/drivers/gpu/drm/virtio/virtgpu_drv.h
index 9b98470593b06..20a418f64533b 100644
--- a/drivers/gpu/drm/virtio/virtgpu_drv.h
+++ b/drivers/gpu/drm/virtio/virtgpu_drv.h
@@ -190,6 +190,13 @@ struct virtio_gpu_framebuffer {
#define to_virtio_gpu_framebuffer(x) \
container_of(x, struct virtio_gpu_framebuffer, base)
+struct virtio_gpu_plane_state {
+ struct drm_plane_state base;
+ struct virtio_gpu_fence *fence;
+};
+#define to_virtio_gpu_plane_state(x) \
+ container_of(x, struct virtio_gpu_plane_state, base)
+
struct virtio_gpu_queue {
struct virtqueue *vq;
spinlock_t qlock;
diff --git a/drivers/gpu/drm/virtio/virtgpu_plane.c b/drivers/gpu/drm/virtio/virtgpu_plane.c
index 4c09e313bebcd..0c073ba4974fb 100644
--- a/drivers/gpu/drm/virtio/virtgpu_plane.c
+++ b/drivers/gpu/drm/virtio/virtgpu_plane.c
@@ -66,11 +66,28 @@ uint32_t virtio_gpu_translate_format(uint32_t drm_fourcc)
return format;
}
+static struct
+drm_plane_state *virtio_gpu_plane_duplicate_state(struct drm_plane *plane)
+{
+ struct virtio_gpu_plane_state *new;
+
+ if (WARN_ON(!plane->state))
+ return NULL;
+
+ new = kzalloc(sizeof(*new), GFP_KERNEL);
+ if (!new)
+ return NULL;
+
+ __drm_atomic_helper_plane_duplicate_state(plane, &new->base);
+
+ return &new->base;
+}
+
static const struct drm_plane_funcs virtio_gpu_plane_funcs = {
.update_plane = drm_atomic_helper_update_plane,
.disable_plane = drm_atomic_helper_disable_plane,
.reset = drm_atomic_helper_plane_reset,
- .atomic_duplicate_state = drm_atomic_helper_plane_duplicate_state,
+ .atomic_duplicate_state = virtio_gpu_plane_duplicate_state,
.atomic_destroy_state = drm_atomic_helper_plane_destroy_state,
};
@@ -128,11 +145,13 @@ static void virtio_gpu_resource_flush(struct drm_plane *plane,
struct drm_device *dev = plane->dev;
struct virtio_gpu_device *vgdev = dev->dev_private;
struct virtio_gpu_framebuffer *vgfb;
+ struct virtio_gpu_plane_state *vgplane_st;
struct virtio_gpu_object *bo;
vgfb = to_virtio_gpu_framebuffer(plane->state->fb);
+ vgplane_st = to_virtio_gpu_plane_state(plane->state);
bo = gem_to_virtio_gpu_obj(vgfb->base.obj[0]);
- if (vgfb->fence) {
+ if (vgplane_st->fence) {
struct virtio_gpu_object_array *objs;
objs = virtio_gpu_array_alloc(1);
@@ -141,13 +160,11 @@ static void virtio_gpu_resource_flush(struct drm_plane *plane,
virtio_gpu_array_add_obj(objs, vgfb->base.obj[0]);
virtio_gpu_array_lock_resv(objs);
virtio_gpu_cmd_resource_flush(vgdev, bo->hw_res_handle, x, y,
- width, height, objs, vgfb->fence);
+ width, height, objs,
+ vgplane_st->fence);
virtio_gpu_notify(vgdev);
-
- dma_fence_wait_timeout(&vgfb->fence->f, true,
+ dma_fence_wait_timeout(&vgplane_st->fence->f, true,
msecs_to_jiffies(50));
- dma_fence_put(&vgfb->fence->f);
- vgfb->fence = NULL;
} else {
virtio_gpu_cmd_resource_flush(vgdev, bo->hw_res_handle, x, y,
width, height, NULL, NULL);
@@ -237,20 +254,23 @@ static int virtio_gpu_plane_prepare_fb(struct drm_plane *plane,
struct drm_device *dev = plane->dev;
struct virtio_gpu_device *vgdev = dev->dev_private;
struct virtio_gpu_framebuffer *vgfb;
+ struct virtio_gpu_plane_state *vgplane_st;
struct virtio_gpu_object *bo;
if (!new_state->fb)
return 0;
vgfb = to_virtio_gpu_framebuffer(new_state->fb);
+ vgplane_st = to_virtio_gpu_plane_state(new_state);
bo = gem_to_virtio_gpu_obj(vgfb->base.obj[0]);
if (!bo || (plane->type == DRM_PLANE_TYPE_PRIMARY && !bo->guest_blob))
return 0;
- if (bo->dumb && (plane->state->fb != new_state->fb)) {
- vgfb->fence = virtio_gpu_fence_alloc(vgdev, vgdev->fence_drv.context,
+ if (bo->dumb) {
+ vgplane_st->fence = virtio_gpu_fence_alloc(vgdev,
+ vgdev->fence_drv.context,
0);
- if (!vgfb->fence)
+ if (!vgplane_st->fence)
return -ENOMEM;
}
@@ -260,15 +280,15 @@ static int virtio_gpu_plane_prepare_fb(struct drm_plane *plane,
static void virtio_gpu_plane_cleanup_fb(struct drm_plane *plane,
struct drm_plane_state *state)
{
- struct virtio_gpu_framebuffer *vgfb;
+ struct virtio_gpu_plane_state *vgplane_st;
if (!state->fb)
return;
- vgfb = to_virtio_gpu_framebuffer(state->fb);
- if (vgfb->fence) {
- dma_fence_put(&vgfb->fence->f);
- vgfb->fence = NULL;
+ vgplane_st = to_virtio_gpu_plane_state(state);
+ if (vgplane_st->fence) {
+ dma_fence_put(&vgplane_st->fence->f);
+ vgplane_st->fence = NULL;
}
}
@@ -281,6 +301,7 @@ static void virtio_gpu_cursor_plane_update(struct drm_plane *plane,
struct virtio_gpu_device *vgdev = dev->dev_private;
struct virtio_gpu_output *output = NULL;
struct virtio_gpu_framebuffer *vgfb;
+ struct virtio_gpu_plane_state *vgplane_st;
struct virtio_gpu_object *bo = NULL;
uint32_t handle;
@@ -293,6 +314,7 @@ static void virtio_gpu_cursor_plane_update(struct drm_plane *plane,
if (plane->state->fb) {
vgfb = to_virtio_gpu_framebuffer(plane->state->fb);
+ vgplane_st = to_virtio_gpu_plane_state(plane->state);
bo = gem_to_virtio_gpu_obj(vgfb->base.obj[0]);
handle = bo->hw_res_handle;
} else {
@@ -312,11 +334,9 @@ static void virtio_gpu_cursor_plane_update(struct drm_plane *plane,
(vgdev, 0,
plane->state->crtc_w,
plane->state->crtc_h,
- 0, 0, objs, vgfb->fence);
+ 0, 0, objs, vgplane_st->fence);
virtio_gpu_notify(vgdev);
- dma_fence_wait(&vgfb->fence->f, true);
- dma_fence_put(&vgfb->fence->f);
- vgfb->fence = NULL;
+ dma_fence_wait(&vgplane_st->fence->f, true);
}
if (plane->state->fb != old_state->fb) {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 279/578] printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 278/578] drm/virtio: New fence for every plane update Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 280/578] drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Greg Kroah-Hartman
` (307 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kuan-Wei Chiu, Petr Mladek,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuan-Wei Chiu <visitorckw@gmail.com>
[ Upstream commit 3d6f83df8ff2d5de84b50377e4f0d45e25311c7a ]
Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which
leads to undefined behavior. To prevent this, cast 1 to u32 before
performing the shift, ensuring well-defined behavior.
This change explicitly avoids any potential overflow by ensuring that
the shift occurs on an unsigned 32-bit integer.
Signed-off-by: Kuan-Wei Chiu <visitorckw@gmail.com>
Acked-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20240928113608.1438087-1-visitorckw@gmail.com
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/printk/printk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index 5a88134fba79f..c93beab96c860 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -403,7 +403,7 @@ static struct latched_seq clear_seq = {
/* record buffer */
#define LOG_ALIGN __alignof__(unsigned long)
#define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT)
-#define LOG_BUF_LEN_MAX (u32)(1 << 31)
+#define LOG_BUF_LEN_MAX ((u32)1 << 31)
static char __log_buf[__LOG_BUF_LEN] __aligned(LOG_ALIGN);
static char *log_buf = __log_buf;
static u32 log_buf_len = __LOG_BUF_LEN;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 280/578] drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 279/578] printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 281/578] drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Greg Kroah-Hartman
` (306 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Wheeler, Wayne Lin,
Fangzhi Zuo, Rodrigo Siqueira, Alex Deucher, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fangzhi Zuo <Jerry.Zuo@amd.com>
[ Upstream commit e56ad45e991128bf4db160b75a1d9f647a341d8f ]
Source --> DP2.1 MST hub --> DP1.4/2.1 monitor
When change from DP1.4 to DP2.1 from monitor manual, modes higher than
4k120 are all cutoff by mode validation. Switch back to DP1.4 gets all
the modes up to 4k240 available to be enabled by dsc passthrough.
[why]
Compared to DP1.4 link from hub to monitor, DP2.1 link has larger
full_pbn value that causes overflow in the process of doing conversion
from pbn to kbps.
[how]
Change the data type accordingly to fit into the data limit during
conversion calculation.
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Reviewed-by: Wayne Lin <wayne.lin@amd.com>
Signed-off-by: Fangzhi Zuo <Jerry.Zuo@amd.com>
Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c
index 1acef5f3838f3..5eb994ed54717 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c
@@ -1555,16 +1555,16 @@ int pre_validate_dsc(struct drm_atomic_state *state,
return ret;
}
-static unsigned int kbps_from_pbn(unsigned int pbn)
+static uint32_t kbps_from_pbn(unsigned int pbn)
{
- unsigned int kbps = pbn;
+ uint64_t kbps = (uint64_t)pbn;
kbps *= (1000000 / PEAK_FACTOR_X1000);
kbps *= 8;
kbps *= 54;
kbps /= 64;
- return kbps;
+ return (uint32_t)kbps;
}
static bool is_dsc_common_config_possible(struct dc_stream_state *stream,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 281/578] drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 280/578] drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 282/578] drm/bridge: it6505: fix HDCP Bstatus check Greg Kroah-Hartman
` (305 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Hermes Wu,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hermes Wu <hermes.wu@ite.com.tw>
[ Upstream commit 85597bc0d70c287ba41f17d14d3d857a38a3d727 ]
A HDCP source device shall support max downstream to 127 devices.
Change definition MAX_HDCP_DOWN_STREAM_COUNT to 127
KSVs shall save for DRM blocked devices check.
This results in struct it6505 growth by ~0.5 KiB.
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Hermes Wu <hermes.wu@ite.com.tw>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20241230-v7-upstream-v7-4-e0fdd4844703@ite.corp-partner.google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/ite-it6505.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/ite-it6505.c b/drivers/gpu/drm/bridge/ite-it6505.c
index 45596b211fb88..6140dea66e43a 100644
--- a/drivers/gpu/drm/bridge/ite-it6505.c
+++ b/drivers/gpu/drm/bridge/ite-it6505.c
@@ -296,7 +296,7 @@
#define MAX_LANE_COUNT 4
#define MAX_LINK_RATE HBR
#define AUTO_TRAIN_RETRY 3
-#define MAX_HDCP_DOWN_STREAM_COUNT 10
+#define MAX_HDCP_DOWN_STREAM_COUNT 127
#define MAX_CR_LEVEL 0x03
#define MAX_EQ_LEVEL 0x03
#define AUX_WAIT_TIMEOUT_MS 15
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 282/578] drm/bridge: it6505: fix HDCP Bstatus check
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 281/578] drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 283/578] drm/bridge: it6505: fix HDCP encryption when R0 ready Greg Kroah-Hartman
` (304 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Hermes Wu,
AngeloGioacchino Del Regno, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hermes Wu <hermes.wu@ite.com.tw>
[ Upstream commit 0fd2ff47d8c207fa3173661de04bb9e8201c0ad2 ]
When HDCP is activated,
a DisplayPort source receiving CP_IRQ from the sink
shall check Bstatus from DPCD and process the corresponding value
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Hermes Wu <hermes.wu@ite.com.tw>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20241230-v7-upstream-v7-5-e0fdd4844703@ite.corp-partner.google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/ite-it6505.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/bridge/ite-it6505.c b/drivers/gpu/drm/bridge/ite-it6505.c
index 6140dea66e43a..7e82f36f9fd02 100644
--- a/drivers/gpu/drm/bridge/ite-it6505.c
+++ b/drivers/gpu/drm/bridge/ite-it6505.c
@@ -2292,14 +2292,20 @@ static int it6505_process_hpd_irq(struct it6505 *it6505)
DRM_DEV_DEBUG_DRIVER(dev, "dp_irq_vector = 0x%02x", dp_irq_vector);
if (dp_irq_vector & DP_CP_IRQ) {
- it6505_set_bits(it6505, REG_HDCP_TRIGGER, HDCP_TRIGGER_CPIRQ,
- HDCP_TRIGGER_CPIRQ);
-
bstatus = it6505_dpcd_read(it6505, DP_AUX_HDCP_BSTATUS);
if (bstatus < 0)
return bstatus;
DRM_DEV_DEBUG_DRIVER(dev, "Bstatus = 0x%02x", bstatus);
+
+ /*Check BSTATUS when recive CP_IRQ */
+ if (bstatus & DP_BSTATUS_R0_PRIME_READY &&
+ it6505->hdcp_status == HDCP_AUTH_GOING)
+ it6505_set_bits(it6505, REG_HDCP_TRIGGER, HDCP_TRIGGER_CPIRQ,
+ HDCP_TRIGGER_CPIRQ);
+ else if (bstatus & (DP_BSTATUS_REAUTH_REQ | DP_BSTATUS_LINK_FAILURE) &&
+ it6505->hdcp_status == HDCP_AUTH_DONE)
+ it6505_start_hdcp(it6505);
}
ret = drm_dp_dpcd_read_link_status(&it6505->aux, link_status);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 283/578] drm/bridge: it6505: fix HDCP encryption when R0 ready
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 282/578] drm/bridge: it6505: fix HDCP Bstatus check Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 284/578] drm/bridge: it6505: fix HDCP CTS compare V matching Greg Kroah-Hartman
` (303 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hermes Wu,
AngeloGioacchino Del Regno, Dmitry Baryshkov, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hermes Wu <hermes.wu@ite.com.tw>
[ Upstream commit 8c01b0bae2f9e58f2fee0e811cb90d8331986554 ]
When starting HDCP authentication, HDCP encryption should be enabled
when R0'is checked.
Change encryption enables time at R0' ready.
The hardware HDCP engine trigger is changed and the repeater KSV fails
will restart HDCP.
Signed-off-by: Hermes Wu <hermes.wu@ite.com.tw>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20241230-v7-upstream-v7-6-e0fdd4844703@ite.corp-partner.google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/ite-it6505.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/bridge/ite-it6505.c b/drivers/gpu/drm/bridge/ite-it6505.c
index 7e82f36f9fd02..c0bc9e0ce9810 100644
--- a/drivers/gpu/drm/bridge/ite-it6505.c
+++ b/drivers/gpu/drm/bridge/ite-it6505.c
@@ -2069,15 +2069,12 @@ static void it6505_hdcp_wait_ksv_list(struct work_struct *work)
ksv_list_check = it6505_hdcp_part2_ksvlist_check(it6505);
DRM_DEV_DEBUG_DRIVER(dev, "ksv list ready, ksv list check %s",
ksv_list_check ? "pass" : "fail");
- if (ksv_list_check) {
- it6505_set_bits(it6505, REG_HDCP_TRIGGER,
- HDCP_TRIGGER_KSV_DONE, HDCP_TRIGGER_KSV_DONE);
+
+ if (ksv_list_check)
return;
- }
+
timeout:
- it6505_set_bits(it6505, REG_HDCP_TRIGGER,
- HDCP_TRIGGER_KSV_DONE | HDCP_TRIGGER_KSV_FAIL,
- HDCP_TRIGGER_KSV_DONE | HDCP_TRIGGER_KSV_FAIL);
+ it6505_start_hdcp(it6505);
}
static void it6505_hdcp_work(struct work_struct *work)
@@ -2425,7 +2422,11 @@ static void it6505_irq_hdcp_ksv_check(struct it6505 *it6505)
{
struct device *dev = &it6505->client->dev;
- DRM_DEV_DEBUG_DRIVER(dev, "HDCP event Interrupt");
+ DRM_DEV_DEBUG_DRIVER(dev, "HDCP repeater R0 event Interrupt");
+ /* 1B01 HDCP encription should start when R0 is ready*/
+ it6505_set_bits(it6505, REG_HDCP_TRIGGER,
+ HDCP_TRIGGER_KSV_DONE, HDCP_TRIGGER_KSV_DONE);
+
schedule_work(&it6505->hdcp_wait_ksv_list);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 284/578] drm/bridge: it6505: fix HDCP CTS compare V matching
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 283/578] drm/bridge: it6505: fix HDCP encryption when R0 ready Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 285/578] safesetid: check size of policy writes Greg Kroah-Hartman
` (302 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hermes Wu,
AngeloGioacchino Del Regno, Dmitry Baryshkov, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hermes Wu <hermes.wu@ite.com.tw>
[ Upstream commit 0989c02c7a5c887c70afeae80c64d0291624e1a7 ]
When HDCP negotiation with a repeater device.
Checking SHA V' matching must retry 3 times before restarting HDCP.
Signed-off-by: Hermes Wu <hermes.wu@ite.com.tw>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20241230-v7-upstream-v7-8-e0fdd4844703@ite.corp-partner.google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/ite-it6505.c | 32 +++++++++++++++++------------
1 file changed, 19 insertions(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/bridge/ite-it6505.c b/drivers/gpu/drm/bridge/ite-it6505.c
index c0bc9e0ce9810..7c3bd539655b8 100644
--- a/drivers/gpu/drm/bridge/ite-it6505.c
+++ b/drivers/gpu/drm/bridge/ite-it6505.c
@@ -2011,7 +2011,7 @@ static bool it6505_hdcp_part2_ksvlist_check(struct it6505 *it6505)
{
struct device *dev = &it6505->client->dev;
u8 av[5][4], bv[5][4];
- int i, err;
+ int i, err, retry;
i = it6505_setup_sha1_input(it6505, it6505->sha1_input);
if (i <= 0) {
@@ -2020,22 +2020,28 @@ static bool it6505_hdcp_part2_ksvlist_check(struct it6505 *it6505)
}
it6505_sha1_digest(it6505, it6505->sha1_input, i, (u8 *)av);
+ /*1B-05 V' must retry 3 times */
+ for (retry = 0; retry < 3; retry++) {
+ err = it6505_get_dpcd(it6505, DP_AUX_HDCP_V_PRIME(0), (u8 *)bv,
+ sizeof(bv));
- err = it6505_get_dpcd(it6505, DP_AUX_HDCP_V_PRIME(0), (u8 *)bv,
- sizeof(bv));
+ if (err < 0) {
+ dev_err(dev, "Read V' value Fail %d", retry);
+ continue;
+ }
- if (err < 0) {
- dev_err(dev, "Read V' value Fail");
- return false;
- }
+ for (i = 0; i < 5; i++) {
+ if (bv[i][3] != av[i][0] || bv[i][2] != av[i][1] ||
+ av[i][1] != av[i][2] || bv[i][0] != av[i][3])
+ break;
- for (i = 0; i < 5; i++)
- if (bv[i][3] != av[i][0] || bv[i][2] != av[i][1] ||
- bv[i][1] != av[i][2] || bv[i][0] != av[i][3])
- return false;
+ DRM_DEV_DEBUG_DRIVER(dev, "V' all match!! %d, %d", retry, i);
+ return true;
+ }
+ }
- DRM_DEV_DEBUG_DRIVER(dev, "V' all match!!");
- return true;
+ DRM_DEV_DEBUG_DRIVER(dev, "V' NOT match!! %d", retry);
+ return false;
}
static void it6505_hdcp_wait_ksv_list(struct work_struct *work)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 285/578] safesetid: check size of policy writes
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 284/578] drm/bridge: it6505: fix HDCP CTS compare V matching Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 286/578] tun: fix group permission check Greg Kroah-Hartman
` (301 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+4eb7a741b3216020043a,
Leo Stone, Paul Moore, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Leo Stone <leocstone@gmail.com>
[ Upstream commit f09ff307c7299392f1c88f763299e24bc99811c7 ]
syzbot attempts to write a buffer with a large size to a sysfs entry
with writes handled by handle_policy_update(), triggering a warning
in kmalloc.
Check the size specified for write buffers before allocating.
Reported-by: syzbot+4eb7a741b3216020043a@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=4eb7a741b3216020043a
Signed-off-by: Leo Stone <leocstone@gmail.com>
[PM: subject tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/safesetid/securityfs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c
index 25310468bcddf..8e1ffd70b18ab 100644
--- a/security/safesetid/securityfs.c
+++ b/security/safesetid/securityfs.c
@@ -143,6 +143,9 @@ static ssize_t handle_policy_update(struct file *file,
char *buf, *p, *end;
int err;
+ if (len >= KMALLOC_MAX_SIZE)
+ return -EINVAL;
+
pol = kmalloc(sizeof(struct setid_ruleset), GFP_KERNEL);
if (!pol)
return -ENOMEM;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 286/578] tun: fix group permission check
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 285/578] safesetid: check size of policy writes Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 287/578] mmc: core: Respect quirk_max_rate for non-UHS SDIO card Greg Kroah-Hartman
` (300 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stas Sergeev, Willem de Bruijn,
Jason Wang, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stas Sergeev <stsp2@yandex.ru>
[ Upstream commit 3ca459eaba1bf96a8c7878de84fa8872259a01e3 ]
Currently tun checks the group permission even if the user have matched.
Besides going against the usual permission semantic, this has a
very interesting implication: if the tun group is not among the
supplementary groups of the tun user, then effectively no one can
access the tun device. CAP_SYS_ADMIN still can, but its the same as
not setting the tun ownership.
This patch relaxes the group checking so that either the user match
or the group match is enough. This avoids the situation when no one
can access the device even though the ownership is properly set.
Also I simplified the logic by removing the redundant inversions:
tun_not_capable() --> !tun_capable()
Signed-off-by: Stas Sergeev <stsp2@yandex.ru>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Link: https://patch.msgid.link/20241205073614.294773-1-stsp2@yandex.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/tun.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index ea98d93138c12..a6c9f9062dbd4 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -574,14 +574,18 @@ static u16 tun_select_queue(struct net_device *dev, struct sk_buff *skb,
return ret;
}
-static inline bool tun_not_capable(struct tun_struct *tun)
+static inline bool tun_capable(struct tun_struct *tun)
{
const struct cred *cred = current_cred();
struct net *net = dev_net(tun->dev);
- return ((uid_valid(tun->owner) && !uid_eq(cred->euid, tun->owner)) ||
- (gid_valid(tun->group) && !in_egroup_p(tun->group))) &&
- !ns_capable(net->user_ns, CAP_NET_ADMIN);
+ if (ns_capable(net->user_ns, CAP_NET_ADMIN))
+ return 1;
+ if (uid_valid(tun->owner) && uid_eq(cred->euid, tun->owner))
+ return 1;
+ if (gid_valid(tun->group) && in_egroup_p(tun->group))
+ return 1;
+ return 0;
}
static void tun_set_real_num_queues(struct tun_struct *tun)
@@ -2767,7 +2771,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
!!(tun->flags & IFF_MULTI_QUEUE))
return -EINVAL;
- if (tun_not_capable(tun))
+ if (!tun_capable(tun))
return -EPERM;
err = security_tun_dev_open(tun->security);
if (err < 0)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 287/578] mmc: core: Respect quirk_max_rate for non-UHS SDIO card
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 286/578] tun: fix group permission check Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 288/578] wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Greg Kroah-Hartman
` (299 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Shawn Lin, Ulf Hansson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shawn Lin <shawn.lin@rock-chips.com>
[ Upstream commit a2a44f8da29352f76c99c6904ee652911b8dc7dd ]
The card-quirk was added to limit the clock-rate for a card with UHS-mode
support, although let's respect the quirk for non-UHS mode too, to make the
behaviour consistent.
Signed-off-by: Shawn Lin <shawn.lin@rock-chips.com>
Message-ID: <1732268242-72799-1-git-send-email-shawn.lin@rock-chips.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/core/sdio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/mmc/core/sdio.c b/drivers/mmc/core/sdio.c
index 5914516df2f7f..cb87e82737793 100644
--- a/drivers/mmc/core/sdio.c
+++ b/drivers/mmc/core/sdio.c
@@ -458,6 +458,8 @@ static unsigned mmc_sdio_get_max_clock(struct mmc_card *card)
if (mmc_card_sd_combo(card))
max_dtr = min(max_dtr, mmc_sd_get_max_clock(card));
+ max_dtr = min_not_zero(max_dtr, card->quirk_max_rate);
+
return max_dtr;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 288/578] wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 287/578] mmc: core: Respect quirk_max_rate for non-UHS SDIO card Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 289/578] tomoyo: dont emit warning in tomoyo_write_control() Greg Kroah-Hartman
` (298 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Antipov, Arend van Spriel,
Kalle Valo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit 3f4a0948c3524ae50f166dbc6572a3296b014e62 ]
In 'wlc_phy_iqcal_gainparams_nphy()', add gain range check to WARN()
instead of possible out-of-bounds 'tbl_iqcal_gainparams_nphy' access.
Compile tested only.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20241210070441.836362-1-dmantipov@yandex.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c
index 8580a27547891..42e7bc67e9143 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c
@@ -23427,6 +23427,9 @@ wlc_phy_iqcal_gainparams_nphy(struct brcms_phy *pi, u16 core_no,
break;
}
+ if (WARN_ON(k == NPHY_IQCAL_NUMGAINS))
+ return;
+
params->txgm = tbl_iqcal_gainparams_nphy[band_idx][k][1];
params->pga = tbl_iqcal_gainparams_nphy[band_idx][k][2];
params->pad = tbl_iqcal_gainparams_nphy[band_idx][k][3];
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 289/578] tomoyo: dont emit warning in tomoyo_write_control()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 288/578] wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 290/578] mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Greg Kroah-Hartman
` (297 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+7536f77535e5210a5c76,
Leo Stone, Tetsuo Handa, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit 3df7546fc03b8f004eee0b9e3256369f7d096685 ]
syzbot is reporting too large allocation warning at tomoyo_write_control(),
for one can write a very very long line without new line character. To fix
this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,
for practically a valid line should be always shorter than 32KB where the
"too small to fail" memory-allocation rule applies.
One might try to write a valid line that is longer than 32KB, but such
request will likely fail with -ENOMEM. Therefore, I feel that separately
returning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.
There is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.
Reported-by: syzbot+7536f77535e5210a5c76@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=7536f77535e5210a5c76
Reported-by: Leo Stone <leocstone@gmail.com>
Closes: https://lkml.kernel.org/r/20241216021459.178759-2-leocstone@gmail.com
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/tomoyo/common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index a7af085550b2d..5f1cdd0af115d 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -2664,7 +2664,7 @@ ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
if (head->w.avail >= head->writebuf_size - 1) {
const int len = head->writebuf_size * 2;
- char *cp = kzalloc(len, GFP_NOFS);
+ char *cp = kzalloc(len, GFP_NOFS | __GFP_NOWARN);
if (!cp) {
error = -ENOMEM;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 290/578] mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 289/578] tomoyo: dont emit warning in tomoyo_write_control() Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 291/578] HID: Wacom: Add PCI Wacom device support Greg Kroah-Hartman
` (296 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Andy Shevchenko,
Lee Jones, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 1e89d21f8189d286f80b900e1b7cf57cb1f3037e ]
On N4100 / N4120 Gemini Lake SoCs the ISA bridge PCI device-id is 31e8
rather the 3197 found on e.g. the N4000 / N4020.
While at fix the existing GLK PCI-id table entry breaking the table
being sorted by device-id.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20241114193808.110132-1-hdegoede@redhat.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/lpc_ich.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mfd/lpc_ich.c b/drivers/mfd/lpc_ich.c
index 7b1c597b6879f..03367fcac42a7 100644
--- a/drivers/mfd/lpc_ich.c
+++ b/drivers/mfd/lpc_ich.c
@@ -756,8 +756,9 @@ static const struct pci_device_id lpc_ich_ids[] = {
{ PCI_VDEVICE(INTEL, 0x2917), LPC_ICH9ME},
{ PCI_VDEVICE(INTEL, 0x2918), LPC_ICH9},
{ PCI_VDEVICE(INTEL, 0x2919), LPC_ICH9M},
- { PCI_VDEVICE(INTEL, 0x3197), LPC_GLK},
{ PCI_VDEVICE(INTEL, 0x2b9c), LPC_COUGARMOUNTAIN},
+ { PCI_VDEVICE(INTEL, 0x3197), LPC_GLK},
+ { PCI_VDEVICE(INTEL, 0x31e8), LPC_GLK},
{ PCI_VDEVICE(INTEL, 0x3a14), LPC_ICH10DO},
{ PCI_VDEVICE(INTEL, 0x3a16), LPC_ICH10R},
{ PCI_VDEVICE(INTEL, 0x3a18), LPC_ICH10},
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 291/578] HID: Wacom: Add PCI Wacom device support
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 290/578] mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 292/578] net/mlx5: use do_aux_work for PHC overflow checks Greg Kroah-Hartman
` (295 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Even Xu, Tatsunosuke Tobita,
Ping Cheng, Jiri Kosina, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Even Xu <even.xu@intel.com>
[ Upstream commit c4c123504a65583e3689b3de04a61dc5272e453a ]
Add PCI device ID of wacom device into driver support list.
Signed-off-by: Even Xu <even.xu@intel.com>
Tested-by: Tatsunosuke Tobita <tatsunosuke.tobita@wacom.com>
Reviewed-by: Ping Cheng <ping.cheng@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/wacom_wac.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c
index 3551a6d3795e6..ce54b8354a7d4 100644
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -4914,6 +4914,10 @@ static const struct wacom_features wacom_features_0x94 =
HID_DEVICE(BUS_I2C, HID_GROUP_WACOM, USB_VENDOR_ID_WACOM, prod),\
.driver_data = (kernel_ulong_t)&wacom_features_##prod
+#define PCI_DEVICE_WACOM(prod) \
+ HID_DEVICE(BUS_PCI, HID_GROUP_WACOM, USB_VENDOR_ID_WACOM, prod),\
+ .driver_data = (kernel_ulong_t)&wacom_features_##prod
+
#define USB_DEVICE_LENOVO(prod) \
HID_USB_DEVICE(USB_VENDOR_ID_LENOVO, prod), \
.driver_data = (kernel_ulong_t)&wacom_features_##prod
@@ -5083,6 +5087,7 @@ const struct hid_device_id wacom_ids[] = {
{ USB_DEVICE_WACOM(HID_ANY_ID) },
{ I2C_DEVICE_WACOM(HID_ANY_ID) },
+ { PCI_DEVICE_WACOM(HID_ANY_ID) },
{ BT_DEVICE_WACOM(HID_ANY_ID) },
{ }
};
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 292/578] net/mlx5: use do_aux_work for PHC overflow checks
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 291/578] HID: Wacom: Add PCI Wacom device support Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 293/578] wifi: brcmfmac: Check the return value of of_property_read_string_index() Greg Kroah-Hartman
` (294 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dragos Tatulea, Vadim Fedorenko,
Tariq Toukan, Paolo Abeni, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vadim Fedorenko <vadfed@meta.com>
[ Upstream commit e61e6c415ba9ff2b32bb6780ce1b17d1d76238f1 ]
The overflow_work is using system wq to do overflow checks and updates
for PHC device timecounter, which might be overhelmed by other tasks.
But there is dedicated kthread in PTP subsystem designed for such
things. This patch changes the work queue to proper align with PTP
subsystem and to avoid overloading system work queue.
The adjfine() function acts the same way as overflow check worker,
we can postpone ptp aux worker till the next overflow period after
adjfine() was called.
Reviewed-by: Dragos Tatulea <dtatulea@nvidia.com>
Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
Acked-by: Tariq Toukan <tariqt@nvidia.com>
Link: https://patch.msgid.link/20250107104812.380225-1-vadfed@meta.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../ethernet/mellanox/mlx5/core/lib/clock.c | 24 ++++++++++---------
include/linux/mlx5/driver.h | 1 -
2 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
index 2ac255bb918ba..133e8220aaeaf 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
@@ -186,17 +186,16 @@ static void mlx5_pps_out(struct work_struct *work)
}
}
-static void mlx5_timestamp_overflow(struct work_struct *work)
+static long mlx5_timestamp_overflow(struct ptp_clock_info *ptp_info)
{
- struct delayed_work *dwork = to_delayed_work(work);
struct mlx5_core_dev *mdev;
struct mlx5_timer *timer;
struct mlx5_clock *clock;
unsigned long flags;
- timer = container_of(dwork, struct mlx5_timer, overflow_work);
- clock = container_of(timer, struct mlx5_clock, timer);
+ clock = container_of(ptp_info, struct mlx5_clock, ptp_info);
mdev = container_of(clock, struct mlx5_core_dev, clock);
+ timer = &clock->timer;
if (mdev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR)
goto out;
@@ -207,7 +206,7 @@ static void mlx5_timestamp_overflow(struct work_struct *work)
write_sequnlock_irqrestore(&clock->lock, flags);
out:
- schedule_delayed_work(&timer->overflow_work, timer->overflow_period);
+ return timer->overflow_period;
}
static int mlx5_ptp_settime_real_time(struct mlx5_core_dev *mdev,
@@ -375,6 +374,7 @@ static int mlx5_ptp_adjfreq(struct ptp_clock_info *ptp, s32 delta)
timer->nominal_c_mult + diff;
mlx5_update_clock_info_page(mdev);
write_sequnlock_irqrestore(&clock->lock, flags);
+ ptp_schedule_worker(clock->ptp, timer->overflow_period);
return 0;
}
@@ -708,6 +708,7 @@ static const struct ptp_clock_info mlx5_ptp_clock_info = {
.settime64 = mlx5_ptp_settime,
.enable = NULL,
.verify = NULL,
+ .do_aux_work = mlx5_timestamp_overflow,
};
static int mlx5_query_mtpps_pin_mode(struct mlx5_core_dev *mdev, u8 pin,
@@ -908,12 +909,11 @@ static void mlx5_init_overflow_period(struct mlx5_clock *clock)
do_div(ns, NSEC_PER_SEC / HZ);
timer->overflow_period = ns;
- INIT_DELAYED_WORK(&timer->overflow_work, mlx5_timestamp_overflow);
- if (timer->overflow_period)
- schedule_delayed_work(&timer->overflow_work, 0);
- else
+ if (!timer->overflow_period) {
+ timer->overflow_period = HZ;
mlx5_core_warn(mdev,
- "invalid overflow period, overflow_work is not scheduled\n");
+ "invalid overflow period, overflow_work is scheduled once per second\n");
+ }
if (clock_info)
clock_info->overflow_period = timer->overflow_period;
@@ -999,6 +999,9 @@ void mlx5_init_clock(struct mlx5_core_dev *mdev)
MLX5_NB_INIT(&clock->pps_nb, mlx5_pps_event, PPS_EVENT);
mlx5_eq_notifier_register(mdev, &clock->pps_nb);
+
+ if (clock->ptp)
+ ptp_schedule_worker(clock->ptp, 0);
}
void mlx5_cleanup_clock(struct mlx5_core_dev *mdev)
@@ -1015,7 +1018,6 @@ void mlx5_cleanup_clock(struct mlx5_core_dev *mdev)
}
cancel_work_sync(&clock->pps_info.out_work);
- cancel_delayed_work_sync(&clock->timer.overflow_work);
if (mdev->clock_info) {
free_page((unsigned long)mdev->clock_info);
diff --git a/include/linux/mlx5/driver.h b/include/linux/mlx5/driver.h
index 2588ddd3512b1..3c3e0f26c2446 100644
--- a/include/linux/mlx5/driver.h
+++ b/include/linux/mlx5/driver.h
@@ -716,7 +716,6 @@ struct mlx5_timer {
struct timecounter tc;
u32 nominal_c_mult;
unsigned long overflow_period;
- struct delayed_work overflow_work;
};
struct mlx5_clock {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 293/578] wifi: brcmfmac: Check the return value of of_property_read_string_index()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 292/578] net/mlx5: use do_aux_work for PHC overflow checks Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 294/578] wifi: iwlwifi: avoid memory leak Greg Kroah-Hartman
` (293 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Dösinger,
Arend van Spriel, Kalle Valo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Dösinger <stefan@codeweavers.com>
[ Upstream commit 082d9e263af8de68f0c34f67b251818205160f6e ]
Somewhen between 6.10 and 6.11 the driver started to crash on my
MacBookPro14,3. The property doesn't exist and 'tmp' remains
uninitialized, so we pass a random pointer to devm_kstrdup().
The crash I am getting looks like this:
BUG: unable to handle page fault for address: 00007f033c669379
PF: supervisor read access in kernel mode
PF: error_code(0x0001) - permissions violation
PGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025
Oops: Oops: 0001 [#1] SMP PTI
CPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1
Hardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024
RIP: 0010:strlen+0x4/0x30
Code: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <80> 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc
RSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202
RAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001
RDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379
RBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a
R10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8
R13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30
FS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x149/0x4c0
? raw_spin_rq_lock_nested+0xe/0x20
? sched_balance_newidle+0x22b/0x3c0
? update_load_avg+0x78/0x770
? exc_page_fault+0x6f/0x150
? asm_exc_page_fault+0x26/0x30
? __pfx_pci_conf1_write+0x10/0x10
? strlen+0x4/0x30
devm_kstrdup+0x25/0x70
brcmf_of_probe+0x273/0x350 [brcmfmac]
Signed-off-by: Stefan Dösinger <stefan@codeweavers.com>
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20250106170958.3595-1-stefan@codeweavers.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c
index 0eb852896322b..f117c90c53f59 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c
@@ -89,13 +89,13 @@ void brcmf_of_probe(struct device *dev, enum brcmf_bus_type bus_type,
/* Set board-type to the first string of the machine compatible prop */
root = of_find_node_by_path("/");
if (root && err) {
- char *board_type;
+ char *board_type = NULL;
const char *tmp;
- of_property_read_string_index(root, "compatible", 0, &tmp);
-
/* get rid of '/' in the compatible string to be able to find the FW */
- board_type = devm_kstrdup(dev, tmp, GFP_KERNEL);
+ if (!of_property_read_string_index(root, "compatible", 0, &tmp))
+ board_type = devm_kstrdup(dev, tmp, GFP_KERNEL);
+
if (!board_type) {
of_node_put(root);
return;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 294/578] wifi: iwlwifi: avoid memory leak
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 293/578] wifi: brcmfmac: Check the return value of of_property_read_string_index() Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 295/578] i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Greg Kroah-Hartman
` (292 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miri Korenblit, Johannes Berg,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Miri Korenblit <miriam.rachel.korenblit@intel.com>
[ Upstream commit 80e96206a3ef348fbd658d98f2f43149c36df8bc ]
A caller of iwl_acpi_get_dsm_object must free the returned object.
iwl_acpi_get_dsm_integer returns immediately without freeing
it if the expected size is more than 8 bytes. Fix that.
Note that with the current code this will never happen, since the caller
of iwl_acpi_get_dsm_integer already checks that the expected size if
either 1 or 4 bytes, so it can't exceed 8 bytes.
While at it, print the DSM value instead of the return value, as this
was the intention in the first place.
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20241228223206.bf61eaab99f8.Ibdc5df02f885208c222456d42c889c43b7e3b2f7@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
index c96dfd7fd3dc8..84980f6a0d603 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
@@ -123,7 +123,7 @@ static int iwl_acpi_get_dsm_integer(struct device *dev, int rev, int func,
size_t expected_size)
{
union acpi_object *obj;
- int ret = 0;
+ int ret;
obj = iwl_acpi_get_dsm_object(dev, rev, func, NULL, guid);
if (IS_ERR(obj)) {
@@ -138,8 +138,10 @@ static int iwl_acpi_get_dsm_integer(struct device *dev, int rev, int func,
} else if (obj->type == ACPI_TYPE_BUFFER) {
__le64 le_value = 0;
- if (WARN_ON_ONCE(expected_size > sizeof(le_value)))
- return -EINVAL;
+ if (WARN_ON_ONCE(expected_size > sizeof(le_value))) {
+ ret = -EINVAL;
+ goto out;
+ }
/* if the buffer size doesn't match the expected size */
if (obj->buffer.length != expected_size)
@@ -160,8 +162,9 @@ static int iwl_acpi_get_dsm_integer(struct device *dev, int rev, int func,
}
IWL_DEBUG_DEV_RADIO(dev,
- "ACPI: DSM method evaluated: func=%d, ret=%d\n",
- func, ret);
+ "ACPI: DSM method evaluated: func=%d, value=%lld\n",
+ func, *value);
+ ret = 0;
out:
ACPI_FREE(obj);
return ret;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 295/578] i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 294/578] wifi: iwlwifi: avoid memory leak Greg Kroah-Hartman
@ 2025-02-19 8:24 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 296/578] APEI: GHES: Have GHES honor the panic= setting Greg Kroah-Hartman
` (291 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randolph Ha, Mika Westerberg,
Wolfram Sang, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randolph Ha <rha051117@gmail.com>
[ Upstream commit bfd74cd1fbc026f04446e67d6915c7e199c2bffd ]
When a 400KHz freq is used on this model of ELAN touchpad in Linux,
excessive smoothing (similar to when the touchpad's firmware detects
a noisy signal) is sometimes applied. As some devices' (e.g, Lenovo
V15 G4) ACPI tables specify a 400KHz frequency for this device and
some I2C busses (e.g, Designware I2C) default to a 400KHz freq,
force the speed to 100KHz as a workaround.
For future investigation: This problem may be related to the default
HCNT/LCNT values given by some busses' drivers, because they are not
specified in the aforementioned devices' ACPI tables, and because
the device works without issues on Windows at what is expected to be
a 400KHz frequency. The root cause of the issue is not known.
Signed-off-by: Randolph Ha <rha051117@gmail.com>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/i2c-core-acpi.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c
index 14ae0cfc325ef..d2499f302b508 100644
--- a/drivers/i2c/i2c-core-acpi.c
+++ b/drivers/i2c/i2c-core-acpi.c
@@ -355,6 +355,25 @@ static const struct acpi_device_id i2c_acpi_force_400khz_device_ids[] = {
{}
};
+static const struct acpi_device_id i2c_acpi_force_100khz_device_ids[] = {
+ /*
+ * When a 400KHz freq is used on this model of ELAN touchpad in Linux,
+ * excessive smoothing (similar to when the touchpad's firmware detects
+ * a noisy signal) is sometimes applied. As some devices' (e.g, Lenovo
+ * V15 G4) ACPI tables specify a 400KHz frequency for this device and
+ * some I2C busses (e.g, Designware I2C) default to a 400KHz freq,
+ * force the speed to 100KHz as a workaround.
+ *
+ * For future investigation: This problem may be related to the default
+ * HCNT/LCNT values given by some busses' drivers, because they are not
+ * specified in the aforementioned devices' ACPI tables, and because
+ * the device works without issues on Windows at what is expected to be
+ * a 400KHz frequency. The root cause of the issue is not known.
+ */
+ { "ELAN06FA", 0 },
+ {}
+};
+
static acpi_status i2c_acpi_lookup_speed(acpi_handle handle, u32 level,
void *data, void **return_value)
{
@@ -373,6 +392,9 @@ static acpi_status i2c_acpi_lookup_speed(acpi_handle handle, u32 level,
if (acpi_match_device_ids(adev, i2c_acpi_force_400khz_device_ids) == 0)
lookup->force_speed = I2C_MAX_FAST_MODE_FREQ;
+ if (acpi_match_device_ids(adev, i2c_acpi_force_100khz_device_ids) == 0)
+ lookup->force_speed = I2C_MAX_STANDARD_MODE_FREQ;
+
return AE_OK;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 296/578] APEI: GHES: Have GHES honor the panic= setting
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2025-02-19 8:24 ` [PATCH 6.1 295/578] i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 297/578] Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync Greg Kroah-Hartman
` (290 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Feng Tang, Borislav Petkov (AMD),
Ira Weiny, Rafael J. Wysocki, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Borislav Petkov <bp@alien8.de>
[ Upstream commit 5c0e00a391dd0099fe95991bb2f962848d851916 ]
The GHES driver overrides the panic= setting by force-rebooting the
system after a fatal hw error has been reported. The intent being that
such an error would be reported earlier.
However, this is not optimal when a hard-to-debug issue requires long
time to reproduce and when that happens, the box will get rebooted after
30 seconds and thus destroy the whole hw context of when the error
happened.
So rip out the default GHES panic timeout and honor the global one.
In the panic disabled (panic=0) case, the error will still be logged to
dmesg for later inspection and if panic after a hw error is really
required, then that can be controlled the usual way - use panic= on the
cmdline or set it in the kernel .config's CONFIG_PANIC_TIMEOUT.
Reported-by: Feng Tang <feng.tang@linux.alibaba.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Feng Tang <feng.tang@linux.alibaba.com>
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Link: https://patch.msgid.link/20250113125224.GFZ4UMiNtWIJvgpveU@fat_crate.local
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/apei/ghes.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
index dd808cf65c841..83a4b417b27b9 100644
--- a/drivers/acpi/apei/ghes.c
+++ b/drivers/acpi/apei/ghes.c
@@ -155,8 +155,6 @@ static unsigned long ghes_estatus_pool_size_request;
static struct ghes_estatus_cache *ghes_estatus_caches[GHES_ESTATUS_CACHES_SIZE];
static atomic_t ghes_estatus_cache_alloced;
-static int ghes_panic_timeout __read_mostly = 30;
-
static void __iomem *ghes_map(u64 pfn, enum fixed_addresses fixmap_idx)
{
phys_addr_t paddr;
@@ -858,14 +856,16 @@ static void __ghes_panic(struct ghes *ghes,
struct acpi_hest_generic_status *estatus,
u64 buf_paddr, enum fixed_addresses fixmap_idx)
{
+ const char *msg = GHES_PFX "Fatal hardware error";
+
__ghes_print_estatus(KERN_EMERG, ghes->generic, estatus);
ghes_clear_estatus(ghes, estatus, buf_paddr, fixmap_idx);
- /* reboot to log the error! */
if (!panic_timeout)
- panic_timeout = ghes_panic_timeout;
- panic("Fatal hardware error!");
+ pr_emerg("%s but panic disabled\n", msg);
+
+ panic(msg);
}
static int ghes_proc(struct ghes *ghes)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 297/578] Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 296/578] APEI: GHES: Have GHES honor the panic= setting Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 298/578] net: wwan: iosm: Fix hibernation by re-binding the driver around it Greg Kroah-Hartman
` (289 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+479aff51bb361ef5aa18,
Mazin Al Haddad, Luiz Augusto von Dentz, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mazin Al Haddad <mazin@getstate.dev>
[ Upstream commit 26fbd3494a7dd26269cb0817c289267dbcfdec06 ]
This fixes the following crash:
==================================================================
BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543
Read of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961
CPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: hci0 hci_cmd_sync_work
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0x169/0x550 mm/kasan/report.c:489
kasan_report+0x143/0x180 mm/kasan/report.c:602
mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543
hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Allocated by task 16026:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394
kasan_kmalloc include/linux/kasan.h:260 [inline]
__kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314
kmalloc_noprof include/linux/slab.h:901 [inline]
kzalloc_noprof include/linux/slab.h:1037 [inline]
mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269
mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296
remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568
hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712
hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:726
sock_write_iter+0x2d7/0x3f0 net/socket.c:1147
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0xaeb/0xd30 fs/read_write.c:679
ksys_write+0x18f/0x2b0 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Freed by task 16022:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582
poison_slab_object mm/kasan/common.c:247 [inline]
__kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
kasan_slab_free include/linux/kasan.h:233 [inline]
slab_free_hook mm/slub.c:2338 [inline]
slab_free mm/slub.c:4598 [inline]
kfree+0x196/0x420 mm/slub.c:4746
mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259
__mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550
hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208
hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]
hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508
sock_do_ioctl+0x158/0x460 net/socket.c:1209
sock_ioctl+0x626/0x8e0 net/socket.c:1328
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Reported-by: syzbot+479aff51bb361ef5aa18@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=479aff51bb361ef5aa18
Tested-by: syzbot+479aff51bb361ef5aa18@syzkaller.appspotmail.com
Signed-off-by: Mazin Al Haddad <mazin@getstate.dev>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/mgmt.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index dc3921269a5ab..4f116e8c84a00 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -5524,10 +5524,16 @@ static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
{
struct mgmt_rp_remove_adv_monitor rp;
struct mgmt_pending_cmd *cmd = data;
- struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
+ struct mgmt_cp_remove_adv_monitor *cp;
+
+ if (status == -ECANCELED ||
+ cmd != pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev))
+ return;
hci_dev_lock(hdev);
+ cp = cmd->param;
+
rp.monitor_handle = cp->monitor_handle;
if (!status)
@@ -5545,6 +5551,10 @@ static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data)
{
struct mgmt_pending_cmd *cmd = data;
+
+ if (cmd != pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev))
+ return -ECANCELED;
+
struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
u16 handle = __le16_to_cpu(cp->monitor_handle);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 298/578] net: wwan: iosm: Fix hibernation by re-binding the driver around it
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 297/578] Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 299/578] mmc: sdhci-msm: Correctly set the load for the regulator Greg Kroah-Hartman
` (288 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sergey Ryazanov, Maciej S. Szmigiero,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
[ Upstream commit 0b6f6593aa8c3a05f155c12fd0e7ad33a5149c31 ]
Currently, the driver is seriously broken with respect to the
hibernation (S4): after image restore the device is back into
IPC_MEM_EXEC_STAGE_BOOT (which AFAIK means bootloader stage) and needs
full re-launch of the rest of its firmware, but the driver restore
handler treats the device as merely sleeping and just sends it a
wake-up command.
This wake-up command times out but device nodes (/dev/wwan*) remain
accessible.
However attempting to use them causes the bootloader to crash and
enter IPC_MEM_EXEC_STAGE_CD_READY stage (which apparently means "a crash
dump is ready").
It seems that the device cannot be re-initialized from this crashed
stage without toggling some reset pin (on my test platform that's
apparently what the device _RST ACPI method does).
While it would theoretically be possible to rewrite the driver to tear
down the whole MUX / IPC layers on hibernation (so the bootloader does
not crash from improper access) and then re-launch the device on
restore this would require significant refactoring of the driver
(believe me, I've tried), since there are quite a few assumptions
hard-coded in the driver about the device never being partially
de-initialized (like channels other than devlink cannot be closed,
for example).
Probably this would also need some programming guide for this hardware.
Considering that the driver seems orphaned [1] and other people are
hitting this issue too [2] fix it by simply unbinding the PCI driver
before hibernation and re-binding it after restore, much like
USB_QUIRK_RESET_RESUME does for USB devices that exhibit a similar
problem.
Tested on XMM7360 in HP EliteBook 855 G7 both with s2idle (which uses
the existing suspend / resume handlers) and S4 (which uses the new code).
[1]: https://lore.kernel.org/all/c248f0b4-2114-4c61-905f-466a786bdebb@leemhuis.info/
[2]:
https://github.com/xmm7360/xmm7360-pci/issues/211#issuecomment-1804139413
Reviewed-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Link: https://patch.msgid.link/e60287ebdb0ab54c4075071b72568a40a75d0205.1736372610.git.mail@maciej.szmigiero.name
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++++++++++++++++++++++++++-
1 file changed, 55 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wwan/iosm/iosm_ipc_pcie.c b/drivers/net/wwan/iosm/iosm_ipc_pcie.c
index 04517bd3325a2..a066977af0be5 100644
--- a/drivers/net/wwan/iosm/iosm_ipc_pcie.c
+++ b/drivers/net/wwan/iosm/iosm_ipc_pcie.c
@@ -6,6 +6,7 @@
#include <linux/acpi.h>
#include <linux/bitfield.h>
#include <linux/module.h>
+#include <linux/suspend.h>
#include <net/rtnetlink.h>
#include "iosm_ipc_imem.h"
@@ -18,6 +19,7 @@ MODULE_LICENSE("GPL v2");
/* WWAN GUID */
static guid_t wwan_acpi_guid = GUID_INIT(0xbad01b75, 0x22a8, 0x4f48, 0x87, 0x92,
0xbd, 0xde, 0x94, 0x67, 0x74, 0x7d);
+static bool pci_registered;
static void ipc_pcie_resources_release(struct iosm_pcie *ipc_pcie)
{
@@ -448,7 +450,6 @@ static struct pci_driver iosm_ipc_driver = {
},
.id_table = iosm_ipc_ids,
};
-module_pci_driver(iosm_ipc_driver);
int ipc_pcie_addr_map(struct iosm_pcie *ipc_pcie, unsigned char *data,
size_t size, dma_addr_t *mapping, int direction)
@@ -530,3 +531,56 @@ void ipc_pcie_kfree_skb(struct iosm_pcie *ipc_pcie, struct sk_buff *skb)
IPC_CB(skb)->mapping = 0;
dev_kfree_skb(skb);
}
+
+static int pm_notify(struct notifier_block *nb, unsigned long mode, void *_unused)
+{
+ if (mode == PM_HIBERNATION_PREPARE || mode == PM_RESTORE_PREPARE) {
+ if (pci_registered) {
+ pci_unregister_driver(&iosm_ipc_driver);
+ pci_registered = false;
+ }
+ } else if (mode == PM_POST_HIBERNATION || mode == PM_POST_RESTORE) {
+ if (!pci_registered) {
+ int ret;
+
+ ret = pci_register_driver(&iosm_ipc_driver);
+ if (ret) {
+ pr_err(KBUILD_MODNAME ": unable to re-register PCI driver: %d\n",
+ ret);
+ } else {
+ pci_registered = true;
+ }
+ }
+ }
+
+ return 0;
+}
+
+static struct notifier_block pm_notifier = {
+ .notifier_call = pm_notify,
+};
+
+static int __init iosm_ipc_driver_init(void)
+{
+ int ret;
+
+ ret = pci_register_driver(&iosm_ipc_driver);
+ if (ret)
+ return ret;
+
+ pci_registered = true;
+
+ register_pm_notifier(&pm_notifier);
+
+ return 0;
+}
+module_init(iosm_ipc_driver_init);
+
+static void __exit iosm_ipc_driver_exit(void)
+{
+ unregister_pm_notifier(&pm_notifier);
+
+ if (pci_registered)
+ pci_unregister_driver(&iosm_ipc_driver);
+}
+module_exit(iosm_ipc_driver_exit);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 299/578] mmc: sdhci-msm: Correctly set the load for the regulator
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 298/578] net: wwan: iosm: Fix hibernation by re-binding the driver around it Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 300/578] tipc: re-order conditions in tipc_crypto_key_rcv() Greg Kroah-Hartman
` (287 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuanjie Yang, Dmitry Baryshkov,
Ulf Hansson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuanjie Yang <quic_yuanjiey@quicinc.com>
[ Upstream commit 20a0c37e44063997391430c4ae09973e9cbc3911 ]
Qualcomm regulator supports two power supply modes: HPM and LPM.
Currently, the sdhci-msm.c driver does not set the load to adjust
the current for eMMC and SD. If the regulator dont't set correct
load in LPM state, it will lead to the inability to properly
initialize eMMC and SD.
Set the correct regulator current for eMMC and SD to ensure that the
device can work normally even when the regulator is in LPM.
Signed-off-by: Yuanjie Yang <quic_yuanjiey@quicinc.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20250114083514.258379-1-quic_yuanjiey@quicinc.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-msm.c | 53 ++++++++++++++++++++++++++++++++++--
1 file changed, 51 insertions(+), 2 deletions(-)
diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
index 28bd562c439ef..c8488b8e20734 100644
--- a/drivers/mmc/host/sdhci-msm.c
+++ b/drivers/mmc/host/sdhci-msm.c
@@ -132,9 +132,18 @@
/* Timeout value to avoid infinite waiting for pwr_irq */
#define MSM_PWR_IRQ_TIMEOUT_MS 5000
+/* Max load for eMMC Vdd supply */
+#define MMC_VMMC_MAX_LOAD_UA 570000
+
/* Max load for eMMC Vdd-io supply */
#define MMC_VQMMC_MAX_LOAD_UA 325000
+/* Max load for SD Vdd supply */
+#define SD_VMMC_MAX_LOAD_UA 800000
+
+/* Max load for SD Vdd-io supply */
+#define SD_VQMMC_MAX_LOAD_UA 22000
+
#define msm_host_readl(msm_host, host, offset) \
msm_host->var_ops->msm_readl_relaxed(host, offset)
@@ -1399,11 +1408,48 @@ static int sdhci_msm_set_pincfg(struct sdhci_msm_host *msm_host, bool level)
return ret;
}
-static int sdhci_msm_set_vmmc(struct mmc_host *mmc)
+static void msm_config_vmmc_regulator(struct mmc_host *mmc, bool hpm)
+{
+ int load;
+
+ if (!hpm)
+ load = 0;
+ else if (!mmc->card)
+ load = max(MMC_VMMC_MAX_LOAD_UA, SD_VMMC_MAX_LOAD_UA);
+ else if (mmc_card_mmc(mmc->card))
+ load = MMC_VMMC_MAX_LOAD_UA;
+ else if (mmc_card_sd(mmc->card))
+ load = SD_VMMC_MAX_LOAD_UA;
+ else
+ return;
+
+ regulator_set_load(mmc->supply.vmmc, load);
+}
+
+static void msm_config_vqmmc_regulator(struct mmc_host *mmc, bool hpm)
+{
+ int load;
+
+ if (!hpm)
+ load = 0;
+ else if (!mmc->card)
+ load = max(MMC_VQMMC_MAX_LOAD_UA, SD_VQMMC_MAX_LOAD_UA);
+ else if (mmc_card_sd(mmc->card))
+ load = SD_VQMMC_MAX_LOAD_UA;
+ else
+ return;
+
+ regulator_set_load(mmc->supply.vqmmc, load);
+}
+
+static int sdhci_msm_set_vmmc(struct sdhci_msm_host *msm_host,
+ struct mmc_host *mmc, bool hpm)
{
if (IS_ERR(mmc->supply.vmmc))
return 0;
+ msm_config_vmmc_regulator(mmc, hpm);
+
return mmc_regulator_set_ocr(mmc, mmc->supply.vmmc, mmc->ios.vdd);
}
@@ -1416,6 +1462,8 @@ static int msm_toggle_vqmmc(struct sdhci_msm_host *msm_host,
if (msm_host->vqmmc_enabled == level)
return 0;
+ msm_config_vqmmc_regulator(mmc, level);
+
if (level) {
/* Set the IO voltage regulator to default voltage level */
if (msm_host->caps_0 & CORE_3_0V_SUPPORT)
@@ -1638,7 +1686,8 @@ static void sdhci_msm_handle_pwr_irq(struct sdhci_host *host, int irq)
}
if (pwr_state) {
- ret = sdhci_msm_set_vmmc(mmc);
+ ret = sdhci_msm_set_vmmc(msm_host, mmc,
+ pwr_state & REQ_BUS_ON);
if (!ret)
ret = sdhci_msm_set_vqmmc(msm_host, mmc,
pwr_state & REQ_BUS_ON);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 300/578] tipc: re-order conditions in tipc_crypto_key_rcv()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 299/578] mmc: sdhci-msm: Correctly set the load for the regulator Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 301/578] selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Greg Kroah-Hartman
` (286 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Simon Horman,
David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 5fe71fda89745fc3cd95f70d06e9162b595c3702 ]
On a 32bit system the "keylen + sizeof(struct tipc_aead_key)" math could
have an integer wrapping issue. It doesn't matter because the "keylen"
is checked on the next line, but just to make life easier for static
analysis tools, let's re-order these conditions and avoid the integer
overflow.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/crypto.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/tipc/crypto.c b/net/tipc/crypto.c
index 65f59739a041a..25c18f8783ce9 100644
--- a/net/tipc/crypto.c
+++ b/net/tipc/crypto.c
@@ -2293,8 +2293,8 @@ static bool tipc_crypto_key_rcv(struct tipc_crypto *rx, struct tipc_msg *hdr)
keylen = ntohl(*((__be32 *)(data + TIPC_AEAD_ALG_NAME)));
/* Verify the supplied size values */
- if (unlikely(size != keylen + sizeof(struct tipc_aead_key) ||
- keylen > TIPC_AEAD_KEY_SIZE_MAX)) {
+ if (unlikely(keylen > TIPC_AEAD_KEY_SIZE_MAX ||
+ size != keylen + sizeof(struct tipc_aead_key))) {
pr_debug("%s: invalid MSG_CRYPTO key size\n", rx->name);
goto exit;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 301/578] selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 300/578] tipc: re-order conditions in tipc_crypto_key_rcv() Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 302/578] x86/kexec: Allocate PGD for x86_64 transition page tables separately Greg Kroah-Hartman
` (285 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Liu Ye, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Ye <liuye@kylinos.cn>
[ Upstream commit 3a0b7fa095212b51ed63892540c4f249991a2d74 ]
Address Null pointer dereference / undefined behavior in rtattr_pack
(note that size is 0 in the bad case).
Flagged by cppcheck as:
tools/testing/selftests/net/ipsec.c:230:25: warning: Possible null pointer
dereference: payload [nullPointer]
memcpy(RTA_DATA(attr), payload, size);
^
tools/testing/selftests/net/ipsec.c:1618:54: note: Calling function 'rtattr_pack',
4th argument 'NULL' value is 0
if (rtattr_pack(&req.nh, sizeof(req), XFRMA_IF_ID, NULL, 0)) {
^
tools/testing/selftests/net/ipsec.c:230:25: note: Null pointer dereference
memcpy(RTA_DATA(attr), payload, size);
^
Signed-off-by: Liu Ye <liuye@kylinos.cn>
Link: https://patch.msgid.link/20250116013037.29470-1-liuye@kylinos.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/net/ipsec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/net/ipsec.c b/tools/testing/selftests/net/ipsec.c
index be4a30a0d02ae..9b44a091802cb 100644
--- a/tools/testing/selftests/net/ipsec.c
+++ b/tools/testing/selftests/net/ipsec.c
@@ -227,7 +227,8 @@ static int rtattr_pack(struct nlmsghdr *nh, size_t req_sz,
attr->rta_len = RTA_LENGTH(size);
attr->rta_type = rta_type;
- memcpy(RTA_DATA(attr), payload, size);
+ if (payload)
+ memcpy(RTA_DATA(attr), payload, size);
return 0;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 302/578] x86/kexec: Allocate PGD for x86_64 transition page tables separately
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 301/578] selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 303/578] iommu/arm-smmu-v3: Clean up more on probe failure Greg Kroah-Hartman
` (284 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Woodhouse, Ingo Molnar,
Baoquan He, Vivek Goyal, Dave Young, Eric Biederman,
Ard Biesheuvel, H. Peter Anvin, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Woodhouse <dwmw@amazon.co.uk>
[ Upstream commit 4b5bc2ec9a239bce261ffeafdd63571134102323 ]
Now that the following fix:
d0ceea662d45 ("x86/mm: Add _PAGE_NOPTISHADOW bit to avoid updating userspace page tables")
stops kernel_ident_mapping_init() from scribbling over the end of a
4KiB PGD by assuming the following 4KiB will be a userspace PGD,
there's no good reason for the kexec PGD to be part of a single
8KiB allocation with the control_code_page.
( It's not clear that that was the reason for x86_64 kexec doing it that
way in the first place either; there were no comments to that effect and
it seems to have been the case even before PTI came along. It looks like
it was just a happy accident which prevented memory corruption on kexec. )
Either way, it definitely isn't needed now. Just allocate the PGD
separately on x86_64, like i386 already does.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Link: https://lore.kernel.org/r/20241205153343.3275139-6-dwmw2@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/kexec.h | 18 +++++++++---
arch/x86/kernel/machine_kexec_64.c | 45 ++++++++++++++++--------------
2 files changed, 38 insertions(+), 25 deletions(-)
diff --git a/arch/x86/include/asm/kexec.h b/arch/x86/include/asm/kexec.h
index 256eee99afc8f..e2e1ec99c9998 100644
--- a/arch/x86/include/asm/kexec.h
+++ b/arch/x86/include/asm/kexec.h
@@ -16,6 +16,7 @@
# define PAGES_NR 4
#endif
+# define KEXEC_CONTROL_PAGE_SIZE 4096
# define KEXEC_CONTROL_CODE_MAX_SIZE 2048
#ifndef __ASSEMBLY__
@@ -44,7 +45,6 @@ struct kimage;
/* Maximum address we can use for the control code buffer */
# define KEXEC_CONTROL_MEMORY_LIMIT TASK_SIZE
-# define KEXEC_CONTROL_PAGE_SIZE 4096
/* The native architecture */
# define KEXEC_ARCH KEXEC_ARCH_386
@@ -59,9 +59,6 @@ struct kimage;
/* Maximum address we can use for the control pages */
# define KEXEC_CONTROL_MEMORY_LIMIT (MAXMEM-1)
-/* Allocate one page for the pdp and the second for the code */
-# define KEXEC_CONTROL_PAGE_SIZE (4096UL + 4096UL)
-
/* The native architecture */
# define KEXEC_ARCH KEXEC_ARCH_X86_64
#endif
@@ -146,6 +143,19 @@ struct kimage_arch {
};
#else
struct kimage_arch {
+ /*
+ * This is a kimage control page, as it must not overlap with either
+ * source or destination address ranges.
+ */
+ pgd_t *pgd;
+ /*
+ * The virtual mapping of the control code page itself is used only
+ * during the transition, while the current kernel's pages are all
+ * in place. Thus the intermediate page table pages used to map it
+ * are not control pages, but instead just normal pages obtained
+ * with get_zeroed_page(). And have to be tracked (below) so that
+ * they can be freed.
+ */
p4d_t *p4d;
pud_t *pud;
pmd_t *pmd;
diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index 24b6eaacc81eb..5d61a342871b5 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -149,7 +149,8 @@ static void free_transition_pgtable(struct kimage *image)
image->arch.pte = NULL;
}
-static int init_transition_pgtable(struct kimage *image, pgd_t *pgd)
+static int init_transition_pgtable(struct kimage *image, pgd_t *pgd,
+ unsigned long control_page)
{
pgprot_t prot = PAGE_KERNEL_EXEC_NOENC;
unsigned long vaddr, paddr;
@@ -160,7 +161,7 @@ static int init_transition_pgtable(struct kimage *image, pgd_t *pgd)
pte_t *pte;
vaddr = (unsigned long)relocate_kernel;
- paddr = __pa(page_address(image->control_code_page)+PAGE_SIZE);
+ paddr = control_page;
pgd += pgd_index(vaddr);
if (!pgd_present(*pgd)) {
p4d = (p4d_t *)get_zeroed_page(GFP_KERNEL);
@@ -219,7 +220,7 @@ static void *alloc_pgt_page(void *data)
return p;
}
-static int init_pgtable(struct kimage *image, unsigned long start_pgtable)
+static int init_pgtable(struct kimage *image, unsigned long control_page)
{
struct x86_mapping_info info = {
.alloc_pgt_page = alloc_pgt_page,
@@ -228,12 +229,12 @@ static int init_pgtable(struct kimage *image, unsigned long start_pgtable)
.kernpg_flag = _KERNPG_TABLE_NOENC,
};
unsigned long mstart, mend;
- pgd_t *level4p;
int result;
int i;
- level4p = (pgd_t *)__va(start_pgtable);
- clear_page(level4p);
+ image->arch.pgd = alloc_pgt_page(image);
+ if (!image->arch.pgd)
+ return -ENOMEM;
if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) {
info.page_flag |= _PAGE_ENC;
@@ -247,8 +248,8 @@ static int init_pgtable(struct kimage *image, unsigned long start_pgtable)
mstart = pfn_mapped[i].start << PAGE_SHIFT;
mend = pfn_mapped[i].end << PAGE_SHIFT;
- result = kernel_ident_mapping_init(&info,
- level4p, mstart, mend);
+ result = kernel_ident_mapping_init(&info, image->arch.pgd,
+ mstart, mend);
if (result)
return result;
}
@@ -263,8 +264,8 @@ static int init_pgtable(struct kimage *image, unsigned long start_pgtable)
mstart = image->segment[i].mem;
mend = mstart + image->segment[i].memsz;
- result = kernel_ident_mapping_init(&info,
- level4p, mstart, mend);
+ result = kernel_ident_mapping_init(&info, image->arch.pgd,
+ mstart, mend);
if (result)
return result;
@@ -274,15 +275,19 @@ static int init_pgtable(struct kimage *image, unsigned long start_pgtable)
* Prepare EFI systab and ACPI tables for kexec kernel since they are
* not covered by pfn_mapped.
*/
- result = map_efi_systab(&info, level4p);
+ result = map_efi_systab(&info, image->arch.pgd);
if (result)
return result;
- result = map_acpi_tables(&info, level4p);
+ result = map_acpi_tables(&info, image->arch.pgd);
if (result)
return result;
- return init_transition_pgtable(image, level4p);
+ /*
+ * This must be last because the intermediate page table pages it
+ * allocates will not be control pages and may overlap the image.
+ */
+ return init_transition_pgtable(image, image->arch.pgd, control_page);
}
static void load_segments(void)
@@ -299,14 +304,14 @@ static void load_segments(void)
int machine_kexec_prepare(struct kimage *image)
{
- unsigned long start_pgtable;
+ unsigned long control_page;
int result;
/* Calculate the offsets */
- start_pgtable = page_to_pfn(image->control_code_page) << PAGE_SHIFT;
+ control_page = page_to_pfn(image->control_code_page) << PAGE_SHIFT;
/* Setup the identity mapped 64bit page table */
- result = init_pgtable(image, start_pgtable);
+ result = init_pgtable(image, control_page);
if (result)
return result;
@@ -353,13 +358,12 @@ void machine_kexec(struct kimage *image)
#endif
}
- control_page = page_address(image->control_code_page) + PAGE_SIZE;
+ control_page = page_address(image->control_code_page);
__memcpy(control_page, relocate_kernel, KEXEC_CONTROL_CODE_MAX_SIZE);
page_list[PA_CONTROL_PAGE] = virt_to_phys(control_page);
page_list[VA_CONTROL_PAGE] = (unsigned long)control_page;
- page_list[PA_TABLE_PAGE] =
- (unsigned long)__pa(page_address(image->control_code_page));
+ page_list[PA_TABLE_PAGE] = (unsigned long)__pa(image->arch.pgd);
if (image->type == KEXEC_TYPE_DEFAULT)
page_list[PA_SWAP_PAGE] = (page_to_pfn(image->swap_page)
@@ -578,8 +582,7 @@ static void kexec_mark_crashkres(bool protect)
/* Don't touch the control code page used in crash_kexec().*/
control = PFN_PHYS(page_to_pfn(kexec_crash_image->control_code_page));
- /* Control code page is located in the 2nd page. */
- kexec_mark_range(crashk_res.start, control + PAGE_SIZE - 1, protect);
+ kexec_mark_range(crashk_res.start, control - 1, protect);
control += KEXEC_CONTROL_PAGE_SIZE;
kexec_mark_range(control, crashk_res.end, protect);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 303/578] iommu/arm-smmu-v3: Clean up more on probe failure
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 302/578] x86/kexec: Allocate PGD for x86_64 transition page tables separately Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 304/578] platform/x86: int3472: Check for adev == NULL Greg Kroah-Hartman
` (283 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Robin Murphy, Will Deacon,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Robin Murphy <robin.murphy@arm.com>
[ Upstream commit fcbd621567420b3a2f21f49bbc056de8b273c625 ]
kmemleak noticed that the iopf queue allocated deep down within
arm_smmu_init_structures() can be leaked by a subsequent error return
from arm_smmu_device_probe(). Furthermore, after arm_smmu_device_reset()
we will also leave the SMMU enabled with an empty Stream Table, silently
blocking all DMA. This proves rather annoying for debugging said probe
failure, so let's handle it a bit better by putting the SMMU back into
(more or less) the same state as if it hadn't probed at all.
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/5137901958471cf67f2fad5c2229f8a8f1ae901a.1733406914.git.robin.murphy@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
index 45b43f729f895..96b72f3dad0d0 100644
--- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
+++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
@@ -3880,7 +3880,7 @@ static int arm_smmu_device_probe(struct platform_device *pdev)
/* Initialise in-memory data structures */
ret = arm_smmu_init_structures(smmu);
if (ret)
- return ret;
+ goto err_free_iopf;
/* Record our private device structure */
platform_set_drvdata(pdev, smmu);
@@ -3891,22 +3891,29 @@ static int arm_smmu_device_probe(struct platform_device *pdev)
/* Reset the device */
ret = arm_smmu_device_reset(smmu, bypass);
if (ret)
- return ret;
+ goto err_disable;
/* And we're up. Go go go! */
ret = iommu_device_sysfs_add(&smmu->iommu, dev, NULL,
"smmu3.%pa", &ioaddr);
if (ret)
- return ret;
+ goto err_disable;
ret = iommu_device_register(&smmu->iommu, &arm_smmu_ops, dev);
if (ret) {
dev_err(dev, "Failed to register iommu\n");
- iommu_device_sysfs_remove(&smmu->iommu);
- return ret;
+ goto err_free_sysfs;
}
return 0;
+
+err_free_sysfs:
+ iommu_device_sysfs_remove(&smmu->iommu);
+err_disable:
+ arm_smmu_device_disable(smmu);
+err_free_iopf:
+ iopf_queue_free(smmu->evtq.iopf);
+ return ret;
}
static int arm_smmu_device_remove(struct platform_device *pdev)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 304/578] platform/x86: int3472: Check for adev == NULL
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 303/578] iommu/arm-smmu-v3: Clean up more on probe failure Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 305/578] ASoC: soc-pcm: dont use soc_pcm_ret() on .prepare callback Greg Kroah-Hartman
` (282 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Ilpo Järvinen,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit cd2fd6eab480dfc247b737cf7a3d6b009c4d0f1c ]
Not all devices have an ACPI companion fwnode, so adev might be NULL. This
can e.g. (theoretically) happen when a user manually binds one of
the int3472 drivers to another i2c/platform device through sysfs.
Add a check for adev not being set and return -ENODEV in that case to
avoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20241209220522.25288-1-hdegoede@redhat.com
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel/int3472/discrete.c | 3 +++
drivers/platform/x86/intel/int3472/tps68470.c | 3 +++
2 files changed, 6 insertions(+)
diff --git a/drivers/platform/x86/intel/int3472/discrete.c b/drivers/platform/x86/intel/int3472/discrete.c
index c42c3faa2c32d..0f16436e5804b 100644
--- a/drivers/platform/x86/intel/int3472/discrete.c
+++ b/drivers/platform/x86/intel/int3472/discrete.c
@@ -359,6 +359,9 @@ static int skl_int3472_discrete_probe(struct platform_device *pdev)
struct int3472_cldb cldb;
int ret;
+ if (!adev)
+ return -ENODEV;
+
ret = skl_int3472_fill_cldb(adev, &cldb);
if (ret) {
dev_err(&pdev->dev, "Couldn't fill CLDB structure\n");
diff --git a/drivers/platform/x86/intel/int3472/tps68470.c b/drivers/platform/x86/intel/int3472/tps68470.c
index 5b8d1a9620a5d..82fb2fbc1000f 100644
--- a/drivers/platform/x86/intel/int3472/tps68470.c
+++ b/drivers/platform/x86/intel/int3472/tps68470.c
@@ -152,6 +152,9 @@ static int skl_int3472_tps68470_probe(struct i2c_client *client)
int ret;
int i;
+ if (!adev)
+ return -ENODEV;
+
n_consumers = skl_int3472_fill_clk_pdata(&client->dev, &clk_pdata);
if (n_consumers < 0)
return n_consumers;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 305/578] ASoC: soc-pcm: dont use soc_pcm_ret() on .prepare callback
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 304/578] platform/x86: int3472: Check for adev == NULL Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 306/578] ASoC: amd: Add ACPI dependency to fix build error Greg Kroah-Hartman
` (281 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Kuninori Morimoto,
Mark Brown, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
[ Upstream commit 301c26a018acb94dd537a4418cefa0f654500c6f ]
commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port"
log severity") ignores -EINVAL error message on common soc_pcm_ret().
It is used from many functions, ignoring -EINVAL is over-kill.
The reason why -EINVAL was ignored was it really should only be used
upon invalid parameters coming from userspace and in that case we don't
want to log an error since we do not want to give userspace a way to do
a denial-of-service attack on the syslog / diskspace.
So don't use soc_pcm_ret() on .prepare callback is better idea.
Link: https://lore.kernel.org/r/87v7vptzap.wl-kuninori.morimoto.gx@renesas.com
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Link: https://patch.msgid.link/87bjxg8jju.wl-kuninori.morimoto.gx@renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-pcm.c | 31 ++++++++++++++++++++++++++++---
1 file changed, 28 insertions(+), 3 deletions(-)
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
index f3964060a0447..3f998a09fc42e 100644
--- a/sound/soc/soc-pcm.c
+++ b/sound/soc/soc-pcm.c
@@ -906,7 +906,13 @@ static int __soc_pcm_prepare(struct snd_soc_pcm_runtime *rtd,
snd_soc_dai_digital_mute(dai, 0, substream->stream);
out:
- return soc_pcm_ret(rtd, ret);
+ /*
+ * Don't use soc_pcm_ret() on .prepare callback to lower error log severity
+ *
+ * We don't want to log an error since we do not want to give userspace a way to do a
+ * denial-of-service attack on the syslog / diskspace.
+ */
+ return ret;
}
/* PCM prepare ops for non-DPCM streams */
@@ -918,6 +924,13 @@ static int soc_pcm_prepare(struct snd_pcm_substream *substream)
snd_soc_dpcm_mutex_lock(rtd);
ret = __soc_pcm_prepare(rtd, substream);
snd_soc_dpcm_mutex_unlock(rtd);
+
+ /*
+ * Don't use soc_pcm_ret() on .prepare callback to lower error log severity
+ *
+ * We don't want to log an error since we do not want to give userspace a way to do a
+ * denial-of-service attack on the syslog / diskspace.
+ */
return ret;
}
@@ -2422,7 +2435,13 @@ int dpcm_be_dai_prepare(struct snd_soc_pcm_runtime *fe, int stream)
be->dpcm[stream].state = SND_SOC_DPCM_STATE_PREPARE;
}
- return soc_pcm_ret(fe, ret);
+ /*
+ * Don't use soc_pcm_ret() on .prepare callback to lower error log severity
+ *
+ * We don't want to log an error since we do not want to give userspace a way to do a
+ * denial-of-service attack on the syslog / diskspace.
+ */
+ return ret;
}
static int dpcm_fe_dai_prepare(struct snd_pcm_substream *substream)
@@ -2459,7 +2478,13 @@ static int dpcm_fe_dai_prepare(struct snd_pcm_substream *substream)
dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_NO);
snd_soc_dpcm_mutex_unlock(fe);
- return soc_pcm_ret(fe, ret);
+ /*
+ * Don't use soc_pcm_ret() on .prepare callback to lower error log severity
+ *
+ * We don't want to log an error since we do not want to give userspace a way to do a
+ * denial-of-service attack on the syslog / diskspace.
+ */
+ return ret;
}
static int dpcm_run_update_shutdown(struct snd_soc_pcm_runtime *fe, int stream)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 306/578] ASoC: amd: Add ACPI dependency to fix build error
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 305/578] ASoC: soc-pcm: dont use soc_pcm_ret() on .prepare callback Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 307/578] Input: allocate keycode for phone linking Greg Kroah-Hartman
` (280 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Yu-Chun Lin,
Mark Brown, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yu-Chun Lin <eleanor15x@gmail.com>
[ Upstream commit 7e24ec93aecd12e33d31e38e5af4625553bbc727 ]
As reported by the kernel test robot, the following error occurs:
sound/soc/amd/yc/acp6x-mach.c: In function 'acp6x_probe':
>> sound/soc/amd/yc/acp6x-mach.c:573:15: error: implicit declaration of function 'acpi_evaluate_integer'; did you mean 'acpi_evaluate_object'? [-Werror=implicit-function-declaration]
573 | ret = acpi_evaluate_integer(handle, "_WOV", NULL, &dmic_status);
| ^~~~~~~~~~~~~~~~~~~~~
| acpi_evaluate_object
cc1: some warnings being treated as errors
The function 'acpi_evaluate_integer' and its prototype in 'acpi_bus.h'
are only available when 'CONFIG_ACPI' is enabled. Add a 'depends on ACPI'
directive in Kconfig to ensure proper compilation.
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202501090345.pBIDRTym-lkp@intel.com/
Signed-off-by: Yu-Chun Lin <eleanor15x@gmail.com>
Link: https://patch.msgid.link/20250109171547.362412-1-eleanor15x@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/amd/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/amd/Kconfig b/sound/soc/amd/Kconfig
index 44d4e6e51a358..6e358909bc5e3 100644
--- a/sound/soc/amd/Kconfig
+++ b/sound/soc/amd/Kconfig
@@ -103,7 +103,7 @@ config SND_SOC_AMD_ACP6x
config SND_SOC_AMD_YC_MACH
tristate "AMD YC support for DMIC"
select SND_SOC_DMIC
- depends on SND_SOC_AMD_ACP6x
+ depends on SND_SOC_AMD_ACP6x && ACPI
help
This option enables machine driver for Yellow Carp platform
using dmic. ACP IP has PDM Decoder block with DMA controller.
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 307/578] Input: allocate keycode for phone linking
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 306/578] ASoC: amd: Add ACPI dependency to fix build error Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 308/578] platform/x86: acer-wmi: Ignore AC events Greg Kroah-Hartman
` (279 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Illia Ostapyshyn, Dmitry Torokhov,
Ilpo Järvinen, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Illia Ostapyshyn <illia@yshyn.com>
[ Upstream commit 1bebc7869c99d466f819dd2cffaef0edf7d7a035 ]
The F11 key on the new Lenovo Thinkpad T14 Gen 5, T16 Gen 3, and P14s
Gen 5 laptops includes a symbol showing a smartphone and a laptop
chained together. According to the user manual, it starts the Microsoft
Phone Link software used to connect to Android/iOS devices and relay
messages/calls or sync data.
As there are no suitable keycodes for this action, introduce a new one.
Signed-off-by: Illia Ostapyshyn <illia@yshyn.com>
Acked-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Link: https://lore.kernel.org/r/20241114173930.44983-2-illia@yshyn.com
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/input-event-codes.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/input-event-codes.h b/include/uapi/linux/input-event-codes.h
index 1ce8a91349e9f..f410c22e080d3 100644
--- a/include/uapi/linux/input-event-codes.h
+++ b/include/uapi/linux/input-event-codes.h
@@ -519,6 +519,7 @@
#define KEY_NOTIFICATION_CENTER 0x1bc /* Show/hide the notification center */
#define KEY_PICKUP_PHONE 0x1bd /* Answer incoming call */
#define KEY_HANGUP_PHONE 0x1be /* Decline incoming call */
+#define KEY_LINK_PHONE 0x1bf /* AL Phone Syncing */
#define KEY_DEL_EOL 0x1c0
#define KEY_DEL_EOS 0x1c1
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 308/578] platform/x86: acer-wmi: Ignore AC events
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 307/578] Input: allocate keycode for phone linking Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 309/578] KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map() Greg Kroah-Hartman
` (278 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Farhan Anwar, Rayan Margham,
Ilpo Järvinen, Armin Wolf, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Armin Wolf <W_Armin@gmx.de>
[ Upstream commit f6bfa25c6665f8721421ea94fe506cc22f1d4b43 ]
On the Acer Swift SFG14-41, the events 8 - 1 and 8 - 0 are printed on
AC connect/disconnect. Ignore those events to avoid spamming the
kernel log with error messages.
Reported-by: Farhan Anwar <farhan.anwar8@gmail.com>
Closes: https://lore.kernel.org/platform-driver-x86/2ffb529d-e7c8-4026-a3b8-120c8e7afec8@gmail.com
Tested-by: Rayan Margham <rayanmargham4@gmail.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Link: https://lore.kernel.org/r/20250119201723.11102-2-W_Armin@gmx.de
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/acer-wmi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/platform/x86/acer-wmi.c b/drivers/platform/x86/acer-wmi.c
index ee67efdd54995..da765a7dedbc4 100644
--- a/drivers/platform/x86/acer-wmi.c
+++ b/drivers/platform/x86/acer-wmi.c
@@ -88,6 +88,7 @@ enum acer_wmi_event_ids {
WMID_HOTKEY_EVENT = 0x1,
WMID_ACCEL_OR_KBD_DOCK_EVENT = 0x5,
WMID_GAMING_TURBO_KEY_EVENT = 0x7,
+ WMID_AC_EVENT = 0x8,
};
static const struct key_entry acer_wmi_keymap[] __initconst = {
@@ -1999,6 +2000,9 @@ static void acer_wmi_notify(u32 value, void *context)
if (return_value.key_num == 0x4)
acer_toggle_turbo();
break;
+ case WMID_AC_EVENT:
+ /* We ignore AC events here */
+ break;
default:
pr_warn("Unknown function number - %d - %d\n",
return_value.function, return_value.key_num);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 309/578] KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 308/578] platform/x86: acer-wmi: Ignore AC events Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 310/578] KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock Greg Kroah-Hartman
` (277 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Christopherson, Dmitry Osipenko,
Paolo Bonzini, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
[ Upstream commit c9be85dabb376299504e0d391d15662c0edf8273 ]
Mark the underlying page as dirty in kvmppc_e500_ref_setup()'s sole
caller, kvmppc_e500_shadow_map(), which will allow converting e500 to
__kvm_faultin_pfn() + kvm_release_faultin_page() without having to do
a weird dance between ref_setup() and shadow_map().
Opportunistically drop the redundant kvm_set_pfn_accessed(), as
shadow_map() puts the page via kvm_release_pfn_clean().
Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20241010182427.1434605-53-seanjc@google.com>
Stable-dep-of: 87ecfdbc699c ("KVM: e500: always restore irqs")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kvm/e500_mmu_host.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/arch/powerpc/kvm/e500_mmu_host.c b/arch/powerpc/kvm/e500_mmu_host.c
index 05668e9641406..4a086724db8c4 100644
--- a/arch/powerpc/kvm/e500_mmu_host.c
+++ b/arch/powerpc/kvm/e500_mmu_host.c
@@ -242,7 +242,7 @@ static inline int tlbe_is_writable(struct kvm_book3e_206_tlb_entry *tlbe)
return tlbe->mas7_3 & (MAS3_SW|MAS3_UW);
}
-static inline void kvmppc_e500_ref_setup(struct tlbe_ref *ref,
+static inline bool kvmppc_e500_ref_setup(struct tlbe_ref *ref,
struct kvm_book3e_206_tlb_entry *gtlbe,
kvm_pfn_t pfn, unsigned int wimg)
{
@@ -252,11 +252,7 @@ static inline void kvmppc_e500_ref_setup(struct tlbe_ref *ref,
/* Use guest supplied MAS2_G and MAS2_E */
ref->flags |= (gtlbe->mas2 & MAS2_ATTRIB_MASK) | wimg;
- /* Mark the page accessed */
- kvm_set_pfn_accessed(pfn);
-
- if (tlbe_is_writable(gtlbe))
- kvm_set_pfn_dirty(pfn);
+ return tlbe_is_writable(gtlbe);
}
static inline void kvmppc_e500_ref_release(struct tlbe_ref *ref)
@@ -337,6 +333,7 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
unsigned int wimg = 0;
pgd_t *pgdir;
unsigned long flags;
+ bool writable = false;
/* used to check for invalidations in progress */
mmu_seq = kvm->mmu_invalidate_seq;
@@ -490,7 +487,9 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
goto out;
}
}
- kvmppc_e500_ref_setup(ref, gtlbe, pfn, wimg);
+ writable = kvmppc_e500_ref_setup(ref, gtlbe, pfn, wimg);
+ if (writable)
+ kvm_set_pfn_dirty(pfn);
kvmppc_e500_setup_stlbe(&vcpu_e500->vcpu, gtlbe, tsize,
ref, gvaddr, stlbe);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 310/578] KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 309/578] KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map() Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 311/578] KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults Greg Kroah-Hartman
` (276 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Christopherson, Dmitry Osipenko,
Paolo Bonzini, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
[ Upstream commit 84cf78dcd9d65c45ab73998d4ad50f433d53fb93 ]
Mark pages accessed before dropping mmu_lock when faulting in guest memory
so that shadow_map() can convert to kvm_release_faultin_page() without
tripping its lockdep assertion on mmu_lock being held. Marking pages
accessed outside of mmu_lock is ok (not great, but safe), but marking
pages _dirty_ outside of mmu_lock can make filesystems unhappy.
Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20241010182427.1434605-54-seanjc@google.com>
Stable-dep-of: 87ecfdbc699c ("KVM: e500: always restore irqs")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kvm/e500_mmu_host.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/arch/powerpc/kvm/e500_mmu_host.c b/arch/powerpc/kvm/e500_mmu_host.c
index 4a086724db8c4..29f3e3463f400 100644
--- a/arch/powerpc/kvm/e500_mmu_host.c
+++ b/arch/powerpc/kvm/e500_mmu_host.c
@@ -498,11 +498,9 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
kvmppc_mmu_flush_icache(pfn);
out:
- spin_unlock(&kvm->mmu_lock);
-
/* Drop refcount on page, so that mmu notifiers can clear it */
kvm_release_pfn_clean(pfn);
-
+ spin_unlock(&kvm->mmu_lock);
return ret;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 311/578] KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 310/578] KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 312/578] KVM: e500: always restore irqs Greg Kroah-Hartman
` (275 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Christopherson, Dmitry Osipenko,
Paolo Bonzini, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
[ Upstream commit 419cfb983ca93e75e905794521afefcfa07988bb ]
Convert PPC e500 to use __kvm_faultin_pfn()+kvm_release_faultin_page(),
and continue the inexorable march towards the demise of
kvm_pfn_to_refcounted_page().
Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20241010182427.1434605-55-seanjc@google.com>
Stable-dep-of: 87ecfdbc699c ("KVM: e500: always restore irqs")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kvm/e500_mmu_host.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/arch/powerpc/kvm/e500_mmu_host.c b/arch/powerpc/kvm/e500_mmu_host.c
index 29f3e3463f400..3907922b6a8a2 100644
--- a/arch/powerpc/kvm/e500_mmu_host.c
+++ b/arch/powerpc/kvm/e500_mmu_host.c
@@ -322,6 +322,7 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
{
struct kvm_memory_slot *slot;
unsigned long pfn = 0; /* silence GCC warning */
+ struct page *page = NULL;
unsigned long hva;
int pfnmap = 0;
int tsize = BOOK3E_PAGESZ_4K;
@@ -443,7 +444,7 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
if (likely(!pfnmap)) {
tsize_pages = 1UL << (tsize + 10 - PAGE_SHIFT);
- pfn = gfn_to_pfn_memslot(slot, gfn);
+ pfn = __kvm_faultin_pfn(slot, gfn, FOLL_WRITE, NULL, &page);
if (is_error_noslot_pfn(pfn)) {
if (printk_ratelimit())
pr_err("%s: real page not found for gfn %lx\n",
@@ -488,8 +489,6 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
}
}
writable = kvmppc_e500_ref_setup(ref, gtlbe, pfn, wimg);
- if (writable)
- kvm_set_pfn_dirty(pfn);
kvmppc_e500_setup_stlbe(&vcpu_e500->vcpu, gtlbe, tsize,
ref, gvaddr, stlbe);
@@ -498,8 +497,7 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
kvmppc_mmu_flush_icache(pfn);
out:
- /* Drop refcount on page, so that mmu notifiers can clear it */
- kvm_release_pfn_clean(pfn);
+ kvm_release_faultin_page(kvm, page, !!ret, writable);
spin_unlock(&kvm->mmu_lock);
return ret;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 312/578] KVM: e500: always restore irqs
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 311/578] KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 313/578] usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning void Greg Kroah-Hartman
` (274 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Christopherson, Paolo Bonzini,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
[ Upstream commit 87ecfdbc699cc95fac73291b52650283ddcf929d ]
If find_linux_pte fails, IRQs will not be restored. This is unlikely
to happen in practice since it would have been reported as hanging
hosts, but it should of course be fixed anyway.
Cc: stable@vger.kernel.org
Reported-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kvm/e500_mmu_host.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kvm/e500_mmu_host.c b/arch/powerpc/kvm/e500_mmu_host.c
index 3907922b6a8a2..138fe5eb3801f 100644
--- a/arch/powerpc/kvm/e500_mmu_host.c
+++ b/arch/powerpc/kvm/e500_mmu_host.c
@@ -479,7 +479,6 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
if (pte_present(pte)) {
wimg = (pte_val(pte) >> PTE_WIMGE_SHIFT) &
MAS2_WIMGE_MASK;
- local_irq_restore(flags);
} else {
local_irq_restore(flags);
pr_err_ratelimited("%s: pte not present: gfn %lx,pfn %lx\n",
@@ -488,8 +487,9 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
goto out;
}
}
- writable = kvmppc_e500_ref_setup(ref, gtlbe, pfn, wimg);
+ local_irq_restore(flags);
+ writable = kvmppc_e500_ref_setup(ref, gtlbe, pfn, wimg);
kvmppc_e500_setup_stlbe(&vcpu_e500->vcpu, gtlbe, tsize,
ref, gvaddr, stlbe);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 313/578] usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning void
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 312/578] KVM: e500: always restore irqs Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 314/578] usb: chipidea: ci_hdrc_imx: decrement devices refcount in .remove() and in the error path of .probe() Greg Kroah-Hartman
` (273 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit ad593ed671feb49e93a77653886c042f68b6cdfd ]
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart from
emitting a warning) and this typically results in resource leaks. To improve
here there is a quest to make the remove callback return void. In the first
step of this quest all drivers are converted to .remove_new() which already
returns void. Eventually after all drivers are converted, .remove_new() is
renamed to .remove().
Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.kernel.org/r/20230517230239.187727-6-u.kleine-koenig@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 74adad500346 ("usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/chipidea/ci_hdrc_imx.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c
index 984087bbf3e2b..362dcb2374bb7 100644
--- a/drivers/usb/chipidea/ci_hdrc_imx.c
+++ b/drivers/usb/chipidea/ci_hdrc_imx.c
@@ -507,7 +507,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
return ret;
}
-static int ci_hdrc_imx_remove(struct platform_device *pdev)
+static void ci_hdrc_imx_remove(struct platform_device *pdev)
{
struct ci_hdrc_imx_data *data = platform_get_drvdata(pdev);
@@ -527,8 +527,6 @@ static int ci_hdrc_imx_remove(struct platform_device *pdev)
if (data->hsic_pad_regulator)
regulator_disable(data->hsic_pad_regulator);
}
-
- return 0;
}
static void ci_hdrc_imx_shutdown(struct platform_device *pdev)
@@ -674,7 +672,7 @@ static const struct dev_pm_ops ci_hdrc_imx_pm_ops = {
};
static struct platform_driver ci_hdrc_imx_driver = {
.probe = ci_hdrc_imx_probe,
- .remove = ci_hdrc_imx_remove,
+ .remove_new = ci_hdrc_imx_remove,
.shutdown = ci_hdrc_imx_shutdown,
.driver = {
.name = "imx_usb",
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 314/578] usb: chipidea: ci_hdrc_imx: decrement devices refcount in .remove() and in the error path of .probe()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 313/578] usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning void Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 315/578] net/ncsi: Add NC-SI 1.2 Get MC MAC Address command Greg Kroah-Hartman
` (272 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Joe Hattori, Peter Chen,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit 74adad500346fb07d69af2c79acbff4adb061134 ]
Current implementation of ci_hdrc_imx_driver does not decrement the
refcount of the device obtained in usbmisc_get_init_data(). Add a
put_device() call in .remove() and in .probe() before returning an
error.
This bug was found by an experimental static analysis tool that I am
developing.
Cc: stable <stable@kernel.org>
Fixes: f40017e0f332 ("chipidea: usbmisc_imx: Add USB support for VF610 SoCs")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Acked-by: Peter Chen <peter.chen@kernel.org>
Link: https://lore.kernel.org/r/20241216015539.352579-1-joe@pf.is.s.u-tokyo.ac.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/chipidea/ci_hdrc_imx.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c
index 362dcb2374bb7..07872440a8d96 100644
--- a/drivers/usb/chipidea/ci_hdrc_imx.c
+++ b/drivers/usb/chipidea/ci_hdrc_imx.c
@@ -357,25 +357,29 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
data->pinctrl = devm_pinctrl_get(dev);
if (PTR_ERR(data->pinctrl) == -ENODEV)
data->pinctrl = NULL;
- else if (IS_ERR(data->pinctrl))
- return dev_err_probe(dev, PTR_ERR(data->pinctrl),
+ else if (IS_ERR(data->pinctrl)) {
+ ret = dev_err_probe(dev, PTR_ERR(data->pinctrl),
"pinctrl get failed\n");
+ goto err_put;
+ }
data->hsic_pad_regulator =
devm_regulator_get_optional(dev, "hsic");
if (PTR_ERR(data->hsic_pad_regulator) == -ENODEV) {
/* no pad regualator is needed */
data->hsic_pad_regulator = NULL;
- } else if (IS_ERR(data->hsic_pad_regulator))
- return dev_err_probe(dev, PTR_ERR(data->hsic_pad_regulator),
+ } else if (IS_ERR(data->hsic_pad_regulator)) {
+ ret = dev_err_probe(dev, PTR_ERR(data->hsic_pad_regulator),
"Get HSIC pad regulator error\n");
+ goto err_put;
+ }
if (data->hsic_pad_regulator) {
ret = regulator_enable(data->hsic_pad_regulator);
if (ret) {
dev_err(dev,
"Failed to enable HSIC pad regulator\n");
- return ret;
+ goto err_put;
}
}
}
@@ -389,13 +393,14 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
dev_err(dev,
"pinctrl_hsic_idle lookup failed, err=%ld\n",
PTR_ERR(pinctrl_hsic_idle));
- return PTR_ERR(pinctrl_hsic_idle);
+ ret = PTR_ERR(pinctrl_hsic_idle);
+ goto err_put;
}
ret = pinctrl_select_state(data->pinctrl, pinctrl_hsic_idle);
if (ret) {
dev_err(dev, "hsic_idle select failed, err=%d\n", ret);
- return ret;
+ goto err_put;
}
data->pinctrl_hsic_active = pinctrl_lookup_state(data->pinctrl,
@@ -404,7 +409,8 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
dev_err(dev,
"pinctrl_hsic_active lookup failed, err=%ld\n",
PTR_ERR(data->pinctrl_hsic_active));
- return PTR_ERR(data->pinctrl_hsic_active);
+ ret = PTR_ERR(data->pinctrl_hsic_active);
+ goto err_put;
}
}
@@ -504,6 +510,8 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
if (pdata.flags & CI_HDRC_PMQOS)
cpu_latency_qos_remove_request(&data->pm_qos_req);
data->ci_pdev = NULL;
+err_put:
+ put_device(data->usbmisc_data->dev);
return ret;
}
@@ -527,6 +535,7 @@ static void ci_hdrc_imx_remove(struct platform_device *pdev)
if (data->hsic_pad_regulator)
regulator_disable(data->hsic_pad_regulator);
}
+ put_device(data->usbmisc_data->dev);
}
static void ci_hdrc_imx_shutdown(struct platform_device *pdev)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 315/578] net/ncsi: Add NC-SI 1.2 Get MC MAC Address command
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 314/578] usb: chipidea: ci_hdrc_imx: decrement devices refcount in .remove() and in the error path of .probe() Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 316/578] net/ncsi: fix locking in Get MAC Address handling Greg Kroah-Hartman
` (271 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Delevoryas, Patrick Williams,
David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Delevoryas <peter@pjd.dev>
[ Upstream commit b8291cf3d1180b5b61299922f17c9441616a805a ]
This change adds support for the NC-SI 1.2 Get MC MAC Address command,
specified here:
https://www.dmtf.org/sites/default/files/standards/documents/DSP0222_1.2.0.pdf
It serves the exact same function as the existing OEM Get MAC Address
commands, so if a channel reports that it supports NC-SI 1.2, we prefer
to use the standard command rather than the OEM command.
Verified with an invalid MAC address and 2 valid ones:
[ 55.137072] ftgmac100 1e690000.ftgmac eth0: NCSI: Received 3 provisioned MAC addresses
[ 55.137614] ftgmac100 1e690000.ftgmac eth0: NCSI: MAC address 0: 00:00:00:00:00:00
[ 55.138026] ftgmac100 1e690000.ftgmac eth0: NCSI: MAC address 1: fa:ce:b0:0c:20:22
[ 55.138528] ftgmac100 1e690000.ftgmac eth0: NCSI: MAC address 2: fa:ce:b0:0c:20:23
[ 55.139241] ftgmac100 1e690000.ftgmac eth0: NCSI: Unable to assign 00:00:00:00:00:00 to device
[ 55.140098] ftgmac100 1e690000.ftgmac eth0: NCSI: Set MAC address to fa:ce:b0:0c:20:22
Signed-off-by: Peter Delevoryas <peter@pjd.dev>
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 9e2bbab94b88 ("net/ncsi: fix locking in Get MAC Address handling")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ncsi/ncsi-cmd.c | 3 ++-
net/ncsi/ncsi-manage.c | 9 +++++++--
net/ncsi/ncsi-pkt.h | 10 ++++++++++
net/ncsi/ncsi-rsp.c | 41 ++++++++++++++++++++++++++++++++++++++++-
4 files changed, 59 insertions(+), 4 deletions(-)
diff --git a/net/ncsi/ncsi-cmd.c b/net/ncsi/ncsi-cmd.c
index dda8b76b77988..7be177f551731 100644
--- a/net/ncsi/ncsi-cmd.c
+++ b/net/ncsi/ncsi-cmd.c
@@ -269,7 +269,8 @@ static struct ncsi_cmd_handler {
{ NCSI_PKT_CMD_GPS, 0, ncsi_cmd_handler_default },
{ NCSI_PKT_CMD_OEM, -1, ncsi_cmd_handler_oem },
{ NCSI_PKT_CMD_PLDM, 0, NULL },
- { NCSI_PKT_CMD_GPUUID, 0, ncsi_cmd_handler_default }
+ { NCSI_PKT_CMD_GPUUID, 0, ncsi_cmd_handler_default },
+ { NCSI_PKT_CMD_GMCMA, 0, ncsi_cmd_handler_default }
};
static struct ncsi_request *ncsi_alloc_command(struct ncsi_cmd_arg *nca)
diff --git a/net/ncsi/ncsi-manage.c b/net/ncsi/ncsi-manage.c
index 760b33fa03a8b..4583b29971933 100644
--- a/net/ncsi/ncsi-manage.c
+++ b/net/ncsi/ncsi-manage.c
@@ -1040,11 +1040,16 @@ static void ncsi_configure_channel(struct ncsi_dev_priv *ndp)
case ncsi_dev_state_config_oem_gma:
nd->state = ncsi_dev_state_config_clear_vids;
- nca.type = NCSI_PKT_CMD_OEM;
nca.package = np->id;
nca.channel = nc->id;
ndp->pending_req_num = 1;
- ret = ncsi_gma_handler(&nca, nc->version.mf_id);
+ if (nc->version.major >= 1 && nc->version.minor >= 2) {
+ nca.type = NCSI_PKT_CMD_GMCMA;
+ ret = ncsi_xmit_cmd(&nca);
+ } else {
+ nca.type = NCSI_PKT_CMD_OEM;
+ ret = ncsi_gma_handler(&nca, nc->version.mf_id);
+ }
if (ret < 0)
schedule_work(&ndp->work);
diff --git a/net/ncsi/ncsi-pkt.h b/net/ncsi/ncsi-pkt.h
index c9d1da34dc4dc..f2f3b5c1b9412 100644
--- a/net/ncsi/ncsi-pkt.h
+++ b/net/ncsi/ncsi-pkt.h
@@ -338,6 +338,14 @@ struct ncsi_rsp_gpuuid_pkt {
__be32 checksum;
};
+/* Get MC MAC Address */
+struct ncsi_rsp_gmcma_pkt {
+ struct ncsi_rsp_pkt_hdr rsp;
+ unsigned char address_count;
+ unsigned char reserved[3];
+ unsigned char addresses[][ETH_ALEN];
+};
+
/* AEN: Link State Change */
struct ncsi_aen_lsc_pkt {
struct ncsi_aen_pkt_hdr aen; /* AEN header */
@@ -398,6 +406,7 @@ struct ncsi_aen_hncdsc_pkt {
#define NCSI_PKT_CMD_GPUUID 0x52 /* Get package UUID */
#define NCSI_PKT_CMD_QPNPR 0x56 /* Query Pending NC PLDM request */
#define NCSI_PKT_CMD_SNPR 0x57 /* Send NC PLDM Reply */
+#define NCSI_PKT_CMD_GMCMA 0x58 /* Get MC MAC Address */
/* NCSI packet responses */
@@ -433,6 +442,7 @@ struct ncsi_aen_hncdsc_pkt {
#define NCSI_PKT_RSP_GPUUID (NCSI_PKT_CMD_GPUUID + 0x80)
#define NCSI_PKT_RSP_QPNPR (NCSI_PKT_CMD_QPNPR + 0x80)
#define NCSI_PKT_RSP_SNPR (NCSI_PKT_CMD_SNPR + 0x80)
+#define NCSI_PKT_RSP_GMCMA (NCSI_PKT_CMD_GMCMA + 0x80)
/* NCSI response code/reason */
#define NCSI_PKT_RSP_C_COMPLETED 0x0000 /* Command Completed */
diff --git a/net/ncsi/ncsi-rsp.c b/net/ncsi/ncsi-rsp.c
index f22d67cb04d37..e28be33bdf2c4 100644
--- a/net/ncsi/ncsi-rsp.c
+++ b/net/ncsi/ncsi-rsp.c
@@ -1093,6 +1093,44 @@ static int ncsi_rsp_handler_netlink(struct ncsi_request *nr)
return ret;
}
+static int ncsi_rsp_handler_gmcma(struct ncsi_request *nr)
+{
+ struct ncsi_dev_priv *ndp = nr->ndp;
+ struct net_device *ndev = ndp->ndev.dev;
+ struct ncsi_rsp_gmcma_pkt *rsp;
+ struct sockaddr saddr;
+ int ret = -1;
+ int i;
+
+ rsp = (struct ncsi_rsp_gmcma_pkt *)skb_network_header(nr->rsp);
+ saddr.sa_family = ndev->type;
+ ndev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
+
+ netdev_info(ndev, "NCSI: Received %d provisioned MAC addresses\n",
+ rsp->address_count);
+ for (i = 0; i < rsp->address_count; i++) {
+ netdev_info(ndev, "NCSI: MAC address %d: %02x:%02x:%02x:%02x:%02x:%02x\n",
+ i, rsp->addresses[i][0], rsp->addresses[i][1],
+ rsp->addresses[i][2], rsp->addresses[i][3],
+ rsp->addresses[i][4], rsp->addresses[i][5]);
+ }
+
+ for (i = 0; i < rsp->address_count; i++) {
+ memcpy(saddr.sa_data, &rsp->addresses[i], ETH_ALEN);
+ ret = ndev->netdev_ops->ndo_set_mac_address(ndev, &saddr);
+ if (ret < 0) {
+ netdev_warn(ndev, "NCSI: Unable to assign %pM to device\n",
+ saddr.sa_data);
+ continue;
+ }
+ netdev_warn(ndev, "NCSI: Set MAC address to %pM\n", saddr.sa_data);
+ break;
+ }
+
+ ndp->gma_flag = ret == 0;
+ return ret;
+}
+
static struct ncsi_rsp_handler {
unsigned char type;
int payload;
@@ -1129,7 +1167,8 @@ static struct ncsi_rsp_handler {
{ NCSI_PKT_RSP_PLDM, -1, ncsi_rsp_handler_pldm },
{ NCSI_PKT_RSP_GPUUID, 20, ncsi_rsp_handler_gpuuid },
{ NCSI_PKT_RSP_QPNPR, -1, ncsi_rsp_handler_pldm },
- { NCSI_PKT_RSP_SNPR, -1, ncsi_rsp_handler_pldm }
+ { NCSI_PKT_RSP_SNPR, -1, ncsi_rsp_handler_pldm },
+ { NCSI_PKT_RSP_GMCMA, -1, ncsi_rsp_handler_gmcma },
};
int ncsi_rcv_rsp(struct sk_buff *skb, struct net_device *dev,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 316/578] net/ncsi: fix locking in Get MAC Address handling
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 315/578] net/ncsi: Add NC-SI 1.2 Get MC MAC Address command Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 317/578] gpio: xilinx: Convert to immutable irq_chip Greg Kroah-Hartman
` (270 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paul Fertser, Potin Lai,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Fertser <fercerpav@gmail.com>
[ Upstream commit 9e2bbab94b88295dcc57c7580393c9ee08d7314d ]
Obtaining RTNL lock in a response handler is not allowed since it runs
in an atomic softirq context. Postpone setting the MAC address by adding
a dedicated step to the configuration FSM.
Fixes: 790071347a0a ("net/ncsi: change from ndo_set_mac_address to dev_set_mac_address")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/20241129-potin-revert-ncsi-set-mac-addr-v1-1-94ea2cb596af@gmail.com
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Tested-by: Potin Lai <potin.lai.pt@gmail.com>
Link: https://patch.msgid.link/20250109145054.30925-1-fercerpav@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ncsi/internal.h | 2 ++
net/ncsi/ncsi-manage.c | 16 ++++++++++++++--
net/ncsi/ncsi-rsp.c | 19 ++++++-------------
3 files changed, 22 insertions(+), 15 deletions(-)
diff --git a/net/ncsi/internal.h b/net/ncsi/internal.h
index ef0f8f73826f5..4e0842df5234e 100644
--- a/net/ncsi/internal.h
+++ b/net/ncsi/internal.h
@@ -289,6 +289,7 @@ enum {
ncsi_dev_state_config_sp = 0x0301,
ncsi_dev_state_config_cis,
ncsi_dev_state_config_oem_gma,
+ ncsi_dev_state_config_apply_mac,
ncsi_dev_state_config_clear_vids,
ncsi_dev_state_config_svf,
ncsi_dev_state_config_ev,
@@ -322,6 +323,7 @@ struct ncsi_dev_priv {
#define NCSI_DEV_RESHUFFLE 4
#define NCSI_DEV_RESET 8 /* Reset state of NC */
unsigned int gma_flag; /* OEM GMA flag */
+ struct sockaddr pending_mac; /* MAC address received from GMA */
spinlock_t lock; /* Protect the NCSI device */
unsigned int package_probe_id;/* Current ID during probe */
unsigned int package_num; /* Number of packages */
diff --git a/net/ncsi/ncsi-manage.c b/net/ncsi/ncsi-manage.c
index 4583b29971933..2281eb1a0a03b 100644
--- a/net/ncsi/ncsi-manage.c
+++ b/net/ncsi/ncsi-manage.c
@@ -1038,7 +1038,7 @@ static void ncsi_configure_channel(struct ncsi_dev_priv *ndp)
: ncsi_dev_state_config_clear_vids;
break;
case ncsi_dev_state_config_oem_gma:
- nd->state = ncsi_dev_state_config_clear_vids;
+ nd->state = ncsi_dev_state_config_apply_mac;
nca.package = np->id;
nca.channel = nc->id;
@@ -1050,10 +1050,22 @@ static void ncsi_configure_channel(struct ncsi_dev_priv *ndp)
nca.type = NCSI_PKT_CMD_OEM;
ret = ncsi_gma_handler(&nca, nc->version.mf_id);
}
- if (ret < 0)
+ if (ret < 0) {
+ nd->state = ncsi_dev_state_config_clear_vids;
schedule_work(&ndp->work);
+ }
break;
+ case ncsi_dev_state_config_apply_mac:
+ rtnl_lock();
+ ret = dev_set_mac_address(dev, &ndp->pending_mac, NULL);
+ rtnl_unlock();
+ if (ret < 0)
+ netdev_warn(dev, "NCSI: 'Writing MAC address to device failed\n");
+
+ nd->state = ncsi_dev_state_config_clear_vids;
+
+ fallthrough;
case ncsi_dev_state_config_clear_vids:
case ncsi_dev_state_config_svf:
case ncsi_dev_state_config_ev:
diff --git a/net/ncsi/ncsi-rsp.c b/net/ncsi/ncsi-rsp.c
index e28be33bdf2c4..14bd66909ca45 100644
--- a/net/ncsi/ncsi-rsp.c
+++ b/net/ncsi/ncsi-rsp.c
@@ -628,16 +628,14 @@ static int ncsi_rsp_handler_snfc(struct ncsi_request *nr)
static int ncsi_rsp_handler_oem_gma(struct ncsi_request *nr, int mfr_id)
{
struct ncsi_dev_priv *ndp = nr->ndp;
+ struct sockaddr *saddr = &ndp->pending_mac;
struct net_device *ndev = ndp->ndev.dev;
struct ncsi_rsp_oem_pkt *rsp;
- struct sockaddr saddr;
u32 mac_addr_off = 0;
- int ret = 0;
/* Get the response header */
rsp = (struct ncsi_rsp_oem_pkt *)skb_network_header(nr->rsp);
- saddr.sa_family = ndev->type;
ndev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
if (mfr_id == NCSI_OEM_MFR_BCM_ID)
mac_addr_off = BCM_MAC_ADDR_OFFSET;
@@ -646,22 +644,17 @@ static int ncsi_rsp_handler_oem_gma(struct ncsi_request *nr, int mfr_id)
else if (mfr_id == NCSI_OEM_MFR_INTEL_ID)
mac_addr_off = INTEL_MAC_ADDR_OFFSET;
- memcpy(saddr.sa_data, &rsp->data[mac_addr_off], ETH_ALEN);
+ saddr->sa_family = ndev->type;
+ memcpy(saddr->sa_data, &rsp->data[mac_addr_off], ETH_ALEN);
if (mfr_id == NCSI_OEM_MFR_BCM_ID || mfr_id == NCSI_OEM_MFR_INTEL_ID)
- eth_addr_inc((u8 *)saddr.sa_data);
- if (!is_valid_ether_addr((const u8 *)saddr.sa_data))
+ eth_addr_inc((u8 *)saddr->sa_data);
+ if (!is_valid_ether_addr((const u8 *)saddr->sa_data))
return -ENXIO;
/* Set the flag for GMA command which should only be called once */
ndp->gma_flag = 1;
- rtnl_lock();
- ret = dev_set_mac_address(ndev, &saddr, NULL);
- rtnl_unlock();
- if (ret < 0)
- netdev_warn(ndev, "NCSI: 'Writing mac address to device failed\n");
-
- return ret;
+ return 0;
}
/* Response handler for Mellanox card */
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 317/578] gpio: xilinx: Convert to immutable irq_chip
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 316/578] net/ncsi: fix locking in Get MAC Address handling Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 318/578] gpio: xilinx: Convert gpio_lock to raw spinlock Greg Kroah-Hartman
` (269 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marc Zyngier, Linus Walleij,
Bartosz Golaszewski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Linus Walleij <linus.walleij@linaro.org>
[ Upstream commit b4510f8fd5d0e9afa777f115871f5d522540c417 ]
Convert the driver to immutable irq-chip with a bit of
intuition.
Cc: Marc Zyngier <maz@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Stable-dep-of: 9860370c2172 ("gpio: xilinx: Convert gpio_lock to raw spinlock")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-xilinx.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/drivers/gpio/gpio-xilinx.c b/drivers/gpio/gpio-xilinx.c
index 2fc6b6ff7f165..31f05c7d5915e 100644
--- a/drivers/gpio/gpio-xilinx.c
+++ b/drivers/gpio/gpio-xilinx.c
@@ -68,7 +68,6 @@ struct xgpio_instance {
DECLARE_BITMAP(dir, 64);
spinlock_t gpio_lock; /* For serializing operations */
int irq;
- struct irq_chip irqchip;
DECLARE_BITMAP(enable, 64);
DECLARE_BITMAP(rising_edge, 64);
DECLARE_BITMAP(falling_edge, 64);
@@ -416,6 +415,8 @@ static void xgpio_irq_mask(struct irq_data *irq_data)
xgpio_writereg(chip->regs + XGPIO_IPIER_OFFSET, temp);
}
spin_unlock_irqrestore(&chip->gpio_lock, flags);
+
+ gpiochip_disable_irq(&chip->gc, irq_offset);
}
/**
@@ -431,6 +432,8 @@ static void xgpio_irq_unmask(struct irq_data *irq_data)
u32 old_enable = xgpio_get_value32(chip->enable, bit);
u32 mask = BIT(bit / 32), val;
+ gpiochip_enable_irq(&chip->gc, irq_offset);
+
spin_lock_irqsave(&chip->gpio_lock, flags);
__set_bit(bit, chip->enable);
@@ -544,6 +547,16 @@ static void xgpio_irqhandler(struct irq_desc *desc)
chained_irq_exit(irqchip, desc);
}
+static const struct irq_chip xgpio_irq_chip = {
+ .name = "gpio-xilinx",
+ .irq_ack = xgpio_irq_ack,
+ .irq_mask = xgpio_irq_mask,
+ .irq_unmask = xgpio_irq_unmask,
+ .irq_set_type = xgpio_set_irq_type,
+ .flags = IRQCHIP_IMMUTABLE,
+ GPIOCHIP_IRQ_RESOURCE_HELPERS,
+};
+
/**
* xgpio_probe - Probe method for the GPIO device.
* @pdev: pointer to the platform device
@@ -664,12 +677,6 @@ static int xgpio_probe(struct platform_device *pdev)
if (chip->irq <= 0)
goto skip_irq;
- chip->irqchip.name = "gpio-xilinx";
- chip->irqchip.irq_ack = xgpio_irq_ack;
- chip->irqchip.irq_mask = xgpio_irq_mask;
- chip->irqchip.irq_unmask = xgpio_irq_unmask;
- chip->irqchip.irq_set_type = xgpio_set_irq_type;
-
/* Disable per-channel interrupts */
xgpio_writereg(chip->regs + XGPIO_IPIER_OFFSET, 0);
/* Clear any existing per-channel interrupts */
@@ -679,7 +686,7 @@ static int xgpio_probe(struct platform_device *pdev)
xgpio_writereg(chip->regs + XGPIO_GIER_OFFSET, XGPIO_GIER_IE);
girq = &chip->gc.irq;
- girq->chip = &chip->irqchip;
+ gpio_irq_chip_set_chip(girq, &xgpio_irq_chip);
girq->parent_handler = xgpio_irqhandler;
girq->num_parents = 1;
girq->parents = devm_kcalloc(&pdev->dev, 1,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 318/578] gpio: xilinx: Convert gpio_lock to raw spinlock
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 317/578] gpio: xilinx: Convert to immutable irq_chip Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 319/578] xfs: report realtime block quota limits on realtime directories Greg Kroah-Hartman
` (268 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Anderson, Bartosz Golaszewski,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Anderson <sean.anderson@linux.dev>
[ Upstream commit 9860370c2172704b6b4f0075a0c2a29fd84af96a ]
irq_chip functions may be called in raw spinlock context. Therefore, we
must also use a raw spinlock for our own internal locking.
This fixes the following lockdep splat:
[ 5.349336] =============================
[ 5.353349] [ BUG: Invalid wait context ]
[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W
[ 5.363031] -----------------------------
[ 5.367045] kworker/u17:1/44 is trying to lock:
[ 5.371587] ffffff88018b02c0 (&chip->gpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))
[ 5.380079] other info that might help us debug this:
[ 5.385138] context-{5:5}
[ 5.387762] 5 locks held by kworker/u17:1/44:
[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)
[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)
[ 5.411528] #2: ffffff880172c900 (&dev->mutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)
[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)
[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)
[ 5.436472] stack backtrace:
[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69
[ 5.448690] Tainted: [W]=WARN
[ 5.451656] Hardware name: xlnx,zynqmp (DT)
[ 5.455845] Workqueue: events_unbound deferred_probe_work_func
[ 5.461699] Call trace:
[ 5.464147] show_stack+0x18/0x24 C
[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)
[ 5.471501] dump_stack (lib/dump_stack.c:130)
[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)
[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)
[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)
[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))
[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)
[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)
[ 5.497645] irq_startup (kernel/irq/chip.c:270)
[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)
[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)
Fixes: a32c7caea292 ("gpio: gpio-xilinx: Add interrupt support")
Signed-off-by: Sean Anderson <sean.anderson@linux.dev>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20250110163354.2012654-1-sean.anderson@linux.dev
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-xilinx.c | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/drivers/gpio/gpio-xilinx.c b/drivers/gpio/gpio-xilinx.c
index 31f05c7d5915e..06ab5b71dcee2 100644
--- a/drivers/gpio/gpio-xilinx.c
+++ b/drivers/gpio/gpio-xilinx.c
@@ -66,7 +66,7 @@ struct xgpio_instance {
DECLARE_BITMAP(state, 64);
DECLARE_BITMAP(last_irq_read, 64);
DECLARE_BITMAP(dir, 64);
- spinlock_t gpio_lock; /* For serializing operations */
+ raw_spinlock_t gpio_lock; /* For serializing operations */
int irq;
DECLARE_BITMAP(enable, 64);
DECLARE_BITMAP(rising_edge, 64);
@@ -180,14 +180,14 @@ static void xgpio_set(struct gpio_chip *gc, unsigned int gpio, int val)
struct xgpio_instance *chip = gpiochip_get_data(gc);
int bit = xgpio_to_bit(chip, gpio);
- spin_lock_irqsave(&chip->gpio_lock, flags);
+ raw_spin_lock_irqsave(&chip->gpio_lock, flags);
/* Write to GPIO signal and set its direction to output */
__assign_bit(bit, chip->state, val);
xgpio_write_ch(chip, XGPIO_DATA_OFFSET, bit, chip->state);
- spin_unlock_irqrestore(&chip->gpio_lock, flags);
+ raw_spin_unlock_irqrestore(&chip->gpio_lock, flags);
}
/**
@@ -211,7 +211,7 @@ static void xgpio_set_multiple(struct gpio_chip *gc, unsigned long *mask,
bitmap_remap(hw_mask, mask, chip->sw_map, chip->hw_map, 64);
bitmap_remap(hw_bits, bits, chip->sw_map, chip->hw_map, 64);
- spin_lock_irqsave(&chip->gpio_lock, flags);
+ raw_spin_lock_irqsave(&chip->gpio_lock, flags);
bitmap_replace(state, chip->state, hw_bits, hw_mask, 64);
@@ -219,7 +219,7 @@ static void xgpio_set_multiple(struct gpio_chip *gc, unsigned long *mask,
bitmap_copy(chip->state, state, 64);
- spin_unlock_irqrestore(&chip->gpio_lock, flags);
+ raw_spin_unlock_irqrestore(&chip->gpio_lock, flags);
}
/**
@@ -237,13 +237,13 @@ static int xgpio_dir_in(struct gpio_chip *gc, unsigned int gpio)
struct xgpio_instance *chip = gpiochip_get_data(gc);
int bit = xgpio_to_bit(chip, gpio);
- spin_lock_irqsave(&chip->gpio_lock, flags);
+ raw_spin_lock_irqsave(&chip->gpio_lock, flags);
/* Set the GPIO bit in shadow register and set direction as input */
__set_bit(bit, chip->dir);
xgpio_write_ch(chip, XGPIO_TRI_OFFSET, bit, chip->dir);
- spin_unlock_irqrestore(&chip->gpio_lock, flags);
+ raw_spin_unlock_irqrestore(&chip->gpio_lock, flags);
return 0;
}
@@ -266,7 +266,7 @@ static int xgpio_dir_out(struct gpio_chip *gc, unsigned int gpio, int val)
struct xgpio_instance *chip = gpiochip_get_data(gc);
int bit = xgpio_to_bit(chip, gpio);
- spin_lock_irqsave(&chip->gpio_lock, flags);
+ raw_spin_lock_irqsave(&chip->gpio_lock, flags);
/* Write state of GPIO signal */
__assign_bit(bit, chip->state, val);
@@ -276,7 +276,7 @@ static int xgpio_dir_out(struct gpio_chip *gc, unsigned int gpio, int val)
__clear_bit(bit, chip->dir);
xgpio_write_ch(chip, XGPIO_TRI_OFFSET, bit, chip->dir);
- spin_unlock_irqrestore(&chip->gpio_lock, flags);
+ raw_spin_unlock_irqrestore(&chip->gpio_lock, flags);
return 0;
}
@@ -404,7 +404,7 @@ static void xgpio_irq_mask(struct irq_data *irq_data)
int bit = xgpio_to_bit(chip, irq_offset);
u32 mask = BIT(bit / 32), temp;
- spin_lock_irqsave(&chip->gpio_lock, flags);
+ raw_spin_lock_irqsave(&chip->gpio_lock, flags);
__clear_bit(bit, chip->enable);
@@ -414,7 +414,7 @@ static void xgpio_irq_mask(struct irq_data *irq_data)
temp &= ~mask;
xgpio_writereg(chip->regs + XGPIO_IPIER_OFFSET, temp);
}
- spin_unlock_irqrestore(&chip->gpio_lock, flags);
+ raw_spin_unlock_irqrestore(&chip->gpio_lock, flags);
gpiochip_disable_irq(&chip->gc, irq_offset);
}
@@ -434,7 +434,7 @@ static void xgpio_irq_unmask(struct irq_data *irq_data)
gpiochip_enable_irq(&chip->gc, irq_offset);
- spin_lock_irqsave(&chip->gpio_lock, flags);
+ raw_spin_lock_irqsave(&chip->gpio_lock, flags);
__set_bit(bit, chip->enable);
@@ -453,7 +453,7 @@ static void xgpio_irq_unmask(struct irq_data *irq_data)
xgpio_writereg(chip->regs + XGPIO_IPIER_OFFSET, val);
}
- spin_unlock_irqrestore(&chip->gpio_lock, flags);
+ raw_spin_unlock_irqrestore(&chip->gpio_lock, flags);
}
/**
@@ -518,7 +518,7 @@ static void xgpio_irqhandler(struct irq_desc *desc)
chained_irq_enter(irqchip, desc);
- spin_lock(&chip->gpio_lock);
+ raw_spin_lock(&chip->gpio_lock);
xgpio_read_ch_all(chip, XGPIO_DATA_OFFSET, all);
@@ -535,7 +535,7 @@ static void xgpio_irqhandler(struct irq_desc *desc)
bitmap_copy(chip->last_irq_read, all, 64);
bitmap_or(all, rising, falling, 64);
- spin_unlock(&chip->gpio_lock);
+ raw_spin_unlock(&chip->gpio_lock);
dev_dbg(gc->parent, "IRQ rising %*pb falling %*pb\n", 64, rising, 64, falling);
@@ -636,7 +636,7 @@ static int xgpio_probe(struct platform_device *pdev)
bitmap_set(chip->hw_map, 0, width[0]);
bitmap_set(chip->hw_map, 32, width[1]);
- spin_lock_init(&chip->gpio_lock);
+ raw_spin_lock_init(&chip->gpio_lock);
chip->gc.base = -1;
chip->gc.ngpio = bitmap_weight(chip->hw_map, 64);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 319/578] xfs: report realtime block quota limits on realtime directories
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 318/578] gpio: xilinx: Convert gpio_lock to raw spinlock Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 320/578] xfs: dont over-report free space or inodes in statvfs Greg Kroah-Hartman
` (267 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Darrick J. Wong, Christoph Hellwig,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Darrick J. Wong <djwong@kernel.org>
[ Upstream commit 9a17ebfea9d0c7e0bb7409dcf655bf982a5d6e52 ]
On the data device, calling statvfs on a projinherit directory results
in the block and avail counts being curtailed to the project quota block
limits, if any are set. Do the same for realtime files or directories,
only use the project quota rt block limits.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Stable-dep-of: 4b8d867ca6e2 ("xfs: don't over-report free space or inodes in statvfs")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/xfs/xfs_qm_bhv.c | 18 ++++++++++++------
fs/xfs/xfs_super.c | 11 +++++------
2 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/fs/xfs/xfs_qm_bhv.c b/fs/xfs/xfs_qm_bhv.c
index b77673dd05581..268a07218c777 100644
--- a/fs/xfs/xfs_qm_bhv.c
+++ b/fs/xfs/xfs_qm_bhv.c
@@ -19,18 +19,24 @@
STATIC void
xfs_fill_statvfs_from_dquot(
struct kstatfs *statp,
+ struct xfs_inode *ip,
struct xfs_dquot *dqp)
{
+ struct xfs_dquot_res *blkres = &dqp->q_blk;
uint64_t limit;
- limit = dqp->q_blk.softlimit ?
- dqp->q_blk.softlimit :
- dqp->q_blk.hardlimit;
+ if (XFS_IS_REALTIME_MOUNT(ip->i_mount) &&
+ (ip->i_diflags & (XFS_DIFLAG_RTINHERIT | XFS_DIFLAG_REALTIME)))
+ blkres = &dqp->q_rtb;
+
+ limit = blkres->softlimit ?
+ blkres->softlimit :
+ blkres->hardlimit;
if (limit && statp->f_blocks > limit) {
statp->f_blocks = limit;
statp->f_bfree = statp->f_bavail =
- (statp->f_blocks > dqp->q_blk.reserved) ?
- (statp->f_blocks - dqp->q_blk.reserved) : 0;
+ (statp->f_blocks > blkres->reserved) ?
+ (statp->f_blocks - blkres->reserved) : 0;
}
limit = dqp->q_ino.softlimit ?
@@ -61,7 +67,7 @@ xfs_qm_statvfs(
struct xfs_dquot *dqp;
if (!xfs_qm_dqget(mp, ip->i_projid, XFS_DQTYPE_PROJ, false, &dqp)) {
- xfs_fill_statvfs_from_dquot(statp, dqp);
+ xfs_fill_statvfs_from_dquot(statp, ip, dqp);
xfs_qm_dqput(dqp);
}
}
diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c
index 1c143c69da6ed..2ef331132fca7 100644
--- a/fs/xfs/xfs_super.c
+++ b/fs/xfs/xfs_super.c
@@ -849,12 +849,6 @@ xfs_fs_statfs(
ffree = statp->f_files - (icount - ifree);
statp->f_ffree = max_t(int64_t, ffree, 0);
-
- if ((ip->i_diflags & XFS_DIFLAG_PROJINHERIT) &&
- ((mp->m_qflags & (XFS_PQUOTA_ACCT|XFS_PQUOTA_ENFD))) ==
- (XFS_PQUOTA_ACCT|XFS_PQUOTA_ENFD))
- xfs_qm_statvfs(ip, statp);
-
if (XFS_IS_REALTIME_MOUNT(mp) &&
(ip->i_diflags & (XFS_DIFLAG_RTINHERIT | XFS_DIFLAG_REALTIME))) {
s64 freertx;
@@ -864,6 +858,11 @@ xfs_fs_statfs(
statp->f_bavail = statp->f_bfree = freertx * sbp->sb_rextsize;
}
+ if ((ip->i_diflags & XFS_DIFLAG_PROJINHERIT) &&
+ ((mp->m_qflags & (XFS_PQUOTA_ACCT|XFS_PQUOTA_ENFD))) ==
+ (XFS_PQUOTA_ACCT|XFS_PQUOTA_ENFD))
+ xfs_qm_statvfs(ip, statp);
+
return 0;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 320/578] xfs: dont over-report free space or inodes in statvfs
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 319/578] xfs: report realtime block quota limits on realtime directories Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 321/578] nvme: handle connectivity loss in nvme_set_queue_count Greg Kroah-Hartman
` (266 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Emmanuel Florac, Darrick J. Wong,
Christoph Hellwig, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Darrick J. Wong <djwong@kernel.org>
[ Upstream commit 4b8d867ca6e2fc6d152f629fdaf027053b81765a ]
Emmanual Florac reports a strange occurrence when project quota limits
are enabled, free space is lower than the remaining quota, and someone
runs statvfs:
# mkfs.xfs -f /dev/sda
# mount /dev/sda /mnt -o prjquota
# xfs_quota -x -c 'limit -p bhard=2G 55' /mnt
# mkdir /mnt/dir
# xfs_io -c 'chproj 55' -c 'chattr +P' -c 'stat -vvvv' /mnt/dir
# fallocate -l 19g /mnt/a
# df /mnt /mnt/dir
Filesystem Size Used Avail Use% Mounted on
/dev/sda 20G 20G 345M 99% /mnt
/dev/sda 2.0G 0 2.0G 0% /mnt
I think the bug here is that xfs_fill_statvfs_from_dquot unconditionally
assigns to f_bfree without checking that the filesystem has enough free
space to fill the remaining project quota. However, this is a
longstanding behavior of xfs so it's unclear what to do here.
Cc: <stable@vger.kernel.org> # v2.6.18
Fixes: 932f2c323196c2 ("[XFS] statvfs component of directory/project quota support, code originally by Glen.")
Reported-by: Emmanuel Florac <eflorac@intellique.com>
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/xfs/xfs_qm_bhv.c | 27 +++++++++++++++++----------
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/fs/xfs/xfs_qm_bhv.c b/fs/xfs/xfs_qm_bhv.c
index 268a07218c777..26b2c449f3c66 100644
--- a/fs/xfs/xfs_qm_bhv.c
+++ b/fs/xfs/xfs_qm_bhv.c
@@ -32,21 +32,28 @@ xfs_fill_statvfs_from_dquot(
limit = blkres->softlimit ?
blkres->softlimit :
blkres->hardlimit;
- if (limit && statp->f_blocks > limit) {
- statp->f_blocks = limit;
- statp->f_bfree = statp->f_bavail =
- (statp->f_blocks > blkres->reserved) ?
- (statp->f_blocks - blkres->reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > blkres->reserved)
+ remaining = limit - blkres->reserved;
+
+ statp->f_blocks = min(statp->f_blocks, limit);
+ statp->f_bfree = min(statp->f_bfree, remaining);
+ statp->f_bavail = min(statp->f_bavail, remaining);
}
limit = dqp->q_ino.softlimit ?
dqp->q_ino.softlimit :
dqp->q_ino.hardlimit;
- if (limit && statp->f_files > limit) {
- statp->f_files = limit;
- statp->f_ffree =
- (statp->f_files > dqp->q_ino.reserved) ?
- (statp->f_files - dqp->q_ino.reserved) : 0;
+ if (limit) {
+ uint64_t remaining = 0;
+
+ if (limit > dqp->q_ino.reserved)
+ remaining = limit - dqp->q_ino.reserved;
+
+ statp->f_files = min(statp->f_files, limit);
+ statp->f_ffree = min(statp->f_ffree, remaining);
}
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 321/578] nvme: handle connectivity loss in nvme_set_queue_count
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 320/578] xfs: dont over-report free space or inodes in statvfs Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 322/578] firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Greg Kroah-Hartman
` (265 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Hannes Reinecke,
Sagi Grimberg, Daniel Wagner, Keith Busch, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Wagner <wagi@kernel.org>
[ Upstream commit 294b2b7516fd06a8dd82e4a6118f318ec521e706 ]
When the set feature attempts fails with any NVME status code set in
nvme_set_queue_count, the function still report success. Though the
numbers of queues set to 0. This is done to support controllers in
degraded state (the admin queue is still up and running but no IO
queues).
Though there is an exception. When nvme_set_features reports an host
path error, nvme_set_queue_count should propagate this error as the
connectivity is lost, which means also the admin queue is not working
anymore.
Fixes: 9a0be7abb62f ("nvme: refactor set_queue_count")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Daniel Wagner <wagi@kernel.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/core.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index abca395385b2e..ba76cd3b5f852 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -1609,7 +1609,13 @@ int nvme_set_queue_count(struct nvme_ctrl *ctrl, int *count)
status = nvme_set_features(ctrl, NVME_FEAT_NUM_QUEUES, q_count, NULL, 0,
&result);
- if (status < 0)
+
+ /*
+ * It's either a kernel error or the host observed a connection
+ * lost. In either case it's not possible communicate with the
+ * controller and thus enter the error code path.
+ */
+ if (status < 0 || status == NVME_SC_HOST_PATH_ERROR)
return status;
/*
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 322/578] firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 321/578] nvme: handle connectivity loss in nvme_set_queue_count Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 323/578] gpu: drm_dp_cec: fix broken CEC adapter properties check Greg Kroah-Hartman
` (264 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Prasad Pandit, Konrad Rzeszutek Wilk,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Prasad Pandit <pjp@fedoraproject.org>
[ Upstream commit e1e17a1715982201034024863efbf238bee2bdf9 ]
Fix ISCSI_IBFT Kconfig entry, replace tab with a space character.
Fixes: 138fe4e0697 ("Firmware: add iSCSI iBFT Support")
Signed-off-by: Prasad Pandit <pjp@fedoraproject.org>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/Kconfig b/drivers/firmware/Kconfig
index b59e3041fd627..5583ae61f214b 100644
--- a/drivers/firmware/Kconfig
+++ b/drivers/firmware/Kconfig
@@ -139,7 +139,7 @@ config ISCSI_IBFT
select ISCSI_BOOT_SYSFS
select ISCSI_IBFT_FIND if X86
depends on ACPI && SCSI && SCSI_LOWLEVEL
- default n
+ default n
help
This option enables support for detection and exposing of iSCSI
Boot Firmware Table (iBFT) via sysfs to userspace. If you wish to
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 323/578] gpu: drm_dp_cec: fix broken CEC adapter properties check
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 322/578] firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 324/578] tg3: Disable tg3 PCIe AER on system reboot Greg Kroah-Hartman
` (263 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans Verkuil, Farblos,
Dmitry Baryshkov, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hverkuil@xs4all.nl>
[ Upstream commit 6daaae5ff7f3b23a2dacc9c387ff3d4f95b67cad ]
If the hotplug detect of a display is low for longer than one second
(configurable through drm_dp_cec_unregister_delay), then the CEC adapter
is unregistered since we assume the display was disconnected. If the
HPD went low for less than one second, then we check if the properties
of the CEC adapter have changed, since that indicates that we actually
switch to new hardware and we have to unregister the old CEC device and
register a new one.
Unfortunately, the test for changed properties was written poorly, and
after a new CEC capability was added to the CEC core code the test always
returned true (i.e. the properties had changed).
As a result the CEC device was unregistered and re-registered for every
HPD toggle. If the CEC remote controller integration was also enabled
(CONFIG_MEDIA_CEC_RC was set), then the corresponding input device was
also unregistered and re-registered. As a result the input device in
/sys would keep incrementing its number, e.g.:
/sys/devices/pci0000:00/0000:00:08.1/0000:e7:00.0/rc/rc0/input20
Since short HPD toggles are common, the number could over time get into
the thousands.
While not a serious issue (i.e. nothing crashes), it is not intended
to work that way.
This patch changes the test so that it only checks for the single CEC
capability that can actually change, and it ignores any other
capabilities, so this is now safe as well if new caps are added in
the future.
With the changed test the bit under #ifndef CONFIG_MEDIA_CEC_RC can be
dropped as well, so that's a nice cleanup.
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Reported-by: Farblos <farblos@vodafonemail.de>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Fixes: 2c6d1fffa1d9 ("drm: add support for DisplayPort CEC-Tunneling-over-AUX")
Tested-by: Farblos <farblos@vodafonemail.de>
Link: https://patchwork.freedesktop.org/patch/msgid/361bb03d-1691-4e23-84da-0861ead5dbdc@xs4all.nl
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/display/drm_dp_cec.c | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/drivers/gpu/drm/display/drm_dp_cec.c b/drivers/gpu/drm/display/drm_dp_cec.c
index ae39dc7941903..868bf53db66ce 100644
--- a/drivers/gpu/drm/display/drm_dp_cec.c
+++ b/drivers/gpu/drm/display/drm_dp_cec.c
@@ -310,16 +310,6 @@ void drm_dp_cec_set_edid(struct drm_dp_aux *aux, const struct edid *edid)
if (!aux->transfer)
return;
-#ifndef CONFIG_MEDIA_CEC_RC
- /*
- * CEC_CAP_RC is part of CEC_CAP_DEFAULTS, but it is stripped by
- * cec_allocate_adapter() if CONFIG_MEDIA_CEC_RC is undefined.
- *
- * Do this here as well to ensure the tests against cec_caps are
- * correct.
- */
- cec_caps &= ~CEC_CAP_RC;
-#endif
cancel_delayed_work_sync(&aux->cec.unregister_work);
mutex_lock(&aux->cec.lock);
@@ -336,7 +326,9 @@ void drm_dp_cec_set_edid(struct drm_dp_aux *aux, const struct edid *edid)
num_las = CEC_MAX_LOG_ADDRS;
if (aux->cec.adap) {
- if (aux->cec.adap->capabilities == cec_caps &&
+ /* Check if the adapter properties have changed */
+ if ((aux->cec.adap->capabilities & CEC_CAP_MONITOR_ALL) ==
+ (cec_caps & CEC_CAP_MONITOR_ALL) &&
aux->cec.adap->available_log_addrs == num_las) {
/* Unchanged, so just set the phys addr */
cec_s_phys_addr_from_edid(aux->cec.adap, edid);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 324/578] tg3: Disable tg3 PCIe AER on system reboot
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 323/578] gpu: drm_dp_cec: fix broken CEC adapter properties check Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 325/578] udp: gso: do not drop small packets when PMTU reduces Greg Kroah-Hartman
` (262 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lenny Szubowicz, Pavan Chebbi,
Simon Horman, David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lenny Szubowicz <lszubowi@redhat.com>
[ Upstream commit e0efe83ed325277bb70f9435d4d9fc70bebdcca8 ]
Disable PCIe AER on the tg3 device on system reboot on a limited
list of Dell PowerEdge systems. This prevents a fatal PCIe AER event
on the tg3 device during the ACPI _PTS (prepare to sleep) method for
S5 on those systems. The _PTS is invoked by acpi_enter_sleep_state_prep()
as part of the kernel's reboot sequence as a result of commit
38f34dba806a ("PM: ACPI: reboot: Reinstate S5 for reboot").
There was an earlier fix for this problem by commit 2ca1c94ce0b6
("tg3: Disable tg3 device on system reboot to avoid triggering AER").
But it was discovered that this earlier fix caused a reboot hang
when some Dell PowerEdge servers were booted via ipxe. To address
this reboot hang, the earlier fix was essentially reverted by commit
9fc3bc764334 ("tg3: power down device only on SYSTEM_POWER_OFF").
This re-exposed the tg3 PCIe AER on reboot problem.
This fix is not an ideal solution because the root cause of the AER
is in system firmware. Instead, it's a targeted work-around in the
tg3 driver.
Note also that the PCIe AER must be disabled on the tg3 device even
if the system is configured to use "firmware first" error handling.
V3:
- Fix sparse warning on improper comparison of pdev->current_state
- Adhere to netdev comment style
Fixes: 9fc3bc764334 ("tg3: power down device only on SYSTEM_POWER_OFF")
Signed-off-by: Lenny Szubowicz <lszubowi@redhat.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/tg3.c | 58 +++++++++++++++++++++++++++++
1 file changed, 58 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
index dab0ab10d111a..95d460237835d 100644
--- a/drivers/net/ethernet/broadcom/tg3.c
+++ b/drivers/net/ethernet/broadcom/tg3.c
@@ -55,6 +55,7 @@
#include <linux/hwmon.h>
#include <linux/hwmon-sysfs.h>
#include <linux/crc32poly.h>
+#include <linux/dmi.h>
#include <net/checksum.h>
#include <net/ip.h>
@@ -18114,6 +18115,50 @@ static int tg3_resume(struct device *device)
static SIMPLE_DEV_PM_OPS(tg3_pm_ops, tg3_suspend, tg3_resume);
+/* Systems where ACPI _PTS (Prepare To Sleep) S5 will result in a fatal
+ * PCIe AER event on the tg3 device if the tg3 device is not, or cannot
+ * be, powered down.
+ */
+static const struct dmi_system_id tg3_restart_aer_quirk_table[] = {
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "PowerEdge R440"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "PowerEdge R540"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "PowerEdge R640"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "PowerEdge R650"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "PowerEdge R740"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "PowerEdge R750"),
+ },
+ },
+ {}
+};
+
static void tg3_shutdown(struct pci_dev *pdev)
{
struct net_device *dev = pci_get_drvdata(pdev);
@@ -18130,6 +18175,19 @@ static void tg3_shutdown(struct pci_dev *pdev)
if (system_state == SYSTEM_POWER_OFF)
tg3_power_down(tp);
+ else if (system_state == SYSTEM_RESTART &&
+ dmi_first_match(tg3_restart_aer_quirk_table) &&
+ pdev->current_state != PCI_D3cold &&
+ pdev->current_state != PCI_UNKNOWN) {
+ /* Disable PCIe AER on the tg3 to avoid a fatal
+ * error during this system restart.
+ */
+ pcie_capability_clear_word(pdev, PCI_EXP_DEVCTL,
+ PCI_EXP_DEVCTL_CERE |
+ PCI_EXP_DEVCTL_NFERE |
+ PCI_EXP_DEVCTL_FERE |
+ PCI_EXP_DEVCTL_URRE);
+ }
rtnl_unlock();
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 325/578] udp: gso: do not drop small packets when PMTU reduces
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 324/578] tg3: Disable tg3 PCIe AER on system reboot Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 326/578] gpio: pca953x: Improve interrupt support Greg Kroah-Hartman
` (261 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yan Zhai, Willem de Bruijn,
Willem de Bruijn, David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yan Zhai <yan@cloudflare.com>
[ Upstream commit 235174b2bed88501fda689c113c55737f99332d8 ]
Commit 4094871db1d6 ("udp: only do GSO if # of segs > 1") avoided GSO
for small packets. But the kernel currently dismisses GSO requests only
after checking MTU/PMTU on gso_size. This means any packets, regardless
of their payload sizes, could be dropped when PMTU becomes smaller than
requested gso_size. We encountered this issue in production and it
caused a reliability problem that new QUIC connection cannot be
established before PMTU cache expired, while non GSO sockets still
worked fine at the same time.
Ideally, do not check any GSO related constraints when payload size is
smaller than requested gso_size, and return EMSGSIZE instead of EINVAL
on MTU/PMTU check failure to be more specific on the error cause.
Fixes: 4094871db1d6 ("udp: only do GSO if # of segs > 1")
Signed-off-by: Yan Zhai <yan@cloudflare.com>
Suggested-by: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/udp.c | 4 ++--
net/ipv6/udp.c | 4 ++--
tools/testing/selftests/net/udpgso.c | 26 ++++++++++++++++++++++++++
3 files changed, 30 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 3f9c4b74fdc0c..88da11922d677 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -939,9 +939,9 @@ static int udp_send_skb(struct sk_buff *skb, struct flowi4 *fl4,
const int hlen = skb_network_header_len(skb) +
sizeof(struct udphdr);
- if (hlen + cork->gso_size > cork->fragsize) {
+ if (hlen + min(datalen, cork->gso_size) > cork->fragsize) {
kfree_skb(skb);
- return -EINVAL;
+ return -EMSGSIZE;
}
if (datalen > cork->gso_size * UDP_MAX_SEGMENTS) {
kfree_skb(skb);
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index f55d08d2096ae..4b063aa37e389 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1256,9 +1256,9 @@ static int udp_v6_send_skb(struct sk_buff *skb, struct flowi6 *fl6,
const int hlen = skb_network_header_len(skb) +
sizeof(struct udphdr);
- if (hlen + cork->gso_size > cork->fragsize) {
+ if (hlen + min(datalen, cork->gso_size) > cork->fragsize) {
kfree_skb(skb);
- return -EINVAL;
+ return -EMSGSIZE;
}
if (datalen > cork->gso_size * UDP_MAX_SEGMENTS) {
kfree_skb(skb);
diff --git a/tools/testing/selftests/net/udpgso.c b/tools/testing/selftests/net/udpgso.c
index b02080d09fbc0..d0fba50bd6ef0 100644
--- a/tools/testing/selftests/net/udpgso.c
+++ b/tools/testing/selftests/net/udpgso.c
@@ -94,6 +94,19 @@ struct testcase testcases_v4[] = {
.gso_len = CONST_MSS_V4,
.r_num_mss = 1,
},
+ {
+ /* datalen <= MSS < gso_len: will fall back to no GSO */
+ .tlen = CONST_MSS_V4,
+ .gso_len = CONST_MSS_V4 + 1,
+ .r_num_mss = 0,
+ .r_len_last = CONST_MSS_V4,
+ },
+ {
+ /* MSS < datalen < gso_len: fail */
+ .tlen = CONST_MSS_V4 + 1,
+ .gso_len = CONST_MSS_V4 + 2,
+ .tfail = true,
+ },
{
/* send a single MSS + 1B */
.tlen = CONST_MSS_V4 + 1,
@@ -197,6 +210,19 @@ struct testcase testcases_v6[] = {
.gso_len = CONST_MSS_V6,
.r_num_mss = 1,
},
+ {
+ /* datalen <= MSS < gso_len: will fall back to no GSO */
+ .tlen = CONST_MSS_V6,
+ .gso_len = CONST_MSS_V6 + 1,
+ .r_num_mss = 0,
+ .r_len_last = CONST_MSS_V6,
+ },
+ {
+ /* MSS < datalen < gso_len: fail */
+ .tlen = CONST_MSS_V6 + 1,
+ .gso_len = CONST_MSS_V6 + 2,
+ .tfail = true
+ },
{
/* send a single MSS + 1B */
.tlen = CONST_MSS_V6 + 1,
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 326/578] gpio: pca953x: Improve interrupt support
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 325/578] udp: gso: do not drop small packets when PMTU reduces Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 327/578] net: atlantic: fix warning during hot unplug Greg Kroah-Hartman
` (260 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Tomlinson, Andy Shevchenko,
Bartosz Golaszewski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
[ Upstream commit d6179f6c6204f9932aed3a7a2100b4a295dfed9d ]
The GPIO drivers with latch interrupt support (typically types starting
with PCAL) have interrupt status registers to determine which particular
inputs have caused an interrupt. Unfortunately there is no atomic
operation to read these registers and clear the interrupt. Clearing the
interrupt is done by reading the input registers.
The code was reading the interrupt status registers, and then reading
the input registers. If an input changed between these two events it was
lost.
The solution in this patch is to revert to the non-latch version of
code, i.e. remembering the previous input status, and looking for the
changes. This system results in no more I2C transfers, so is no slower.
The latch property of the device still means interrupts will still be
noticed if the input changes back to its initial state.
Fixes: 44896beae605 ("gpio: pca953x: add PCAL9535 interrupt support for Galileo Gen2")
Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20240606033102.2271916-1-mark.tomlinson@alliedtelesis.co.nz
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-pca953x.c | 19 -------------------
1 file changed, 19 deletions(-)
diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c
index 9ce54bf2030d7..262b3d276df78 100644
--- a/drivers/gpio/gpio-pca953x.c
+++ b/drivers/gpio/gpio-pca953x.c
@@ -851,25 +851,6 @@ static bool pca953x_irq_pending(struct pca953x_chip *chip, unsigned long *pendin
DECLARE_BITMAP(trigger, MAX_LINE);
int ret;
- if (chip->driver_data & PCA_PCAL) {
- /* Read the current interrupt status from the device */
- ret = pca953x_read_regs(chip, PCAL953X_INT_STAT, trigger);
- if (ret)
- return false;
-
- /* Check latched inputs and clear interrupt status */
- ret = pca953x_read_regs(chip, chip->regs->input, cur_stat);
- if (ret)
- return false;
-
- /* Apply filter for rising/falling edge selection */
- bitmap_replace(new_stat, chip->irq_trig_fall, chip->irq_trig_raise, cur_stat, gc->ngpio);
-
- bitmap_and(pending, new_stat, trigger, gc->ngpio);
-
- return !bitmap_empty(pending, gc->ngpio);
- }
-
ret = pca953x_read_regs(chip, chip->regs->input, cur_stat);
if (ret)
return false;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 327/578] net: atlantic: fix warning during hot unplug
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 326/578] gpio: pca953x: Improve interrupt support Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 328/578] net: rose: lock the socket in rose_bind() Greg Kroah-Hartman
` (259 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jacob Moroni, Igor Russkikh,
Simon Horman, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jacob Moroni <mail@jakemoroni.com>
[ Upstream commit 028676bb189ed6d1b550a0fc570a9d695b6acfd3 ]
Firmware deinitialization performs MMIO accesses which are not
necessary if the device has already been removed. In some cases,
these accesses happen via readx_poll_timeout_atomic which ends up
timing out, resulting in a warning at hw_atl2_utils_fw.c:112:
[ 104.595913] Call Trace:
[ 104.595915] <TASK>
[ 104.595918] ? show_regs+0x6c/0x80
[ 104.595923] ? __warn+0x8d/0x150
[ 104.595925] ? aq_a2_fw_deinit+0xcf/0xe0 [atlantic]
[ 104.595934] ? report_bug+0x182/0x1b0
[ 104.595938] ? handle_bug+0x6e/0xb0
[ 104.595940] ? exc_invalid_op+0x18/0x80
[ 104.595942] ? asm_exc_invalid_op+0x1b/0x20
[ 104.595944] ? aq_a2_fw_deinit+0xcf/0xe0 [atlantic]
[ 104.595952] ? aq_a2_fw_deinit+0xcf/0xe0 [atlantic]
[ 104.595959] aq_nic_deinit.part.0+0xbd/0xf0 [atlantic]
[ 104.595964] aq_nic_deinit+0x17/0x30 [atlantic]
[ 104.595970] aq_ndev_close+0x2b/0x40 [atlantic]
[ 104.595975] __dev_close_many+0xad/0x160
[ 104.595978] dev_close_many+0x99/0x170
[ 104.595979] unregister_netdevice_many_notify+0x18b/0xb20
[ 104.595981] ? __call_rcu_common+0xcd/0x700
[ 104.595984] unregister_netdevice_queue+0xc6/0x110
[ 104.595986] unregister_netdev+0x1c/0x30
[ 104.595988] aq_pci_remove+0xb1/0xc0 [atlantic]
Fix this by skipping firmware deinitialization altogether if the
PCI device is no longer present.
Tested with an AQC113 attached via Thunderbolt by performing
repeated unplug cycles while traffic was running via iperf.
Fixes: 97bde5c4f909 ("net: ethernet: aquantia: Support for NIC-specific code")
Signed-off-by: Jacob Moroni <mail@jakemoroni.com>
Reviewed-by: Igor Russkikh <irusskikh@marvell.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20250203143604.24930-3-mail@jakemoroni.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
index 06508eebb5853..a467c8f91020b 100644
--- a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
+++ b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
@@ -1436,7 +1436,9 @@ void aq_nic_deinit(struct aq_nic_s *self, bool link_down)
aq_ptp_ring_free(self);
aq_ptp_free(self);
- if (likely(self->aq_fw_ops->deinit) && link_down) {
+ /* May be invoked during hot unplug. */
+ if (pci_device_is_present(self->pdev) &&
+ likely(self->aq_fw_ops->deinit) && link_down) {
mutex_lock(&self->fwreq_mutex);
self->aq_fw_ops->deinit(self->aq_hw);
mutex_unlock(&self->fwreq_mutex);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 328/578] net: rose: lock the socket in rose_bind()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 327/578] net: atlantic: fix warning during hot unplug Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 329/578] x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Greg Kroah-Hartman
` (258 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+7ff41b5215f0c534534e,
Eric Dumazet, Paolo Abeni, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit a1300691aed9ee852b0a9192e29e2bdc2411a7e6 ]
syzbot reported a soft lockup in rose_loopback_timer(),
with a repro calling bind() from multiple threads.
rose_bind() must lock the socket to avoid this issue.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzbot+7ff41b5215f0c534534e@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/67a0f78d.050a0220.d7c5a.00a0.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://patch.msgid.link/20250203170838.3521361-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rose/af_rose.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 8b0f249c94570..b21c2ce401928 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -701,11 +701,9 @@ static int rose_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
struct net_device *dev;
ax25_address *source;
ax25_uid_assoc *user;
+ int err = -EINVAL;
int n;
- if (!sock_flag(sk, SOCK_ZAPPED))
- return -EINVAL;
-
if (addr_len != sizeof(struct sockaddr_rose) && addr_len != sizeof(struct full_sockaddr_rose))
return -EINVAL;
@@ -718,8 +716,15 @@ static int rose_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
if ((unsigned int) addr->srose_ndigis > ROSE_MAX_DIGIS)
return -EINVAL;
- if ((dev = rose_dev_get(&addr->srose_addr)) == NULL)
- return -EADDRNOTAVAIL;
+ lock_sock(sk);
+
+ if (!sock_flag(sk, SOCK_ZAPPED))
+ goto out_release;
+
+ err = -EADDRNOTAVAIL;
+ dev = rose_dev_get(&addr->srose_addr);
+ if (!dev)
+ goto out_release;
source = &addr->srose_call;
@@ -730,7 +735,8 @@ static int rose_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
} else {
if (ax25_uid_policy && !capable(CAP_NET_BIND_SERVICE)) {
dev_put(dev);
- return -EACCES;
+ err = -EACCES;
+ goto out_release;
}
rose->source_call = *source;
}
@@ -753,8 +759,10 @@ static int rose_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
rose_insert_socket(sk);
sock_reset_flag(sk, SOCK_ZAPPED);
-
- return 0;
+ err = 0;
+out_release:
+ release_sock(sk);
+ return err;
}
static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_len, int flags)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 329/578] x86/xen: fix xen_hypercall_hvm() to not clobber %rbx
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 328/578] net: rose: lock the socket in rose_bind() Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 330/578] x86/xen: add FRAME_END to xen_hypercall_hvm() Greg Kroah-Hartman
` (257 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Juergen Gross, Jan Beulich,
Andrew Cooper, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juergen Gross <jgross@suse.com>
[ Upstream commit 98a5cfd2320966f40fe049a9855f8787f0126825 ]
xen_hypercall_hvm(), which is used when running as a Xen PVH guest at
most only once during early boot, is clobbering %rbx. Depending on
whether the caller relies on %rbx to be preserved across the call or
not, this clobbering might result in an early crash of the system.
This can be avoided by using an already saved register instead of %rbx.
Fixes: b4845bb63838 ("x86/xen: add central hypercall functions")
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/xen/xen-head.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S
index 1cf94caa7600c..565708675b2f2 100644
--- a/arch/x86/xen/xen-head.S
+++ b/arch/x86/xen/xen-head.S
@@ -110,8 +110,8 @@ SYM_FUNC_START(xen_hypercall_hvm)
pop %ebx
pop %eax
#else
- lea xen_hypercall_amd(%rip), %rbx
- cmp %rax, %rbx
+ lea xen_hypercall_amd(%rip), %rcx
+ cmp %rax, %rcx
#ifdef CONFIG_FRAME_POINTER
pop %rax /* Dummy pop. */
#endif
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 330/578] x86/xen: add FRAME_END to xen_hypercall_hvm()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 329/578] x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 331/578] ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Greg Kroah-Hartman
` (256 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Juergen Gross,
Jan Beulich, Andrew Cooper, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juergen Gross <jgross@suse.com>
[ Upstream commit 0bd797b801bd8ee06c822844e20d73aaea0878dd ]
xen_hypercall_hvm() is missing a FRAME_END at the end, add it.
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202502030848.HTNTTuo9-lkp@intel.com/
Fixes: b4845bb63838 ("x86/xen: add central hypercall functions")
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/xen/xen-head.S | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S
index 565708675b2f2..31d9e56ad6c6a 100644
--- a/arch/x86/xen/xen-head.S
+++ b/arch/x86/xen/xen-head.S
@@ -125,6 +125,7 @@ SYM_FUNC_START(xen_hypercall_hvm)
pop %rcx
pop %rax
#endif
+ FRAME_END
/* Use correct hypercall function. */
jz xen_hypercall_amd
jmp xen_hypercall_intel
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 331/578] ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 330/578] x86/xen: add FRAME_END to xen_hypercall_hvm() Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 332/578] netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Greg Kroah-Hartman
` (255 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Rafael J. Wysocki,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit ab930483eca9f3e816c35824b5868599af0c61d7 ]
While analysing code for software and OF node for the corner case when
caller asks to read zero items in the supposed to be an array of values
I found that ACPI behaves differently to what OF does, i.e.
1. It returns -EINVAL when caller asks to read zero items from integer
array, while OF returns 0, if no other errors happened.
2. It returns -EINVAL when caller asks to read zero items from string
array, while OF returns -ENODATA, if no other errors happened.
Amend ACPI implementation to follow what OF does.
Fixes: b31384fa5de3 ("Driver core: Unified device properties interface for platform firmware")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://patch.msgid.link/20250203194629.3731895-1-andriy.shevchenko@linux.intel.com
[ rjw: Added empty line after a conditional ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/property.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/acpi/property.c b/drivers/acpi/property.c
index 62aee900af3df..f8a56aae97a5a 100644
--- a/drivers/acpi/property.c
+++ b/drivers/acpi/property.c
@@ -1128,8 +1128,6 @@ static int acpi_data_prop_read(const struct acpi_device_data *data,
}
break;
}
- if (nval == 0)
- return -EINVAL;
if (obj->type == ACPI_TYPE_BUFFER) {
if (proptype != DEV_PROP_U8)
@@ -1153,9 +1151,11 @@ static int acpi_data_prop_read(const struct acpi_device_data *data,
ret = acpi_copy_property_array_uint(items, (u64 *)val, nval);
break;
case DEV_PROP_STRING:
- ret = acpi_copy_property_array_string(
- items, (char **)val,
- min_t(u32, nval, obj->package.count));
+ nval = min_t(u32, nval, obj->package.count);
+ if (nval == 0)
+ return -ENODATA;
+
+ ret = acpi_copy_property_array_string(items, (char **)val, nval);
break;
default:
ret = -EINVAL;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 332/578] netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 331/578] ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 333/578] tun: revert fix group permission check Greg Kroah-Hartman
` (254 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Ottens, Mingi Cho, Cong Wang,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cong Wang <cong.wang@bytedance.com>
[ Upstream commit 638ba5089324796c2ee49af10427459c2de35f71 ]
qdisc_tree_reduce_backlog() notifies parent qdisc only if child
qdisc becomes empty, therefore we need to reduce the backlog of the
child qdisc before calling it. Otherwise it would miss the opportunity
to call cops->qlen_notify(), in the case of DRR, it resulted in UAF
since DRR uses ->qlen_notify() to maintain its active list.
Fixes: f8d4bc455047 ("net/sched: netem: account for backlog updates from child qdisc")
Cc: Martin Ottens <martin.ottens@fau.de>
Reported-by: Mingi Cho <mincho@theori.io>
Signed-off-by: Cong Wang <cong.wang@bytedance.com>
Link: https://patch.msgid.link/20250204005841.223511-4-xiyou.wangcong@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_netem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c
index f47ab622399f3..cb38e58ee771d 100644
--- a/net/sched/sch_netem.c
+++ b/net/sched/sch_netem.c
@@ -739,9 +739,9 @@ static struct sk_buff *netem_dequeue(struct Qdisc *sch)
if (err != NET_XMIT_SUCCESS) {
if (net_xmit_drop_count(err))
qdisc_qstats_drop(sch);
- qdisc_tree_reduce_backlog(sch, 1, pkt_len);
sch->qstats.backlog -= pkt_len;
sch->q.qlen--;
+ qdisc_tree_reduce_backlog(sch, 1, pkt_len);
}
goto tfifo_dequeue;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 333/578] tun: revert fix group permission check
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 332/578] netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 334/578] net: sched: Fix truncation of offloaded action statistics Greg Kroah-Hartman
` (253 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Willem de Bruijn, Ondrej Mosnacek,
Stas Sergeev, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Willem de Bruijn <willemb@google.com>
[ Upstream commit a70c7b3cbc0688016810bb2e0b9b8a0d6a530045 ]
This reverts commit 3ca459eaba1bf96a8c7878de84fa8872259a01e3.
The blamed commit caused a regression when neither tun->owner nor
tun->group is set. This is intended to be allowed, but now requires
CAP_NET_ADMIN.
Discussion in the referenced thread pointed out that the original
issue that prompted this patch can be resolved in userspace.
The relaxed access control may also make a device accessible when it
previously wasn't, while existing users may depend on it to not be.
This is a clean pure git revert, except for fixing the indentation on
the gid_valid line that checkpatch correctly flagged.
Fixes: 3ca459eaba1b ("tun: fix group permission check")
Link: https://lore.kernel.org/netdev/CAFqZXNtkCBT4f+PwyVRmQGoT3p1eVa01fCG_aNtpt6dakXncUg@mail.gmail.com/
Signed-off-by: Willem de Bruijn <willemb@google.com>
Cc: Ondrej Mosnacek <omosnace@redhat.com>
Cc: Stas Sergeev <stsp2@yandex.ru>
Link: https://patch.msgid.link/20250204161015.739430-1-willemdebruijn.kernel@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/tun.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index a6c9f9062dbd4..03478ae3ff244 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -574,18 +574,14 @@ static u16 tun_select_queue(struct net_device *dev, struct sk_buff *skb,
return ret;
}
-static inline bool tun_capable(struct tun_struct *tun)
+static inline bool tun_not_capable(struct tun_struct *tun)
{
const struct cred *cred = current_cred();
struct net *net = dev_net(tun->dev);
- if (ns_capable(net->user_ns, CAP_NET_ADMIN))
- return 1;
- if (uid_valid(tun->owner) && uid_eq(cred->euid, tun->owner))
- return 1;
- if (gid_valid(tun->group) && in_egroup_p(tun->group))
- return 1;
- return 0;
+ return ((uid_valid(tun->owner) && !uid_eq(cred->euid, tun->owner)) ||
+ (gid_valid(tun->group) && !in_egroup_p(tun->group))) &&
+ !ns_capable(net->user_ns, CAP_NET_ADMIN);
}
static void tun_set_real_num_queues(struct tun_struct *tun)
@@ -2771,7 +2767,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
!!(tun->flags & IFF_MULTI_QUEUE))
return -EINVAL;
- if (!tun_capable(tun))
+ if (tun_not_capable(tun))
return -EPERM;
err = security_tun_dev_open(tun->security);
if (err < 0)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 334/578] net: sched: Fix truncation of offloaded action statistics
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 333/578] tun: revert fix group permission check Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 335/578] cpufreq: s3c64xx: Fix compilation warning Greg Kroah-Hartman
` (252 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joe Botha, Ido Schimmel,
Petr Machata, Simon Horman, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ido Schimmel <idosch@nvidia.com>
[ Upstream commit 811b8f534fd85e17077bd2ac0413bcd16cc8fb9b ]
In case of tc offload, when user space queries the kernel for tc action
statistics, tc will query the offloaded statistics from device drivers.
Among other statistics, drivers are expected to pass the number of
packets that hit the action since the last query as a 64-bit number.
Unfortunately, tc treats the number of packets as a 32-bit number,
leading to truncation and incorrect statistics when the number of
packets since the last query exceeds 0xffffffff:
$ tc -s filter show dev swp2 ingress
filter protocol all pref 1 flower chain 0
filter protocol all pref 1 flower chain 0 handle 0x1
skip_sw
in_hw in_hw_count 1
action order 1: mirred (Egress Redirect to device swp1) stolen
index 1 ref 1 bind 1 installed 58 sec used 0 sec
Action statistics:
Sent 1133877034176 bytes 536959475 pkt (dropped 0, overlimits 0 requeues 0)
[...]
According to the above, 2111-byte packets were redirected which is
impossible as only 64-byte packets were transmitted and the MTU was
1500.
Fix by treating packets as a 64-bit number:
$ tc -s filter show dev swp2 ingress
filter protocol all pref 1 flower chain 0
filter protocol all pref 1 flower chain 0 handle 0x1
skip_sw
in_hw in_hw_count 1
action order 1: mirred (Egress Redirect to device swp1) stolen
index 1 ref 1 bind 1 installed 61 sec used 0 sec
Action statistics:
Sent 1370624380864 bytes 21416005951 pkt (dropped 0, overlimits 0 requeues 0)
[...]
Which shows that only 64-byte packets were redirected (1370624380864 /
21416005951 = 64).
Fixes: 380407023526 ("net/sched: Enable netdev drivers to update statistics of offloaded actions")
Reported-by: Joe Botha <joe@atomic.ac>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20250204123839.1151804-1-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/sch_generic.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
index 743acbc43c851..80f657bf2e047 100644
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -817,7 +817,7 @@ static inline int qdisc_enqueue(struct sk_buff *skb, struct Qdisc *sch,
}
static inline void _bstats_update(struct gnet_stats_basic_sync *bstats,
- __u64 bytes, __u32 packets)
+ __u64 bytes, __u64 packets)
{
u64_stats_update_begin(&bstats->syncp);
u64_stats_add(&bstats->bytes, bytes);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 335/578] cpufreq: s3c64xx: Fix compilation warning
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 334/578] net: sched: Fix truncation of offloaded action statistics Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 336/578] leds: lp8860: Write full EEPROM, not only half of it Greg Kroah-Hartman
` (251 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Viresh Kumar,
Rafael J. Wysocki
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Viresh Kumar <viresh.kumar@linaro.org>
commit 43855ac61483cb914f060851535ea753c094b3e0 upstream.
The driver generates following warning when regulator support isn't
enabled in the kernel. Fix it.
drivers/cpufreq/s3c64xx-cpufreq.c: In function 's3c64xx_cpufreq_set_target':
>> drivers/cpufreq/s3c64xx-cpufreq.c:55:22: warning: variable 'old_freq' set but not used [-Wunused-but-set-variable]
55 | unsigned int old_freq, new_freq;
| ^~~~~~~~
>> drivers/cpufreq/s3c64xx-cpufreq.c:54:30: warning: variable 'dvfs' set but not used [-Wunused-but-set-variable]
54 | struct s3c64xx_dvfs *dvfs;
| ^~~~
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202501191803.CtfT7b2o-lkp@intel.com/
Cc: 5.4+ <stable@vger.kernel.org> # v5.4+
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Link: https://patch.msgid.link/236b227e929e5adc04d1e9e7af6845a46c8e9432.1737525916.git.viresh.kumar@linaro.org
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/s3c64xx-cpufreq.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/drivers/cpufreq/s3c64xx-cpufreq.c
+++ b/drivers/cpufreq/s3c64xx-cpufreq.c
@@ -24,6 +24,7 @@ struct s3c64xx_dvfs {
unsigned int vddarm_max;
};
+#ifdef CONFIG_REGULATOR
static struct s3c64xx_dvfs s3c64xx_dvfs_table[] = {
[0] = { 1000000, 1150000 },
[1] = { 1050000, 1150000 },
@@ -31,6 +32,7 @@ static struct s3c64xx_dvfs s3c64xx_dvfs_
[3] = { 1200000, 1350000 },
[4] = { 1300000, 1350000 },
};
+#endif
static struct cpufreq_frequency_table s3c64xx_freq_table[] = {
{ 0, 0, 66000 },
@@ -51,15 +53,16 @@ static struct cpufreq_frequency_table s3
static int s3c64xx_cpufreq_set_target(struct cpufreq_policy *policy,
unsigned int index)
{
- struct s3c64xx_dvfs *dvfs;
- unsigned int old_freq, new_freq;
+ unsigned int new_freq = s3c64xx_freq_table[index].frequency;
int ret;
+#ifdef CONFIG_REGULATOR
+ struct s3c64xx_dvfs *dvfs;
+ unsigned int old_freq;
+
old_freq = clk_get_rate(policy->clk) / 1000;
- new_freq = s3c64xx_freq_table[index].frequency;
dvfs = &s3c64xx_dvfs_table[s3c64xx_freq_table[index].driver_data];
-#ifdef CONFIG_REGULATOR
if (vddarm && new_freq > old_freq) {
ret = regulator_set_voltage(vddarm,
dvfs->vddarm_min,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 336/578] leds: lp8860: Write full EEPROM, not only half of it
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 335/578] cpufreq: s3c64xx: Fix compilation warning Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 337/578] ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Greg Kroah-Hartman
` (250 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alexander Sverdlin, Lee Jones
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Sverdlin <alexander.sverdlin@siemens.com>
commit 0d2e820a86793595e2a776855d04701109e46663 upstream.
I struggle to explain dividing an ARRAY_SIZE() by the size of an element
once again. As the latter equals to 2, only the half of EEPROM was ever
written. Drop the unexplainable division and write full ARRAY_SIZE().
Cc: stable@vger.kernel.org
Fixes: 7a8685accb95 ("leds: lp8860: Introduce TI lp8860 4 channel LED driver")
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Link: https://lore.kernel.org/r/20241114101402.2562878-1-alexander.sverdlin@siemens.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/leds/leds-lp8860.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/leds/leds-lp8860.c
+++ b/drivers/leds/leds-lp8860.c
@@ -267,7 +267,7 @@ static int lp8860_init(struct lp8860_led
goto out;
}
- reg_count = ARRAY_SIZE(lp8860_eeprom_disp_regs) / sizeof(lp8860_eeprom_disp_regs[0]);
+ reg_count = ARRAY_SIZE(lp8860_eeprom_disp_regs);
for (i = 0; i < reg_count; i++) {
ret = regmap_write(led->eeprom_regmap,
lp8860_eeprom_disp_regs[i].reg,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 337/578] ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 336/578] leds: lp8860: Write full EEPROM, not only half of it Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 338/578] drm/modeset: Handle tiled displays in pan_display_atomic Greg Kroah-Hartman
` (249 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sebastian Wiese-Wagner, Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Wiese-Wagner <seb@fastmail.to>
commit 711aad3c43a9853657e00225466d204e46ae528b upstream.
This HP Laptop uses ALC236 codec with COEF 0x07 controlling the mute
LED. Enable existing quirk for this device.
Signed-off-by: Sebastian Wiese-Wagner <seb@fastmail.to>
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20250120181240.13106-1-seb@fastmail.to
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9793,6 +9793,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x103c, 0x8870, "HP ZBook Fury 15.6 Inch G8 Mobile Workstation PC", ALC285_FIXUP_HP_GPIO_AMP_INIT),
SND_PCI_QUIRK(0x103c, 0x8873, "HP ZBook Studio 15.6 Inch G8 Mobile Workstation PC", ALC285_FIXUP_HP_GPIO_AMP_INIT),
SND_PCI_QUIRK(0x103c, 0x887a, "HP Laptop 15s-eq2xxx", ALC236_FIXUP_HP_MUTE_LED_COEFBIT2),
+ SND_PCI_QUIRK(0x103c, 0x887c, "HP Laptop 14s-fq1xxx", ALC236_FIXUP_HP_MUTE_LED_COEFBIT2),
SND_PCI_QUIRK(0x103c, 0x888a, "HP ENVY x360 Convertible 15-eu0xxx", ALC245_FIXUP_HP_X360_MUTE_LEDS),
SND_PCI_QUIRK(0x103c, 0x888d, "HP ZBook Power 15.6 inch G8 Mobile Workstation PC", ALC236_FIXUP_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8895, "HP EliteBook 855 G8 Notebook PC", ALC285_FIXUP_HP_SPEAKERS_MICMUTE_LED),
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 338/578] drm/modeset: Handle tiled displays in pan_display_atomic.
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 337/578] ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 339/578] smb: client: change lease epoch type from unsigned int to __u16 Greg Kroah-Hartman
` (248 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thomas Zimmermann, Maarten Lankhorst
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maarten Lankhorst <dev@lankhorst.se>
commit f4a9dd57e549a17a7dac1c1defec26abd7e5c2d4 upstream.
Tiled displays have a different x/y offset to begin with. Instead of
attempting to remember this, just apply a delta instead.
This fixes the first tile being duplicated on other tiles when vt
switching.
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20250116142825.3933-1-dev@lankhorst.se
Signed-off-by: Maarten Lankhorst <dev@lankhorst.se>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_fb_helper.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--- a/drivers/gpu/drm/drm_fb_helper.c
+++ b/drivers/gpu/drm/drm_fb_helper.c
@@ -1495,14 +1495,14 @@ int drm_fb_helper_set_par(struct fb_info
}
EXPORT_SYMBOL(drm_fb_helper_set_par);
-static void pan_set(struct drm_fb_helper *fb_helper, int x, int y)
+static void pan_set(struct drm_fb_helper *fb_helper, int dx, int dy)
{
struct drm_mode_set *mode_set;
mutex_lock(&fb_helper->client.modeset_mutex);
drm_client_for_each_modeset(mode_set, &fb_helper->client) {
- mode_set->x = x;
- mode_set->y = y;
+ mode_set->x += dx;
+ mode_set->y += dy;
}
mutex_unlock(&fb_helper->client.modeset_mutex);
}
@@ -1511,16 +1511,18 @@ static int pan_display_atomic(struct fb_
struct fb_info *info)
{
struct drm_fb_helper *fb_helper = info->par;
- int ret;
+ int ret, dx, dy;
- pan_set(fb_helper, var->xoffset, var->yoffset);
+ dx = var->xoffset - info->var.xoffset;
+ dy = var->yoffset - info->var.yoffset;
+ pan_set(fb_helper, dx, dy);
ret = drm_client_modeset_commit_locked(&fb_helper->client);
if (!ret) {
info->var.xoffset = var->xoffset;
info->var.yoffset = var->yoffset;
} else
- pan_set(fb_helper, info->var.xoffset, info->var.yoffset);
+ pan_set(fb_helper, -dx, -dy);
return ret;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 339/578] smb: client: change lease epoch type from unsigned int to __u16
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 338/578] drm/modeset: Handle tiled displays in pan_display_atomic Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 340/578] s390/futex: Fix FUTEX_OP_ANDN implementation Greg Kroah-Hartman
` (247 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Meetakshi Setiya, Shyam Prasad N,
Steve French
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Meetakshi Setiya <msetiya@microsoft.com>
commit 57e4a9bd61c308f607bc3e55e8fa02257b06b552 upstream.
MS-SMB2 section 2.2.13.2.10 specifies that 'epoch' should be a 16-bit
unsigned integer used to track lease state changes. Change the data
type of all instances of 'epoch' from unsigned int to __u16. This
simplifies the epoch change comparisons and makes the code more
compliant with the protocol spec.
Cc: stable@vger.kernel.org
Signed-off-by: Meetakshi Setiya <msetiya@microsoft.com>
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/client/cifsglob.h | 14 +++++++-------
fs/smb/client/smb1ops.c | 2 +-
fs/smb/client/smb2ops.c | 18 +++++++++---------
fs/smb/client/smb2pdu.c | 2 +-
fs/smb/client/smb2proto.h | 2 +-
5 files changed, 19 insertions(+), 19 deletions(-)
--- a/fs/smb/client/cifsglob.h
+++ b/fs/smb/client/cifsglob.h
@@ -286,7 +286,7 @@ struct smb_version_operations {
int (*handle_cancelled_mid)(struct mid_q_entry *, struct TCP_Server_Info *);
void (*downgrade_oplock)(struct TCP_Server_Info *server,
struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache);
+ __u16 epoch, bool *purge_cache);
/* process transaction2 response */
bool (*check_trans2)(struct mid_q_entry *, struct TCP_Server_Info *,
char *, int);
@@ -466,12 +466,12 @@ struct smb_version_operations {
/* if we can do cache read operations */
bool (*is_read_op)(__u32);
/* set oplock level for the inode */
- void (*set_oplock_level)(struct cifsInodeInfo *, __u32, unsigned int,
- bool *);
+ void (*set_oplock_level)(struct cifsInodeInfo *cinode, __u32 oplock, __u16 epoch,
+ bool *purge_cache);
/* create lease context buffer for CREATE request */
char * (*create_lease_buf)(u8 *lease_key, u8 oplock);
/* parse lease context buffer and return oplock/epoch info */
- __u8 (*parse_lease_buf)(void *buf, unsigned int *epoch, char *lkey);
+ __u8 (*parse_lease_buf)(void *buf, __u16 *epoch, char *lkey);
ssize_t (*copychunk_range)(const unsigned int,
struct cifsFileInfo *src_file,
struct cifsFileInfo *target_file,
@@ -1328,7 +1328,7 @@ struct cifs_fid {
__u8 create_guid[16];
__u32 access;
struct cifs_pending_open *pending_open;
- unsigned int epoch;
+ __u16 epoch;
#ifdef CONFIG_CIFS_DEBUG2
__u64 mid;
#endif /* CIFS_DEBUG2 */
@@ -1360,7 +1360,7 @@ struct cifsFileInfo {
bool swapfile:1;
bool oplock_break_cancelled:1;
bool offload:1; /* offload final part of _put to a wq */
- unsigned int oplock_epoch; /* epoch from the lease break */
+ __u16 oplock_epoch; /* epoch from the lease break */
__u32 oplock_level; /* oplock/lease level from the lease break */
int count;
spinlock_t file_info_lock; /* protects four flag/count fields above */
@@ -1510,7 +1510,7 @@ struct cifsInodeInfo {
spinlock_t open_file_lock; /* protects openFileList */
__u32 cifsAttrs; /* e.g. DOS archive bit, sparse, compressed, system */
unsigned int oplock; /* oplock/lease level we have */
- unsigned int epoch; /* used to track lease state changes */
+ __u16 epoch; /* used to track lease state changes */
#define CIFS_INODE_PENDING_OPLOCK_BREAK (0) /* oplock break in progress */
#define CIFS_INODE_PENDING_WRITERS (1) /* Writes in progress */
#define CIFS_INODE_FLAG_UNUSED (2) /* Unused flag */
--- a/fs/smb/client/smb1ops.c
+++ b/fs/smb/client/smb1ops.c
@@ -377,7 +377,7 @@ coalesce_t2(char *second_buf, struct smb
static void
cifs_downgrade_oplock(struct TCP_Server_Info *server,
struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
cifs_set_oplock_level(cinode, oplock);
}
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -4111,22 +4111,22 @@ static long smb3_fallocate(struct file *
static void
smb2_downgrade_oplock(struct TCP_Server_Info *server,
struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
server->ops->set_oplock_level(cinode, oplock, 0, NULL);
}
static void
smb21_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache);
+ __u16 epoch, bool *purge_cache);
static void
smb3_downgrade_oplock(struct TCP_Server_Info *server,
struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
unsigned int old_state = cinode->oplock;
- unsigned int old_epoch = cinode->epoch;
+ __u16 old_epoch = cinode->epoch;
unsigned int new_state;
if (epoch > old_epoch) {
@@ -4146,7 +4146,7 @@ smb3_downgrade_oplock(struct TCP_Server_
static void
smb2_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
oplock &= 0xFF;
cinode->lease_granted = false;
@@ -4170,7 +4170,7 @@ smb2_set_oplock_level(struct cifsInodeIn
static void
smb21_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
char message[5] = {0};
unsigned int new_oplock = 0;
@@ -4207,7 +4207,7 @@ smb21_set_oplock_level(struct cifsInodeI
static void
smb3_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
- unsigned int epoch, bool *purge_cache)
+ __u16 epoch, bool *purge_cache)
{
unsigned int old_oplock = cinode->oplock;
@@ -4321,7 +4321,7 @@ smb3_create_lease_buf(u8 *lease_key, u8
}
static __u8
-smb2_parse_lease_buf(void *buf, unsigned int *epoch, char *lease_key)
+smb2_parse_lease_buf(void *buf, __u16 *epoch, char *lease_key)
{
struct create_lease *lc = (struct create_lease *)buf;
@@ -4332,7 +4332,7 @@ smb2_parse_lease_buf(void *buf, unsigned
}
static __u8
-smb3_parse_lease_buf(void *buf, unsigned int *epoch, char *lease_key)
+smb3_parse_lease_buf(void *buf, __u16 *epoch, char *lease_key)
{
struct create_lease_v2 *lc = (struct create_lease_v2 *)buf;
--- a/fs/smb/client/smb2pdu.c
+++ b/fs/smb/client/smb2pdu.c
@@ -2158,7 +2158,7 @@ parse_posix_ctxt(struct create_context *
int smb2_parse_contexts(struct TCP_Server_Info *server,
struct kvec *rsp_iov,
- unsigned int *epoch,
+ __u16 *epoch,
char *lease_key, __u8 *oplock,
struct smb2_file_all_info *buf,
struct create_posix_rsp *posix)
--- a/fs/smb/client/smb2proto.h
+++ b/fs/smb/client/smb2proto.h
@@ -251,7 +251,7 @@ extern enum securityEnum smb2_select_sec
enum securityEnum);
int smb2_parse_contexts(struct TCP_Server_Info *server,
struct kvec *rsp_iov,
- unsigned int *epoch,
+ __u16 *epoch,
char *lease_key, __u8 *oplock,
struct smb2_file_all_info *buf,
struct create_posix_rsp *posix);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 340/578] s390/futex: Fix FUTEX_OP_ANDN implementation
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 339/578] smb: client: change lease epoch type from unsigned int to __u16 Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 341/578] m68k: vga: Fix I/O defines Greg Kroah-Hartman
` (246 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Heiko Carstens, Alexander Gordeev
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heiko Carstens <hca@linux.ibm.com>
commit 26701574cee6777f867f89b4a5c667817e1ee0dd upstream.
The futex operation FUTEX_OP_ANDN is supposed to implement
*(int *)UADDR2 &= ~OPARG;
The s390 implementation just implements an AND instead of ANDN.
Add the missing bitwise not operation to oparg to fix this.
This is broken since nearly 19 years, so it looks like user space is
not making use of this operation.
Fixes: 3363fbdd6fb4 ("[PATCH] s390: futex atomic operations")
Cc: stable@vger.kernel.org
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Acked-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/include/asm/futex.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/s390/include/asm/futex.h
+++ b/arch/s390/include/asm/futex.h
@@ -44,7 +44,7 @@ static inline int arch_futex_atomic_op_i
break;
case FUTEX_OP_ANDN:
__futex_atomic_op("lr %2,%1\nnr %2,%5\n",
- ret, oldval, newval, uaddr, oparg);
+ ret, oldval, newval, uaddr, ~oparg);
break;
case FUTEX_OP_XOR:
__futex_atomic_op("lr %2,%1\nxr %2,%5\n",
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 341/578] m68k: vga: Fix I/O defines
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 340/578] s390/futex: Fix FUTEX_OP_ANDN implementation Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 342/578] fs/proc: do_task_stat: Fix ESP not readable during coredump Greg Kroah-Hartman
` (245 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Zimmermann, kernel test robot,
Geert Uytterhoeven, linux-fbdev, dri-devel, Helge Deller
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Zimmermann <tzimmermann@suse.de>
commit 53036937a101b5faeaf98e7438555fa854a1a844 upstream.
Including m68k's <asm/raw_io.h> in vga.h on nommu platforms results
in conflicting defines with io_no.h for various I/O macros from the
__raw_read and __raw_write families. An example error is
In file included from arch/m68k/include/asm/vga.h:12,
from include/video/vga.h:22,
from include/linux/vgaarb.h:34,
from drivers/video/aperture.c:12:
>> arch/m68k/include/asm/raw_io.h:39: warning: "__raw_readb" redefined
39 | #define __raw_readb in_8
|
In file included from arch/m68k/include/asm/io.h:6,
from include/linux/io.h:13,
from include/linux/irq.h:20,
from include/asm-generic/hardirq.h:17,
from ./arch/m68k/include/generated/asm/hardirq.h:1,
from include/linux/hardirq.h:11,
from include/linux/interrupt.h:11,
from include/linux/trace_recursion.h:5,
from include/linux/ftrace.h:10,
from include/linux/kprobes.h:28,
from include/linux/kgdb.h:19,
from include/linux/fb.h:6,
from drivers/video/aperture.c:5:
arch/m68k/include/asm/io_no.h:16: note: this is the location of the previous definition
16 | #define __raw_readb(addr) \
|
Include <asm/io.h>, which avoids raw_io.h on nommu platforms.
Also change the defined values of some of the read/write symbols in
vga.h to __raw_read/__raw_write as the raw_in/raw_out symbols are not
generally available.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202501071629.DNEswlm8-lkp@intel.com/
Fixes: 5c3f968712ce ("m68k/video: Create <asm/vga.h>")
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: linux-fbdev@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # v3.5+
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Link: https://lore.kernel.org/20250107095912.130530-1-tzimmermann@suse.de
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/m68k/include/asm/vga.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/arch/m68k/include/asm/vga.h
+++ b/arch/m68k/include/asm/vga.h
@@ -9,7 +9,7 @@
*/
#ifndef CONFIG_PCI
-#include <asm/raw_io.h>
+#include <asm/io.h>
#include <asm/kmap.h>
/*
@@ -29,9 +29,9 @@
#define inw_p(port) 0
#define outb_p(port, val) do { } while (0)
#define outw(port, val) do { } while (0)
-#define readb raw_inb
-#define writeb raw_outb
-#define writew raw_outw
+#define readb __raw_readb
+#define writeb __raw_writeb
+#define writew __raw_writew
#endif /* CONFIG_PCI */
#endif /* _ASM_M68K_VGA_H */
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 342/578] fs/proc: do_task_stat: Fix ESP not readable during coredump
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 341/578] m68k: vga: Fix I/O defines Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 343/578] binfmt_flat: Fix integer overflow bug on 32 bit systems Greg Kroah-Hartman
` (244 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric W. Biederman, Oleg Nesterov,
Kees Cook, Nam Cao, Christian Brauner
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nam Cao <namcao@linutronix.de>
commit ab251dacfbae28772c897f068a4184f478189ff2 upstream.
The field "eip" (instruction pointer) and "esp" (stack pointer) of a task
can be read from /proc/PID/stat. These fields can be interesting for
coredump.
However, these fields were disabled by commit 0a1eb2d474ed ("fs/proc: Stop
reporting eip and esp in /proc/PID/stat"), because it is generally unsafe
to do so. But it is safe for a coredumping process, and therefore
exceptions were made:
- for a coredumping thread by commit fd7d56270b52 ("fs/proc: Report
eip/esp in /prod/PID/stat for coredumping").
- for all other threads in a coredumping process by commit cb8f381f1613
("fs/proc/array.c: allow reporting eip/esp for all coredumping
threads").
The above two commits check the PF_DUMPCORE flag to determine a coredump thread
and the PF_EXITING flag for the other threads.
Unfortunately, commit 92307383082d ("coredump: Don't perform any cleanups
before dumping core") moved coredump to happen earlier and before PF_EXITING is
set. Thus, checking PF_EXITING is no longer the correct way to determine
threads in a coredumping process.
Instead of PF_EXITING, use PF_POSTCOREDUMP to determine the other threads.
Checking of PF_EXITING was added for coredumping, so it probably can now be
removed. But it doesn't hurt to keep.
Fixes: 92307383082d ("coredump: Don't perform any cleanups before dumping core")
Cc: stable@vger.kernel.org
Cc: Eric W. Biederman <ebiederm@xmission.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Kees Cook <kees@kernel.org>
Signed-off-by: Nam Cao <namcao@linutronix.de>
Link: https://lore.kernel.org/r/d89af63d478d6c64cc46a01420b46fd6eb147d6f.1735805772.git.namcao@linutronix.de
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/proc/array.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -490,7 +490,7 @@ static int do_task_stat(struct seq_file
* a program is not able to use ptrace(2) in that case. It is
* safe because the task has stopped executing permanently.
*/
- if (permitted && (task->flags & (PF_EXITING|PF_DUMPCORE))) {
+ if (permitted && (task->flags & (PF_EXITING|PF_DUMPCORE|PF_POSTCOREDUMP))) {
if (try_get_task_stack(task)) {
eip = KSTK_EIP(task);
esp = KSTK_ESP(task);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 343/578] binfmt_flat: Fix integer overflow bug on 32 bit systems
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 342/578] fs/proc: do_task_stat: Fix ESP not readable during coredump Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 344/578] drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Greg Kroah-Hartman
` (243 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Nicolas Pitre,
Kees Cook
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
commit 55cf2f4b945f6a6416cc2524ba740b83cc9af25a upstream.
Most of these sizes and counts are capped at 256MB so the math doesn't
result in an integer overflow. The "relocs" count needs to be checked
as well. Otherwise on 32bit systems the calculation of "full_data"
could be wrong.
full_data = data_len + relocs * sizeof(unsigned long);
Fixes: c995ee28d29d ("binfmt_flat: prevent kernel dammage from corrupted executable headers")
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Acked-by: Nicolas Pitre <npitre@baylibre.com>
Link: https://lore.kernel.org/r/5be17f6c-5338-43be-91ef-650153b975cb@stanley.mountain
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/binfmt_flat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -478,7 +478,7 @@ static int load_flat_file(struct linux_b
* 28 bits (256 MB) is way more than reasonable in this case.
* If some top bits are set we have probable binary corruption.
*/
- if ((text_len | data_len | bss_len | stack_len | full_data) >> 28) {
+ if ((text_len | data_len | bss_len | stack_len | relocs | full_data) >> 28) {
pr_err("bad header\n");
ret = -ENOEXEC;
goto err;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 344/578] drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 343/578] binfmt_flat: Fix integer overflow bug on 32 bit systems Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 345/578] arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Greg Kroah-Hartman
` (242 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Zimmermann, Chris Zhong,
Guenter Roeck, Sandy Huang, Heiko Stübner, Andy Yan,
dri-devel, linux-arm-kernel, linux-rockchip
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Zimmermann <tzimmermann@suse.de>
commit 666e1960464140cc4bc9203c203097e70b54c95a upstream.
The code for detecting and updating the connector status in
cdn_dp_pd_event_work() has a number of problems.
- It does not aquire the locks to call the detect helper and update
the connector status. These are struct drm_mode_config.connection_mutex
and struct drm_mode_config.mutex.
- It does not use drm_helper_probe_detect(), which helps with the
details of locking and detection.
- It uses the connector's status field to determine a change to
the connector status. The epoch_counter field is the correct one. The
field signals a change even if the connector status' value did not
change.
Replace the code with a call to drm_connector_helper_hpd_irq_event(),
which fixes all these problems.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 81632df69772 ("drm/rockchip: cdn-dp: do not use drm_helper_hpd_irq_event")
Cc: Chris Zhong <zyw@rock-chips.com>
Cc: Guenter Roeck <groeck@chromium.org>
Cc: Sandy Huang <hjc@rock-chips.com>
Cc: "Heiko Stübner" <heiko@sntech.de>
Cc: Andy Yan <andy.yan@rock-chips.com>
Cc: dri-devel@lists.freedesktop.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-rockchip@lists.infradead.org
Cc: <stable@vger.kernel.org> # v4.11+
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20241105133848.480407-1-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
--- a/drivers/gpu/drm/rockchip/cdn-dp-core.c
+++ b/drivers/gpu/drm/rockchip/cdn-dp-core.c
@@ -948,9 +948,6 @@ static void cdn_dp_pd_event_work(struct
{
struct cdn_dp_device *dp = container_of(work, struct cdn_dp_device,
event_work);
- struct drm_connector *connector = &dp->connector;
- enum drm_connector_status old_status;
-
int ret;
mutex_lock(&dp->lock);
@@ -1012,11 +1009,7 @@ static void cdn_dp_pd_event_work(struct
out:
mutex_unlock(&dp->lock);
-
- old_status = connector->status;
- connector->status = connector->funcs->detect(connector, false);
- if (old_status != connector->status)
- drm_kms_helper_hotplug_event(dp->drm_dev);
+ drm_connector_helper_hpd_irq_event(&dp->connector);
}
static int cdn_dp_pd_event(struct notifier_block *nb,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 345/578] arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (343 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 344/578] drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 346/578] KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Greg Kroah-Hartman
` (241 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Quentin Schulz, Jakob Unterwurzacher,
Heiko Stuebner
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakob Unterwurzacher <jakobunt@gmail.com>
commit 9d241b06802c6c2176ae7aa4f9f17f8a577ed337 upstream.
During mass manufacturing, we noticed the mmc_rx_crc_error counter,
as reported by "ethtool -S eth0 | grep mmc_rx_crc_error", to increase
above zero during nuttcp speedtests. Most of the time, this did not
affect the achieved speed, but it prompted this investigation.
Cycling through the rx_delay range on six boards (see table below) of
various ages shows that there is a large good region from 0x12 to 0x35
where we see zero crc errors on all tested boards.
The old rx_delay value (0x10) seems to have always been on the edge for
the KSZ9031RNX that is usually placed on Puma.
Choose "rx_delay = 0x23" to put us smack in the middle of the good
region. This works fine as well with the KSZ9131RNX PHY that was used
for a small number of boards during the COVID chip shortages.
Board S/N PHY rx_delay good region
--------- --- --------------------
Puma TT0069903 KSZ9031RNX 0x11 0x35
Puma TT0157733 KSZ9031RNX 0x11 0x35
Puma TT0681551 KSZ9031RNX 0x12 0x37
Puma TT0681156 KSZ9031RNX 0x10 0x38
Puma 17496030079 KSZ9031RNX 0x10 0x37 (Puma v1.2 from 2017)
Puma TT0681720 KSZ9131RNX 0x02 0x39 (alternative PHY used in very few boards)
Intersection of good regions = 0x12 0x35
Middle of good region = 0x23
Fixes: 2c66fc34e945 ("arm64: dts: rockchip: add RK3399-Q7 (Puma) SoM")
Cc: stable@vger.kernel.org
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Tested-by: Quentin Schulz <quentin.schulz@cherry.de> # Puma v2.1 and v2.3 with KSZ9031
Signed-off-by: Jakob Unterwurzacher <jakob.unterwurzacher@cherry.de>
Link: https://lore.kernel.org/r/20241213-puma_rx_delay-v4-1-8e8e11cc6ed7@cherry.de
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi
+++ b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi
@@ -147,7 +147,7 @@
snps,reset-active-low;
snps,reset-delays-us = <0 10000 50000>;
tx_delay = <0x10>;
- rx_delay = <0x10>;
+ rx_delay = <0x23>;
status = "okay";
};
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 346/578] KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (344 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 345/578] arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 347/578] KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Greg Kroah-Hartman
` (240 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Will Deacon, Michal Luczaj,
Pankaj Gupta, Sean Christopherson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
commit 1e7381f3617d14b3c11da80ff5f8a93ab14cfc46 upstream.
Explicitly verify the target vCPU is fully online _prior_ to clamping the
index in kvm_get_vcpu(). If the index is "bad", the nospec clamping will
generate '0', i.e. KVM will return vCPU0 instead of NULL.
In practice, the bug is unlikely to cause problems, as it will only come
into play if userspace or the guest is buggy or misbehaving, e.g. KVM may
send interrupts to vCPU0 instead of dropping them on the floor.
However, returning vCPU0 when it shouldn't exist per online_vcpus is
problematic now that KVM uses an xarray for the vCPUs array, as KVM needs
to insert into the xarray before publishing the vCPU to userspace (see
commit c5b077549136 ("KVM: Convert the kvm->vcpus array to a xarray")),
i.e. before vCPU creation is guaranteed to succeed.
As a result, incorrectly providing access to vCPU0 will trigger a
use-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()
bails out of vCPU creation due to an error and frees vCPU0. Commit
afb2acb2e3a3 ("KVM: Fix vcpu_array[0] races") papered over that issue, but
in doing so introduced an unsolvable teardown conundrum. Preventing
accesses to vCPU0 before it's fully online will allow reverting commit
afb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.
Fixes: 1d487e9bf8ba ("KVM: fix spectrev1 gadgets")
Cc: stable@vger.kernel.org
Cc: Will Deacon <will@kernel.org>
Cc: Michal Luczaj <mhal@rbox.co>
Reviewed-by: Pankaj Gupta <pankaj.gupta@amd.com>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20241009150455.1057573-2-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/kvm_host.h | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -879,6 +879,15 @@ static inline struct kvm_io_bus *kvm_get
static inline struct kvm_vcpu *kvm_get_vcpu(struct kvm *kvm, int i)
{
int num_vcpus = atomic_read(&kvm->online_vcpus);
+
+ /*
+ * Explicitly verify the target vCPU is online, as the anti-speculation
+ * logic only limits the CPU's ability to speculate, e.g. given a "bad"
+ * index, clamping the index to 0 would return vCPU0, not NULL.
+ */
+ if (i >= num_vcpus)
+ return NULL;
+
i = array_index_nospec(i, num_vcpus);
/* Pairs with smp_wmb() in kvm_vm_ioctl_create_vcpu. */
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 347/578] KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (345 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 346/578] KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 348/578] ksmbd: fix integer overflows on 32 bit systems Greg Kroah-Hartman
` (239 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Hildenbrand, Claudio Imbrenda,
Christoph Schlameuss
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Hildenbrand <david@redhat.com>
commit 5f230f41fdd9e799f43a699348dc572bca7159aa upstream.
We try to reuse the same vsie page when re-executing the vsie with a
given SCB address. The result is that we use the same shadow SCB --
residing in the vsie page -- and can avoid flushing the TLB when
re-running the vsie on a CPU.
So, when we allocate a fresh vsie page, or when we reuse a vsie page for
a different SCB address -- reusing the shadow SCB in different context --
we set ihcpu=0xffff to trigger the flush.
However, after we looked up the SCB address in the radix tree, but before
we grabbed the vsie page by raising the refcount to 2, someone could reuse
the vsie page for a different SCB address, adjusting page->index and the
radix tree. In that case, we would be reusing the vsie page with a
wrong page->index.
Another corner case is that we might set the SCB address for a vsie
page, but fail the insertion into the radix tree. Whoever would reuse
that page would remove the corresponding radix tree entry -- which might
now be a valid entry pointing at another page, resulting in the wrong
vsie page getting removed from the radix tree.
Let's handle such races better, by validating that the SCB address of a
vsie page didn't change after we grabbed it (not reuse for a different
SCB; the alternative would be performing another tree lookup), and by
setting the SCB address to invalid until the insertion in the tree
succeeded (SCB addresses are aligned to 512, so ULONG_MAX is invalid).
These scenarios are rare, the effects a bit unclear, and these issues were
only found by code inspection. Let's CC stable to be safe.
Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization")
Cc: stable@vger.kernel.org
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Christoph Schlameuss <schlameuss@linux.ibm.com>
Tested-by: Christoph Schlameuss <schlameuss@linux.ibm.com>
Message-ID: <20250107154344.1003072-2-david@redhat.com>
Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kvm/vsie.c | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -1331,8 +1331,14 @@ static struct vsie_page *get_vsie_page(s
page = radix_tree_lookup(&kvm->arch.vsie.addr_to_page, addr >> 9);
rcu_read_unlock();
if (page) {
- if (page_ref_inc_return(page) == 2)
- return page_to_virt(page);
+ if (page_ref_inc_return(page) == 2) {
+ if (page->index == addr)
+ return page_to_virt(page);
+ /*
+ * We raced with someone reusing + putting this vsie
+ * page before we grabbed it.
+ */
+ }
page_ref_dec(page);
}
@@ -1362,15 +1368,20 @@ static struct vsie_page *get_vsie_page(s
kvm->arch.vsie.next++;
kvm->arch.vsie.next %= nr_vcpus;
}
- radix_tree_delete(&kvm->arch.vsie.addr_to_page, page->index >> 9);
+ if (page->index != ULONG_MAX)
+ radix_tree_delete(&kvm->arch.vsie.addr_to_page,
+ page->index >> 9);
}
- page->index = addr;
- /* double use of the same address */
+ /* Mark it as invalid until it resides in the tree. */
+ page->index = ULONG_MAX;
+
+ /* Double use of the same address or allocation failure. */
if (radix_tree_insert(&kvm->arch.vsie.addr_to_page, addr >> 9, page)) {
page_ref_dec(page);
mutex_unlock(&kvm->arch.vsie.mutex);
return NULL;
}
+ page->index = addr;
mutex_unlock(&kvm->arch.vsie.mutex);
vsie_page = page_to_virt(page);
@@ -1463,7 +1474,9 @@ void kvm_s390_vsie_destroy(struct kvm *k
vsie_page = page_to_virt(page);
release_gmap_shadow(vsie_page);
/* free the radix tree entry */
- radix_tree_delete(&kvm->arch.vsie.addr_to_page, page->index >> 9);
+ if (page->index != ULONG_MAX)
+ radix_tree_delete(&kvm->arch.vsie.addr_to_page,
+ page->index >> 9);
__free_page(page);
}
kvm->arch.vsie.page_count = 0;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 348/578] ksmbd: fix integer overflows on 32 bit systems
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (346 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 347/578] KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 349/578] drm/amd/pm: Mark MM activity as unsupported Greg Kroah-Hartman
` (238 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Namjae Jeon,
Steve French
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
commit aab98e2dbd648510f8f51b83fbf4721206ccae45 upstream.
On 32bit systems the addition operations in ipc_msg_alloc() can
potentially overflow leading to memory corruption.
Add bounds checking using KSMBD_IPC_MAX_PAYLOAD to avoid overflow.
Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers")
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/server/transport_ipc.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/fs/smb/server/transport_ipc.c
+++ b/fs/smb/server/transport_ipc.c
@@ -567,6 +567,9 @@ ksmbd_ipc_spnego_authen_request(const ch
struct ksmbd_spnego_authen_request *req;
struct ksmbd_spnego_authen_response *resp;
+ if (blob_len > KSMBD_IPC_MAX_PAYLOAD)
+ return NULL;
+
msg = ipc_msg_alloc(sizeof(struct ksmbd_spnego_authen_request) +
blob_len + 1);
if (!msg)
@@ -746,6 +749,9 @@ struct ksmbd_rpc_command *ksmbd_rpc_writ
struct ksmbd_rpc_command *req;
struct ksmbd_rpc_command *resp;
+ if (payload_sz > KSMBD_IPC_MAX_PAYLOAD)
+ return NULL;
+
msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1);
if (!msg)
return NULL;
@@ -794,6 +800,9 @@ struct ksmbd_rpc_command *ksmbd_rpc_ioct
struct ksmbd_rpc_command *req;
struct ksmbd_rpc_command *resp;
+ if (payload_sz > KSMBD_IPC_MAX_PAYLOAD)
+ return NULL;
+
msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1);
if (!msg)
return NULL;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 349/578] drm/amd/pm: Mark MM activity as unsupported
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (347 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 348/578] ksmbd: fix integer overflows on 32 bit systems Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 350/578] Revert "drm/amd/display: Use HW lock mgr for PSR1" Greg Kroah-Hartman
` (237 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lijo Lazar, Hawking Zhang,
Alex Deucher
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lijo Lazar <lijo.lazar@amd.com>
commit 819bf6662b93a5a8b0c396d2c7e7fab6264c9808 upstream.
Aldebaran doesn't support querying MM activity percentage. Keep the
field as 0xFFs to mark it as unsupported.
Signed-off-by: Lijo Lazar <lijo.lazar@amd.com>
Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c
@@ -1759,7 +1759,6 @@ static ssize_t aldebaran_get_gpu_metrics
gpu_metrics->average_gfx_activity = metrics.AverageGfxActivity;
gpu_metrics->average_umc_activity = metrics.AverageUclkActivity;
- gpu_metrics->average_mm_activity = 0;
/* Valid power data is available only from primary die */
if (aldebaran_is_primary(smu)) {
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 350/578] Revert "drm/amd/display: Use HW lock mgr for PSR1"
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (348 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 349/578] drm/amd/pm: Mark MM activity as unsupported Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 351/578] drm/i915/guc: Debug print LRC state entries only if the context is pinned Greg Kroah-Hartman
` (236 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wayne Lin, Tom Chung, Alex Deucher
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tom Chung <chiahsuan.chung@amd.com>
commit f245b400a223a71d6d5f4c72a2cb9b573a7fc2b6 upstream.
This reverts commit
a2b5a9956269 ("drm/amd/display: Use HW lock mgr for PSR1")
Because it may cause system hang while connect with two edp panel.
Acked-by: Wayne Lin <wayne.lin@amd.com>
Signed-off-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c
+++ b/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c
@@ -65,8 +65,7 @@ void dmub_hw_lock_mgr_inbox0_cmd(struct
bool should_use_dmub_lock(struct dc_link *link)
{
- if (link->psr_settings.psr_version == DC_PSR_VERSION_SU_1 ||
- link->psr_settings.psr_version == DC_PSR_VERSION_1)
+ if (link->psr_settings.psr_version == DC_PSR_VERSION_SU_1)
return true;
return false;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 351/578] drm/i915/guc: Debug print LRC state entries only if the context is pinned
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (349 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 350/578] Revert "drm/amd/display: Use HW lock mgr for PSR1" Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 352/578] drm/komeda: Add check for komeda_get_layer_fourcc_list() Greg Kroah-Hartman
` (235 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniele Ceraolo Spurio,
John Harrison, Matthew Brost, Rodrigo Vivi
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
commit 57965269896313e1629a518d3971ad55f599b792 upstream.
After the context is unpinned the backing memory can also be unpinned,
so any accesses via the lrc_reg_state pointer can end up in unmapped
memory. To avoid that, make sure to only access that memory if the
context is pinned when printing its info.
v2: fix newline alignment
Fixes: 28ff6520a34d ("drm/i915/guc: Update GuC debugfs to support new GuC")
Signed-off-by: Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
Cc: John Harrison <John.C.Harrison@Intel.com>
Cc: Matthew Brost <matthew.brost@intel.com>
Cc: <stable@vger.kernel.org> # v5.15+
Reviewed-by: John Harrison <John.C.Harrison@Intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250115001334.3875347-1-daniele.ceraolospurio@intel.com
(cherry picked from commit 5bea40687c5cf2a33bf04e9110eb2e2b80222ef5)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
--- a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
+++ b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
@@ -4764,12 +4764,20 @@ static inline void guc_log_context(struc
{
drm_printf(p, "GuC lrc descriptor %u:\n", ce->guc_id.id);
drm_printf(p, "\tHW Context Desc: 0x%08x\n", ce->lrc.lrca);
- drm_printf(p, "\t\tLRC Head: Internal %u, Memory %u\n",
- ce->ring->head,
- ce->lrc_reg_state[CTX_RING_HEAD]);
- drm_printf(p, "\t\tLRC Tail: Internal %u, Memory %u\n",
- ce->ring->tail,
- ce->lrc_reg_state[CTX_RING_TAIL]);
+ if (intel_context_pin_if_active(ce)) {
+ drm_printf(p, "\t\tLRC Head: Internal %u, Memory %u\n",
+ ce->ring->head,
+ ce->lrc_reg_state[CTX_RING_HEAD]);
+ drm_printf(p, "\t\tLRC Tail: Internal %u, Memory %u\n",
+ ce->ring->tail,
+ ce->lrc_reg_state[CTX_RING_TAIL]);
+ intel_context_unpin(ce);
+ } else {
+ drm_printf(p, "\t\tLRC Head: Internal %u, Memory not pinned\n",
+ ce->ring->head);
+ drm_printf(p, "\t\tLRC Tail: Internal %u, Memory not pinned\n",
+ ce->ring->tail);
+ }
drm_printf(p, "\t\tContext Pin Count: %u\n",
atomic_read(&ce->pin_count));
drm_printf(p, "\t\tGuC ID Ref Count: %u\n",
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 352/578] drm/komeda: Add check for komeda_get_layer_fourcc_list()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (350 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 351/578] drm/i915/guc: Debug print LRC state entries only if the context is pinned Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 353/578] drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Greg Kroah-Hartman
` (234 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Haoxiang Li, Liviu Dudau
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Haoxiang Li <haoxiang_li2024@163.com>
commit 79fc672a092d93a7eac24fe20a571d4efd8fa5a4 upstream.
Add check for the return value of komeda_get_layer_fourcc_list()
to catch the potential exception.
Fixes: 5d51f6c0da1b ("drm/komeda: Add writeback support")
Cc: stable@vger.kernel.org
Signed-off-by: Haoxiang Li <haoxiang_li2024@163.com>
Acked-by: Liviu Dudau <liviu.dudau@arm.com>
Link: https://lore.kernel.org/r/20241219090256.146424-1-haoxiang_li2024@163.com
Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c
+++ b/drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c
@@ -160,6 +160,10 @@ static int komeda_wb_connector_add(struc
formats = komeda_get_layer_fourcc_list(&mdev->fmt_tbl,
kwb_conn->wb_layer->layer_type,
&n_formats);
+ if (!formats) {
+ kfree(kwb_conn);
+ return -ENOMEM;
+ }
err = drm_writeback_connector_init(&kms->base, wb_conn,
&komeda_wb_connector_funcs,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 353/578] drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (351 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 352/578] drm/komeda: Add check for komeda_get_layer_fourcc_list() Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 354/578] Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Greg Kroah-Hartman
` (233 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ville Syrjälä,
Juha-Pekka Heikkila, Rodrigo Vivi
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
commit c7b49506b3ba7a62335e6f666a43f67d5cd9fd1e upstream.
I'm seeing underruns with these 64bpp YUV formats on TGL.
The weird details:
- only happens on pipe B/C/D SDR planes, pipe A SDR planes
seem fine, as do all HDR planes
- somehow CDCLK related, higher CDCLK allows for bigger plane
with these formats without underruns. With 300MHz CDCLK I
can only go up to 1200 pixels wide or so, with 650MHz even
a 3840 pixel wide plane was OK
- ICL and ADL so far appear unaffected
So not really sure what's the deal with this, but bspec does
state "64-bit formats supported only on the HDR planes" so
let's just drop these formats from the SDR planes. We already
disallow 64bpp RGB formats.
Cc: stable@vger.kernel.org
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241218173650.19782-2-ville.syrjala@linux.intel.com
Reviewed-by: Juha-Pekka Heikkila <juhapekka.heikkila@gmail.com>
(cherry picked from commit 35e1aacfe536d6e8d8d440cd7155366da2541ad4)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 ----
1 file changed, 4 deletions(-)
--- a/drivers/gpu/drm/i915/display/skl_universal_plane.c
+++ b/drivers/gpu/drm/i915/display/skl_universal_plane.c
@@ -100,8 +100,6 @@ static const u32 icl_sdr_y_plane_formats
DRM_FORMAT_Y216,
DRM_FORMAT_XYUV8888,
DRM_FORMAT_XVYU2101010,
- DRM_FORMAT_XVYU12_16161616,
- DRM_FORMAT_XVYU16161616,
};
static const u32 icl_sdr_uv_plane_formats[] = {
@@ -128,8 +126,6 @@ static const u32 icl_sdr_uv_plane_format
DRM_FORMAT_Y216,
DRM_FORMAT_XYUV8888,
DRM_FORMAT_XVYU2101010,
- DRM_FORMAT_XVYU12_16161616,
- DRM_FORMAT_XVYU16161616,
};
static const u32 icl_hdr_plane_formats[] = {
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 354/578] Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (352 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 353/578] drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 355/578] Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Greg Kroah-Hartman
` (232 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin, Kuniyuki Iwashima,
Luiz Augusto von Dentz
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fedor Pchelkin <pchelkin@ispras.ru>
commit 5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1 upstream.
A NULL sock pointer is passed into l2cap_sock_alloc() when it is called
from l2cap_sock_new_connection_cb() and the error handling paths should
also be aware of it.
Seemingly a more elegant solution would be to swap bt_sock_alloc() and
l2cap_chan_create() calls since they are not interdependent to that moment
but then l2cap_chan_create() adds the soon to be deallocated and still
dummy-initialized channel to the global list accessible by many L2CAP
paths. The channel would be removed from the list in short period of time
but be a bit more straight-forward here and just check for NULL instead of
changing the order of function calls.
Found by Linux Verification Center (linuxtesting.org) with SVACE static
analysis tool.
Fixes: 7c4f78cdb8e7 ("Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()")
Cc: stable@vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bluetooth/l2cap_sock.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -1920,7 +1920,8 @@ static struct sock *l2cap_sock_alloc(str
chan = l2cap_chan_create();
if (!chan) {
sk_free(sk);
- sock->sk = NULL;
+ if (sock)
+ sock->sk = NULL;
return NULL;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 355/578] Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (353 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 354/578] Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Greg Kroah-Hartman
@ 2025-02-19 8:25 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 356/578] clk: sunxi-ng: a100: enable MMC clock reparenting Greg Kroah-Hartman
` (231 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:25 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin,
Luiz Augusto von Dentz
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fedor Pchelkin <pchelkin@ispras.ru>
commit 5c61419e02033eaf01733d66e2fcd4044808f482 upstream.
One of the possible ways to enable the input MTU auto-selection for L2CAP
connections is supposed to be through passing a special "0" value for it
as a socket option. Commit [1] added one of those into avdtp. However, it
simply wouldn't work because the kernel still treats the specified value
as invalid and denies the setting attempt. Recorded BlueZ logs include the
following:
bluetoothd[496]: profiles/audio/avdtp.c:l2cap_connect() setsockopt(L2CAP_OPTIONS): Invalid argument (22)
[1]: https://github.com/bluez/bluez/commit/ae5be371a9f53fed33d2b34748a95a5498fd4b77
Found by Linux Verification Center (linuxtesting.org).
Fixes: 4b6e228e297b ("Bluetooth: Auto tune if input MTU is set to 0")
Cc: stable@vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bluetooth/l2cap_sock.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -728,12 +728,12 @@ static bool l2cap_valid_mtu(struct l2cap
{
switch (chan->scid) {
case L2CAP_CID_ATT:
- if (mtu < L2CAP_LE_MIN_MTU)
+ if (mtu && mtu < L2CAP_LE_MIN_MTU)
return false;
break;
default:
- if (mtu < L2CAP_DEFAULT_MIN_MTU)
+ if (mtu && mtu < L2CAP_DEFAULT_MIN_MTU)
return false;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 356/578] clk: sunxi-ng: a100: enable MMC clock reparenting
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (354 preceding siblings ...)
2025-02-19 8:25 ` [PATCH 6.1 355/578] Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 357/578] clk: qcom: clk-alpha-pll: fix alpha mode configuration Greg Kroah-Hartman
` (230 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cody Eksal, Andre Przywara,
Chen-Yu Tsai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cody Eksal <masterr3c0rd@epochal.quest>
commit 16414720045de30945b8d14b7907e0cbf81a4b49 upstream.
While testing the MMC nodes proposed in [1], it was noted that mmc0/1
would fail to initialize, with "mmc: fatal err update clk timeout" in
the kernel logs. A closer look at the clock definitions showed that the MMC
MPs had the "CLK_SET_RATE_NO_REPARENT" flag set. No reason was given for
adding this flag in the first place, and its original purpose is unknown,
but it doesn't seem to make sense and results in severe limitations to MMC
speeds. Thus, remove this flag from the 3 MMC MPs.
[1] https://msgid.link/20241024170540.2721307-10-masterr3c0rd@epochal.quest
Fixes: fb038ce4db55 ("clk: sunxi-ng: add support for the Allwinner A100 CCU")
Cc: stable@vger.kernel.org
Signed-off-by: Cody Eksal <masterr3c0rd@epochal.quest>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Link: https://patch.msgid.link/20241109003739.3440904-1-masterr3c0rd@epochal.quest
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/clk/sunxi-ng/ccu-sun50i-a100.c
+++ b/drivers/clk/sunxi-ng/ccu-sun50i-a100.c
@@ -436,7 +436,7 @@ static SUNXI_CCU_MP_WITH_MUX_GATE_POSTDI
24, 2, /* mux */
BIT(31), /* gate */
2, /* post-div */
- CLK_SET_RATE_NO_REPARENT);
+ 0);
static SUNXI_CCU_MP_WITH_MUX_GATE_POSTDIV(mmc1_clk, "mmc1", mmc_parents, 0x834,
0, 4, /* M */
@@ -444,7 +444,7 @@ static SUNXI_CCU_MP_WITH_MUX_GATE_POSTDI
24, 2, /* mux */
BIT(31), /* gate */
2, /* post-div */
- CLK_SET_RATE_NO_REPARENT);
+ 0);
static SUNXI_CCU_MP_WITH_MUX_GATE_POSTDIV(mmc2_clk, "mmc2", mmc_parents, 0x838,
0, 4, /* M */
@@ -452,7 +452,7 @@ static SUNXI_CCU_MP_WITH_MUX_GATE_POSTDI
24, 2, /* mux */
BIT(31), /* gate */
2, /* post-div */
- CLK_SET_RATE_NO_REPARENT);
+ 0);
static SUNXI_CCU_GATE(bus_mmc0_clk, "bus-mmc0", "ahb3", 0x84c, BIT(0), 0);
static SUNXI_CCU_GATE(bus_mmc1_clk, "bus-mmc1", "ahb3", 0x84c, BIT(1), 0);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 357/578] clk: qcom: clk-alpha-pll: fix alpha mode configuration
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (355 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 356/578] clk: sunxi-ng: a100: enable MMC clock reparenting Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 358/578] clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Greg Kroah-Hartman
` (229 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gabor Juhos, Dmitry Baryshkov,
Bjorn Andersson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gabor Juhos <j4g8y7@gmail.com>
commit 33f1722eb86e45320a3dd7b3d42f6593a1d595c2 upstream.
Commit c45ae598fc16 ("clk: qcom: support for alpha mode configuration")
added support for configuring alpha mode, but it seems that the feature
was never working in practice.
The value of the alpha_{en,mode}_mask members of the configuration gets
added to the value parameter passed to the regmap_update_bits() function,
however the same values are not getting applied to the bitmask. As the
result, the respective bits in the USER_CTL register are never modifed
which leads to improper configuration of several PLLs.
The following table shows the PLL configurations where the 'alpha_en_mask'
member is set and which are passed as a parameter for the
clk_alpha_pll_configure() function. In the table the 'expected rate' column
shows the rate the PLL should run at with the given configuration, and
the 'real rate' column shows the rate the PLL runs at actually. The real
rates has been verified on hardwareOn IPQ* platforms, on other platforms,
those are computed values only.
file pll expected rate real rate
dispcc-qcm2290.c disp_cc_pll0 768.0 MHz 768.0 MHz
dispcc-sm6115.c disp_cc_pll0 768.0 MHz 768.0 MHz
gcc-ipq5018.c ubi32_pll 1000.0 MHz != 984.0 MHz
gcc-ipq6018.c nss_crypto_pll 1200.0 MHz 1200.0 MHz
gcc-ipq6018.c ubi32_pll 1497.6 MHz != 1488.0 MHz
gcc-ipq8074.c nss_crypto_pll 1200.0 MHz != 1190.4 MHz
gcc-qcm2290.c gpll11 532.0 MHz != 518.4 MHz
gcc-qcm2290.c gpll8 533.2 MHz != 518.4 MHz
gcc-qcs404.c gpll3 921.6 MHz 921.6 MHz
gcc-sm6115.c gpll11 600.0 MHz != 595.2 MHz
gcc-sm6115.c gpll8 800.0 MHz != 787.2 MHz
gpucc-sdm660.c gpu_cc_pll0 800.0 MHz != 787.2 MHz
gpucc-sdm660.c gpu_cc_pll1 740.0 MHz != 729.6 MHz
gpucc-sm6115.c gpu_cc_pll0 1200.0 MHz != 1190.4 MHz
gpucc-sm6115.c gpu_cc_pll1 640.0 MHz != 633.6 MHz
gpucc-sm6125.c gpu_pll0 1020.0 MHz != 1017.6 MHz
gpucc-sm6125.c gpu_pll1 930.0 MHz != 921.6 MHz
mmcc-sdm660.c mmpll8 930.0 MHz != 921.6 MHz
mmcc-sdm660.c mmpll5 825.0 MHz != 806.4 MHz
As it can be seen from the above, there are several PLLs which are
configured incorrectly.
Change the code to apply both 'alpha_en_mask' and 'alpha_mode_mask'
values to the bitmask in order to configure the alpha mode correctly.
Applying the 'alpha_en_mask' fixes the initial rate of the PLLs showed
in the table above. Since the 'alpha_mode_mask' is not used by any driver
currently, that part of the change causes no functional changes.
Cc: stable@vger.kernel.org
Fixes: c45ae598fc16 ("clk: qcom: support for alpha mode configuration")
Signed-off-by: Gabor Juhos <j4g8y7@gmail.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Tested-by: Gabor Juhos <j4g8y7@gmail.com>
Link: https://lore.kernel.org/r/20241021-fix-alpha-mode-config-v1-1-f32c254e02bc@gmail.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/qcom/clk-alpha-pll.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/clk/qcom/clk-alpha-pll.c
+++ b/drivers/clk/qcom/clk-alpha-pll.c
@@ -339,6 +339,8 @@ void clk_alpha_pll_configure(struct clk_
mask |= config->pre_div_mask;
mask |= config->post_div_mask;
mask |= config->vco_mask;
+ mask |= config->alpha_en_mask;
+ mask |= config->alpha_mode_mask;
regmap_update_bits(regmap, PLL_USER_CTL(pll), mask, val);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 358/578] clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (356 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 357/578] clk: qcom: clk-alpha-pll: fix alpha mode configuration Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 359/578] clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Greg Kroah-Hartman
` (228 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luca Weiss, Konrad Dybcio,
Bjorn Andersson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luca Weiss <luca.weiss@fairphone.com>
commit 96fe1a7ee477d701cfc98ab9d3c730c35d966861 upstream.
If a clk_rcg2 has a parent, it should also have parent_map defined,
otherwise we'll get a NULL pointer dereference when calling clk_set_rate
like the following:
[ 3.388105] Call trace:
[ 3.390664] qcom_find_src_index+0x3c/0x70 (P)
[ 3.395301] qcom_find_src_index+0x1c/0x70 (L)
[ 3.399934] _freq_tbl_determine_rate+0x48/0x100
[ 3.404753] clk_rcg2_determine_rate+0x1c/0x28
[ 3.409387] clk_core_determine_round_nolock+0x58/0xe4
[ 3.421414] clk_core_round_rate_nolock+0x48/0xfc
[ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc
[ 3.444483] clk_core_set_rate_nolock+0x8c/0x300
[ 3.455886] clk_set_rate+0x38/0x14c
Add the parent_map property for two clocks where it's missing and also
un-inline the parent_data as well to keep the matching parent_map and
parent_data together.
Fixes: 131abae905df ("clk: qcom: Add SM6350 GCC driver")
Cc: stable@vger.kernel.org
Signed-off-by: Luca Weiss <luca.weiss@fairphone.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Link: https://lore.kernel.org/r/20241220-sm6350-parent_map-v1-1-64f3d04cb2eb@fairphone.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/qcom/gcc-sm6350.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
--- a/drivers/clk/qcom/gcc-sm6350.c
+++ b/drivers/clk/qcom/gcc-sm6350.c
@@ -182,6 +182,14 @@ static const struct clk_parent_data gcc_
{ .hw = &gpll0_out_odd.clkr.hw },
};
+static const struct parent_map gcc_parent_map_3[] = {
+ { P_BI_TCXO, 0 },
+};
+
+static const struct clk_parent_data gcc_parent_data_3[] = {
+ { .fw_name = "bi_tcxo" },
+};
+
static const struct parent_map gcc_parent_map_4[] = {
{ P_BI_TCXO, 0 },
{ P_GPLL0_OUT_MAIN, 1 },
@@ -701,13 +709,12 @@ static struct clk_rcg2 gcc_ufs_phy_phy_a
.cmd_rcgr = 0x3a0b0,
.mnd_width = 0,
.hid_width = 5,
+ .parent_map = gcc_parent_map_3,
.freq_tbl = ftbl_gcc_ufs_phy_phy_aux_clk_src,
.clkr.hw.init = &(struct clk_init_data){
.name = "gcc_ufs_phy_phy_aux_clk_src",
- .parent_data = &(const struct clk_parent_data){
- .fw_name = "bi_tcxo",
- },
- .num_parents = 1,
+ .parent_data = gcc_parent_data_3,
+ .num_parents = ARRAY_SIZE(gcc_parent_data_3),
.ops = &clk_rcg2_ops,
},
};
@@ -764,13 +771,12 @@ static struct clk_rcg2 gcc_usb30_prim_mo
.cmd_rcgr = 0x1a034,
.mnd_width = 0,
.hid_width = 5,
+ .parent_map = gcc_parent_map_3,
.freq_tbl = ftbl_gcc_usb30_prim_mock_utmi_clk_src,
.clkr.hw.init = &(struct clk_init_data){
.name = "gcc_usb30_prim_mock_utmi_clk_src",
- .parent_data = &(const struct clk_parent_data){
- .fw_name = "bi_tcxo",
- },
- .num_parents = 1,
+ .parent_data = gcc_parent_data_3,
+ .num_parents = ARRAY_SIZE(gcc_parent_data_3),
.ops = &clk_rcg2_ops,
},
};
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 359/578] clk: qcom: dispcc-sm6350: Add missing parent_map for a clock
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (357 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 358/578] clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 360/578] clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Greg Kroah-Hartman
` (227 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luca Weiss, Konrad Dybcio,
Bjorn Andersson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luca Weiss <luca.weiss@fairphone.com>
commit d4cdb196f182d2fbe336c968228be00d8c3fed05 upstream.
If a clk_rcg2 has a parent, it should also have parent_map defined,
otherwise we'll get a NULL pointer dereference when calling clk_set_rate
like the following:
[ 3.388105] Call trace:
[ 3.390664] qcom_find_src_index+0x3c/0x70 (P)
[ 3.395301] qcom_find_src_index+0x1c/0x70 (L)
[ 3.399934] _freq_tbl_determine_rate+0x48/0x100
[ 3.404753] clk_rcg2_determine_rate+0x1c/0x28
[ 3.409387] clk_core_determine_round_nolock+0x58/0xe4
[ 3.421414] clk_core_round_rate_nolock+0x48/0xfc
[ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc
[ 3.444483] clk_core_set_rate_nolock+0x8c/0x300
[ 3.455886] clk_set_rate+0x38/0x14c
Add the parent_map property for the clock where it's missing and also
un-inline the parent_data as well to keep the matching parent_map and
parent_data together.
Fixes: 837519775f1d ("clk: qcom: Add display clock controller driver for SM6350")
Cc: stable@vger.kernel.org
Signed-off-by: Luca Weiss <luca.weiss@fairphone.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Link: https://lore.kernel.org/r/20241220-sm6350-parent_map-v1-2-64f3d04cb2eb@fairphone.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/qcom/dispcc-sm6350.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/drivers/clk/qcom/dispcc-sm6350.c
+++ b/drivers/clk/qcom/dispcc-sm6350.c
@@ -187,13 +187,12 @@ static struct clk_rcg2 disp_cc_mdss_dp_a
.cmd_rcgr = 0x1144,
.mnd_width = 0,
.hid_width = 5,
+ .parent_map = disp_cc_parent_map_6,
.freq_tbl = ftbl_disp_cc_mdss_dp_aux_clk_src,
.clkr.hw.init = &(struct clk_init_data){
.name = "disp_cc_mdss_dp_aux_clk_src",
- .parent_data = &(const struct clk_parent_data){
- .fw_name = "bi_tcxo",
- },
- .num_parents = 1,
+ .parent_data = disp_cc_parent_data_6,
+ .num_parents = ARRAY_SIZE(disp_cc_parent_data_6),
.ops = &clk_rcg2_ops,
},
};
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 360/578] clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (358 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 359/578] clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 361/578] clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Greg Kroah-Hartman
` (226 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Satya Priya Kakitapalli,
Konrad Dybcio, Bjorn Andersson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
commit 88d9dca36aac9659446be1e569d8fbe3462b5741 upstream.
Fix cmd_rcgr offset for blsp1_uart6_apps_clk_src on mdm9607 platform.
Fixes: 48b7253264ea ("clk: qcom: Add MDM9607 GCC driver")
Cc: stable@vger.kernel.org
Signed-off-by: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Link: https://lore.kernel.org/r/20241220095048.248425-1-quic_skakitap@quicinc.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/qcom/gcc-mdm9607.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/clk/qcom/gcc-mdm9607.c
+++ b/drivers/clk/qcom/gcc-mdm9607.c
@@ -536,7 +536,7 @@ static struct clk_rcg2 blsp1_uart5_apps_
};
static struct clk_rcg2 blsp1_uart6_apps_clk_src = {
- .cmd_rcgr = 0x6044,
+ .cmd_rcgr = 0x7044,
.mnd_width = 16,
.hid_width = 5,
.parent_map = gcc_xo_gpll0_map,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 361/578] clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (359 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 360/578] clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 362/578] blk-cgroup: Fix class @block_classs subsystem refcount leakage Greg Kroah-Hartman
` (225 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Anastasia Belova, Bjorn Andersson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anastasia Belova <abelova@astralinux.ru>
commit 89aa5925d201b90a48416784831916ca203658f9 upstream.
aggr_state and unit fields are u32. The result of their
multiplication may not fit in this type.
Add explicit casting to prevent overflow.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 04053f4d23a4 ("clk: qcom: clk-rpmh: Add IPA clock support")
Cc: stable@vger.kernel.org # 5.4+
Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
Link: https://lore.kernel.org/r/20241203084231.6001-1-abelova@astralinux.ru
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/qcom/clk-rpmh.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/clk/qcom/clk-rpmh.c
+++ b/drivers/clk/qcom/clk-rpmh.c
@@ -332,7 +332,7 @@ static unsigned long clk_rpmh_bcm_recalc
{
struct clk_rpmh *c = to_clk_rpmh(hw);
- return c->aggr_state * c->unit;
+ return (unsigned long)c->aggr_state * c->unit;
}
static const struct clk_ops clk_rpmh_bcm_ops = {
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 362/578] blk-cgroup: Fix class @block_classs subsystem refcount leakage
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (360 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 361/578] clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 363/578] efi: libstub: Use -std=gnu11 to fix build with GCC 15 Greg Kroah-Hartman
` (224 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michal Koutný, Tejun Heo,
Zijun Hu
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijun Hu <quic_zijuhu@quicinc.com>
commit d1248436cbef1f924c04255367ff4845ccd9025e upstream.
blkcg_fill_root_iostats() iterates over @block_class's devices by
class_dev_iter_(init|next)(), but does not end iterating with
class_dev_iter_exit(), so causes the class's subsystem refcount leakage.
Fix by ending the iterating with class_dev_iter_exit().
Fixes: ef45fe470e1e ("blk-cgroup: show global disk stats in root cgroup io.stat")
Reviewed-by: Michal Koutný <mkoutny@suse.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Link: https://lore.kernel.org/r/20250105-class_fix-v6-2-3a2f1768d4d4@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-cgroup.c | 1 +
1 file changed, 1 insertion(+)
--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -924,6 +924,7 @@ static void blkcg_fill_root_iostats(void
blkg_iostat_set(&blkg->iostat.cur, &tmp);
u64_stats_update_end_irqrestore(&blkg->iostat.sync, flags);
}
+ class_dev_iter_exit(&iter);
}
static void blkcg_print_one_stat(struct blkcg_gq *blkg, struct seq_file *s)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 363/578] efi: libstub: Use -std=gnu11 to fix build with GCC 15
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (361 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 362/578] blk-cgroup: Fix class @block_classs subsystem refcount leakage Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 364/578] perf bench: Fix undefined behavior in cmpworker() Greg Kroah-Hartman
` (223 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kostadin Shishmanov, Jakub Jelinek,
Nathan Chancellor, Ard Biesheuvel
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
commit 8ba14d9f490aef9fd535c04e9e62e1169eb7a055 upstream.
GCC 15 changed the default C standard version to C23, which should not
have impacted the kernel because it requests the gnu11 standard via
'-std=' in the main Makefile. However, the EFI libstub Makefile uses its
own set of KBUILD_CFLAGS for x86 without a '-std=' value (i.e., using
the default), resulting in errors from the kernel's definitions of bool,
true, and false in stddef.h, which are reserved keywords under C23.
./include/linux/stddef.h:11:9: error: expected identifier before ‘false’
11 | false = 0,
./include/linux/types.h:35:33: error: two or more data types in declaration specifiers
35 | typedef _Bool bool;
Set '-std=gnu11' in the x86 cflags to resolve the error and consistently
use the same C standard version for the entire kernel. All other
architectures reuse KBUILD_CFLAGS from the rest of the kernel, so this
issue is not visible for them.
Cc: stable@vger.kernel.org
Reported-by: Kostadin Shishmanov <kostadinshishmanov@protonmail.com>
Closes: https://lore.kernel.org/4OAhbllK7x4QJGpZjkYjtBYNLd_2whHx9oFiuZcGwtVR4hIzvduultkgfAIRZI3vQpZylu7Gl929HaYFRGeMEalWCpeMzCIIhLxxRhq4U-Y=@protonmail.com/
Reported-by: Jakub Jelinek <jakub@redhat.com>
Closes: https://lore.kernel.org/Z4467umXR2PZ0M1H@tucnak/
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/efi/libstub/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -7,7 +7,7 @@
#
cflags-$(CONFIG_X86_32) := -march=i386
cflags-$(CONFIG_X86_64) := -mcmodel=small
-cflags-$(CONFIG_X86) += -m$(BITS) -D__KERNEL__ \
+cflags-$(CONFIG_X86) += -m$(BITS) -D__KERNEL__ -std=gnu11 \
-fPIC -fno-strict-aliasing -mno-red-zone \
-mno-mmx -mno-sse -fshort-wchar \
-Wno-pointer-sign \
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 364/578] perf bench: Fix undefined behavior in cmpworker()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (362 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 363/578] efi: libstub: Use -std=gnu11 to fix build with GCC 15 Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 365/578] scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Greg Kroah-Hartman
` (222 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kuan-Wei Chiu, James Clark,
Namhyung Kim
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuan-Wei Chiu <visitorckw@gmail.com>
commit 62892e77b8a64b9dc0e1da75980aa145347b6820 upstream.
The comparison function cmpworker() violates the C standard's
requirements for qsort() comparison functions, which mandate symmetry
and transitivity:
Symmetry: If x < y, then y > x.
Transitivity: If x < y and y < z, then x < z.
In its current implementation, cmpworker() incorrectly returns 0 when
w1->tid < w2->tid, which breaks both symmetry and transitivity. This
violation causes undefined behavior, potentially leading to issues such
as memory corruption in glibc [1].
Fix the issue by returning -1 when w1->tid < w2->tid, ensuring
compliance with the C standard and preventing undefined behavior.
Link: https://www.qualys.com/2024/01/30/qsort.txt [1]
Fixes: 121dd9ea0116 ("perf bench: Add epoll parallel epoll_wait benchmark")
Cc: stable@vger.kernel.org
Signed-off-by: Kuan-Wei Chiu <visitorckw@gmail.com>
Reviewed-by: James Clark <james.clark@linaro.org>
Link: https://lore.kernel.org/r/20250116110842.4087530-1-visitorckw@gmail.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/bench/epoll-wait.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/tools/perf/bench/epoll-wait.c
+++ b/tools/perf/bench/epoll-wait.c
@@ -420,7 +420,12 @@ static int cmpworker(const void *p1, con
struct worker *w1 = (struct worker *) p1;
struct worker *w2 = (struct worker *) p2;
- return w1->tid > w2->tid;
+
+ if (w1->tid > w2->tid)
+ return 1;
+ if (w1->tid < w2->tid)
+ return -1;
+ return 0;
}
int bench_epoll_wait(int argc, const char **argv)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 365/578] scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (363 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 364/578] perf bench: Fix undefined behavior in cmpworker() Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 366/578] of: Correct child specifier used as input of the 2nd nexus node Greg Kroah-Hartman
` (221 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bao D. Nguyen, Avri Altman,
Peter Wang, Martin K. Petersen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bao D. Nguyen <quic_nguyenb@quicinc.com>
commit 1b3e2d4ec0c5848776cc56d2624998aa5b2f0d27 upstream.
According to the UFS Device Specification, the dExtendedUFSFeaturesSupport
defines the support for TOO_HIGH_TEMPERATURE as bit[4] and the
TOO_LOW_TEMPERATURE as bit[5]. Correct the code to match with
the UFS device specification definition.
Cc: stable@vger.kernel.org
Fixes: e88e2d32200a ("scsi: ufs: core: Probe for temperature notification support")
Signed-off-by: Bao D. Nguyen <quic_nguyenb@quicinc.com>
Link: https://lore.kernel.org/r/69992b3e3e3434a5c7643be5a64de48be892ca46.1736793068.git.quic_nguyenb@quicinc.com
Reviewed-by: Avri Altman <Avri.Altman@wdc.com>
Reviewed-by: Peter Wang <peter.wang@mediatek.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/ufs/ufs.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/include/ufs/ufs.h
+++ b/include/ufs/ufs.h
@@ -347,8 +347,8 @@ enum {
/* Possible values for dExtendedUFSFeaturesSupport */
enum {
- UFS_DEV_LOW_TEMP_NOTIF = BIT(4),
- UFS_DEV_HIGH_TEMP_NOTIF = BIT(5),
+ UFS_DEV_HIGH_TEMP_NOTIF = BIT(4),
+ UFS_DEV_LOW_TEMP_NOTIF = BIT(5),
UFS_DEV_EXT_TEMP_NOTIF = BIT(6),
UFS_DEV_HPB_SUPPORT = BIT(7),
UFS_DEV_WRITE_BOOSTER_SUP = BIT(8),
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 366/578] of: Correct child specifier used as input of the 2nd nexus node
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (364 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 365/578] scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 367/578] of: Fix of_find_node_opts_by_path() handling of alias+path+options Greg Kroah-Hartman
` (220 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zijun Hu, Rob Herring (Arm)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijun Hu <quic_zijuhu@quicinc.com>
commit e4c00c9b1f70cd11792ff5b825899a6ee0234a62 upstream.
API of_parse_phandle_with_args_map() will use wrong input for nexus node
Nexus_2 as shown below:
Node_1 Nexus_1 Nexus_2
&Nexus_1,arg_1 -> arg_1,&Nexus_2,arg_2' -> &Nexus_2,arg_2 -> arg_2,...
map-pass-thru=<...>
Nexus_1's output arg_2 should be used as input of Nexus_2, but the API
wrongly uses arg_2' instead which != arg_2 due to Nexus_1's map-pass-thru.
Fix by always making @match_array point to @initial_match_array into
which to store nexus output.
Fixes: bd6f2fd5a1d5 ("of: Support parsing phandle argument lists through a nexus node")
Cc: stable@vger.kernel.org
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Link: https://lore.kernel.org/r/20250109-of_core_fix-v4-1-db8a72415b8c@quicinc.com
Signed-off-by: Rob Herring (Arm) <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/of/base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/of/base.c
+++ b/drivers/of/base.c
@@ -1635,7 +1635,6 @@ int of_parse_phandle_with_args_map(const
* specifier into the out_args structure, keeping the
* bits specified in <list>-map-pass-thru.
*/
- match_array = map - new_size;
for (i = 0; i < new_size; i++) {
__be32 val = *(map - new_size + i);
@@ -1644,6 +1643,7 @@ int of_parse_phandle_with_args_map(const
val |= cpu_to_be32(out_args->args[i]) & pass[i];
}
+ initial_match_array[i] = val;
out_args->args[i] = be32_to_cpu(val);
}
out_args->args_count = list_size = new_size;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 367/578] of: Fix of_find_node_opts_by_path() handling of alias+path+options
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (365 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 366/578] of: Correct child specifier used as input of the 2nd nexus node Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 368/578] of: reserved-memory: Fix using wrong number of cells to get property alignment Greg Kroah-Hartman
` (219 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zijun Hu, Rob Herring (Arm)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijun Hu <quic_zijuhu@quicinc.com>
commit b9e58c934c56aa35b0fb436d9afd86ef326bae0e upstream.
of_find_node_opts_by_path() fails to find OF device node when its
@path parameter have pattern below:
"alias-name/node-name-1/.../node-name-N:options".
The reason is that alias name length calculated by the API is wrong, as
explained by example below:
"testcase-alias/phandle-tests/consumer-a:testaliasoption".
^ ^ ^
0 14 39
The right length of alias 'testcase-alias' is 14, but the result worked
out by the API is 39 which is obvious wrong.
Fix by using index of either '/' or ':' as the length who comes earlier.
Fixes: 75c28c09af99 ("of: add optional options parameter to of_find_node_by_path()")
Cc: stable@vger.kernel.org
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Link: https://lore.kernel.org/r/20241216-of_core_fix-v2-1-e69b8f60da63@quicinc.com
Signed-off-by: Rob Herring (Arm) <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/of/base.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/of/base.c
+++ b/drivers/of/base.c
@@ -974,10 +974,10 @@ struct device_node *of_find_node_opts_by
/* The path could begin with an alias */
if (*path != '/') {
int len;
- const char *p = separator;
+ const char *p = strchrnul(path, '/');
- if (!p)
- p = strchrnul(path, '/');
+ if (separator && separator < p)
+ p = separator;
len = p - path;
/* of_aliases must not be NULL */
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 368/578] of: reserved-memory: Fix using wrong number of cells to get property alignment
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (366 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 367/578] of: Fix of_find_node_opts_by_path() handling of alias+path+options Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 369/578] HID: hid-sensor-hub: dont use stale platform-data on remove Greg Kroah-Hartman
` (218 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zijun Hu, Rob Herring (Arm)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijun Hu <quic_zijuhu@quicinc.com>
commit 267b21d0bef8e67dbe6c591c9991444e58237ec9 upstream.
According to DT spec, size of property 'alignment' is based on parent
node’s #size-cells property.
But __reserved_mem_alloc_size() wrongly uses @dt_root_addr_cells to get
the property obviously.
Fix by using @dt_root_size_cells instead of @dt_root_addr_cells.
Fixes: 3f0c82066448 ("drivers: of: add initialization code for dynamic reserved memory")
Cc: stable@vger.kernel.org
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Link: https://lore.kernel.org/r/20250109-of_core_fix-v4-9-db8a72415b8c@quicinc.com
Signed-off-by: Rob Herring (Arm) <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/of/of_reserved_mem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/of/of_reserved_mem.c
+++ b/drivers/of/of_reserved_mem.c
@@ -105,12 +105,12 @@ static int __init __reserved_mem_alloc_s
prop = of_get_flat_dt_prop(node, "alignment", &len);
if (prop) {
- if (len != dt_root_addr_cells * sizeof(__be32)) {
+ if (len != dt_root_size_cells * sizeof(__be32)) {
pr_err("invalid alignment property in '%s' node.\n",
uname);
return -EINVAL;
}
- align = dt_mem_next_cell(dt_root_addr_cells, &prop);
+ align = dt_mem_next_cell(dt_root_size_cells, &prop);
}
nomap = of_get_flat_dt_prop(node, "no-map", NULL) != NULL;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 369/578] HID: hid-sensor-hub: dont use stale platform-data on remove
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (367 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 368/578] of: reserved-memory: Fix using wrong number of cells to get property alignment Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 370/578] wifi: rtlwifi: rtl8821ae: Fix media status report Greg Kroah-Hartman
` (217 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Heiko Stuebner, Benjamin Tissoires,
Srinivas Pandruvada, Jiri Kosina, Lee Jones
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heiko Stuebner <heiko@sntech.de>
commit 8a5b38c3fd709e8acd2bfdedf66c25e6af759576 upstream.
The hid-sensor-hub creates the individual device structs and transfers them
to the created mfd platform-devices via the platform_data in the mfd_cell.
Before e651a1da442a ("HID: hid-sensor-hub: Allow parallel synchronous reads")
the sensor-hub was managing access centrally, with one "completion" in the
hub's data structure, which needed to be finished on removal at the latest.
The mentioned commit then moved this central management to each hid sensor
device, resulting on a completion in each struct hid_sensor_hub_device.
The remove procedure was adapted to go through all sensor devices and
finish any pending "completion".
What this didn't take into account was, platform_device_add_data() that is
used by mfd_add{_hotplug}_devices() does a kmemdup on the submitted
platform-data. So the data the platform-device gets is a copy of the
original data, meaning that the device worked on a different completion
than what sensor_hub_remove() currently wants to access.
To fix that, use device_for_each_child() to go through each child-device
similar to how mfd_remove_devices() unregisters the devices later and
with that get the live platform_data to finalize the correct completion.
Fixes: e651a1da442a ("HID: hid-sensor-hub: Allow parallel synchronous reads")
Cc: stable@vger.kernel.org
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Acked-by: Benjamin Tissoires <bentiss@kernel.org>
Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Acked-by: Jiri Kosina <jkosina@suse.com>
Link: https://lore.kernel.org/r/20241107114712.538976-2-heiko@sntech.de
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-sensor-hub.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
--- a/drivers/hid/hid-sensor-hub.c
+++ b/drivers/hid/hid-sensor-hub.c
@@ -728,23 +728,30 @@ err_stop_hw:
return ret;
}
+static int sensor_hub_finalize_pending_fn(struct device *dev, void *data)
+{
+ struct hid_sensor_hub_device *hsdev = dev->platform_data;
+
+ if (hsdev->pending.status)
+ complete(&hsdev->pending.ready);
+
+ return 0;
+}
+
static void sensor_hub_remove(struct hid_device *hdev)
{
struct sensor_hub_data *data = hid_get_drvdata(hdev);
unsigned long flags;
- int i;
hid_dbg(hdev, " hardware removed\n");
hid_hw_close(hdev);
hid_hw_stop(hdev);
+
spin_lock_irqsave(&data->lock, flags);
- for (i = 0; i < data->hid_sensor_client_cnt; ++i) {
- struct hid_sensor_hub_device *hsdev =
- data->hid_sensor_hub_client_devs[i].platform_data;
- if (hsdev->pending.status)
- complete(&hsdev->pending.ready);
- }
+ device_for_each_child(&hdev->dev, NULL,
+ sensor_hub_finalize_pending_fn);
spin_unlock_irqrestore(&data->lock, flags);
+
mfd_remove_devices(&hdev->dev);
mutex_destroy(&data->mutex);
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 370/578] wifi: rtlwifi: rtl8821ae: Fix media status report
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (368 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 369/578] HID: hid-sensor-hub: dont use stale platform-data on remove Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 371/578] wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Greg Kroah-Hartman
` (216 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Bitterblue Smith, Ping-Ke Shih
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
commit 66ef0289ac99e155d206ddaa0fdfad09ae3cd007 upstream.
RTL8821AE is stuck transmitting at the lowest rate allowed by the rate
mask. This is because the firmware doesn't know the device is connected
to a network.
Fix the macros SET_H2CCMD_MSRRPT_PARM_OPMODE and
SET_H2CCMD_MSRRPT_PARM_MACID_IND to work on the first byte of __cmd,
not the second. Now the firmware is correctly notified when the device
is connected to a network and it activates the rate control.
Before (MCS3):
[ 5] 0.00-1.00 sec 12.5 MBytes 105 Mbits/sec 0 339 KBytes
[ 5] 1.00-2.00 sec 10.6 MBytes 89.1 Mbits/sec 0 339 KBytes
[ 5] 2.00-3.00 sec 10.6 MBytes 89.1 Mbits/sec 0 386 KBytes
[ 5] 3.00-4.00 sec 10.6 MBytes 89.1 Mbits/sec 0 386 KBytes
[ 5] 4.00-5.00 sec 10.2 MBytes 86.0 Mbits/sec 0 427 KBytes
After (MCS9):
[ 5] 0.00-1.00 sec 33.9 MBytes 284 Mbits/sec 0 771 KBytes
[ 5] 1.00-2.00 sec 31.6 MBytes 265 Mbits/sec 0 865 KBytes
[ 5] 2.00-3.00 sec 29.9 MBytes 251 Mbits/sec 0 963 KBytes
[ 5] 3.00-4.00 sec 28.2 MBytes 237 Mbits/sec 0 963 KBytes
[ 5] 4.00-5.00 sec 26.8 MBytes 224 Mbits/sec 0 963 KBytes
Fixes: 39f40710d0b5 ("rtlwifi: rtl88821ae: Remove usage of private bit manipulation macros")
Cc: stable@vger.kernel.org
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/754785b3-8a78-4554-b80d-de5f603b410b@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.h
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.h
@@ -197,9 +197,9 @@ enum rtl8821a_h2c_cmd {
/* _MEDIA_STATUS_RPT_PARM_CMD1 */
#define SET_H2CCMD_MSRRPT_PARM_OPMODE(__cmd, __value) \
- u8p_replace_bits(__cmd + 1, __value, BIT(0))
+ u8p_replace_bits(__cmd, __value, BIT(0))
#define SET_H2CCMD_MSRRPT_PARM_MACID_IND(__cmd, __value) \
- u8p_replace_bits(__cmd + 1, __value, BIT(1))
+ u8p_replace_bits(__cmd, __value, BIT(1))
/* AP_OFFLOAD */
#define SET_H2CCMD_AP_OFFLOAD_ON(__cmd, __value) \
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 371/578] wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (369 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 370/578] wifi: rtlwifi: rtl8821ae: Fix media status report Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 372/578] usb: gadget: f_tcm: Translate error to sense Greg Kroah-Hartman
` (215 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marcel Hamer, Arend van Spriel,
Kalle Valo
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marcel Hamer <marcel.hamer@windriver.com>
commit 68abd0c4ebf24cd499841a488b97a6873d5efabb upstream.
On removal of the device or unloading of the kernel module a potential NULL
pointer dereference occurs.
The following sequence deletes the interface:
brcmf_detach()
brcmf_remove_interface()
brcmf_del_if()
Inside the brcmf_del_if() function the drvr->if2bss[ifidx] is updated to
BRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.
After brcmf_remove_interface() call the brcmf_proto_detach() function is
called providing the following sequence:
brcmf_detach()
brcmf_proto_detach()
brcmf_proto_msgbuf_detach()
brcmf_flowring_detach()
brcmf_msgbuf_delete_flowring()
brcmf_msgbuf_remove_flowring()
brcmf_flowring_delete()
brcmf_get_ifp()
brcmf_txfinalize()
Since brcmf_get_ip() can and actually will return NULL in this case the
call to brcmf_txfinalize() will result in a NULL pointer dereference inside
brcmf_txfinalize() when trying to update ifp->ndev->stats.tx_errors.
This will only happen if a flowring still has an skb.
Although the NULL pointer dereference has only been seen when trying to
update the tx statistic, all other uses of the ifp pointer have been
guarded as well with an early return if ifp is NULL.
Cc: stable@vger.kernel.org
Signed-off-by: Marcel Hamer <marcel.hamer@windriver.com>
Link: https://lore.kernel.org/all/b519e746-ddfd-421f-d897-7620d229e4b2@gmail.com/
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20250116132240.731039-1-marcel.hamer@windriver.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
@@ -539,6 +539,11 @@ void brcmf_txfinalize(struct brcmf_if *i
struct ethhdr *eh;
u16 type;
+ if (!ifp) {
+ brcmu_pkt_buf_free_skb(txp);
+ return;
+ }
+
eh = (struct ethhdr *)(txp->data);
type = ntohs(eh->h_proto);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 372/578] usb: gadget: f_tcm: Translate error to sense
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (370 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 371/578] wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 373/578] usb: gadget: f_tcm: Decrement command ref count on cleanup Greg Kroah-Hartman
` (214 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
commit 98fa00fd3ae43b857b4976984a135483d89d9281 upstream.
When respond with check_condition error status, clear from_transport
input so the target layer can translate the sense reason reported by
f_tcm.
Fixes: c52661d60f63 ("usb-gadget: Initial merge of target module for UASP + BOT")
Cc: stable@vger.kernel.org
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/b2a5577efe7abd0af0051229622cf7d3be5cdcd0.1733876548.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_tcm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/usb/gadget/function/f_tcm.c
+++ b/drivers/usb/gadget/function/f_tcm.c
@@ -1065,7 +1065,7 @@ static void usbg_cmd_work(struct work_st
out:
transport_send_check_condition_and_sense(se_cmd,
- TCM_UNSUPPORTED_SCSI_OPCODE, 1);
+ TCM_UNSUPPORTED_SCSI_OPCODE, 0);
}
static struct usbg_cmd *usbg_get_cmd(struct f_uas *fu,
@@ -1193,7 +1193,7 @@ static void bot_cmd_work(struct work_str
out:
transport_send_check_condition_and_sense(se_cmd,
- TCM_UNSUPPORTED_SCSI_OPCODE, 1);
+ TCM_UNSUPPORTED_SCSI_OPCODE, 0);
}
static int bot_submit_command(struct f_uas *fu,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 373/578] usb: gadget: f_tcm: Decrement command ref count on cleanup
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (371 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 372/578] usb: gadget: f_tcm: Translate error to sense Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 374/578] usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Greg Kroah-Hartman
` (213 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
commit 3b2a52e88ab0c9469eaadd4d4c8f57d072477820 upstream.
We submitted the command with TARGET_SCF_ACK_KREF, which requires
acknowledgment of command completion. If the command fails, make sure to
decrement the ref count.
Fixes: cff834c16d23 ("usb-gadget/tcm: Convert to TARGET_SCF_ACK_KREF I/O krefs")
Cc: stable@vger.kernel.org
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/3c667b4d9c8b0b580346a69ff53616b6a74cfea2.1733876548.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_tcm.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/gadget/function/f_tcm.c
+++ b/drivers/usb/gadget/function/f_tcm.c
@@ -973,6 +973,7 @@ static void usbg_data_write_cmpl(struct
return;
cleanup:
+ target_put_sess_cmd(se_cmd);
transport_generic_free_cmd(&cmd->se_cmd, 0);
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 374/578] usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (372 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 373/578] usb: gadget: f_tcm: Decrement command ref count on cleanup Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 375/578] usb: gadget: f_tcm: Dont prepare BOT write request twice Greg Kroah-Hartman
` (212 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
commit 25224c1f07d31c261d04dfbc705a7a0f314a825d upstream.
Match usb endpoint using fullspeed endpoint descriptor to make sure the
wMaxPacketSize for fullspeed descriptors is automatically configured.
Fixes: c52661d60f63 ("usb-gadget: Initial merge of target module for UASP + BOT")
Cc: stable@vger.kernel.org
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/e4507bc824aed6e7c7f5a718392ab6a7c1480a7f.1733876548.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_tcm.c | 30 +++++++++++++-----------------
1 file changed, 13 insertions(+), 17 deletions(-)
--- a/drivers/usb/gadget/function/f_tcm.c
+++ b/drivers/usb/gadget/function/f_tcm.c
@@ -1998,43 +1998,39 @@ static int tcm_bind(struct usb_configura
bot_intf_desc.bInterfaceNumber = iface;
uasp_intf_desc.bInterfaceNumber = iface;
fu->iface = iface;
- ep = usb_ep_autoconfig_ss(gadget, &uasp_ss_bi_desc,
- &uasp_bi_ep_comp_desc);
+ ep = usb_ep_autoconfig(gadget, &uasp_fs_bi_desc);
if (!ep)
goto ep_fail;
fu->ep_in = ep;
- ep = usb_ep_autoconfig_ss(gadget, &uasp_ss_bo_desc,
- &uasp_bo_ep_comp_desc);
+ ep = usb_ep_autoconfig(gadget, &uasp_fs_bo_desc);
if (!ep)
goto ep_fail;
fu->ep_out = ep;
- ep = usb_ep_autoconfig_ss(gadget, &uasp_ss_status_desc,
- &uasp_status_in_ep_comp_desc);
+ ep = usb_ep_autoconfig(gadget, &uasp_fs_status_desc);
if (!ep)
goto ep_fail;
fu->ep_status = ep;
- ep = usb_ep_autoconfig_ss(gadget, &uasp_ss_cmd_desc,
- &uasp_cmd_comp_desc);
+ ep = usb_ep_autoconfig(gadget, &uasp_fs_cmd_desc);
if (!ep)
goto ep_fail;
fu->ep_cmd = ep;
/* Assume endpoint addresses are the same for both speeds */
- uasp_bi_desc.bEndpointAddress = uasp_ss_bi_desc.bEndpointAddress;
- uasp_bo_desc.bEndpointAddress = uasp_ss_bo_desc.bEndpointAddress;
+ uasp_bi_desc.bEndpointAddress = uasp_fs_bi_desc.bEndpointAddress;
+ uasp_bo_desc.bEndpointAddress = uasp_fs_bo_desc.bEndpointAddress;
uasp_status_desc.bEndpointAddress =
- uasp_ss_status_desc.bEndpointAddress;
- uasp_cmd_desc.bEndpointAddress = uasp_ss_cmd_desc.bEndpointAddress;
+ uasp_fs_status_desc.bEndpointAddress;
+ uasp_cmd_desc.bEndpointAddress = uasp_fs_cmd_desc.bEndpointAddress;
- uasp_fs_bi_desc.bEndpointAddress = uasp_ss_bi_desc.bEndpointAddress;
- uasp_fs_bo_desc.bEndpointAddress = uasp_ss_bo_desc.bEndpointAddress;
- uasp_fs_status_desc.bEndpointAddress =
- uasp_ss_status_desc.bEndpointAddress;
- uasp_fs_cmd_desc.bEndpointAddress = uasp_ss_cmd_desc.bEndpointAddress;
+ uasp_ss_bi_desc.bEndpointAddress = uasp_fs_bi_desc.bEndpointAddress;
+ uasp_ss_bo_desc.bEndpointAddress = uasp_fs_bo_desc.bEndpointAddress;
+ uasp_ss_status_desc.bEndpointAddress =
+ uasp_fs_status_desc.bEndpointAddress;
+ uasp_ss_cmd_desc.bEndpointAddress = uasp_fs_cmd_desc.bEndpointAddress;
ret = usb_assign_descriptors(f, uasp_fs_function_desc,
uasp_hs_function_desc, uasp_ss_function_desc,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 375/578] usb: gadget: f_tcm: Dont prepare BOT write request twice
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (373 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 374/578] usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 376/578] ASoC: acp: Support microphone from Lenovo Go S Greg Kroah-Hartman
` (211 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
commit 94d9bf671ae314cacc2d7bf96bd233b4abc7cede upstream.
The duplicate kmalloc here is causing memory leak. The request
preparation in bot_send_write_request is also done in
usbg_prepare_w_request. Remove the duplicate work.
Fixes: c52661d60f63 ("usb-gadget: Initial merge of target module for UASP + BOT")
Cc: stable@vger.kernel.org
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/f4f26c3d586cde0d46f8c3bcb4e8ae32311b650d.1733876548.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_tcm.c | 17 -----------------
1 file changed, 17 deletions(-)
--- a/drivers/usb/gadget/function/f_tcm.c
+++ b/drivers/usb/gadget/function/f_tcm.c
@@ -245,7 +245,6 @@ static int bot_send_write_request(struct
{
struct f_uas *fu = cmd->fu;
struct se_cmd *se_cmd = &cmd->se_cmd;
- struct usb_gadget *gadget = fuas_to_gadget(fu);
int ret;
init_completion(&cmd->write_complete);
@@ -256,22 +255,6 @@ static int bot_send_write_request(struct
return -EINVAL;
}
- if (!gadget->sg_supported) {
- cmd->data_buf = kmalloc(se_cmd->data_length, GFP_KERNEL);
- if (!cmd->data_buf)
- return -ENOMEM;
-
- fu->bot_req_out->buf = cmd->data_buf;
- } else {
- fu->bot_req_out->buf = NULL;
- fu->bot_req_out->num_sgs = se_cmd->t_data_nents;
- fu->bot_req_out->sg = se_cmd->t_data_sg;
- }
-
- fu->bot_req_out->complete = usbg_data_write_cmpl;
- fu->bot_req_out->length = se_cmd->data_length;
- fu->bot_req_out->context = cmd;
-
ret = usbg_prepare_w_request(cmd, fu->bot_req_out);
if (ret)
goto cleanup;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 376/578] ASoC: acp: Support microphone from Lenovo Go S
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (374 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 375/578] usb: gadget: f_tcm: Dont prepare BOT write request twice Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 377/578] soc: qcom: socinfo: Avoid out of bounds read of serial number Greg Kroah-Hartman
` (210 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, nijs1, pgriffais, mpearson-lenovo,
Mario Limonciello, Mark Brown
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mario Limonciello <mario.limonciello@amd.com>
commit b9a8ea185f3f8024619b2e74b74375493c87df8c upstream.
On Lenovo Go S there is a DMIC connected to the ACP but the firmware
has no `AcpDmicConnected` ACPI _DSD.
Add a DMI entry for all possible Lenovo Go S SKUs to enable DMIC.
Cc: nijs1@lenovo.com
Cc: pgriffais@valvesoftware.com
Cc: mpearson-lenovo@squebb.ca
Cc: stable@vger.kernel.org
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://patch.msgid.link/20250123024915.2457115-1-superm1@kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/amd/yc/acp6x-mach.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -301,6 +301,34 @@ static const struct dmi_system_id yc_acp
.driver_data = &acp6x_card,
.matches = {
DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "83L3"),
+ }
+ },
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "83N6"),
+ }
+ },
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "83Q2"),
+ }
+ },
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "83Q3"),
+ }
+ },
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
DMI_MATCH(DMI_PRODUCT_NAME, "82UG"),
}
},
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 377/578] soc: qcom: socinfo: Avoid out of bounds read of serial number
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (375 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 376/578] ASoC: acp: Support microphone from Lenovo Go S Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 378/578] serial: sh-sci: Drop __initdata macro for port_cfg Greg Kroah-Hartman
` (209 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stephan Gerhold, Dmitry Baryshkov,
Bjorn Andersson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephan Gerhold <stephan.gerhold@linaro.org>
commit 22cf4fae6660b6e1a583a41cbf84e3046ca9ccd0 upstream.
On MSM8916 devices, the serial number exposed in sysfs is constant and does
not change across individual devices. It's always:
db410c:/sys/devices/soc0$ cat serial_number
2644893864
The firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not
have support for the serial_num field in the socinfo struct. There is an
existing check to avoid exposing the serial number in that case, but it's
not correct: When checking the item_size returned by SMEM, we need to make
sure the *end* of the serial_num is within bounds, instead of comparing
with the *start* offset. The serial_number currently exposed on MSM8916
devices is just an out of bounds read of whatever comes after the socinfo
struct in SMEM.
Fix this by changing offsetof() to offsetofend(), so that the size of the
field is also taken into account.
Cc: stable@vger.kernel.org
Fixes: efb448d0a3fc ("soc: qcom: Add socinfo driver")
Signed-off-by: Stephan Gerhold <stephan.gerhold@linaro.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20241230-qcom-socinfo-serialno-oob-v1-1-9b7a890da3da@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/qcom/socinfo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/soc/qcom/socinfo.c
+++ b/drivers/soc/qcom/socinfo.c
@@ -652,7 +652,7 @@ static int qcom_socinfo_probe(struct pla
if (!qs->attr.soc_id || !qs->attr.revision)
return -ENOMEM;
- if (offsetof(struct socinfo, serial_num) <= item_size) {
+ if (offsetofend(struct socinfo, serial_num) <= item_size) {
qs->attr.serial_number = devm_kasprintf(&pdev->dev, GFP_KERNEL,
"%u",
le32_to_cpu(info->serial_num));
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 378/578] serial: sh-sci: Drop __initdata macro for port_cfg
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (376 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 377/578] soc: qcom: socinfo: Avoid out of bounds read of serial number Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 379/578] serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Greg Kroah-Hartman
` (208 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Claudiu Beznea
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
commit eaeee4225dba30bef4d424bdf134a07b7f423e8b upstream.
The port_cfg object is used by serial_console_write(), which serves as
the write function for the earlycon device. Marking port_cfg as __initdata
causes it to be freed after kernel initialization, resulting in earlycon
becoming unavailable thereafter. Remove the __initdata macro from port_cfg
to resolve this issue.
Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support")
Cc: stable@vger.kernel.org
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
Fixes: 0b0cced19ab15c9e ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support")
Link: https://lore.kernel.org/r/20250116182249.3828577-2-claudiu.beznea.uj@bp.renesas.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/sh-sci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -3430,7 +3430,7 @@ sh_early_platform_init_buffer("earlyprin
early_serial_buf, ARRAY_SIZE(early_serial_buf));
#endif
#ifdef CONFIG_SERIAL_SH_SCI_EARLYCON
-static struct plat_sci_port port_cfg __initdata;
+static struct plat_sci_port port_cfg;
static int __init early_console_setup(struct earlycon_device *device,
int type)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 379/578] serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (377 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 378/578] serial: sh-sci: Drop __initdata macro for port_cfg Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 380/578] MIPS: Loongson64: remove ROM Size unit in boardinfo Greg Kroah-Hartman
` (207 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Claudiu Beznea
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
commit 9f7dea875cc7f9c1a56a5c688290634a59cd1420 upstream.
In the sh-sci driver, sci_ports[0] is used by earlycon. If the earlycon is
still active when sci_probe() is called and the new serial port is supposed
to map to sci_ports[0], return -EBUSY to prevent breaking the earlycon.
This situation should occurs in debug scenarios, and users should be
aware of the potential conflict.
Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support")
Cc: stable@vger.kernel.org
Signed-off-by: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
Link: https://lore.kernel.org/r/20250116182249.3828577-4-claudiu.beznea.uj@bp.renesas.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/sh-sci.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -165,6 +165,7 @@ struct sci_port {
static struct sci_port sci_ports[SCI_NPORTS];
static unsigned long sci_ports_in_use;
static struct uart_driver sci_uart_driver;
+static bool sci_uart_earlycon;
static inline struct sci_port *
to_sci_port(struct uart_port *uart)
@@ -3318,6 +3319,7 @@ static int sci_probe_single(struct platf
static int sci_probe(struct platform_device *dev)
{
struct plat_sci_port *p;
+ struct resource *res;
struct sci_port *sp;
unsigned int dev_id;
int ret;
@@ -3347,6 +3349,26 @@ static int sci_probe(struct platform_dev
}
sp = &sci_ports[dev_id];
+
+ /*
+ * In case:
+ * - the probed port alias is zero (as the one used by earlycon), and
+ * - the earlycon is still active (e.g., "earlycon keep_bootcon" in
+ * bootargs)
+ *
+ * defer the probe of this serial. This is a debug scenario and the user
+ * must be aware of it.
+ *
+ * Except when the probed port is the same as the earlycon port.
+ */
+
+ res = platform_get_resource(dev, IORESOURCE_MEM, 0);
+ if (!res)
+ return -ENODEV;
+
+ if (sci_uart_earlycon && sp == &sci_ports[0] && sp->port.mapbase != res->start)
+ return dev_err_probe(&dev->dev, -EBUSY, "sci_port[0] is used by earlycon!\n");
+
platform_set_drvdata(dev, sp);
ret = sci_probe_single(dev, dev_id, p, sp);
@@ -3445,6 +3467,7 @@ static int __init early_console_setup(st
port_cfg.type = type;
sci_ports[0].cfg = &port_cfg;
sci_ports[0].params = sci_probe_regmap(&port_cfg);
+ sci_uart_earlycon = true;
port_cfg.scscr = sci_serial_in(&sci_ports[0].port, SCSCR);
sci_serial_out(&sci_ports[0].port, SCSCR,
SCSCR_RE | SCSCR_TE | port_cfg.scscr);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 380/578] MIPS: Loongson64: remove ROM Size unit in boardinfo
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (378 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 379/578] serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 381/578] powerpc/pseries/eeh: Fix get PE state translation Greg Kroah-Hartman
` (206 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mingcong Bai, Icenowy Zheng,
Kexy Biscuit, Jiaxun Yang, Thomas Bogendoerfer
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kexy Biscuit <kexybiscuit@aosc.io>
commit bd2212d658d7659b9d83c7e2f3a06789d4db1e90 upstream.
Per Appendix A.7 in Q/LS 0013-2014 (龙芯CPU开发系统固件与内核接口规范 V2.2,
lit. Loongson DevSys Firmware Kernel Interface Specification V2.2),
interface_info.size is size of this interface, not size of the LEFI BIOS
ROM.
In any case, the BIOS ROM Size just cannot be several kilobytes (KB) on
Loongson64 LEFI platforms.
Reported-by: Mingcong Bai <jeffbai@aosc.io>
Suggested-by: Icenowy Zheng <uwu@icenowy.me>
Fixes: 6c1bfbd9df8c ("MIPS: Loongson64: Add /sys/firmware/lefi/boardinfo")
Cc: stable@vger.kernel.org
Signed-off-by: Kexy Biscuit <kexybiscuit@aosc.io>
Acked-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/loongson64/boardinfo.c | 2 --
1 file changed, 2 deletions(-)
--- a/arch/mips/loongson64/boardinfo.c
+++ b/arch/mips/loongson64/boardinfo.c
@@ -21,13 +21,11 @@ static ssize_t boardinfo_show(struct kob
"BIOS Info\n"
"Vendor\t\t\t: %s\n"
"Version\t\t\t: %s\n"
- "ROM Size\t\t: %d KB\n"
"Release Date\t\t: %s\n",
strsep(&tmp_board_manufacturer, "-"),
eboard->name,
strsep(&tmp_bios_vendor, "-"),
einter->description,
- einter->size,
especial->special_name);
}
static struct kobj_attribute boardinfo_attr = __ATTR(boardinfo, 0444,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 381/578] powerpc/pseries/eeh: Fix get PE state translation
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (379 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 380/578] MIPS: Loongson64: remove ROM Size unit in boardinfo Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 382/578] dm-crypt: dont update io->sector after kcryptd_crypt_write_io_submit() Greg Kroah-Hartman
` (205 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ritesh Harjani (IBM),
Narayana Murty N, Madhavan Srinivasan
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Narayana Murty N <nnmlinux@linux.ibm.com>
commit 11b93559000c686ad7e5ab0547e76f21cc143844 upstream.
The PE Reset State "0" returned by RTAS calls
"ibm_read_slot_reset_[state|state2]" indicates that the reset is
deactivated and the PE is in a state where MMIO and DMA are allowed.
However, the current implementation of "pseries_eeh_get_state()" does
not reflect this, causing drivers to incorrectly assume that MMIO and
DMA operations cannot be resumed.
The userspace drivers as a part of EEH recovery using VFIO ioctls fail
to detect when the recovery process is complete. The VFIO_EEH_PE_GET_STATE
ioctl does not report the expected EEH_PE_STATE_NORMAL state, preventing
userspace drivers from functioning properly on pseries systems.
The patch addresses this issue by updating 'pseries_eeh_get_state()'
to include "EEH_STATE_MMIO_ENABLED" and "EEH_STATE_DMA_ENABLED" in
the result mask for PE Reset State "0". This ensures correct state
reporting to the callers, aligning the behavior with the PAPR specification
and fixing the bug in EEH recovery for VFIO user workflows.
Fixes: 00ba05a12b3c ("powerpc/pseries: Cleanup on pseries_eeh_get_state()")
Cc: stable@vger.kernel.org
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Signed-off-by: Narayana Murty N <nnmlinux@linux.ibm.com>
Link: https://lore.kernel.org/stable/20241212075044.10563-1-nnmlinux%40linux.ibm.com
Signed-off-by: Madhavan Srinivasan <maddy@linux.ibm.com>
Link: https://patch.msgid.link/20250116103954.17324-1-nnmlinux@linux.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pseries/eeh_pseries.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/arch/powerpc/platforms/pseries/eeh_pseries.c
+++ b/arch/powerpc/platforms/pseries/eeh_pseries.c
@@ -580,8 +580,10 @@ static int pseries_eeh_get_state(struct
switch(rets[0]) {
case 0:
- result = EEH_STATE_MMIO_ACTIVE |
- EEH_STATE_DMA_ACTIVE;
+ result = EEH_STATE_MMIO_ACTIVE |
+ EEH_STATE_DMA_ACTIVE |
+ EEH_STATE_MMIO_ENABLED |
+ EEH_STATE_DMA_ENABLED;
break;
case 1:
result = EEH_STATE_RESET_ACTIVE |
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 382/578] dm-crypt: dont update io->sector after kcryptd_crypt_write_io_submit()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (380 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 381/578] powerpc/pseries/eeh: Fix get PE state translation Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 383/578] dm-crypt: track tag_offset in convert_context Greg Kroah-Hartman
` (204 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hou Tao, Mikulas Patocka
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hou Tao <houtao1@huawei.com>
commit 9fdbbdbbc92b1474a87b89f8b964892a63734492 upstream.
The updates of io->sector are the leftovers when dm-crypt allocated
pages for partial write request. However, since commit cf2f1abfbd0db
("dm crypt: don't allocate pages for a partial request"), there is no
partial request anymore.
After the introduction of write request rb-tree, the updates of
io->sectors may interfere the insertion procedure, because ->sectors of
these write requests which have already been added in the rb-tree may be
changed during the insertion of new write request.
Fix it by removing these buggy updates of io->sectors. Considering these
updates only effect the write request rb-tree, the commit which
introduces the write request rb-tree is used as the fix tag.
Fixes: b3c5fd305249 ("dm crypt: sort writes")
Cc: stable@vger.kernel.org
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-crypt.c | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2029,7 +2029,6 @@ static void kcryptd_crypt_write_continue
struct crypt_config *cc = io->cc;
struct convert_context *ctx = &io->ctx;
int crypt_finished;
- sector_t sector = io->sector;
blk_status_t r;
wait_for_completion(&ctx->restart);
@@ -2046,10 +2045,8 @@ static void kcryptd_crypt_write_continue
}
/* Encryption was already finished, submit io now */
- if (crypt_finished) {
+ if (crypt_finished)
kcryptd_crypt_write_io_submit(io, 0);
- io->sector = sector;
- }
crypt_dec_pending(io);
}
@@ -2060,14 +2057,13 @@ static void kcryptd_crypt_write_convert(
struct convert_context *ctx = &io->ctx;
struct bio *clone;
int crypt_finished;
- sector_t sector = io->sector;
blk_status_t r;
/*
* Prevent io from disappearing until this function completes.
*/
crypt_inc_pending(io);
- crypt_convert_init(cc, ctx, NULL, io->base_bio, sector);
+ crypt_convert_init(cc, ctx, NULL, io->base_bio, io->sector);
clone = crypt_alloc_buffer(io, io->base_bio->bi_iter.bi_size);
if (unlikely(!clone)) {
@@ -2084,8 +2080,6 @@ static void kcryptd_crypt_write_convert(
io->ctx.iter_in = clone->bi_iter;
}
- sector += bio_sectors(clone);
-
crypt_inc_pending(io);
r = crypt_convert(cc, ctx,
test_bit(DM_CRYPT_NO_WRITE_WORKQUEUE, &cc->flags), true);
@@ -2109,10 +2103,8 @@ static void kcryptd_crypt_write_convert(
}
/* Encryption was already finished, submit io now */
- if (crypt_finished) {
+ if (crypt_finished)
kcryptd_crypt_write_io_submit(io, 0);
- io->sector = sector;
- }
dec:
crypt_dec_pending(io);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 383/578] dm-crypt: track tag_offset in convert_context
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (381 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 382/578] dm-crypt: dont update io->sector after kcryptd_crypt_write_io_submit() Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 384/578] mips/math-emu: fix emulation of the prefx instruction Greg Kroah-Hartman
` (203 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hou Tao, Mikulas Patocka
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hou Tao <houtao1@huawei.com>
commit 8b8f8037765757861f899ed3a2bfb34525b5c065 upstream.
dm-crypt uses tag_offset to index the integrity metadata for each crypt
sector. When the initial crypt_convert() returns BLK_STS_DEV_RESOURCE,
dm-crypt will try to continue the crypt/decrypt procedure in a kworker.
However, it resets tag_offset as zero instead of using the tag_offset
related with current sector. It may return unexpected data when using
random IV or return unexpected integrity related error.
Fix the problem by tracking tag_offset in per-IO convert_context.
Therefore, when the crypt/decrypt procedure continues in a kworker, it
could use the next tag_offset saved in convert_context.
Fixes: 8abec36d1274 ("dm crypt: do not wait for backlogged crypto request completion in softirq")
Cc: stable@vger.kernel.org
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-crypt.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -56,6 +56,7 @@ struct convert_context {
struct bio *bio_out;
struct bvec_iter iter_out;
atomic_t cc_pending;
+ unsigned int tag_offset;
u64 cc_sector;
union {
struct skcipher_request *req;
@@ -1223,6 +1224,7 @@ static void crypt_convert_init(struct cr
if (bio_out)
ctx->iter_out = bio_out->bi_iter;
ctx->cc_sector = sector + cc->iv_offset;
+ ctx->tag_offset = 0;
init_completion(&ctx->restart);
}
@@ -1554,7 +1556,6 @@ static void crypt_free_req(struct crypt_
static blk_status_t crypt_convert(struct crypt_config *cc,
struct convert_context *ctx, bool atomic, bool reset_pending)
{
- unsigned int tag_offset = 0;
unsigned int sector_step = cc->sector_size >> SECTOR_SHIFT;
int r;
@@ -1577,9 +1578,9 @@ static blk_status_t crypt_convert(struct
atomic_inc(&ctx->cc_pending);
if (crypt_integrity_aead(cc))
- r = crypt_convert_block_aead(cc, ctx, ctx->r.req_aead, tag_offset);
+ r = crypt_convert_block_aead(cc, ctx, ctx->r.req_aead, ctx->tag_offset);
else
- r = crypt_convert_block_skcipher(cc, ctx, ctx->r.req, tag_offset);
+ r = crypt_convert_block_skcipher(cc, ctx, ctx->r.req, ctx->tag_offset);
switch (r) {
/*
@@ -1599,8 +1600,8 @@ static blk_status_t crypt_convert(struct
* exit and continue processing in a workqueue
*/
ctx->r.req = NULL;
+ ctx->tag_offset++;
ctx->cc_sector += sector_step;
- tag_offset++;
return BLK_STS_DEV_RESOURCE;
}
} else {
@@ -1614,8 +1615,8 @@ static blk_status_t crypt_convert(struct
*/
case -EINPROGRESS:
ctx->r.req = NULL;
+ ctx->tag_offset++;
ctx->cc_sector += sector_step;
- tag_offset++;
continue;
/*
* The request was already processed (synchronously).
@@ -1623,7 +1624,7 @@ static blk_status_t crypt_convert(struct
case 0:
atomic_dec(&ctx->cc_pending);
ctx->cc_sector += sector_step;
- tag_offset++;
+ ctx->tag_offset++;
if (!atomic)
cond_resched();
continue;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 384/578] mips/math-emu: fix emulation of the prefx instruction
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (382 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 383/578] dm-crypt: track tag_offset in convert_context Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 385/578] block: dont revert iter for -EIOCBQUEUED Greg Kroah-Hartman
` (202 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mateusz Jończyk, Dengcheng Zhu,
Thomas Bogendoerfer, Ming Wang, Tiezhu Yang
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mateusz Jończyk <mat.jonczyk@o2.pl>
commit 42a39e4aa59a10aa4afdc14194f3ee63d2db94e1 upstream.
Currently, installation of Debian 12.8 for mipsel fails on machines
without an FPU [1]. This is caused by the fact that zstd (which is used
for initramfs compression) executes the prefx instruction, which is not
emulated properly by the kernel.
The prefx (Prefetch Indexed) instruction fetches data from memory into
the cache without any side effects. Though functionally unrelated, it
requires an FPU [2].
Bytecode format of this instruction ends on "001111" binary:
(prefx instruction format) & 0x0000003f = 0x0000000f
The code in fpux_emu() runs like so:
#define MIPSInst(x) x
#define MIPSInst_FMA_FFMT(x) (MIPSInst(x) & 0x00000007)
#define MIPSInst_FUNC(x) (MIPSInst(x) & 0x0000003f)
enum cop1x_func { ..., pfetch_op = 0x0f, ... };
...
switch (MIPSInst_FMA_FFMT(ir)) {
...
case 0x3:
if (MIPSInst_FUNC(ir) != pfetch_op)
return SIGILL;
/* ignore prefx operation */
break;
default:
return SIGILL;
}
That snippet above contains a logic error and the
if (MIPSInst_FUNC(ir) != pfetch_op)
comparison always fires.
When MIPSInst_FUNC(ir) is equal to pfetch_op, ir must end on 001111
binary. In this case, MIPSInst_FMA_FFMT(ir) must be equal to 0x7, which
does not match that case label.
This causes emulation failure for the prefx instruction. Fix it.
This has been broken by
commit 919af8b96c89 ("MIPS: Make definitions of MIPSInst_FMA_{FUNC,FMTM} consistent with MIPS64 manual")
which modified the MIPSInst_FMA_FFMT macro without updating the users.
Signed-off-by: Mateusz Jończyk <mat.jonczyk@o2.pl>
Cc: stable@vger.kernel.org # after 3 weeks
Cc: Dengcheng Zhu <dzhu@wavecomp.com>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Ming Wang <wangming01@loongson.cn>
Cc: Tiezhu Yang <yangtiezhu@loongson.cn>
Fixes: 919af8b96c89 ("MIPS: Make definitions of MIPSInst_FMA_{FUNC,FMTM} consistent with MIPS64 manual")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091858
[2] MIPS Architecture For Programmers Volume II-A: The MIPS32 Instruction Set
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
---
arch/mips/math-emu/cp1emu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/math-emu/cp1emu.c
+++ b/arch/mips/math-emu/cp1emu.c
@@ -1660,7 +1660,7 @@ static int fpux_emu(struct pt_regs *xcp,
break;
}
- case 0x3:
+ case 0x7:
if (MIPSInst_FUNC(ir) != pfetch_op)
return SIGILL;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 385/578] block: dont revert iter for -EIOCBQUEUED
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (383 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 384/578] mips/math-emu: fix emulation of the prefx instruction Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 386/578] Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Greg Kroah-Hartman
` (201 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jens Axboe
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <axboe@kernel.dk>
commit b13ee668e8280ca5b07f8ce2846b9957a8a10853 upstream.
blkdev_read_iter() has a few odd checks, like gating the position and
count adjustment on whether or not the result is bigger-than-or-equal to
zero (where bigger than makes more sense), and not checking the return
value of blkdev_direct_IO() before doing an iov_iter_revert(). The
latter can lead to attempting to revert with a negative value, which
when passed to iov_iter_revert() as an unsigned value will lead to
throwing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.
Be sane and don't revert for -EIOCBQUEUED, like what is done in other
spots.
Cc: stable@vger.kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/fops.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/block/fops.c
+++ b/block/fops.c
@@ -601,11 +601,12 @@ static ssize_t blkdev_read_iter(struct k
file_accessed(iocb->ki_filp);
ret = blkdev_direct_IO(iocb, to);
- if (ret >= 0) {
+ if (ret > 0) {
iocb->ki_pos += ret;
count -= ret;
}
- iov_iter_revert(to, count - iov_iter_count(to));
+ if (ret != -EIOCBQUEUED)
+ iov_iter_revert(to, count - iov_iter_count(to));
if (ret < 0 || !count)
goto reexpand;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 386/578] Revert "media: uvcvideo: Require entities to have a non-zero unique ID"
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (384 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 385/578] block: dont revert iter for -EIOCBQUEUED Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 387/578] ALSA: hda/realtek: Enable headset mic on Positivo C6400 Greg Kroah-Hartman
` (200 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tomasz Sikora,
Thadeu Lima de Souza Cascardo, Laurent Pinchart, Hans de Goede,
Ricardo Ribalda, Mauro Carvalho Chehab
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
commit 8004d635f27bbccaa5c083c50d4d5302a6ffa00e upstream.
This reverts commit 3dd075fe8ebbc6fcbf998f81a75b8c4b159a6195.
Tomasz has reported that his device, Generalplus Technology Inc. 808 Camera,
with ID 1b3f:2002, stopped being detected:
$ ls -l /dev/video*
zsh: no matches found: /dev/video*
[ 7.230599] usb 3-2: Found multiple Units with ID 5
This particular device is non-compliant, having both the Output Terminal
and Processing Unit with ID 5. uvc_scan_fallback, though, is able to build
a chain. However, when media elements are added and uvc_mc_create_links
call uvc_entity_by_id, it will get the incorrect entity,
media_create_pad_link will WARN, and it will fail to register the entities.
In order to reinstate support for such devices in a timely fashion,
reverting the fix for these warnings is appropriate. A proper fix that
considers the existence of such non-compliant devices will be submitted in
a later development cycle.
Reported-by: Tomasz Sikora <sikora.tomus@gmail.com>
Fixes: 3dd075fe8ebb ("media: uvcvideo: Require entities to have a non-zero unique ID")
Cc: stable@vger.kernel.org
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Ricardo Ribalda <ribalda@chromium.org>
Link: https://lore.kernel.org/r/20250114200045.1401644-1-cascardo@igalia.com
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/uvc/uvc_driver.c | 70 ++++++++++++++-----------------------
1 file changed, 27 insertions(+), 43 deletions(-)
--- a/drivers/media/usb/uvc/uvc_driver.c
+++ b/drivers/media/usb/uvc/uvc_driver.c
@@ -754,27 +754,14 @@ static const u8 uvc_media_transport_inpu
UVC_GUID_UVC_MEDIA_TRANSPORT_INPUT;
static const u8 uvc_processing_guid[16] = UVC_GUID_UVC_PROCESSING;
-static struct uvc_entity *uvc_alloc_new_entity(struct uvc_device *dev, u16 type,
- u16 id, unsigned int num_pads,
- unsigned int extra_size)
+static struct uvc_entity *uvc_alloc_entity(u16 type, u16 id,
+ unsigned int num_pads, unsigned int extra_size)
{
struct uvc_entity *entity;
unsigned int num_inputs;
unsigned int size;
unsigned int i;
- /* Per UVC 1.1+ spec 3.7.2, the ID should be non-zero. */
- if (id == 0) {
- dev_err(&dev->udev->dev, "Found Unit with invalid ID 0.\n");
- return ERR_PTR(-EINVAL);
- }
-
- /* Per UVC 1.1+ spec 3.7.2, the ID is unique. */
- if (uvc_entity_by_id(dev, id)) {
- dev_err(&dev->udev->dev, "Found multiple Units with ID %u\n", id);
- return ERR_PTR(-EINVAL);
- }
-
extra_size = roundup(extra_size, sizeof(*entity->pads));
if (num_pads)
num_inputs = type & UVC_TERM_OUTPUT ? num_pads : num_pads - 1;
@@ -784,7 +771,7 @@ static struct uvc_entity *uvc_alloc_new_
+ num_inputs;
entity = kzalloc(size, GFP_KERNEL);
if (entity == NULL)
- return ERR_PTR(-ENOMEM);
+ return NULL;
entity->id = id;
entity->type = type;
@@ -875,10 +862,10 @@ static int uvc_parse_vendor_control(stru
break;
}
- unit = uvc_alloc_new_entity(dev, UVC_VC_EXTENSION_UNIT,
- buffer[3], p + 1, 2 * n);
- if (IS_ERR(unit))
- return PTR_ERR(unit);
+ unit = uvc_alloc_entity(UVC_VC_EXTENSION_UNIT, buffer[3],
+ p + 1, 2*n);
+ if (unit == NULL)
+ return -ENOMEM;
memcpy(unit->guid, &buffer[4], 16);
unit->extension.bNumControls = buffer[20];
@@ -988,10 +975,10 @@ static int uvc_parse_standard_control(st
return -EINVAL;
}
- term = uvc_alloc_new_entity(dev, type | UVC_TERM_INPUT,
- buffer[3], 1, n + p);
- if (IS_ERR(term))
- return PTR_ERR(term);
+ term = uvc_alloc_entity(type | UVC_TERM_INPUT, buffer[3],
+ 1, n + p);
+ if (term == NULL)
+ return -ENOMEM;
if (UVC_ENTITY_TYPE(term) == UVC_ITT_CAMERA) {
term->camera.bControlSize = n;
@@ -1048,10 +1035,10 @@ static int uvc_parse_standard_control(st
return 0;
}
- term = uvc_alloc_new_entity(dev, type | UVC_TERM_OUTPUT,
- buffer[3], 1, 0);
- if (IS_ERR(term))
- return PTR_ERR(term);
+ term = uvc_alloc_entity(type | UVC_TERM_OUTPUT, buffer[3],
+ 1, 0);
+ if (term == NULL)
+ return -ENOMEM;
memcpy(term->baSourceID, &buffer[7], 1);
@@ -1072,10 +1059,9 @@ static int uvc_parse_standard_control(st
return -EINVAL;
}
- unit = uvc_alloc_new_entity(dev, buffer[2], buffer[3],
- p + 1, 0);
- if (IS_ERR(unit))
- return PTR_ERR(unit);
+ unit = uvc_alloc_entity(buffer[2], buffer[3], p + 1, 0);
+ if (unit == NULL)
+ return -ENOMEM;
memcpy(unit->baSourceID, &buffer[5], p);
@@ -1097,9 +1083,9 @@ static int uvc_parse_standard_control(st
return -EINVAL;
}
- unit = uvc_alloc_new_entity(dev, buffer[2], buffer[3], 2, n);
- if (IS_ERR(unit))
- return PTR_ERR(unit);
+ unit = uvc_alloc_entity(buffer[2], buffer[3], 2, n);
+ if (unit == NULL)
+ return -ENOMEM;
memcpy(unit->baSourceID, &buffer[4], 1);
unit->processing.wMaxMultiplier =
@@ -1128,10 +1114,9 @@ static int uvc_parse_standard_control(st
return -EINVAL;
}
- unit = uvc_alloc_new_entity(dev, buffer[2], buffer[3],
- p + 1, n);
- if (IS_ERR(unit))
- return PTR_ERR(unit);
+ unit = uvc_alloc_entity(buffer[2], buffer[3], p + 1, n);
+ if (unit == NULL)
+ return -ENOMEM;
memcpy(unit->guid, &buffer[4], 16);
unit->extension.bNumControls = buffer[20];
@@ -1275,10 +1260,9 @@ static int uvc_gpio_parse(struct uvc_dev
return irq;
}
- unit = uvc_alloc_new_entity(dev, UVC_EXT_GPIO_UNIT,
- UVC_EXT_GPIO_UNIT_ID, 0, 1);
- if (IS_ERR(unit))
- return PTR_ERR(unit);
+ unit = uvc_alloc_entity(UVC_EXT_GPIO_UNIT, UVC_EXT_GPIO_UNIT_ID, 0, 1);
+ if (!unit)
+ return -ENOMEM;
unit->gpio.gpio_privacy = gpio_privacy;
unit->gpio.irq = irq;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 387/578] ALSA: hda/realtek: Enable headset mic on Positivo C6400
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (385 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 386/578] Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 388/578] ALSA: hda: Fix headset detection failure due to unstable sort Greg Kroah-Hartman
` (199 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Edson Juliano Drosdeck, Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edson Juliano Drosdeck <edson.drosdeck@gmail.com>
commit 1aec3ed2e3e1512aba15e7e790196a44efd5f0a7 upstream.
Positivo C6400 is equipped with ALC269VB, and it needs
ALC269VB_FIXUP_ASUS_ZENBOOK quirk to make its headset mic work.
Also must to limits the microphone boost.
Signed-off-by: Edson Juliano Drosdeck <edson.drosdeck@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20250114170619.11510-1-edson.drosdeck@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -10214,6 +10214,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x17aa, 0x511f, "Thinkpad", ALC298_FIXUP_TPT470_DOCK),
SND_PCI_QUIRK(0x17aa, 0x9e54, "LENOVO NB", ALC269_FIXUP_LENOVO_EAPD),
SND_PCI_QUIRK(0x17aa, 0x9e56, "Lenovo ZhaoYang CF4620Z", ALC286_FIXUP_SONY_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1849, 0x0269, "Positivo Master C6400", ALC269VB_FIXUP_ASUS_ZENBOOK),
SND_PCI_QUIRK(0x1849, 0x1233, "ASRock NUC Box 1100", ALC233_FIXUP_NO_AUDIO_JACK),
SND_PCI_QUIRK(0x1849, 0xa233, "Positivo Master C6300", ALC269_FIXUP_HEADSET_MIC),
SND_PCI_QUIRK(0x19e5, 0x3204, "Huawei MACH-WX9", ALC256_FIXUP_HUAWEI_MACH_WX9_PINS),
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 388/578] ALSA: hda: Fix headset detection failure due to unstable sort
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (386 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 387/578] ALSA: hda/realtek: Enable headset mic on Positivo C6400 Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 389/578] arm64: tegra: Fix Tegra234 PCIe interrupt-map Greg Kroah-Hartman
` (198 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Austrum, Kuan-Wei Chiu, Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuan-Wei Chiu <visitorckw@gmail.com>
commit 3b4309546b48fc167aa615a2d881a09c0a97971f upstream.
The auto_parser assumed sort() was stable, but the kernel's sort() uses
heapsort, which has never been stable. After commit 0e02ca29a563
("lib/sort: optimize heapsort with double-pop variation"), the order of
equal elements changed, causing the headset to fail to work.
Fix the issue by recording the original order of elements before
sorting and using it as a tiebreaker for equal elements in the
comparison function.
Fixes: b9030a005d58 ("ALSA: hda - Use standard sort function in hda_auto_parser.c")
Reported-by: Austrum <austrum.lab@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219158
Tested-by: Austrum <austrum.lab@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Kuan-Wei Chiu <visitorckw@gmail.com>
Link: https://patch.msgid.link/20250128165415.643223-1-visitorckw@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/hda_auto_parser.c | 8 +++++++-
sound/pci/hda/hda_auto_parser.h | 1 +
2 files changed, 8 insertions(+), 1 deletion(-)
--- a/sound/pci/hda/hda_auto_parser.c
+++ b/sound/pci/hda/hda_auto_parser.c
@@ -80,7 +80,11 @@ static int compare_input_type(const void
/* In case one has boost and the other one has not,
pick the one with boost first. */
- return (int)(b->has_boost_on_pin - a->has_boost_on_pin);
+ if (a->has_boost_on_pin != b->has_boost_on_pin)
+ return (int)(b->has_boost_on_pin - a->has_boost_on_pin);
+
+ /* Keep the original order */
+ return a->order - b->order;
}
/* Reorder the surround channels
@@ -400,6 +404,8 @@ int snd_hda_parse_pin_defcfg(struct hda_
reorder_outputs(cfg->speaker_outs, cfg->speaker_pins);
/* sort inputs in the order of AUTO_PIN_* type */
+ for (i = 0; i < cfg->num_inputs; i++)
+ cfg->inputs[i].order = i;
sort(cfg->inputs, cfg->num_inputs, sizeof(cfg->inputs[0]),
compare_input_type, NULL);
--- a/sound/pci/hda/hda_auto_parser.h
+++ b/sound/pci/hda/hda_auto_parser.h
@@ -35,6 +35,7 @@ struct auto_pin_cfg_item {
unsigned int is_headset_mic:1;
unsigned int is_headphone_mic:1; /* Mic-only in headphone jack */
unsigned int has_boost_on_pin:1;
+ int order;
};
struct auto_pin_cfg;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 389/578] arm64: tegra: Fix Tegra234 PCIe interrupt-map
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (387 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 388/578] ALSA: hda: Fix headset detection failure due to unstable sort Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 390/578] PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Greg Kroah-Hartman
` (197 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Brad Griffis, Thierry Reding
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Brad Griffis <bgriffis@nvidia.com>
commit b615fbd70fce8582d92b3bdbbf3c9b80cadcfb55 upstream.
For interrupt-map entries, the DTS specification requires
that #address-cells is defined for both the child node and the
interrupt parent. For the PCIe interrupt-map entries, the parent
node ("gic") has not specified #address-cells. The existing layout
of the PCIe interrupt-map entries indicates that it assumes
that #address-cells is zero for this node.
Explicitly set #address-cells to zero for "gic" so that it complies
with the device tree specification.
NVIDIA EDK2 works around this issue by assuming #address-cells
is zero in this scenario, but that workaround is being removed and so
this update is needed or else NVIDIA EDK2 cannot successfully parse the
device tree and the board cannot boot.
Fixes: ec142c44b026 ("arm64: tegra: Add P2U and PCIe controller nodes to Tegra234 DT")
Signed-off-by: Brad Griffis <bgriffis@nvidia.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20241213235602.452303-1-bgriffis@nvidia.com
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/arm64/boot/dts/nvidia/tegra234.dtsi
+++ b/arch/arm64/boot/dts/nvidia/tegra234.dtsi
@@ -1574,6 +1574,8 @@
#redistributor-regions = <1>;
#interrupt-cells = <3>;
interrupt-controller;
+
+ #address-cells = <0>;
};
smmu_iso: iommu@10000000{
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 390/578] PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (388 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 389/578] arm64: tegra: Fix Tegra234 PCIe interrupt-map Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 391/578] nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Greg Kroah-Hartman
` (196 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zijun Hu, Bjorn Helgaas, Frank Li
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijun Hu <quic_zijuhu@quicinc.com>
commit 3b9f942eb21c92041905e3943a8d5177c9a9d89d upstream.
When removing a virtual Endpoint, pci_epf_remove_vepf() failed to clear
epf_vf->epf_pf, which caused a subsequent pci_epf_add_vepf() to incorrectly
return -EBUSY:
pci_epf_add_vepf(epf_pf, epf_vf) // add
pci_epf_remove_vepf(epf_pf, epf_vf) // remove
pci_epf_add_vepf(epf_pf, epf_vf) // add again, -EBUSY error
Fix by clearing epf_vf->epf_pf in pci_epf_remove_vepf().
Link: https://lore.kernel.org/r/20241210-pci-epc-core_fix-v3-3-4d86dd573e4b@quicinc.com
Fixes: 1cf362e907f3 ("PCI: endpoint: Add support to add virtual function in endpoint core")
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Frank Li <Frank.Li@nxp.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/endpoint/pci-epf-core.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/pci/endpoint/pci-epf-core.c
+++ b/drivers/pci/endpoint/pci-epf-core.c
@@ -234,6 +234,7 @@ void pci_epf_remove_vepf(struct pci_epf
mutex_lock(&epf_pf->lock);
clear_bit(epf_vf->vfunc_no, &epf_pf->vfunction_num_map);
+ epf_vf->epf_pf = NULL;
list_del(&epf_vf->list);
mutex_unlock(&epf_pf->lock);
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 391/578] nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (389 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 390/578] PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 392/578] nvme-pci: Add TUXEDO IBP Gen9 " Greg Kroah-Hartman
` (195 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Georg Gottleuber, Werner Sembach,
Christoph Hellwig, Keith Busch
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Georg Gottleuber <ggo@tuxedocomputers.com>
commit dbf2bb1a1319b7c7d8828905378a6696cca6b0f2 upstream.
On the TUXEDO InfinityFlex, a Samsung 990 Evo NVMe leads to a high power
consumption in s2idle sleep (4 watts).
This patch applies 'Force No Simple Suspend' quirk to achieve a sleep with
a lower power consumption, typically around 1.4 watts.
Signed-off-by: Georg Gottleuber <ggo@tuxedocomputers.com>
Cc: stable@vger.kernel.org
Signed-off-by: Werner Sembach <wse@tuxedocomputers.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/pci.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -3103,7 +3103,8 @@ static unsigned long check_vendor_combin
* because of high power consumption (> 2 Watt) in s2idle
* sleep. Only some boards with Intel CPU are affected.
*/
- if (dmi_match(DMI_BOARD_NAME, "GMxPXxx") ||
+ if (dmi_match(DMI_BOARD_NAME, "DN50Z-140HC-YD") ||
+ dmi_match(DMI_BOARD_NAME, "GMxPXxx") ||
dmi_match(DMI_BOARD_NAME, "PH4PG31") ||
dmi_match(DMI_BOARD_NAME, "PH4PRX1_PH6PRX1") ||
dmi_match(DMI_BOARD_NAME, "PH6PG01_PH6PG71"))
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 392/578] nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (390 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 391/578] nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 393/578] scsi: qla2xxx: Move FCE Trace buffer allocation to user control Greg Kroah-Hartman
` (194 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Georg Gottleuber, Werner Sembach,
Christoph Hellwig, Keith Busch
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Georg Gottleuber <ggo@tuxedocomputers.com>
commit 11cb3529d18514f7d28ad2190533192aedefd761 upstream.
On the TUXEDO InfinityBook Pro Gen9 Intel, a Samsung 990 Evo NVMe leads to
a high power consumption in s2idle sleep (4 watts).
This patch applies 'Force No Simple Suspend' quirk to achieve a sleep with
a lower power consumption, typically around 1.2 watts.
Signed-off-by: Georg Gottleuber <ggo@tuxedocomputers.com>
Cc: stable@vger.kernel.org
Signed-off-by: Werner Sembach <wse@tuxedocomputers.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/pci.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -3105,6 +3105,7 @@ static unsigned long check_vendor_combin
*/
if (dmi_match(DMI_BOARD_NAME, "DN50Z-140HC-YD") ||
dmi_match(DMI_BOARD_NAME, "GMxPXxx") ||
+ dmi_match(DMI_BOARD_NAME, "GXxMRXx") ||
dmi_match(DMI_BOARD_NAME, "PH4PG31") ||
dmi_match(DMI_BOARD_NAME, "PH4PRX1_PH6PRX1") ||
dmi_match(DMI_BOARD_NAME, "PH6PG01_PH6PG71"))
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 393/578] scsi: qla2xxx: Move FCE Trace buffer allocation to user control
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (391 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 392/578] nvme-pci: Add TUXEDO IBP Gen9 " Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 394/578] scsi: storvsc: Set correct data length for sending SCSI command without payload Greg Kroah-Hartman
` (193 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Quinn Tran, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <qutran@marvell.com>
commit 841df27d619ee1f5ca6473e15227b39d6136562d upstream.
Currently FCE Tracing is enabled to log additional ELS events. Instead,
user will enable or disable this feature through debugfs.
Modify existing DFS knob to allow user to enable or disable this
feature.
echo [1 | 0] > /sys/kernel/debug/qla2xxx/qla2xxx_??/fce
cat /sys/kernel/debug/qla2xxx/qla2xxx_??/fce
Cc: stable@vger.kernel.org
Fixes: df613b96077c ("[SCSI] qla2xxx: Add Fibre Channel Event (FCE) tracing support.")
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20241115130313.46826-4-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_def.h | 2
drivers/scsi/qla2xxx/qla_dfs.c | 124 ++++++++++++++++++++++++++++++++--------
drivers/scsi/qla2xxx/qla_gbl.h | 3
drivers/scsi/qla2xxx/qla_init.c | 28 ++++++---
4 files changed, 126 insertions(+), 31 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_def.h
+++ b/drivers/scsi/qla2xxx/qla_def.h
@@ -4043,6 +4043,8 @@ struct qla_hw_data {
uint32_t npiv_supported :1;
uint32_t pci_channel_io_perm_failure :1;
uint32_t fce_enabled :1;
+ uint32_t user_enabled_fce :1;
+ uint32_t fce_dump_buf_alloced :1;
uint32_t fac_supported :1;
uint32_t chip_reset_done :1;
--- a/drivers/scsi/qla2xxx/qla_dfs.c
+++ b/drivers/scsi/qla2xxx/qla_dfs.c
@@ -409,27 +409,32 @@ qla2x00_dfs_fce_show(struct seq_file *s,
mutex_lock(&ha->fce_mutex);
- seq_puts(s, "FCE Trace Buffer\n");
- seq_printf(s, "In Pointer = %llx\n\n", (unsigned long long)ha->fce_wr);
- seq_printf(s, "Base = %llx\n\n", (unsigned long long) ha->fce_dma);
- seq_puts(s, "FCE Enable Registers\n");
- seq_printf(s, "%08x %08x %08x %08x %08x %08x\n",
- ha->fce_mb[0], ha->fce_mb[2], ha->fce_mb[3], ha->fce_mb[4],
- ha->fce_mb[5], ha->fce_mb[6]);
-
- fce = (uint32_t *) ha->fce;
- fce_start = (unsigned long long) ha->fce_dma;
- for (cnt = 0; cnt < fce_calc_size(ha->fce_bufs) / 4; cnt++) {
- if (cnt % 8 == 0)
- seq_printf(s, "\n%llx: ",
- (unsigned long long)((cnt * 4) + fce_start));
- else
- seq_putc(s, ' ');
- seq_printf(s, "%08x", *fce++);
+ if (ha->flags.user_enabled_fce) {
+ seq_puts(s, "FCE Trace Buffer\n");
+ seq_printf(s, "In Pointer = %llx\n\n", (unsigned long long)ha->fce_wr);
+ seq_printf(s, "Base = %llx\n\n", (unsigned long long)ha->fce_dma);
+ seq_puts(s, "FCE Enable Registers\n");
+ seq_printf(s, "%08x %08x %08x %08x %08x %08x\n",
+ ha->fce_mb[0], ha->fce_mb[2], ha->fce_mb[3], ha->fce_mb[4],
+ ha->fce_mb[5], ha->fce_mb[6]);
+
+ fce = (uint32_t *)ha->fce;
+ fce_start = (unsigned long long)ha->fce_dma;
+ for (cnt = 0; cnt < fce_calc_size(ha->fce_bufs) / 4; cnt++) {
+ if (cnt % 8 == 0)
+ seq_printf(s, "\n%llx: ",
+ (unsigned long long)((cnt * 4) + fce_start));
+ else
+ seq_putc(s, ' ');
+ seq_printf(s, "%08x", *fce++);
+ }
+
+ seq_puts(s, "\nEnd\n");
+ } else {
+ seq_puts(s, "FCE Trace is currently not enabled\n");
+ seq_puts(s, "\techo [ 1 | 0 ] > fce\n");
}
- seq_puts(s, "\nEnd\n");
-
mutex_unlock(&ha->fce_mutex);
return 0;
@@ -467,7 +472,7 @@ qla2x00_dfs_fce_release(struct inode *in
struct qla_hw_data *ha = vha->hw;
int rval;
- if (ha->flags.fce_enabled)
+ if (ha->flags.fce_enabled || !ha->fce)
goto out;
mutex_lock(&ha->fce_mutex);
@@ -488,11 +493,88 @@ out:
return single_release(inode, file);
}
+static ssize_t
+qla2x00_dfs_fce_write(struct file *file, const char __user *buffer,
+ size_t count, loff_t *pos)
+{
+ struct seq_file *s = file->private_data;
+ struct scsi_qla_host *vha = s->private;
+ struct qla_hw_data *ha = vha->hw;
+ char *buf;
+ int rc = 0;
+ unsigned long enable;
+
+ if (!IS_QLA25XX(ha) && !IS_QLA81XX(ha) && !IS_QLA83XX(ha) &&
+ !IS_QLA27XX(ha) && !IS_QLA28XX(ha)) {
+ ql_dbg(ql_dbg_user, vha, 0xd034,
+ "this adapter does not support FCE.");
+ return -EINVAL;
+ }
+
+ buf = memdup_user_nul(buffer, count);
+ if (IS_ERR(buf)) {
+ ql_dbg(ql_dbg_user, vha, 0xd037,
+ "fail to copy user buffer.");
+ return PTR_ERR(buf);
+ }
+
+ enable = kstrtoul(buf, 0, 0);
+ rc = count;
+
+ mutex_lock(&ha->fce_mutex);
+
+ if (enable) {
+ if (ha->flags.user_enabled_fce) {
+ mutex_unlock(&ha->fce_mutex);
+ goto out_free;
+ }
+ ha->flags.user_enabled_fce = 1;
+ if (!ha->fce) {
+ rc = qla2x00_alloc_fce_trace(vha);
+ if (rc) {
+ ha->flags.user_enabled_fce = 0;
+ mutex_unlock(&ha->fce_mutex);
+ goto out_free;
+ }
+
+ /* adjust fw dump buffer to take into account of this feature */
+ if (!ha->flags.fce_dump_buf_alloced)
+ qla2x00_alloc_fw_dump(vha);
+ }
+
+ if (!ha->flags.fce_enabled)
+ qla_enable_fce_trace(vha);
+
+ ql_dbg(ql_dbg_user, vha, 0xd045, "User enabled FCE .\n");
+ } else {
+ if (!ha->flags.user_enabled_fce) {
+ mutex_unlock(&ha->fce_mutex);
+ goto out_free;
+ }
+ ha->flags.user_enabled_fce = 0;
+ if (ha->flags.fce_enabled) {
+ qla2x00_disable_fce_trace(vha, NULL, NULL);
+ ha->flags.fce_enabled = 0;
+ }
+
+ qla2x00_free_fce_trace(ha);
+ /* no need to re-adjust fw dump buffer */
+
+ ql_dbg(ql_dbg_user, vha, 0xd04f, "User disabled FCE .\n");
+ }
+
+ mutex_unlock(&ha->fce_mutex);
+out_free:
+ kfree(buf);
+ return rc;
+}
+
static const struct file_operations dfs_fce_ops = {
.open = qla2x00_dfs_fce_open,
.read = seq_read,
.llseek = seq_lseek,
.release = qla2x00_dfs_fce_release,
+ .write = qla2x00_dfs_fce_write,
};
static int
@@ -671,8 +753,6 @@ qla2x00_dfs_setup(scsi_qla_host_t *vha)
if (!IS_QLA25XX(ha) && !IS_QLA81XX(ha) && !IS_QLA83XX(ha) &&
!IS_QLA27XX(ha) && !IS_QLA28XX(ha))
goto out;
- if (!ha->fce)
- goto out;
if (qla2x00_dfs_root)
goto create_dir;
--- a/drivers/scsi/qla2xxx/qla_gbl.h
+++ b/drivers/scsi/qla2xxx/qla_gbl.h
@@ -11,6 +11,9 @@
/*
* Global Function Prototypes in qla_init.c source file.
*/
+int qla2x00_alloc_fce_trace(scsi_qla_host_t *);
+void qla2x00_free_fce_trace(struct qla_hw_data *ha);
+void qla_enable_fce_trace(scsi_qla_host_t *);
extern int qla2x00_initialize_adapter(scsi_qla_host_t *);
extern int qla24xx_post_prli_work(struct scsi_qla_host *vha, fc_port_t *fcport);
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -2682,7 +2682,7 @@ exit:
return rval;
}
-static void qla_enable_fce_trace(scsi_qla_host_t *vha)
+void qla_enable_fce_trace(scsi_qla_host_t *vha)
{
int rval;
struct qla_hw_data *ha = vha->hw;
@@ -3718,25 +3718,24 @@ qla24xx_chip_diag(scsi_qla_host_t *vha)
return rval;
}
-static void
-qla2x00_alloc_fce_trace(scsi_qla_host_t *vha)
+int qla2x00_alloc_fce_trace(scsi_qla_host_t *vha)
{
dma_addr_t tc_dma;
void *tc;
struct qla_hw_data *ha = vha->hw;
if (!IS_FWI2_CAPABLE(ha))
- return;
+ return -EINVAL;
if (!IS_QLA25XX(ha) && !IS_QLA81XX(ha) && !IS_QLA83XX(ha) &&
!IS_QLA27XX(ha) && !IS_QLA28XX(ha))
- return;
+ return -EINVAL;
if (ha->fce) {
ql_dbg(ql_dbg_init, vha, 0x00bd,
"%s: FCE Mem is already allocated.\n",
__func__);
- return;
+ return -EIO;
}
/* Allocate memory for Fibre Channel Event Buffer. */
@@ -3746,7 +3745,7 @@ qla2x00_alloc_fce_trace(scsi_qla_host_t
ql_log(ql_log_warn, vha, 0x00be,
"Unable to allocate (%d KB) for FCE.\n",
FCE_SIZE / 1024);
- return;
+ return -ENOMEM;
}
ql_dbg(ql_dbg_init, vha, 0x00c0,
@@ -3755,6 +3754,16 @@ qla2x00_alloc_fce_trace(scsi_qla_host_t
ha->fce_dma = tc_dma;
ha->fce = tc;
ha->fce_bufs = FCE_NUM_BUFFERS;
+ return 0;
+}
+
+void qla2x00_free_fce_trace(struct qla_hw_data *ha)
+{
+ if (!ha->fce)
+ return;
+ dma_free_coherent(&ha->pdev->dev, FCE_SIZE, ha->fce, ha->fce_dma);
+ ha->fce = NULL;
+ ha->fce_dma = 0;
}
static void
@@ -3845,9 +3854,10 @@ qla2x00_alloc_fw_dump(scsi_qla_host_t *v
if (ha->tgt.atio_ring)
mq_size += ha->tgt.atio_q_length * sizeof(request_t);
- qla2x00_alloc_fce_trace(vha);
- if (ha->fce)
+ if (ha->fce) {
fce_size = sizeof(struct qla2xxx_fce_chain) + FCE_SIZE;
+ ha->flags.fce_dump_buf_alloced = 1;
+ }
qla2x00_alloc_eft_trace(vha);
if (ha->eft)
eft_size = EFT_SIZE;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 394/578] scsi: storvsc: Set correct data length for sending SCSI command without payload
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (392 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 393/578] scsi: qla2xxx: Move FCE Trace buffer allocation to user control Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 395/578] kbuild: Move -Wenum-enum-conversion to W=2 Greg Kroah-Hartman
` (192 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Roman Kisel, Michael Kelley,
Long Li, Martin K. Petersen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Long Li <longli@microsoft.com>
commit 87c4b5e8a6b65189abd9ea5010ab308941f964a4 upstream.
In StorVSC, payload->range.len is used to indicate if this SCSI command
carries payload. This data is allocated as part of the private driver data
by the upper layer and may get passed to lower driver uninitialized.
For example, the SCSI error handling mid layer may send TEST_UNIT_READY or
REQUEST_SENSE while reusing the buffer from a failed command. The private
data section may have stale data from the previous command.
If the SCSI command doesn't carry payload, the driver may use this value as
is for communicating with host, resulting in possible corruption.
Fix this by always initializing this value.
Fixes: be0cf6ca301c ("scsi: storvsc: Set the tablesize based on the information given by the host")
Cc: stable@kernel.org
Tested-by: Roman Kisel <romank@linux.microsoft.com>
Reviewed-by: Roman Kisel <romank@linux.microsoft.com>
Reviewed-by: Michael Kelley <mhklinux@outlook.com>
Signed-off-by: Long Li <longli@microsoft.com>
Link: https://lore.kernel.org/r/1737601642-7759-1-git-send-email-longli@linuxonhyperv.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/storvsc_drv.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -1791,6 +1791,7 @@ static int storvsc_queuecommand(struct S
length = scsi_bufflen(scmnd);
payload = (struct vmbus_packet_mpb_array *)&cmd_request->mpb;
+ payload->range.len = 0;
payload_sz = 0;
if (scsi_sg_count(scmnd)) {
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 395/578] kbuild: Move -Wenum-enum-conversion to W=2
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (393 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 394/578] scsi: storvsc: Set correct data length for sending SCSI command without payload Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 396/578] x86/boot: Use -std=gnu11 to fix build with GCC 15 Greg Kroah-Hartman
` (191 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Arnd Bergmann,
Linus Torvalds
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
commit 8f6629c004b193d23612641c3607e785819e97ab upstream.
-Wenum-enum-conversion was strengthened in clang-19 to warn for C, which
caused the kernel to move it to W=1 in commit 75b5ab134bb5 ("kbuild:
Move -Wenum-{compare-conditional,enum-conversion} into W=1") because
there were numerous instances that would break builds with -Werror.
Unfortunately, this is not a full solution, as more and more developers,
subsystems, and distributors are building with W=1 as well, so they
continue to see the numerous instances of this warning.
Since the move to W=1, there have not been many new instances that have
appeared through various build reports and the ones that have appeared
seem to be following similar existing patterns, suggesting that most
instances of this warning will not be real issues. The only alternatives
for silencing this warning are adding casts (which is generally seen as
an ugly practice) or refactoring the enums to macro defines or a unified
enum (which may be undesirable because of type safety in other parts of
the code).
Move the warning to W=2, where warnings that occur frequently but may be
relevant should reside.
Cc: stable@vger.kernel.org
Fixes: 75b5ab134bb5 ("kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1")
Link: https://lore.kernel.org/ZwRA9SOcOjjLJcpi@google.com/
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
| 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/scripts/Makefile.extrawarn
+++ b/scripts/Makefile.extrawarn
@@ -38,6 +38,10 @@ KBUILD_CFLAGS += -Wno-sign-compare
KBUILD_CFLAGS += -Wno-type-limits
KBUILD_CFLAGS += -Wno-shift-negative-value
+ifdef CONFIG_CC_IS_CLANG
+KBUILD_CFLAGS += -Wno-enum-enum-conversion
+endif
+
KBUILD_CPPFLAGS += -DKBUILD_EXTRA_WARN1
else
@@ -66,7 +70,6 @@ KBUILD_CFLAGS += -Wno-tautological-const
KBUILD_CFLAGS += $(call cc-disable-warning, unaligned-access)
KBUILD_CFLAGS += $(call cc-disable-warning, cast-function-type-strict)
KBUILD_CFLAGS += -Wno-enum-compare-conditional
-KBUILD_CFLAGS += -Wno-enum-enum-conversion
endif
endif
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 396/578] x86/boot: Use -std=gnu11 to fix build with GCC 15
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (394 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 395/578] kbuild: Move -Wenum-enum-conversion to W=2 Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 397/578] arm64: dts: qcom: sm6350: Fix ADSP memory length Greg Kroah-Hartman
` (190 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kostadin Shishmanov, Jakub Jelinek,
Nathan Chancellor, Dave Hansen, Ard Biesheuvel
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
commit ee2ab467bddfb2d7f68d996dbab94d7b88f8eaf7 upstream.
GCC 15 changed the default C standard version to C23, which should not
have impacted the kernel because it requests the gnu11 standard via
'-std=' in the main Makefile. However, the x86 compressed boot Makefile
uses its own set of KBUILD_CFLAGS without a '-std=' value (i.e., using
the default), resulting in errors from the kernel's definitions of bool,
true, and false in stddef.h, which are reserved keywords under C23.
./include/linux/stddef.h:11:9: error: expected identifier before ‘false’
11 | false = 0,
./include/linux/types.h:35:33: error: two or more data types in declaration specifiers
35 | typedef _Bool bool;
Set '-std=gnu11' in the x86 compressed boot Makefile to resolve the
error and consistently use the same C standard version for the entire
kernel.
Closes: https://lore.kernel.org/4OAhbllK7x4QJGpZjkYjtBYNLd_2whHx9oFiuZcGwtVR4hIzvduultkgfAIRZI3vQpZylu7Gl929HaYFRGeMEalWCpeMzCIIhLxxRhq4U-Y=@protonmail.com/
Closes: https://lore.kernel.org/Z4467umXR2PZ0M1H@tucnak/
Reported-by: Kostadin Shishmanov <kostadinshishmanov@protonmail.com>
Reported-by: Jakub Jelinek <jakub@redhat.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Cc:stable@vger.kernel.org
Link: https://lore.kernel.org/all/20250121-x86-use-std-consistently-gcc-15-v1-1-8ab0acf645cb%40kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/boot/compressed/Makefile | 1 +
1 file changed, 1 insertion(+)
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -34,6 +34,7 @@ targets := vmlinux vmlinux.bin vmlinux.b
# avoid errors with '-march=i386', and future flags may depend on the target to
# be valid.
KBUILD_CFLAGS := -m$(BITS) -O2 $(CLANG_FLAGS)
+KBUILD_CFLAGS += -std=gnu11
KBUILD_CFLAGS += -fno-strict-aliasing -fPIE
KBUILD_CFLAGS += -Wundef
KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 397/578] arm64: dts: qcom: sm6350: Fix ADSP memory length
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (395 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 396/578] x86/boot: Use -std=gnu11 to fix build with GCC 15 Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 398/578] arm64: dts: qcom: sm6350: Fix MPSS " Greg Kroah-Hartman
` (189 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luca Weiss, Konrad Dybcio,
Krzysztof Kozlowski, Bjorn Andersson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit b0805a864459a29831577d2a47165afebe338faf upstream.
The address space in ADSP (Peripheral Authentication Service) remoteproc
node should point to the QDSP PUB address space (QDSP6...SS_PUB) which
has a length of 0x10000.
This should have no functional impact on Linux users, because PAS loader
does not use this address space at all.
Fixes: efc33c969f23 ("arm64: dts: qcom: sm6350: Add ADSP nodes")
Cc: stable@vger.kernel.org
Tested-by: Luca Weiss <luca.weiss@fairphone.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20241213-dts-qcom-cdsp-mpss-base-address-v3-15-2e0036fccd8d@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/qcom/sm6350.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/qcom/sm6350.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm6350.dtsi
@@ -855,7 +855,7 @@
adsp: remoteproc@3000000 {
compatible = "qcom,sm6350-adsp-pas";
- reg = <0 0x03000000 0 0x100>;
+ reg = <0x0 0x03000000 0x0 0x10000>;
interrupts-extended = <&pdc 6 IRQ_TYPE_LEVEL_HIGH>,
<&smp2p_adsp_in 0 IRQ_TYPE_EDGE_RISING>,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 398/578] arm64: dts: qcom: sm6350: Fix MPSS memory length
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (396 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 397/578] arm64: dts: qcom: sm6350: Fix ADSP memory length Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 399/578] arm64: dts: qcom: sm8350: " Greg Kroah-Hartman
` (188 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luca Weiss, Konrad Dybcio,
Krzysztof Kozlowski, Bjorn Andersson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit cd8d83de9cc9ecfb1f9a12bc838041c4eb4d10bd upstream.
The address space in MPSS/Modem PAS (Peripheral Authentication Service)
remoteproc node should point to the QDSP PUB address space
(QDSP6...SS_PUB) which has a length of 0x10000. Value of 0x4040 was
copied from older DTS, but it grew since then.
This should have no functional impact on Linux users, because PAS loader
does not use this address space at all.
Fixes: 489be59b635b ("arm64: dts: qcom: sm6350: Add MPSS nodes")
Cc: stable@vger.kernel.org
Tested-by: Luca Weiss <luca.weiss@fairphone.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20241213-dts-qcom-cdsp-mpss-base-address-v3-16-2e0036fccd8d@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/qcom/sm6350.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/qcom/sm6350.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm6350.dtsi
@@ -923,7 +923,7 @@
mpss: remoteproc@4080000 {
compatible = "qcom,sm6350-mpss-pas";
- reg = <0x0 0x04080000 0x0 0x4040>;
+ reg = <0x0 0x04080000 0x0 0x10000>;
interrupts-extended = <&intc GIC_SPI 136 IRQ_TYPE_EDGE_RISING>,
<&modem_smp2p_in 0 IRQ_TYPE_EDGE_RISING>,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 399/578] arm64: dts: qcom: sm8350: Fix MPSS memory length
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (397 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 398/578] arm64: dts: qcom: sm6350: Fix MPSS " Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 400/578] arm64: dts: qcom: sm8450: " Greg Kroah-Hartman
` (187 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Krzysztof Kozlowski,
Bjorn Andersson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit da1937dec9cd986e685b6a429b528a4cbc7b1603 upstream.
The address space in MPSS/Modem PAS (Peripheral Authentication Service)
remoteproc node should point to the QDSP PUB address space
(QDSP6...SS_PUB) which has a length of 0x10000. Value of 0x4040 was
copied from older DTS, but it grew since then.
This should have no functional impact on Linux users, because PAS loader
does not use this address space at all.
Fixes: 177fcf0aeda2 ("arm64: dts: qcom: sm8350: Add remoteprocs")
Cc: stable@vger.kernel.org
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20241213-dts-qcom-cdsp-mpss-base-address-v3-3-2e0036fccd8d@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/qcom/sm8350.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8350.dtsi
@@ -1641,7 +1641,7 @@
mpss: remoteproc@4080000 {
compatible = "qcom,sm8350-mpss-pas";
- reg = <0x0 0x04080000 0x0 0x4040>;
+ reg = <0x0 0x04080000 0x0 0x10000>;
interrupts-extended = <&intc GIC_SPI 264 IRQ_TYPE_LEVEL_HIGH>,
<&smp2p_modem_in 0 IRQ_TYPE_EDGE_RISING>,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 400/578] arm64: dts: qcom: sm8450: Fix MPSS memory length
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (398 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 399/578] arm64: dts: qcom: sm8350: " Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 401/578] crypto: qce - fix priority to be less than ARMv8 CE Greg Kroah-Hartman
` (186 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Neil Armstrong, Krzysztof Kozlowski,
Bjorn Andersson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit fa6442e87ab7c4a58c0b5fc64aab1aacc8034712 upstream.
The address space in MPSS/Modem PAS (Peripheral Authentication Service)
remoteproc node should point to the QDSP PUB address space
(QDSP6...SS_PUB) which has a length of 0x10000. Value of 0x4040 was
copied from older DTS, but it grew since then.
This should have no functional impact on Linux users, because PAS loader
does not use this address space at all.
Fixes: 1172729576fb ("arm64: dts: qcom: sm8450: Add remoteproc enablers and instances")
Cc: stable@vger.kernel.org
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20241213-dts-qcom-cdsp-mpss-base-address-v3-6-2e0036fccd8d@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/qcom/sm8450.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8450.dtsi
@@ -2265,7 +2265,7 @@
remoteproc_mpss: remoteproc@4080000 {
compatible = "qcom,sm8450-mpss-pas";
- reg = <0x0 0x04080000 0x0 0x4040>;
+ reg = <0x0 0x04080000 0x0 0x10000>;
interrupts-extended = <&intc GIC_SPI 264 IRQ_TYPE_EDGE_RISING>,
<&smp2p_modem_in 0 IRQ_TYPE_EDGE_RISING>,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 401/578] crypto: qce - fix priority to be less than ARMv8 CE
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (399 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 400/578] arm64: dts: qcom: sm8450: " Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 402/578] arm64: tegra: Disable Tegra234 sce-fabric node Greg Kroah-Hartman
` (185 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bartosz Golaszewski, Neil Armstrong,
Thara Gopinath, Eric Biggers, Bartosz Golaszewski, Ard Biesheuvel,
Herbert Xu
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
commit 49b9258b05b97c6464e1964b6a2fddb3ddb65d17 upstream.
As QCE is an order of magnitude slower than the ARMv8 Crypto Extensions
on the CPU, and is also less well tested, give it a lower priority.
Previously the QCE SHA algorithms had higher priority than the ARMv8 CE
equivalents, and the ciphers such as AES-XTS had the same priority which
meant the QCE versions were chosen if they happened to be loaded later.
Fixes: ec8f5d8f6f76 ("crypto: qce - Qualcomm crypto engine driver")
Cc: stable@vger.kernel.org
Cc: Bartosz Golaszewski <brgl@bgdev.pl>
Cc: Neil Armstrong <neil.armstrong@linaro.org>
Cc: Thara Gopinath <thara.gopinath@gmail.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/qce/aead.c | 2 +-
drivers/crypto/qce/sha.c | 2 +-
drivers/crypto/qce/skcipher.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/crypto/qce/aead.c
+++ b/drivers/crypto/qce/aead.c
@@ -786,7 +786,7 @@ static int qce_aead_register_one(const s
alg->init = qce_aead_init;
alg->exit = qce_aead_exit;
- alg->base.cra_priority = 300;
+ alg->base.cra_priority = 275;
alg->base.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_ALLOCATES_MEMORY |
CRYPTO_ALG_KERN_DRIVER_ONLY |
--- a/drivers/crypto/qce/sha.c
+++ b/drivers/crypto/qce/sha.c
@@ -482,7 +482,7 @@ static int qce_ahash_register_one(const
base = &alg->halg.base;
base->cra_blocksize = def->blocksize;
- base->cra_priority = 300;
+ base->cra_priority = 175;
base->cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY;
base->cra_ctxsize = sizeof(struct qce_sha_ctx);
base->cra_alignmask = 0;
--- a/drivers/crypto/qce/skcipher.c
+++ b/drivers/crypto/qce/skcipher.c
@@ -461,7 +461,7 @@ static int qce_skcipher_register_one(con
alg->encrypt = qce_skcipher_encrypt;
alg->decrypt = qce_skcipher_decrypt;
- alg->base.cra_priority = 300;
+ alg->base.cra_priority = 275;
alg->base.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_ALLOCATES_MEMORY |
CRYPTO_ALG_KERN_DRIVER_ONLY;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 402/578] arm64: tegra: Disable Tegra234 sce-fabric node
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (400 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 401/578] crypto: qce - fix priority to be less than ARMv8 CE Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 403/578] xfs: Add error handling for xfs_reflink_cancel_cow_range Greg Kroah-Hartman
` (184 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sumit Gupta, Ivy Huang, Brad Griffis,
Jon Hunter, Thierry Reding
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sumit Gupta <sumitg@nvidia.com>
commit a5e6fc0a10fe280989f1367a3b4f8047c7d00ea6 upstream.
Access to safety cluster engine (SCE) fabric registers was blocked
by firewall after the introduction of Functional Safety Island in
Tegra234. After that, any access by software to SCE registers is
correctly resulting in the internal bus error. However, when CPUs
try accessing the SCE-fabric registers to print error info,
another firewall error occurs as the fabric registers are also
firewall protected. This results in a second error to be printed.
Disable the SCE fabric node to avoid printing the misleading error.
The first error info will be printed by the interrupt from the
fabric causing the actual access.
Cc: stable@vger.kernel.org
Fixes: 302e154000ec ("arm64: tegra: Add node for CBB 2.0 on Tegra234")
Signed-off-by: Sumit Gupta <sumitg@nvidia.com>
Signed-off-by: Ivy Huang <yijuh@nvidia.com>
Reviewed-by: Brad Griffis <bgriffis@nvidia.com>
Reviewed-by: Jon Hunter <jonathanh@nvidia.com>
Link: https://lore.kernel.org/r/20241218000737.1789569-3-yijuh@nvidia.com
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/nvidia/tegra234.dtsi
+++ b/arch/arm64/boot/dts/nvidia/tegra234.dtsi
@@ -1249,7 +1249,7 @@
compatible = "nvidia,tegra234-sce-fabric";
reg = <0xb600000 0x40000>;
interrupts = <GIC_SPI 173 IRQ_TYPE_LEVEL_HIGH>;
- status = "okay";
+ status = "disabled";
};
rce-fabric@be00000 {
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 403/578] xfs: Add error handling for xfs_reflink_cancel_cow_range
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (401 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 402/578] arm64: tegra: Disable Tegra234 sce-fabric node Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 404/578] ACPI: PRM: Remove unnecessary strict handler address checks Greg Kroah-Hartman
` (183 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Darrick J. Wong, Wentao Liang,
Carlos Maiolino
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wentao Liang <vulab@iscas.ac.cn>
commit 26b63bee2f6e711c5a169997fd126fddcfb90848 upstream.
In xfs_inactive(), xfs_reflink_cancel_cow_range() is called
without error handling, risking unnoticed failures and
inconsistent behavior compared to other parts of the code.
Fix this issue by adding an error handling for the
xfs_reflink_cancel_cow_range(), improving code robustness.
Fixes: 6231848c3aa5 ("xfs: check for cow blocks before trying to clear them")
Cc: stable@vger.kernel.org # v4.17
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
Signed-off-by: Carlos Maiolino <cem@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_inode.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -1726,8 +1726,11 @@ xfs_inactive(
goto out;
/* Try to clean out the cow blocks if there are any. */
- if (xfs_inode_has_cow_data(ip))
- xfs_reflink_cancel_cow_range(ip, 0, NULLFILEOFF, true);
+ if (xfs_inode_has_cow_data(ip)) {
+ error = xfs_reflink_cancel_cow_range(ip, 0, NULLFILEOFF, true);
+ if (error)
+ goto out;
+ }
if (VFS_I(ip)->i_nlink != 0) {
/*
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 404/578] ACPI: PRM: Remove unnecessary strict handler address checks
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (402 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 403/578] xfs: Add error handling for xfs_reflink_cancel_cow_range Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 405/578] rv: Reset per-task monitors also for idle tasks Greg Kroah-Hartman
` (182 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aubrey Li, Koba Ko, Ard Biesheuvel,
Rafael J. Wysocki, Shi Liu
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aubrey Li <aubrey.li@linux.intel.com>
commit 7f5704b6a143b8eca640cba820968e798d065e91 upstream.
Commit 088984c8d54c ("ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM
handler and context") added unnecessary strict handler address checks,
causing the PRM module to fail in translating memory error addresses.
Both static data buffer address and ACPI parameter buffer address may
be NULL if they are not needed, as described in section 4.1.2 PRM Handler
Information Structure of Platform Runtime Mechanism specification [1].
Here are two examples from real hardware:
----PRMT.dsl----
- staic data address is not used
[10Ch 0268 2] Revision : 0000
[10Eh 0270 2] Length : 002C
[110h 0272 16] Handler GUID : F6A58D47-E04F-4F5A-86B8-2A50D4AA109B
[120h 0288 8] Handler address : 0000000065CE51F4
[128h 0296 8] Satic Data Address : 0000000000000000
[130h 0304 8] ACPI Parameter Address : 000000006522A718
- ACPI parameter address is not used
[1B0h 0432 2] Revision : 0000
[1B2h 0434 2] Length : 002C
[1B4h 0436 16] Handler GUID : 657E8AE6-A8FC-4877-BB28-42E7DE1899A5
[1C4h 0452 8] Handler address : 0000000065C567C8
[1CCh 0460 8] Satic Data Address : 000000006113FB98
[1D4h 0468 8] ACPI Parameter Address : 0000000000000000
Fixes: 088984c8d54c ("ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context")
Reported-and-tested-by: Shi Liu <aurelianliu@tencent.com>
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Aubrey Li <aubrey.li@linux.intel.com>
Link: https://uefi.org/sites/default/files/resources/Platform%20Runtime%20Mechanism%20-%20with%20legal%20notice.pdf # [1]
Reviewed-by: Koba Ko <kobak@nvidia.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://patch.msgid.link/20250126022250.3014210-1-aubrey.li@linux.intel.com
[ rjw: Minor changelog edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/prmt.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/drivers/acpi/prmt.c
+++ b/drivers/acpi/prmt.c
@@ -263,9 +263,7 @@ static acpi_status acpi_platformrt_space
if (!handler || !module)
goto invalid_guid;
- if (!handler->handler_addr ||
- !handler->static_data_buffer_addr ||
- !handler->acpi_param_buffer_addr) {
+ if (!handler->handler_addr) {
buffer->prm_status = PRM_HANDLER_ERROR;
return AE_OK;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 405/578] rv: Reset per-task monitors also for idle tasks
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (403 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 404/578] ACPI: PRM: Remove unnecessary strict handler address checks Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 406/578] kfence: skip __GFP_THISNODE allocations on NUMA systems Greg Kroah-Hartman
` (181 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Juri Lelli, Thomas Gleixner,
Peter Zijlstra, John Kacur, Gabriele Monaco,
Steven Rostedt (Google)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gabriele Monaco <gmonaco@redhat.com>
commit 8259cb14a70680553d5e82d65d1302fe589e9b39 upstream.
RV per-task monitors are implemented through a monitor structure
available for each task_struct. This structure is reset every time the
monitor is (re-)started, to avoid inconsistencies if the monitor was
activated previously.
To do so, we reset the monitor on all threads using the macro
for_each_process_thread. However, this macro excludes the idle tasks on
each CPU. Idle tasks could be considered tasks on their own right and it
should be up to the model whether to ignore them or not.
Reset monitors also on the idle tasks for each present CPU whenever we
reset all per-task monitors.
Cc: stable@vger.kernel.org
Cc: Juri Lelli <juri.lelli@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: John Kacur <jkacur@redhat.com>
Link: https://lore.kernel.org/20250115151547.605750-2-gmonaco@redhat.com
Fixes: 792575348ff7 ("rv/include: Add deterministic automata monitor definition via C macros")
Signed-off-by: Gabriele Monaco <gmonaco@redhat.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/rv/da_monitor.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/include/rv/da_monitor.h b/include/rv/da_monitor.h
index 9705b2a98e49..510c88bfabd4 100644
--- a/include/rv/da_monitor.h
+++ b/include/rv/da_monitor.h
@@ -14,6 +14,7 @@
#include <rv/automata.h>
#include <linux/rv.h>
#include <linux/bug.h>
+#include <linux/sched.h>
#ifdef CONFIG_RV_REACTORS
@@ -324,10 +325,13 @@ static inline struct da_monitor *da_get_monitor_##name(struct task_struct *tsk)
static void da_monitor_reset_all_##name(void) \
{ \
struct task_struct *g, *p; \
+ int cpu; \
\
read_lock(&tasklist_lock); \
for_each_process_thread(g, p) \
da_monitor_reset_##name(da_get_monitor_##name(p)); \
+ for_each_present_cpu(cpu) \
+ da_monitor_reset_##name(da_get_monitor_##name(idle_task(cpu))); \
read_unlock(&tasklist_lock); \
} \
\
--
2.48.1
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 406/578] kfence: skip __GFP_THISNODE allocations on NUMA systems
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (404 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 405/578] rv: Reset per-task monitors also for idle tasks Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 407/578] media: ccs: Clean up parsed CCS static data on parse failure Greg Kroah-Hartman
` (180 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marco Elver, Vlastimil Babka,
Christoph Lameter, Alexander Potapenko, Dmitriy Vyukov,
Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marco Elver <elver@google.com>
commit e64f81946adf68cd75e2207dd9a51668348a4af8 upstream.
On NUMA systems, __GFP_THISNODE indicates that an allocation _must_ be on
a particular node, and failure to allocate on the desired node will result
in a failed allocation.
Skip __GFP_THISNODE allocations if we are running on a NUMA system, since
KFENCE can't guarantee which node its pool pages are allocated on.
Link: https://lkml.kernel.org/r/20250124120145.410066-1-elver@google.com
Fixes: 236e9f153852 ("kfence: skip all GFP_ZONEMASK allocations")
Signed-off-by: Marco Elver <elver@google.com>
Reported-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Christoph Lameter <cl@linux.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Chistoph Lameter <cl@linux.com>
Cc: Dmitriy Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/kfence/core.c | 2 ++
1 file changed, 2 insertions(+)
--- a/mm/kfence/core.c
+++ b/mm/kfence/core.c
@@ -21,6 +21,7 @@
#include <linux/log2.h>
#include <linux/memblock.h>
#include <linux/moduleparam.h>
+#include <linux/nodemask.h>
#include <linux/notifier.h>
#include <linux/panic_notifier.h>
#include <linux/random.h>
@@ -997,6 +998,7 @@ void *__kfence_alloc(struct kmem_cache *
* properties (e.g. reside in DMAable memory).
*/
if ((flags & GFP_ZONEMASK) ||
+ ((flags & __GFP_THISNODE) && num_online_nodes() > 1) ||
(s->flags & (SLAB_CACHE_DMA | SLAB_CACHE_DMA32))) {
atomic_long_inc(&counters[KFENCE_COUNTER_SKIP_INCOMPAT]);
return NULL;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 407/578] media: ccs: Clean up parsed CCS static data on parse failure
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (405 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 406/578] kfence: skip __GFP_THISNODE allocations on NUMA systems Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 408/578] iio: light: as73211: fix channel handling in only-color triggered buffer Greg Kroah-Hartman
` (179 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sakari Ailus, Mehdi Djait,
Mauro Carvalho Chehab
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sakari Ailus <sakari.ailus@linux.intel.com>
commit da73efa8e675a2b58f1c7ae61201acfe57714bf7 upstream.
ccs_data_parse() releases the allocated in-memory data structure when the
parser fails, but it does not clean up parsed metadata that is there to
help access the actual data. Do that, in order to return the data
structure in a sane state.
Fixes: a6b396f410b1 ("media: ccs: Add CCS static data parser library")
Cc: stable@vger.kernel.org
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Mehdi Djait <mehdi.djait@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/i2c/ccs/ccs-data.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/drivers/media/i2c/ccs/ccs-data.c
+++ b/drivers/media/i2c/ccs/ccs-data.c
@@ -10,6 +10,7 @@
#include <linux/limits.h>
#include <linux/mm.h>
#include <linux/slab.h>
+#include <linux/string.h>
#include "ccs-data-defs.h"
@@ -948,15 +949,15 @@ int ccs_data_parse(struct ccs_data_conta
rval = __ccs_data_parse(&bin, ccsdata, data, len, dev, verbose);
if (rval)
- return rval;
+ goto out_cleanup;
rval = bin_backing_alloc(&bin);
if (rval)
- return rval;
+ goto out_cleanup;
rval = __ccs_data_parse(&bin, ccsdata, data, len, dev, false);
if (rval)
- goto out_free;
+ goto out_cleanup;
if (verbose && ccsdata->version)
print_ccs_data_version(dev, ccsdata->version);
@@ -965,15 +966,16 @@ int ccs_data_parse(struct ccs_data_conta
rval = -EPROTO;
dev_dbg(dev, "parsing mismatch; base %p; now %p; end %p\n",
bin.base, bin.now, bin.end);
- goto out_free;
+ goto out_cleanup;
}
ccsdata->backing = bin.base;
return 0;
-out_free:
+out_cleanup:
kvfree(bin.base);
+ memset(ccsdata, 0, sizeof(*ccsdata));
return rval;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 408/578] iio: light: as73211: fix channel handling in only-color triggered buffer
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (406 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 407/578] media: ccs: Clean up parsed CCS static data on parse failure Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 409/578] soc: qcom: smem_state: fix missing of_node_put in error path Greg Kroah-Hartman
` (178 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Eggers, Javier Carrasco,
Jonathan Cameron
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
commit ab09c6cfe01b317f515bcd944668697241a54b9d upstream.
The channel index is off by one unit if AS73211_SCAN_MASK_ALL is not
set (optimized path for color channel readings), and it must be shifted
instead of leaving an empty channel for the temperature when it is off.
Once the channel index is fixed, the uninitialized channel must be set
to zero to avoid pushing uninitialized data.
Add available_scan_masks for all channels and only-color channels to let
the IIO core demux and repack the enabled channels.
Cc: stable@vger.kernel.org
Fixes: 403e5586b52e ("iio: light: as73211: New driver")
Tested-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Link: https://patch.msgid.link/20241214-iio_memset_scan_holes-v4-1-260b395b8ed5@gmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/light/as73211.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
--- a/drivers/iio/light/as73211.c
+++ b/drivers/iio/light/as73211.c
@@ -154,6 +154,12 @@ struct as73211_data {
BIT(AS73211_SCAN_INDEX_TEMP) | \
AS73211_SCAN_MASK_COLOR)
+static const unsigned long as73211_scan_masks[] = {
+ AS73211_SCAN_MASK_COLOR,
+ AS73211_SCAN_MASK_ALL,
+ 0
+};
+
static const struct iio_chan_spec as73211_channels[] = {
{
.type = IIO_TEMP,
@@ -602,9 +608,12 @@ static irqreturn_t as73211_trigger_handl
/* AS73211 starts reading at address 2 */
ret = i2c_master_recv(data->client,
- (char *)&scan.chan[1], 3 * sizeof(scan.chan[1]));
+ (char *)&scan.chan[0], 3 * sizeof(scan.chan[0]));
if (ret < 0)
goto done;
+
+ /* Avoid pushing uninitialized data */
+ scan.chan[3] = 0;
}
if (data_result) {
@@ -612,9 +621,15 @@ static irqreturn_t as73211_trigger_handl
* Saturate all channels (in case of overflows). Temperature channel
* is not affected by overflows.
*/
- scan.chan[1] = cpu_to_le16(U16_MAX);
- scan.chan[2] = cpu_to_le16(U16_MAX);
- scan.chan[3] = cpu_to_le16(U16_MAX);
+ if (*indio_dev->active_scan_mask == AS73211_SCAN_MASK_ALL) {
+ scan.chan[1] = cpu_to_le16(U16_MAX);
+ scan.chan[2] = cpu_to_le16(U16_MAX);
+ scan.chan[3] = cpu_to_le16(U16_MAX);
+ } else {
+ scan.chan[0] = cpu_to_le16(U16_MAX);
+ scan.chan[1] = cpu_to_le16(U16_MAX);
+ scan.chan[2] = cpu_to_le16(U16_MAX);
+ }
}
iio_push_to_buffers_with_timestamp(indio_dev, &scan, iio_get_time_ns(indio_dev));
@@ -684,6 +699,7 @@ static int as73211_probe(struct i2c_clie
indio_dev->channels = as73211_channels;
indio_dev->num_channels = ARRAY_SIZE(as73211_channels);
indio_dev->modes = INDIO_DIRECT_MODE;
+ indio_dev->available_scan_masks = as73211_scan_masks;
ret = i2c_smbus_read_byte_data(data->client, AS73211_REG_OSR);
if (ret < 0)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 409/578] soc: qcom: smem_state: fix missing of_node_put in error path
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (407 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 408/578] iio: light: as73211: fix channel handling in only-color triggered buffer Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 410/578] media: mc: fix endpoint iteration Greg Kroah-Hartman
` (177 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski,
Dmitry Baryshkov, Bjorn Andersson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit 70096b4990848229d0784c5e51dc3c7c072f1111 upstream.
If of_parse_phandle_with_args() succeeds, the OF node reference should
be dropped, regardless of number of phandle arguments.
Cc: stable@vger.kernel.org
Fixes: 9460ae2ff308 ("soc: qcom: Introduce common SMEM state machine code")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20240822164853.231087-2-krzysztof.kozlowski@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/qcom/smem_state.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/soc/qcom/smem_state.c
+++ b/drivers/soc/qcom/smem_state.c
@@ -116,7 +116,8 @@ struct qcom_smem_state *qcom_smem_state_
if (args.args_count != 1) {
dev_err(dev, "invalid #qcom,smem-state-cells\n");
- return ERR_PTR(-EINVAL);
+ state = ERR_PTR(-EINVAL);
+ goto put;
}
state = of_node_to_state(args.np);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 410/578] media: mc: fix endpoint iteration
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (408 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 409/578] soc: qcom: smem_state: fix missing of_node_put in error path Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 411/578] media: ov5640: fix get_light_freq on auto Greg Kroah-Hartman
` (176 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cosmin Tanislav, Laurent Pinchart,
Sakari Ailus, Mauro Carvalho Chehab
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cosmin Tanislav <demonsingur@gmail.com>
commit fb2bd86270cd0ad004f4c614ba4f8c63a5720e25 upstream.
When creating links from a subdev to a sink, the current logic tries to
iterate over the endpoints of dev's fwnode.
This might not be correct when the subdev uses a different fwnode
compared to the dev's fwnode.
If, when registering, the subdev's fwnode is not set, the code inside
v4l2_async_register_subdev will set it to the dev's fwnode.
To fix this, just use the subdev's fwnode.
Signed-off-by: Cosmin Tanislav <demonsingur@gmail.com>
Fixes: 0d3c81e82da9 ("media: v4l2-mc: add v4l2_create_fwnode_links helpers")
Cc: stable@vger.kernel.org
Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/v4l2-core/v4l2-mc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/v4l2-core/v4l2-mc.c
+++ b/drivers/media/v4l2-core/v4l2-mc.c
@@ -321,7 +321,7 @@ int v4l2_create_fwnode_links_to_pad(stru
sink_sd = media_entity_to_v4l2_subdev(sink->entity);
- fwnode_graph_for_each_endpoint(dev_fwnode(src_sd->dev), endpoint) {
+ fwnode_graph_for_each_endpoint(src_sd->fwnode, endpoint) {
struct fwnode_handle *remote_ep;
int src_idx, sink_idx, ret;
struct media_pad *src;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 411/578] media: ov5640: fix get_light_freq on auto
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (409 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 410/578] media: mc: fix endpoint iteration Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 412/578] media: ccs: Fix CCS static data parsing for large block sizes Greg Kroah-Hartman
` (175 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sam Bobrowicz, Michal Simek,
Sakari Ailus, Mauro Carvalho Chehab
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sam Bobrowicz <sam@elite-embedded.com>
commit 001d3753538d26ddcbef011f5643cfff58a7f672 upstream.
Light frequency was not properly returned when in auto
mode and the detected frequency was 60Hz.
Fixes: 19a81c1426c1 ("[media] add Omnivision OV5640 sensor driver")
Cc: stable@vger.kernel.org
Signed-off-by: Sam Bobrowicz <sam@elite-embedded.com>
Signed-off-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/i2c/ov5640.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/media/i2c/ov5640.c
+++ b/drivers/media/i2c/ov5640.c
@@ -1971,6 +1971,7 @@ static int ov5640_get_light_freq(struct
light_freq = 50;
} else {
/* 60Hz */
+ light_freq = 60;
}
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 412/578] media: ccs: Fix CCS static data parsing for large block sizes
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (410 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 411/578] media: ov5640: fix get_light_freq on auto Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 413/578] media: ccs: Fix cleanup order in ccs_probe() Greg Kroah-Hartman
` (174 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sakari Ailus, Mauro Carvalho Chehab
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sakari Ailus <sakari.ailus@linux.intel.com>
commit 82b696750f0b60e7513082a10ad42786854f59f8 upstream.
The length field of the CCS static data blocks was mishandled, leading to
wrong interpretation of the length header for blocks that are 16 kiB in
size. Such large blocks are very, very rare and so this wasn't found
earlier.
As the length is used as part of input validation, the issue has no
security implications.
Fixes: a6b396f410b1 ("media: ccs: Add CCS static data parser library")
Cc: stable@vger.kernel.org
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/i2c/ccs/ccs-data.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/i2c/ccs/ccs-data.c
+++ b/drivers/media/i2c/ccs/ccs-data.c
@@ -98,7 +98,7 @@ ccs_data_parse_length_specifier(const st
plen = ((size_t)
(__len3->length[0] &
((1 << CCS_DATA_LENGTH_SPECIFIER_SIZE_SHIFT) - 1))
- << 16) + (__len3->length[0] << 8) + __len3->length[1];
+ << 16) + (__len3->length[1] << 8) + __len3->length[2];
break;
}
default:
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 413/578] media: ccs: Fix cleanup order in ccs_probe()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (411 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 412/578] media: ccs: Fix CCS static data parsing for large block sizes Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 414/578] media: uvcvideo: Fix event flags in uvc_ctrl_send_events Greg Kroah-Hartman
` (173 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mehdi Djait, Sakari Ailus,
Mauro Carvalho Chehab
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mehdi Djait <mehdi.djait@linux.intel.com>
commit 6fdbff0f54786e94f0f630ff200ec1d666b1633e upstream.
ccs_limits is allocated in ccs_read_all_limits() after the allocation of
mdata.backing. Ensure that resources are freed in the reverse order of
their allocation by moving out_free_ccs_limits up.
Fixes: a11d3d6891f0 ("media: ccs: Read CCS static data from firmware binaries")
Cc: stable@vger.kernel.org
Signed-off-by: Mehdi Djait <mehdi.djait@linux.intel.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/i2c/ccs/ccs-core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/media/i2c/ccs/ccs-core.c
+++ b/drivers/media/i2c/ccs/ccs-core.c
@@ -3649,15 +3649,15 @@ out_media_entity_cleanup:
out_cleanup:
ccs_cleanup(sensor);
+out_free_ccs_limits:
+ kfree(sensor->ccs_limits);
+
out_release_mdata:
kvfree(sensor->mdata.backing);
out_release_sdata:
kvfree(sensor->sdata.backing);
-out_free_ccs_limits:
- kfree(sensor->ccs_limits);
-
out_power_off:
ccs_power_off(&client->dev);
mutex_destroy(&sensor->mutex);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 414/578] media: uvcvideo: Fix event flags in uvc_ctrl_send_events
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (412 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 413/578] media: ccs: Fix cleanup order in ccs_probe() Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 415/578] media: uvcvideo: Remove redundant NULL assignment Greg Kroah-Hartman
` (172 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ricardo Ribalda, Laurent Pinchart,
Mauro Carvalho Chehab
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ricardo Ribalda <ribalda@chromium.org>
commit c31cffd5ae2c3d7ef21d9008977a9d117ce7a64e upstream.
If there is an event that needs the V4L2_EVENT_CTRL_CH_FLAGS flag, all
the following events will have that flag, regardless if they need it or
not.
This is because we keep using the same variable all the time and we do
not reset its original value.
Cc: stable@vger.kernel.org
Fixes: 805e9b4a06bf ("[media] uvcvideo: Send control change events for slave ctrls when the master changes")
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Link: https://lore.kernel.org/r/20241114-uvc-roi-v15-1-64cfeb56b6f8@chromium.org
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/uvc/uvc_ctrl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/usb/uvc/uvc_ctrl.c
+++ b/drivers/media/usb/uvc/uvc_ctrl.c
@@ -1564,13 +1564,13 @@ static void uvc_ctrl_send_events(struct
{
struct uvc_control_mapping *mapping;
struct uvc_control *ctrl;
- u32 changes = V4L2_EVENT_CTRL_CH_VALUE;
unsigned int i;
unsigned int j;
for (i = 0; i < xctrls_count; ++i) {
- ctrl = uvc_find_control(handle->chain, xctrls[i].id, &mapping);
+ u32 changes = V4L2_EVENT_CTRL_CH_VALUE;
+ ctrl = uvc_find_control(handle->chain, xctrls[i].id, &mapping);
if (ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS)
/* Notification will be sent from an Interrupt event. */
continue;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 415/578] media: uvcvideo: Remove redundant NULL assignment
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (413 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 414/578] media: uvcvideo: Fix event flags in uvc_ctrl_send_events Greg Kroah-Hartman
@ 2025-02-19 8:26 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 416/578] mm: kmemleak: fix upper boundary check for physical address objects Greg Kroah-Hartman
` (171 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Laurent Pinchart, Hans de Goede,
Ricardo Ribalda, Mauro Carvalho Chehab
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ricardo Ribalda <ribalda@chromium.org>
commit 04d3398f66d2d31c4b8caea88f051a4257b7a161 upstream.
ctrl->handle will only be different than NULL for controls that have
mappings. This is because that assignment is only done inside
uvc_ctrl_set() for mapped controls.
Cc: stable@vger.kernel.org
Fixes: e5225c820c05 ("media: uvcvideo: Send a control event when a Control Change interrupt arrives")
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Link: https://lore.kernel.org/r/20241203-uvc-fix-async-v6-2-26c867231118@chromium.org
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/uvc/uvc_ctrl.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/drivers/media/usb/uvc/uvc_ctrl.c
+++ b/drivers/media/usb/uvc/uvc_ctrl.c
@@ -1531,10 +1531,8 @@ bool uvc_ctrl_status_event_async(struct
struct uvc_device *dev = chain->dev;
struct uvc_ctrl_work *w = &dev->async_ctrl;
- if (list_empty(&ctrl->info.mappings)) {
- ctrl->handle = NULL;
+ if (list_empty(&ctrl->info.mappings))
return false;
- }
w->data = data;
w->urb = urb;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 416/578] mm: kmemleak: fix upper boundary check for physical address objects
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (414 preceding siblings ...)
2025-02-19 8:26 ` [PATCH 6.1 415/578] media: uvcvideo: Remove redundant NULL assignment Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 417/578] ata: libata-sff: Ensure that we cannot write outside the allocated buffer Greg Kroah-Hartman
` (170 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Catalin Marinas, Jakub Kicinski,
Matthieu Baerts (NGI0), Patrick Wang, Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Catalin Marinas <catalin.marinas@arm.com>
commit 488b5b9eca68497b533ced059be5eff19578bbca upstream.
Memblock allocations are registered by kmemleak separately, based on their
physical address. During the scanning stage, it checks whether an object
is within the min_low_pfn and max_low_pfn boundaries and ignores it
otherwise.
With the recent addition of __percpu pointer leak detection (commit
6c99d4eb7c5e ("kmemleak: enable tracking for percpu pointers")), kmemleak
started reporting leaks in setup_zone_pageset() and
setup_per_cpu_pageset(). These were caused by the node_data[0] object
(initialised in alloc_node_data()) ending on the PFN_PHYS(max_low_pfn)
boundary. The non-strict upper boundary check introduced by commit
84c326299191 ("mm: kmemleak: check physical address when scan") causes the
pg_data_t object to be ignored (not scanned) and the __percpu pointers it
contains to be reported as leaks.
Make the max_low_pfn upper boundary check strict when deciding whether to
ignore a physical address object and not scan it.
Link: https://lkml.kernel.org/r/20250127184233.2974311-1-catalin.marinas@arm.com
Fixes: 84c326299191 ("mm: kmemleak: check physical address when scan")
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Reported-by: Jakub Kicinski <kuba@kernel.org>
Tested-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Cc: Patrick Wang <patrick.wang.shcn@gmail.com>
Cc: <stable@vger.kernel.org> [6.0.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/kmemleak.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -1520,7 +1520,7 @@ static void kmemleak_scan(void)
unsigned long phys = object->pointer;
if (PHYS_PFN(phys) < min_low_pfn ||
- PHYS_PFN(phys + object->size) >= max_low_pfn)
+ PHYS_PFN(phys + object->size) > max_low_pfn)
__paint_it(object, KMEMLEAK_BLACK);
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 417/578] ata: libata-sff: Ensure that we cannot write outside the allocated buffer
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (415 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 416/578] mm: kmemleak: fix upper boundary check for physical address objects Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 418/578] crypto: qce - fix goto jump in error path Greg Kroah-Hartman
` (169 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, reveliofuzzing, Niklas Cassel
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Niklas Cassel <cassel@kernel.org>
commit 6e74e53b34b6dec5a50e1404e2680852ec6768d2 upstream.
reveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len
set to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to
ATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to
write outside the allocated buffer, overwriting random memory.
While a ATA device is supposed to abort a ATA_NOP command, there does seem
to be a bug either in libata-sff or QEMU, where either this status is not
set, or the status is cleared before read by ata_sff_hsm_move().
Anyway, that is most likely a separate bug.
Looking at __atapi_pio_bytes(), it already has a safety check to ensure
that __atapi_pio_bytes() cannot write outside the allocated buffer.
Add a similar check to ata_pio_sector(), such that also ata_pio_sector()
cannot write outside the allocated buffer.
Cc: stable@vger.kernel.org
Reported-by: reveliofuzzing <reveliofuzzing@gmail.com>
Closes: https://lore.kernel.org/linux-ide/CA+-ZZ_jTgxh3bS7m+KX07_EWckSnW3N2adX3KV63y4g7M4CZ2A@mail.gmail.com/
Link: https://lore.kernel.org/r/20250127154303.15567-2-cassel@kernel.org
Signed-off-by: Niklas Cassel <cassel@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-sff.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
--- a/drivers/ata/libata-sff.c
+++ b/drivers/ata/libata-sff.c
@@ -658,7 +658,7 @@ static void ata_pio_sector(struct ata_qu
{
struct ata_port *ap = qc->ap;
struct page *page;
- unsigned int offset;
+ unsigned int offset, count;
if (!qc->cursg) {
qc->curbytes = qc->nbytes;
@@ -674,25 +674,27 @@ static void ata_pio_sector(struct ata_qu
page = nth_page(page, (offset >> PAGE_SHIFT));
offset %= PAGE_SIZE;
- trace_ata_sff_pio_transfer_data(qc, offset, qc->sect_size);
+ /* don't overrun current sg */
+ count = min(qc->cursg->length - qc->cursg_ofs, qc->sect_size);
+
+ trace_ata_sff_pio_transfer_data(qc, offset, count);
/*
* Split the transfer when it splits a page boundary. Note that the
* split still has to be dword aligned like all ATA data transfers.
*/
WARN_ON_ONCE(offset % 4);
- if (offset + qc->sect_size > PAGE_SIZE) {
+ if (offset + count > PAGE_SIZE) {
unsigned int split_len = PAGE_SIZE - offset;
ata_pio_xfer(qc, page, offset, split_len);
- ata_pio_xfer(qc, nth_page(page, 1), 0,
- qc->sect_size - split_len);
+ ata_pio_xfer(qc, nth_page(page, 1), 0, count - split_len);
} else {
- ata_pio_xfer(qc, page, offset, qc->sect_size);
+ ata_pio_xfer(qc, page, offset, count);
}
- qc->curbytes += qc->sect_size;
- qc->cursg_ofs += qc->sect_size;
+ qc->curbytes += count;
+ qc->cursg_ofs += count;
if (qc->cursg_ofs == qc->cursg->length) {
qc->cursg = sg_next(qc->cursg);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 418/578] crypto: qce - fix goto jump in error path
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (416 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 417/578] ata: libata-sff: Ensure that we cannot write outside the allocated buffer Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 419/578] crypto: qce - unregister previously registered algos " Greg Kroah-Hartman
` (168 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bartosz Golaszewski, Neil Armstrong,
Herbert Xu
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
commit 5278275c1758a38199b43530adfc50098f4b41c7 upstream.
If qce_check_version() fails, we should jump to err_dma as we already
called qce_dma_request() a couple lines before.
Cc: stable@vger.kernel.org
Fixes: ec8f5d8f6f76 ("crypto: qce - Qualcomm crypto engine driver")
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/qce/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/crypto/qce/core.c
+++ b/drivers/crypto/qce/core.c
@@ -236,7 +236,7 @@ static int qce_crypto_probe(struct platf
ret = qce_check_version(qce);
if (ret)
- goto err_clks;
+ goto err_dma;
spin_lock_init(&qce->lock);
tasklet_init(&qce->done_tasklet, qce_tasklet_req_done,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 419/578] crypto: qce - unregister previously registered algos in error path
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (417 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 418/578] crypto: qce - fix goto jump in error path Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 420/578] nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Greg Kroah-Hartman
` (167 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bartosz Golaszewski, Neil Armstrong,
Herbert Xu
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
commit e80cf84b608725303113d6fe98bb727bf7b7a40d upstream.
If we encounter an error when registering alorithms with the crypto
framework, we just bail out and don't unregister the ones we
successfully registered in prior iterations of the loop.
Add code that goes back over the algos and unregisters them before
returning an error from qce_register_algs().
Cc: stable@vger.kernel.org
Fixes: ec8f5d8f6f76 ("crypto: qce - Qualcomm crypto engine driver")
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/qce/core.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/drivers/crypto/qce/core.c
+++ b/drivers/crypto/qce/core.c
@@ -48,16 +48,19 @@ static void qce_unregister_algs(struct q
static int qce_register_algs(struct qce_device *qce)
{
const struct qce_algo_ops *ops;
- int i, ret = -ENODEV;
+ int i, j, ret = -ENODEV;
for (i = 0; i < ARRAY_SIZE(qce_ops); i++) {
ops = qce_ops[i];
ret = ops->register_algs(qce);
- if (ret)
- break;
+ if (ret) {
+ for (j = i - 1; j >= 0; j--)
+ ops->unregister_algs(qce);
+ return ret;
+ }
}
- return ret;
+ return 0;
}
static int qce_handle_request(struct crypto_async_request *async_req)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 420/578] nvmem: qcom-spmi-sdam: Set size in struct nvmem_config
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (418 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 419/578] crypto: qce - unregister previously registered algos " Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 421/578] nvmem: core: improve range check for nvmem_cell_write() Greg Kroah-Hartman
` (166 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luca Weiss, Vladimir Zapolskiy,
Srinivas Kandagatla
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luca Weiss <luca.weiss@fairphone.com>
commit e88f516ea417c71bb3702603ac6af9e95338cfa6 upstream.
Let the nvmem core know what size the SDAM is, most notably this fixes
the size of /sys/bus/nvmem/devices/spmi_sdam*/nvmem being '0' and makes
user space work with that file.
~ # hexdump -C -s 64 /sys/bus/nvmem/devices/spmi_sdam2/nvmem
00000040 02 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000080
Fixes: 40ce9798794f ("nvmem: add QTI SDAM driver")
Cc: stable@vger.kernel.org
Signed-off-by: Luca Weiss <luca.weiss@fairphone.com>
Reviewed-by: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20241230141901.263976-6-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvmem/qcom-spmi-sdam.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/nvmem/qcom-spmi-sdam.c
+++ b/drivers/nvmem/qcom-spmi-sdam.c
@@ -143,6 +143,7 @@ static int sdam_probe(struct platform_de
sdam->sdam_config.id = NVMEM_DEVID_AUTO;
sdam->sdam_config.owner = THIS_MODULE;
sdam->sdam_config.stride = 1;
+ sdam->sdam_config.size = sdam->size;
sdam->sdam_config.word_size = 1;
sdam->sdam_config.reg_read = sdam_read;
sdam->sdam_config.reg_write = sdam_write;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 421/578] nvmem: core: improve range check for nvmem_cell_write()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (419 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 420/578] nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 422/578] io_uring/net: dont retry connect operation on EPOLLERR Greg Kroah-Hartman
` (165 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jennifer Berringer,
Srinivas Kandagatla
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jennifer Berringer <jberring@redhat.com>
commit 31507fc2ad36e0071751a710449db19c85d82a7f upstream.
When __nvmem_cell_entry_write() is called for an nvmem cell that does
not need bit shifting, it requires that the len parameter exactly
matches the nvmem cell size. However, when the nvmem cell has a nonzero
bit_offset, it was skipping this check.
Accepting values of len larger than the cell size results in
nvmem_cell_prepare_write_buffer() trying to write past the end of a heap
buffer that it allocates. Add a check to avoid that problem and instead
return -EINVAL when len doesn't match the number of bits expected by the
nvmem cell when bit_offset is nonzero.
This check uses cell->nbits in order to allow providing the smaller size
to cells that are shifted into another byte by bit_offset. For example,
a cell with nbits=8 and nonzero bit_offset would have bytes=2 but should
accept a 1-byte write here, although no current callers depend on this.
Fixes: 69aba7948cbe ("nvmem: Add a simple NVMEM framework for consumers")
Cc: stable@vger.kernel.org
Signed-off-by: Jennifer Berringer <jberring@redhat.com>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20241230141901.263976-7-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvmem/core.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -1532,6 +1532,8 @@ static int __nvmem_cell_entry_write(stru
return -EINVAL;
if (cell->bit_offset || cell->nbits) {
+ if (len != BITS_TO_BYTES(cell->nbits) && len != cell->bytes)
+ return -EINVAL;
buf = nvmem_cell_prepare_write_buffer(cell, buf, len);
if (IS_ERR(buf))
return PTR_ERR(buf);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 422/578] io_uring/net: dont retry connect operation on EPOLLERR
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (420 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 421/578] nvmem: core: improve range check for nvmem_cell_write() Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 423/578] vfio/platform: check the bounds of read/write syscalls Greg Kroah-Hartman
` (164 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sergey Galas, Jens Axboe
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <axboe@kernel.dk>
commit 8c8492ca64e79c6e0f433e8c9d2bcbd039ef83d0 upstream.
If a socket is shutdown before the connection completes, POLLERR is set
in the poll mask. However, connect ignores this as it doesn't know, and
attempts the connection again. This may lead to a bogus -ETIMEDOUT
result, where it should have noticed the POLLERR and just returned
-ECONNRESET instead.
Have the poll logic check for whether or not POLLERR is set in the mask,
and if so, mark the request as failed. Then connect can appropriately
fail the request rather than retry it.
Reported-by: Sergey Galas <ssgalas@cloud.ru>
Cc: stable@vger.kernel.org
Link: https://github.com/axboe/liburing/discussions/1335
Fixes: 3fb1bd688172 ("io_uring/net: handle -EINPROGRESS correct for IORING_OP_CONNECT")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 5 +++++
io_uring/poll.c | 2 ++
2 files changed, 7 insertions(+)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -1486,6 +1486,11 @@ int io_connect(struct io_kiocb *req, uns
io = &__io;
}
+ if (unlikely(req->flags & REQ_F_FAIL)) {
+ ret = -ECONNRESET;
+ goto out;
+ }
+
file_flags = force_nonblock ? O_NONBLOCK : 0;
ret = __sys_connect_file(req->file, &io->address,
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -288,6 +288,8 @@ static int io_poll_check_events(struct i
return IOU_POLL_REISSUE;
}
}
+ if (unlikely(req->cqe.res & EPOLLERR))
+ req_set_fail(req);
if (req->apoll_events & EPOLLONESHOT)
return IOU_POLL_DONE;
if (io_is_uring_fops(req->file))
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 423/578] vfio/platform: check the bounds of read/write syscalls
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (421 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 422/578] io_uring/net: dont retry connect operation on EPOLLERR Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 424/578] selftests: mptcp: connect: -f: no reconnect Greg Kroah-Hartman
` (163 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mostafa Saleh, Eric Auger,
Alex Williamson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
commit ce9ff21ea89d191e477a02ad7eabf4f996b80a69 upstream.
count and offset are passed from user space and not checked, only
offset is capped to 40 bits, which can be used to read/write out of
bounds of the device.
Fixes: 6e3f26456009 (“vfio/platform: read and write support for the device fd”)
Cc: stable@vger.kernel.org
Reported-by: Mostafa Saleh <smostafa@google.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Mostafa Saleh <smostafa@google.com>
Tested-by: Mostafa Saleh <smostafa@google.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/vfio/platform/vfio_platform_common.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/vfio/platform/vfio_platform_common.c
+++ b/drivers/vfio/platform/vfio_platform_common.c
@@ -396,6 +396,11 @@ static ssize_t vfio_platform_read_mmio(s
count = min_t(size_t, count, reg->size - off);
+ if (off >= reg->size)
+ return -EINVAL;
+
+ count = min_t(size_t, count, reg->size - off);
+
if (!reg->ioaddr) {
reg->ioaddr =
ioremap(reg->addr, reg->size);
@@ -477,6 +482,11 @@ static ssize_t vfio_platform_write_mmio(
if (off >= reg->size)
return -EINVAL;
+
+ count = min_t(size_t, count, reg->size - off);
+
+ if (off >= reg->size)
+ return -EINVAL;
count = min_t(size_t, count, reg->size - off);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 424/578] selftests: mptcp: connect: -f: no reconnect
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (422 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 423/578] vfio/platform: check the bounds of read/write syscalls Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 425/578] pnfs/flexfiles: retry getting layout segment for reads Greg Kroah-Hartman
` (162 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mat Martineau,
Matthieu Baerts (NGI0), Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
commit 5368a67307b3b2c347dc8965ac55b888be665934 upstream.
The '-f' parameter is there to force the kernel to emit MPTCP FASTCLOSE
by closing the connection with unread bytes in the receive queue.
The xdisconnect() helper was used to stop the connection, but it does
more than that: it will shut it down, then wait before reconnecting to
the same address. This causes the mptcp_join's "fastclose test" to fail
all the time.
This failure is due to a recent change, with commit 218cc166321f
("selftests: mptcp: avoid spurious errors on disconnect"), but that went
unnoticed because the test is currently ignored. The recent modification
only shown an existing issue: xdisconnect() doesn't need to be used
here, only the shutdown() part is needed.
Fixes: 6bf41020b72b ("selftests: mptcp: update and extend fastclose test-cases")
Cc: stable@vger.kernel.org
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20250204-net-mptcp-sft-conn-f-v1-1-6b470c72fffa@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/testing/selftests/net/mptcp/mptcp_connect.c
+++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c
@@ -1216,7 +1216,7 @@ again:
return ret;
if (cfg_truncate > 0) {
- xdisconnect(fd);
+ shutdown(fd, SHUT_WR);
} else if (--cfg_repeat > 0) {
xdisconnect(fd);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 425/578] pnfs/flexfiles: retry getting layout segment for reads
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (423 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 424/578] selftests: mptcp: connect: -f: no reconnect Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 426/578] ocfs2: fix incorrect CPU endianness conversion causing mount failure Greg Kroah-Hartman
` (161 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mike Snitzer, Anna Schumaker
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Snitzer <snitzer@kernel.org>
commit eb3fabde15bccdf34f1c9b35a83aa4c0dacbb4ca upstream.
If ff_layout_pg_get_read()'s attempt to get a layout segment results
in -EAGAIN have ff_layout_pg_init_read() retry it after sleeping.
If "softerr" mount is used, use 'io_maxretrans' to limit the number of
attempts to get a layout segment.
This fixes a long-standing issue of O_DIRECT reads failing with
-EAGAIN (11) when using flexfiles Client Side Mirroring (CSM).
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/flexfilelayout/flexfilelayout.c | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
--- a/fs/nfs/flexfilelayout/flexfilelayout.c
+++ b/fs/nfs/flexfilelayout/flexfilelayout.c
@@ -839,6 +839,9 @@ ff_layout_pg_init_read(struct nfs_pageio
struct nfs4_pnfs_ds *ds;
u32 ds_idx;
+ if (NFS_SERVER(pgio->pg_inode)->flags &
+ (NFS_MOUNT_SOFT|NFS_MOUNT_SOFTERR))
+ pgio->pg_maxretrans = io_maxretrans;
retry:
ff_layout_pg_check_layout(pgio, req);
/* Use full layout for now */
@@ -852,6 +855,8 @@ retry:
if (!pgio->pg_lseg)
goto out_nolseg;
}
+ /* Reset wb_nio, since getting layout segment was successful */
+ req->wb_nio = 0;
ds = ff_layout_get_ds_for_read(pgio, &ds_idx);
if (!ds) {
@@ -868,14 +873,24 @@ retry:
pgm->pg_bsize = mirror->mirror_ds->ds_versions[0].rsize;
pgio->pg_mirror_idx = ds_idx;
-
- if (NFS_SERVER(pgio->pg_inode)->flags &
- (NFS_MOUNT_SOFT|NFS_MOUNT_SOFTERR))
- pgio->pg_maxretrans = io_maxretrans;
return;
out_nolseg:
- if (pgio->pg_error < 0)
- return;
+ if (pgio->pg_error < 0) {
+ if (pgio->pg_error != -EAGAIN)
+ return;
+ /* Retry getting layout segment if lower layer returned -EAGAIN */
+ if (pgio->pg_maxretrans && req->wb_nio++ > pgio->pg_maxretrans) {
+ if (NFS_SERVER(pgio->pg_inode)->flags & NFS_MOUNT_SOFTERR)
+ pgio->pg_error = -ETIMEDOUT;
+ else
+ pgio->pg_error = -EIO;
+ return;
+ }
+ pgio->pg_error = 0;
+ /* Sleep for 1 second before retrying */
+ ssleep(1);
+ goto retry;
+ }
out_mds:
trace_pnfs_mds_fallback_pg_init_read(pgio->pg_inode,
0, NFS4_MAX_UINT64, IOMODE_READ,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 426/578] ocfs2: fix incorrect CPU endianness conversion causing mount failure
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (424 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 425/578] pnfs/flexfiles: retry getting layout segment for reads Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 427/578] ocfs2: handle a symlink read error correctly Greg Kroah-Hartman
` (160 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Heming Zhao, Joseph Qi, Mark Fasheh,
Joel Becker, Junxiao Bi, Changwei Ge, Jun Piao, Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heming Zhao <heming.zhao@suse.com>
commit f921da2c34692dfec5f72b5ae347b1bea22bb369 upstream.
Commit 23aab037106d ("ocfs2: fix UBSAN warning in ocfs2_verify_volume()")
introduced a regression bug. The blksz_bits value is already converted to
CPU endian in the previous code; therefore, the code shouldn't use
le32_to_cpu() anymore.
Link: https://lkml.kernel.org/r/20250121112204.12834-1-heming.zhao@suse.com
Fixes: 23aab037106d ("ocfs2: fix UBSAN warning in ocfs2_verify_volume()")
Signed-off-by: Heming Zhao <heming.zhao@suse.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ocfs2/super.c
+++ b/fs/ocfs2/super.c
@@ -2342,7 +2342,7 @@ static int ocfs2_verify_volume(struct oc
mlog(ML_ERROR, "found superblock with incorrect block "
"size bits: found %u, should be 9, 10, 11, or 12\n",
blksz_bits);
- } else if ((1 << le32_to_cpu(blksz_bits)) != blksz) {
+ } else if ((1 << blksz_bits) != blksz) {
mlog(ML_ERROR, "found superblock with incorrect block "
"size: found %u, should be %u\n", 1 << blksz_bits, blksz);
} else if (le16_to_cpu(di->id2.i_super.s_major_rev_level) !=
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 427/578] ocfs2: handle a symlink read error correctly
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (425 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 426/578] ocfs2: fix incorrect CPU endianness conversion causing mount failure Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 428/578] nilfs2: fix possible int overflows in nilfs_fiemap() Greg Kroah-Hartman
` (159 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthew Wilcox (Oracle), Joseph Qi,
Mark Fasheh, Joel Becker, Junxiao Bi, Changwei Ge, Jun Piao,
Mark Tinguely, Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthew Wilcox (Oracle) <willy@infradead.org>
commit 2b4c2094da6d84e69b843dd3317902e977bf64bd upstream.
Patch series "Convert ocfs2 to use folios".
Mark did a conversion of ocfs2 to use folios and sent it to me as a
giant patch for review ;-)
So I've redone it as individual patches, and credited Mark for the patches
where his code is substantially the same. It's not a bad way to do it;
his patch had some bugs and my patches had some bugs. Hopefully all our
bugs were different from each other. And hopefully Mark likes all the
changes I made to his code!
This patch (of 23):
If we can't read the buffer, be sure to unlock the page before returning.
Link: https://lkml.kernel.org/r/20241205171653.3179945-1-willy@infradead.org
Link: https://lkml.kernel.org/r/20241205171653.3179945-2-willy@infradead.org
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Jun Piao <piaojun@huawei.com>
Cc: Mark Tinguely <mark.tinguely@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/symlink.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/fs/ocfs2/symlink.c
+++ b/fs/ocfs2/symlink.c
@@ -65,7 +65,7 @@ static int ocfs2_fast_symlink_read_folio
if (status < 0) {
mlog_errno(status);
- return status;
+ goto out;
}
fe = (struct ocfs2_dinode *) bh->b_data;
@@ -76,9 +76,10 @@ static int ocfs2_fast_symlink_read_folio
memcpy(kaddr, link, len + 1);
kunmap_atomic(kaddr);
SetPageUptodate(page);
+out:
unlock_page(page);
brelse(bh);
- return 0;
+ return status;
}
const struct address_space_operations ocfs2_fast_symlink_aops = {
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 428/578] nilfs2: fix possible int overflows in nilfs_fiemap()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (426 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 427/578] ocfs2: handle a symlink read error correctly Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 429/578] mailbox: tegra-hsp: Clear mailbox before using message Greg Kroah-Hartman
` (158 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nikita Zhandarovich, Ryusuke Konishi,
Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
commit 6438ef381c183444f7f9d1de18f22661cba1e946 upstream.
Since nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result
by being prepared to go through potentially maxblocks == INT_MAX blocks,
the value in n may experience an overflow caused by left shift of blkbits.
While it is extremely unlikely to occur, play it safe and cast right hand
expression to wider type to mitigate the issue.
Found by Linux Verification Center (linuxtesting.org) with static analysis
tool SVACE.
Link: https://lkml.kernel.org/r/20250124222133.5323-1-konishi.ryusuke@gmail.com
Fixes: 622daaff0a89 ("nilfs2: fiemap support")
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/inode.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/fs/nilfs2/inode.c
+++ b/fs/nilfs2/inode.c
@@ -1267,7 +1267,7 @@ int nilfs_fiemap(struct inode *inode, st
if (size) {
if (phys && blkphy << blkbits == phys + size) {
/* The current extent goes on */
- size += n << blkbits;
+ size += (u64)n << blkbits;
} else {
/* Terminate the current extent */
ret = fiemap_fill_next_extent(
@@ -1280,14 +1280,14 @@ int nilfs_fiemap(struct inode *inode, st
flags = FIEMAP_EXTENT_MERGED;
logical = blkoff << blkbits;
phys = blkphy << blkbits;
- size = n << blkbits;
+ size = (u64)n << blkbits;
}
} else {
/* Start a new extent */
flags = FIEMAP_EXTENT_MERGED;
logical = blkoff << blkbits;
phys = blkphy << blkbits;
- size = n << blkbits;
+ size = (u64)n << blkbits;
}
blkoff += n;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 429/578] mailbox: tegra-hsp: Clear mailbox before using message
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (427 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 428/578] nilfs2: fix possible int overflows in nilfs_fiemap() Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 430/578] NFC: nci: Add bounds checking in nci_hci_create_pipe() Greg Kroah-Hartman
` (157 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pekka Pessi, Kartik Rajput,
Thierry Reding, Jassi Brar
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pekka Pessi <ppessi@nvidia.com>
commit 0b7f8328f988178b55ee11d772a6e1238c04d29d upstream.
The Tegra RCE (Camera) driver expects the mailbox to be empty before
processing the IVC messages. On RT kernel, the threads processing the
IVC messages (which are invoked after `mbox_chan_received_data()` is
called) may be on a different CPU or running with a higher priority
than the HSP interrupt handler thread. This can cause it to act on the
message before the mailbox gets cleared in the HSP interrupt handler
resulting in a loss of IVC notification.
Fix this by clearing the mailbox data register before calling
`mbox_chan_received_data()`.
Fixes: 8f585d14030d ("mailbox: tegra-hsp: Add tegra_hsp_sm_ops")
Fixes: 74c20dd0f892 ("mailbox: tegra-hsp: Add 128-bit shared mailbox support")
Cc: stable@vger.kernel.org
Signed-off-by: Pekka Pessi <ppessi@nvidia.com>
Signed-off-by: Kartik Rajput <kkartik@nvidia.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Jassi Brar <jassisinghbrar@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mailbox/tegra-hsp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/mailbox/tegra-hsp.c
+++ b/drivers/mailbox/tegra-hsp.c
@@ -388,7 +388,6 @@ static void tegra_hsp_sm_recv32(struct t
value = tegra_hsp_channel_readl(channel, HSP_SM_SHRD_MBOX);
value &= ~HSP_SM_SHRD_MBOX_FULL;
msg = (void *)(unsigned long)value;
- mbox_chan_received_data(channel->chan, msg);
/*
* Need to clear all bits here since some producers, such as TCU, depend
@@ -398,6 +397,8 @@ static void tegra_hsp_sm_recv32(struct t
* explicitly, so we have to make sure we cover all possible cases.
*/
tegra_hsp_channel_writel(channel, 0x0, HSP_SM_SHRD_MBOX);
+
+ mbox_chan_received_data(channel->chan, msg);
}
static const struct tegra_hsp_sm_ops tegra_hsp_sm_32bit_ops = {
@@ -433,7 +434,6 @@ static void tegra_hsp_sm_recv128(struct
value[3] = tegra_hsp_channel_readl(channel, HSP_SHRD_MBOX_TYPE1_DATA3);
msg = (void *)(unsigned long)value;
- mbox_chan_received_data(channel->chan, msg);
/*
* Clear data registers and tag.
@@ -443,6 +443,8 @@ static void tegra_hsp_sm_recv128(struct
tegra_hsp_channel_writel(channel, 0x0, HSP_SHRD_MBOX_TYPE1_DATA2);
tegra_hsp_channel_writel(channel, 0x0, HSP_SHRD_MBOX_TYPE1_DATA3);
tegra_hsp_channel_writel(channel, 0x0, HSP_SHRD_MBOX_TYPE1_TAG);
+
+ mbox_chan_received_data(channel->chan, msg);
}
static const struct tegra_hsp_sm_ops tegra_hsp_sm_128bit_ops = {
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 430/578] NFC: nci: Add bounds checking in nci_hci_create_pipe()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (428 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 429/578] mailbox: tegra-hsp: Clear mailbox before using message Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 431/578] i3c: master: Fix missing ret assignment in set_speed() Greg Kroah-Hartman
` (156 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Simon Horman,
Krzysztof Kozlowski, Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
commit 110b43ef05342d5a11284cc8b21582b698b4ef1c upstream.
The "pipe" variable is a u8 which comes from the network. If it's more
than 127, then it results in memory corruption in the caller,
nci_hci_connect_gate().
Cc: stable@vger.kernel.org
Fixes: a1b0b9415817 ("NFC: nci: Create pipe on specific gate in nci_hci_connect_gate")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://patch.msgid.link/bcf5453b-7204-4297-9c20-4d8c7dacf586@stanley.mountain
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/nfc/nci/hci.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/nfc/nci/hci.c
+++ b/net/nfc/nci/hci.c
@@ -540,6 +540,8 @@ static u8 nci_hci_create_pipe(struct nci
pr_debug("pipe created=%d\n", pipe);
+ if (pipe >= NCI_HCI_MAX_PIPES)
+ pipe = NCI_HCI_INVALID_PIPE;
return pipe;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 431/578] i3c: master: Fix missing ret assignment in set_speed()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (429 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 430/578] NFC: nci: Add bounds checking in nci_hci_create_pipe() Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 432/578] irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Greg Kroah-Hartman
` (155 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Frank Li, Wolfram Sang,
Mukesh Kumar Savaliya, Miquel Raynal, Alexandre Belloni
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Frank Li <Frank.Li@nxp.com>
commit b266e0d4dac00eecdfaf50ec3f708fd0c3b39637 upstream.
Fix a probe failure in the i3c master driver that occurs when no i3c
devices are connected to the bus.
The issue arises in `i3c_master_bus_init()` where the `ret` value is not
updated after calling `master->ops->set_speed()`. If no devices are
present, `ret` remains set to `I3C_ERROR_M2`, causing the code to
incorrectly proceed to `err_bus_cleanup`.
Cc: stable@vger.kernel.org
Fixes: aef79e189ba2 ("i3c: master: support to adjust first broadcast address speed")
Signed-off-by: Frank Li <Frank.Li@nxp.com>
Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Tested-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Acked-by: Mukesh Kumar Savaliya <quic_msavaliy@quicinc.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/r/20250108225533.915334-1-Frank.Li@nxp.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/i3c/master.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/i3c/master.c
+++ b/drivers/i3c/master.c
@@ -1861,7 +1861,7 @@ static int i3c_master_bus_init(struct i3
goto err_bus_cleanup;
if (master->ops->set_speed) {
- master->ops->set_speed(master, I3C_OPEN_DRAIN_NORMAL_SPEED);
+ ret = master->ops->set_speed(master, I3C_OPEN_DRAIN_NORMAL_SPEED);
if (ret)
goto err_bus_cleanup;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 432/578] irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (430 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 431/578] i3c: master: Fix missing ret assignment in set_speed() Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 433/578] mtd: onenand: Fix uninitialized retlen in do_otp_read() Greg Kroah-Hartman
` (154 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nick Chan, Thomas Gleixner
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nick Chan <towinchenmi@gmail.com>
commit 698244bbb3bfd32ddf9a0b70a12b1c7d69056497 upstream.
The CPU PMU in Apple SoCs can be configured to fire its interrupt in one of
several ways, and since Apple A11 one of the methods is FIQ, but the check
of the configuration register fails to test explicitely for FIQ mode. It
tests whether the IMODE bitfield is zero or not and the PMCRO_IACT bit is
set. That results in false positives when the IMODE bitfield is not zero,
but does not have the mode PMCR0_IMODE_FIQ.
Only handle the PMC interrupt as a FIQ when the CPU PMU has been configured
to fire FIQs, i.e. the IMODE bitfield value is PMCR0_IMODE_FIQ and
PMCR0_IACT is set.
Fixes: c7708816c944 ("irqchip/apple-aic: Wire PMU interrupts")
Signed-off-by: Nick Chan <towinchenmi@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/20250118163554.16733-1-towinchenmi@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-apple-aic.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/irqchip/irq-apple-aic.c
+++ b/drivers/irqchip/irq-apple-aic.c
@@ -555,7 +555,8 @@ static void __exception_irq_entry aic_ha
AIC_FIQ_HWIRQ(AIC_TMR_EL02_VIRT));
}
- if (read_sysreg_s(SYS_IMP_APL_PMCR0_EL1) & PMCR0_IACT) {
+ if ((read_sysreg_s(SYS_IMP_APL_PMCR0_EL1) & (PMCR0_IMODE | PMCR0_IACT)) ==
+ (FIELD_PREP(PMCR0_IMODE, PMCR0_IMODE_FIQ) | PMCR0_IACT)) {
int irq;
if (cpumask_test_cpu(smp_processor_id(),
&aic_irqc->fiq_aff[AIC_CPU_PMU_P]->aff))
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 433/578] mtd: onenand: Fix uninitialized retlen in do_otp_read()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (431 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 432/578] irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 434/578] misc: fastrpc: Deregister device nodes properly in error scenarios Greg Kroah-Hartman
` (153 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ivan Stepchenko, Miquel Raynal
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ivan Stepchenko <sid@itb.spb.ru>
commit 70a71f8151b9879b0950668ce3ad76263261fee0 upstream.
The function do_otp_read() does not set the output parameter *retlen,
which is expected to contain the number of bytes actually read.
As a result, in onenand_otp_walk(), the tmp_retlen variable remains
uninitialized after calling do_otp_walk() and used to change
the values of the buf, len and retlen variables.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 49dc08eeda70 ("[MTD] [OneNAND] fix numerous races")
Cc: stable@vger.kernel.org
Signed-off-by: Ivan Stepchenko <sid@itb.spb.ru>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/onenand/onenand_base.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/mtd/nand/onenand/onenand_base.c
+++ b/drivers/mtd/nand/onenand/onenand_base.c
@@ -2923,6 +2923,7 @@ static int do_otp_read(struct mtd_info *
ret = ONENAND_IS_4KB_PAGE(this) ?
onenand_mlc_read_ops_nolock(mtd, from, &ops) :
onenand_read_ops_nolock(mtd, from, &ops);
+ *retlen = ops.retlen;
/* Exit OTP access mode */
this->command(mtd, ONENAND_CMD_RESET, 0, 0);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 434/578] misc: fastrpc: Deregister device nodes properly in error scenarios
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (432 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 433/578] mtd: onenand: Fix uninitialized retlen in do_otp_read() Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 435/578] misc: fastrpc: Fix registered buffer page address Greg Kroah-Hartman
` (152 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Anandu Krishnan E,
Srinivas Kandagatla
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anandu Krishnan E <quic_anane@quicinc.com>
commit 637c20002dc8c347001292664055bfbf56544ec6 upstream.
During fastrpc_rpmsg_probe, if secure device node registration
succeeds but non-secure device node registration fails, the secure
device node deregister is not called during error cleanup. Add proper
exit paths to ensure proper cleanup in case of error.
Fixes: 3abe3ab3cdab ("misc: fastrpc: add secure domain support")
Cc: stable@kernel.org
Signed-off-by: Anandu Krishnan E <quic_anane@quicinc.com>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20250110134239.123603-2-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/fastrpc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -2119,7 +2119,7 @@ static int fastrpc_rpmsg_probe(struct rp
err = fastrpc_device_register(rdev, data, false, domains[domain_id]);
if (err)
- goto fdev_error;
+ goto populate_error;
break;
default:
err = -EINVAL;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 435/578] misc: fastrpc: Fix registered buffer page address
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (433 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 434/578] misc: fastrpc: Deregister device nodes properly in error scenarios Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 436/578] misc: fastrpc: Fix copy buffer page size Greg Kroah-Hartman
` (151 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Ekansh Gupta,
Srinivas Kandagatla
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ekansh Gupta <quic_ekangupt@quicinc.com>
commit 6ca4ea1f88a06a04ed7b2c9c6bf9f00833b68214 upstream.
For registered buffers, fastrpc driver sends the buffer information
to remote subsystem. There is a problem with current implementation
where the page address is being sent with an offset leading to
improper buffer address on DSP. This is leads to functional failures
as DSP expects base address in page information and extracts offset
information from remote arguments. Mask the offset and pass the base
page address to DSP.
This issue is observed is a corner case when some buffer which is registered
with fastrpc framework is passed with some offset by user and then the DSP
implementation tried to read the data. As DSP expects base address and takes
care of offsetting with remote arguments, passing an offsetted address will
result in some unexpected data read in DSP.
All generic usecases usually pass the buffer as it is hence is problem is
not usually observed. If someone tries to pass offsetted buffer and then
tries to compare data at HLOS and DSP end, then the ambiguity will be observed.
Fixes: 80f3afd72bd4 ("misc: fastrpc: consider address offset before sending to DSP")
Cc: stable@kernel.org
Signed-off-by: Ekansh Gupta <quic_ekangupt@quicinc.com>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20250110134239.123603-3-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/fastrpc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -934,7 +934,7 @@ static int fastrpc_get_args(u32 kernel,
mmap_read_lock(current->mm);
vma = find_vma(current->mm, ctx->args[i].ptr);
if (vma)
- pages[i].addr += ctx->args[i].ptr -
+ pages[i].addr += (ctx->args[i].ptr & PAGE_MASK) -
vma->vm_start;
mmap_read_unlock(current->mm);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 436/578] misc: fastrpc: Fix copy buffer page size
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (434 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 435/578] misc: fastrpc: Fix registered buffer page address Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 437/578] net/ncsi: wait for the last response to Deselect Package before configuring channel Greg Kroah-Hartman
` (150 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Ekansh Gupta,
Srinivas Kandagatla
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ekansh Gupta <quic_ekangupt@quicinc.com>
commit e966eae72762ecfdbdb82627e2cda48845b9dd66 upstream.
For non-registered buffer, fastrpc driver copies the buffer and
pass it to the remote subsystem. There is a problem with current
implementation of page size calculation which is not considering
the offset in the calculation. This might lead to passing of
improper and out-of-bounds page size which could result in
memory issue. Calculate page start and page end using the offset
adjusted address instead of absolute address.
Fixes: 02b45b47fbe8 ("misc: fastrpc: fix remote page size calculation")
Cc: stable@kernel.org
Signed-off-by: Ekansh Gupta <quic_ekangupt@quicinc.com>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20250110134239.123603-4-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/fastrpc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -961,8 +961,8 @@ static int fastrpc_get_args(u32 kernel,
(pkt_size - rlen);
pages[i].addr = pages[i].addr & PAGE_MASK;
- pg_start = (args & PAGE_MASK) >> PAGE_SHIFT;
- pg_end = ((args + len - 1) & PAGE_MASK) >> PAGE_SHIFT;
+ pg_start = (rpra[i].buf.pv & PAGE_MASK) >> PAGE_SHIFT;
+ pg_end = ((rpra[i].buf.pv + len - 1) & PAGE_MASK) >> PAGE_SHIFT;
pages[i].size = (pg_end - pg_start + 1) * PAGE_SIZE;
args = args + mlen;
rlen -= mlen;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 437/578] net/ncsi: wait for the last response to Deselect Package before configuring channel
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (435 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 436/578] misc: fastrpc: Fix copy buffer page size Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 438/578] net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Greg Kroah-Hartman
` (149 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Paul Fertser, Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Fertser <fercerpav@gmail.com>
commit 6bb194d036c6e1b329dcdff459338cdd9a54802a upstream.
The NCSI state machine as it's currently implemented assumes that
transition to the next logical state is performed either explicitly by
calling `schedule_work(&ndp->work)` to re-queue itself or implicitly
after processing the predefined (ndp->pending_req_num) number of
replies. Thus to avoid the configuration FSM from advancing prematurely
and getting out of sync with the process it's essential to not skip
waiting for a reply.
This patch makes the code wait for reception of the Deselect Package
response for the last package probed before proceeding to channel
configuration.
Thanks go to Potin Lai and Cosmo Chou for the initial investigation and
testing.
Fixes: 8e13f70be05e ("net/ncsi: Probe single packages to avoid conflict")
Cc: stable@vger.kernel.org
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Link: https://patch.msgid.link/20250116152900.8656-1-fercerpav@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ncsi/ncsi-manage.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
--- a/net/ncsi/ncsi-manage.c
+++ b/net/ncsi/ncsi-manage.c
@@ -1385,6 +1385,12 @@ static void ncsi_probe_channel(struct nc
nd->state = ncsi_dev_state_probe_package;
break;
case ncsi_dev_state_probe_package:
+ if (ndp->package_probe_id >= 8) {
+ /* Last package probed, finishing */
+ ndp->flags |= NCSI_DEV_PROBED;
+ break;
+ }
+
ndp->pending_req_num = 1;
nca.type = NCSI_PKT_CMD_SP;
@@ -1501,13 +1507,8 @@ static void ncsi_probe_channel(struct nc
if (ret)
goto error;
- /* Probe next package */
+ /* Probe next package after receiving response */
ndp->package_probe_id++;
- if (ndp->package_probe_id >= 8) {
- /* Probe finished */
- ndp->flags |= NCSI_DEV_PROBED;
- break;
- }
nd->state = ncsi_dev_state_probe_package;
ndp->active_package = NULL;
break;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 438/578] net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (436 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 437/578] net/ncsi: wait for the last response to Deselect Package before configuring channel Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 439/578] rtla/osnoise: Distinguish missing workload option Greg Kroah-Hartman
` (148 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Milos Reljin, Andrew Lunn,
Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Milos Reljin <milos_reljin@outlook.com>
commit bd1bbab717608757cccbbe08b0d46e6c3ed0ced5 upstream.
In application note (AN13663) for TJA1120, on page 30, there's a figure
with average PHY startup timing values following software reset.
The time it takes for SMI to become operational after software reset
ranges roughly from 500 us to 1500 us.
This commit adds 2000 us delay after MDIO write which triggers software
reset. Without this delay, soft_reset function returns an error and
prevents successful PHY init.
Cc: stable@vger.kernel.org
Fixes: b050f2f15e04 ("phy: nxp-c45: add driver for tja1103")
Signed-off-by: Milos Reljin <milos_reljin@outlook.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://patch.msgid.link/AM8P250MB0124D258E5A71041AF2CC322E1E32@AM8P250MB0124.EURP250.PROD.OUTLOOK.COM
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/phy/nxp-c45-tja11xx.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/phy/nxp-c45-tja11xx.c
+++ b/drivers/net/phy/nxp-c45-tja11xx.c
@@ -937,6 +937,8 @@ static int nxp_c45_soft_reset(struct phy
if (ret)
return ret;
+ usleep_range(2000, 2050);
+
return phy_read_mmd_poll_timeout(phydev, MDIO_MMD_VEND1,
VEND1_DEVICE_CONTROL, ret,
!(ret & DEVICE_CONTROL_RESET), 20000,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 439/578] rtla/osnoise: Distinguish missing workload option
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (437 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 438/578] net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 440/578] rtla: Add trace_instance_stop Greg Kroah-Hartman
` (147 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Kacur, Luis Goncalves,
Tomas Glozar, Steven Rostedt (Google)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomas Glozar <tglozar@redhat.com>
commit 80d3ba1cf51bfbbb3b098434f2b2c95cd7c0ae5c upstream.
osnoise_set_workload returns -1 for both missing OSNOISE_WORKLOAD option
and failure in setting the option.
Return -1 for missing and -2 for failure to distinguish them.
Cc: stable@vger.kernel.org
Cc: John Kacur <jkacur@redhat.com>
Cc: Luis Goncalves <lgoncalv@redhat.com>
Link: https://lore.kernel.org/20250107144823.239782-2-tglozar@redhat.com
Signed-off-by: Tomas Glozar <tglozar@redhat.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/tracing/rtla/src/osnoise.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/tracing/rtla/src/osnoise.c
+++ b/tools/tracing/rtla/src/osnoise.c
@@ -693,7 +693,7 @@ int osnoise_set_tracing_thresh(struct os
retval = osnoise_write_ll_config("tracing_thresh", tracing_thresh);
if (retval < 0)
- return -1;
+ return -2;
context->tracing_thresh = tracing_thresh;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 440/578] rtla: Add trace_instance_stop
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (438 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 439/578] rtla/osnoise: Distinguish missing workload option Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 441/578] rtla/timerlat_hist: Stop timerlat tracer on signal Greg Kroah-Hartman
` (146 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Kacur, Luis Goncalves,
Gabriele Monaco, Tomas Glozar, Steven Rostedt (Google)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomas Glozar <tglozar@redhat.com>
commit e879b5dcf8d044f3865a32d95cc5b213f314c54f upstream.
Support not only turning trace on for the timerlat tracer, but also
turning it off.
This will be used in subsequent patches to stop the timerlat tracer
without also wiping the trace buffer.
Cc: stable@vger.kernel.org
Cc: John Kacur <jkacur@redhat.com>
Cc: Luis Goncalves <lgoncalv@redhat.com>
Cc: Gabriele Monaco <gmonaco@redhat.com>
Link: https://lore.kernel.org/20250116144931.649593-2-tglozar@redhat.com
Signed-off-by: Tomas Glozar <tglozar@redhat.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/tracing/rtla/src/trace.c | 8 ++++++++
tools/tracing/rtla/src/trace.h | 1 +
2 files changed, 9 insertions(+)
--- a/tools/tracing/rtla/src/trace.c
+++ b/tools/tracing/rtla/src/trace.c
@@ -197,6 +197,14 @@ int trace_instance_start(struct trace_in
}
/*
+ * trace_instance_stop - stop tracing a given rtla instance
+ */
+int trace_instance_stop(struct trace_instance *trace)
+{
+ return tracefs_trace_off(trace->inst);
+}
+
+/*
* trace_events_free - free a list of trace events
*/
static void trace_events_free(struct trace_events *events)
--- a/tools/tracing/rtla/src/trace.h
+++ b/tools/tracing/rtla/src/trace.h
@@ -21,6 +21,7 @@ struct trace_instance {
int trace_instance_init(struct trace_instance *trace, char *tool_name);
int trace_instance_start(struct trace_instance *trace);
+int trace_instance_stop(struct trace_instance *trace);
void trace_instance_destroy(struct trace_instance *trace);
struct trace_seq *get_trace_seq(void);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 441/578] rtla/timerlat_hist: Stop timerlat tracer on signal
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (439 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 440/578] rtla: Add trace_instance_stop Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 442/578] rtla/timerlat_top: " Greg Kroah-Hartman
` (145 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Kacur, Luis Goncalves,
Gabriele Monaco, Tomas Glozar, Steven Rostedt (Google)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomas Glozar <tglozar@redhat.com>
commit c73cab9dbed04d8f65ca69177b4b21ed3e09dfa7 upstream.
Currently, when either SIGINT from the user or SIGALRM from the duration
timer is caught by rtla-timerlat, stop_tracing is set to break out of
the main loop. This is not sufficient for cases where the timerlat
tracer is producing more data than rtla can consume, since in that case,
rtla is looping indefinitely inside tracefs_iterate_raw_events, never
reaches the check of stop_tracing and hangs.
In addition to setting stop_tracing, also stop the timerlat tracer on
received signal (SIGINT or SIGALRM). This will stop new samples so that
the existing samples may be processed and tracefs_iterate_raw_events
eventually exits.
Cc: stable@vger.kernel.org
Cc: John Kacur <jkacur@redhat.com>
Cc: Luis Goncalves <lgoncalv@redhat.com>
Cc: Gabriele Monaco <gmonaco@redhat.com>
Link: https://lore.kernel.org/20250116144931.649593-3-tglozar@redhat.com
Fixes: 1eeb6328e8b3 ("rtla/timerlat: Add timerlat hist mode")
Signed-off-by: Tomas Glozar <tglozar@redhat.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/tracing/rtla/src/timerlat_hist.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/tools/tracing/rtla/src/timerlat_hist.c
+++ b/tools/tracing/rtla/src/timerlat_hist.c
@@ -783,9 +783,12 @@ out_err:
}
static int stop_tracing;
+static struct trace_instance *hist_inst = NULL;
static void stop_hist(int sig)
{
stop_tracing = 1;
+ if (hist_inst)
+ trace_instance_stop(hist_inst);
}
/*
@@ -828,6 +831,12 @@ int timerlat_hist_main(int argc, char *a
}
trace = &tool->trace;
+ /*
+ * Save trace instance into global variable so that SIGINT can stop
+ * the timerlat tracer.
+ * Otherwise, rtla could loop indefinitely when overloaded.
+ */
+ hist_inst = trace;
retval = enable_timerlat(trace);
if (retval) {
@@ -894,7 +903,7 @@ int timerlat_hist_main(int argc, char *a
return_value = 0;
- if (trace_is_off(&tool->trace, &record->trace)) {
+ if (trace_is_off(&tool->trace, &record->trace) && !stop_tracing) {
printf("rtla timerlat hit stop tracing\n");
if (params->trace_output) {
printf(" Saving trace to %s\n", params->trace_output);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 442/578] rtla/timerlat_top: Stop timerlat tracer on signal
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (440 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 441/578] rtla/timerlat_hist: Stop timerlat tracer on signal Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 443/578] pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Greg Kroah-Hartman
` (144 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Kacur, Luis Goncalves,
Gabriele Monaco, Tomas Glozar, Steven Rostedt (Google)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomas Glozar <tglozar@redhat.com>
commit a4dfce7559d75430c464294ddee554be2a413c4a upstream.
Currently, when either SIGINT from the user or SIGALRM from the duration
timer is caught by rtla-timerlat, stop_tracing is set to break out of
the main loop. This is not sufficient for cases where the timerlat
tracer is producing more data than rtla can consume, since in that case,
rtla is looping indefinitely inside tracefs_iterate_raw_events, never
reaches the check of stop_tracing and hangs.
In addition to setting stop_tracing, also stop the timerlat tracer on
received signal (SIGINT or SIGALRM). This will stop new samples so that
the existing samples may be processed and tracefs_iterate_raw_events
eventually exits.
Cc: stable@vger.kernel.org
Cc: John Kacur <jkacur@redhat.com>
Cc: Luis Goncalves <lgoncalv@redhat.com>
Cc: Gabriele Monaco <gmonaco@redhat.com>
Link: https://lore.kernel.org/20250116144931.649593-4-tglozar@redhat.com
Fixes: a828cd18bc4a ("rtla: Add timerlat tool and timelart top mode")
Signed-off-by: Tomas Glozar <tglozar@redhat.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/tracing/rtla/src/timerlat_top.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/tools/tracing/rtla/src/timerlat_top.c
+++ b/tools/tracing/rtla/src/timerlat_top.c
@@ -575,9 +575,12 @@ out_err:
}
static int stop_tracing;
+static struct trace_instance *top_inst = NULL;
static void stop_top(int sig)
{
stop_tracing = 1;
+ if (top_inst)
+ trace_instance_stop(top_inst);
}
/*
@@ -620,6 +623,13 @@ int timerlat_top_main(int argc, char *ar
}
trace = &top->trace;
+ /*
+ * Save trace instance into global variable so that SIGINT can stop
+ * the timerlat tracer.
+ * Otherwise, rtla could loop indefinitely when overloaded.
+ */
+ top_inst = trace;
+
retval = enable_timerlat(trace);
if (retval) {
@@ -690,7 +700,7 @@ int timerlat_top_main(int argc, char *ar
return_value = 0;
- if (trace_is_off(&top->trace, &record->trace)) {
+ if (trace_is_off(&top->trace, &record->trace) && !stop_tracing) {
printf("rtla timerlat hit stop tracing\n");
if (params->trace_output) {
printf(" Saving trace to %s\n", params->trace_output);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 443/578] pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (441 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 442/578] rtla/timerlat_top: " Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 444/578] ptp: Ensure info->enable callback is always set Greg Kroah-Hartman
` (143 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Javier Carrasco, Krzysztof Kozlowski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
commit 459915f55509f4bfd6076daa1428e28490ddee3b upstream.
Commit 50ebd19e3585 ("pinctrl: samsung: drop pin banks references on
error paths") fixed the pin bank references on the error paths of the
probe function, but there is still an error path where this is not done.
If samsung_pinctrl_get_soc_data() does not fail, the child references
will have acquired, and they will need to be released in the error path
of platform_get_irq_optional(), as it is done in the following error
paths within the probe function.
Replace the direct return in the error path with a goto instruction to
the cleanup function.
Cc: stable@vger.kernel.org
Fixes: a382d568f144 ("pinctrl: samsung: Use platform_get_irq_optional() to get the interrupt")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Link: https://lore.kernel.org/r/20241106-samsung-pinctrl-put-v1-1-de854e26dd03@gmail.com
[krzysztof: change Fixes SHA to point to commit introducing the return
leading to OF node leak]
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/pinctrl/samsung/pinctrl-samsung.c
+++ b/drivers/pinctrl/samsung/pinctrl-samsung.c
@@ -1149,7 +1149,7 @@ static int samsung_pinctrl_probe(struct
ret = platform_get_irq_optional(pdev, 0);
if (ret < 0 && ret != -ENXIO)
- return ret;
+ goto err_put_banks;
if (ret > 0)
drvdata->irq = ret;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 444/578] ptp: Ensure info->enable callback is always set
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (442 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 443/578] pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 445/578] rtc: zynqmp: Fix optional clock name property Greg Kroah-Hartman
` (142 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Weißschuh,
Richard Cochran, Michal Swiatkowski, Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Weißschuh <linux@weissschuh.net>
commit fd53aa40e65f518453115b6f56183b0c201db26b upstream.
The ioctl and sysfs handlers unconditionally call the ->enable callback.
Not all drivers implement that callback, leading to NULL dereferences.
Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c.
Instead use a dummy callback if no better was specified by the driver.
Fixes: d94ba80ebbea ("ptp: Added a brand new class driver for ptp clocks.")
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Link: https://patch.msgid.link/20250123-ptp-enable-v1-1-b015834d3a47@weissschuh.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ptp/ptp_clock.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/ptp/ptp_clock.c
+++ b/drivers/ptp/ptp_clock.c
@@ -188,6 +188,11 @@ static int ptp_getcycles64(struct ptp_cl
return info->gettime64(info, ts);
}
+static int ptp_enable(struct ptp_clock_info *ptp, struct ptp_clock_request *request, int on)
+{
+ return -EOPNOTSUPP;
+}
+
static void ptp_aux_kworker(struct kthread_work *work)
{
struct ptp_clock *ptp = container_of(work, struct ptp_clock,
@@ -250,6 +255,9 @@ struct ptp_clock *ptp_clock_register(str
ptp->info->getcrosscycles = ptp->info->getcrosststamp;
}
+ if (!ptp->info->enable)
+ ptp->info->enable = ptp_enable;
+
if (ptp->info->do_aux_work) {
kthread_init_delayed_work(&ptp->aux_work, ptp_aux_kworker);
ptp->kworker = kthread_create_worker(0, "ptp%d", ptp->index);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 445/578] rtc: zynqmp: Fix optional clock name property
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (443 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 444/578] ptp: Ensure info->enable callback is always set Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 446/578] io_uring: fix multishots with selected buffers Greg Kroah-Hartman
` (141 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michal Simek, stable,
Peter Korsgaard, Alexandre Belloni
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Simek <michal.simek@amd.com>
commit 2a388ff22d2cbfc5cbd628ef085bdcd3b7dc64f5 upstream.
Clock description in DT binding introduced by commit f69060c14431
("dt-bindings: rtc: zynqmp: Add clock information") is talking about "rtc"
clock name but driver is checking "rtc_clk" name instead.
Because clock is optional property likely in was never handled properly by
the driver.
Fixes: 07dcc6f9c762 ("rtc: zynqmp: Add calibration set and get support")
Signed-off-by: Michal Simek <michal.simek@amd.com>
Cc: stable@kernel.org
Reviewed-by: Peter Korsgaard <peter@korsgaard.com>
Link: https://lore.kernel.org/r/cd5f0c9d01ec1f5a240e37a7e0d85b8dacb3a869.1732723280.git.michal.simek@amd.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rtc/rtc-zynqmp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/rtc/rtc-zynqmp.c b/drivers/rtc/rtc-zynqmp.c
index 625f708a7caf..f39102b66eac 100644
--- a/drivers/rtc/rtc-zynqmp.c
+++ b/drivers/rtc/rtc-zynqmp.c
@@ -318,8 +318,8 @@ static int xlnx_rtc_probe(struct platform_device *pdev)
return ret;
}
- /* Getting the rtc_clk info */
- xrtcdev->rtc_clk = devm_clk_get_optional(&pdev->dev, "rtc_clk");
+ /* Getting the rtc info */
+ xrtcdev->rtc_clk = devm_clk_get_optional(&pdev->dev, "rtc");
if (IS_ERR(xrtcdev->rtc_clk)) {
if (PTR_ERR(xrtcdev->rtc_clk) != -EPROBE_DEFER)
dev_warn(&pdev->dev, "Device clock not found.\n");
--
2.48.1
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 446/578] io_uring: fix multishots with selected buffers
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (444 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 445/578] rtc: zynqmp: Fix optional clock name property Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 447/578] io_uring: fix io_req_prep_async with provided buffers Greg Kroah-Hartman
` (140 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Muhammad Ramdhan,
Bing-Jhong Billy Jheng, Jacob Soo, Pavel Begunkov, Jens Axboe
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavel Begunkov <asml.silence@gmail.com>
[ upstream commit d63b0e8a628e62ca85a0f7915230186bb92f8bb4 ]
We do io_kbuf_recycle() when arming a poll but every iteration of a
multishot can grab more buffers, which is why we need to flush the kbuf
ring state before continuing with waiting.
Cc: stable@vger.kernel.org
Fixes: b3fdea6ecb55c ("io_uring: multishot recv")
Reported-by: Muhammad Ramdhan <ramdhan@starlabs.sg>
Reported-by: Bing-Jhong Billy Jheng <billy@starlabs.sg>
Reported-by: Jacob Soo <jacob.soo@starlabs.sg>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/1bfc9990fe435f1fc6152ca9efeba5eb3e68339c.1738025570.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/poll.c | 2 ++
1 file changed, 2 insertions(+)
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -307,6 +307,8 @@ static int io_poll_check_events(struct i
}
} else {
int ret = io_poll_issue(req, locked);
+ io_kbuf_recycle(req, 0);
+
if (ret == IOU_STOP_MULTISHOT)
return IOU_POLL_REMOVE_POLL_USE_RES;
if (ret < 0)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 447/578] io_uring: fix io_req_prep_async with provided buffers
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (445 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 446/578] io_uring: fix multishots with selected buffers Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 448/578] io_uring/rw: commit provided buffer state on async Greg Kroah-Hartman
` (139 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Muhammad Ramdhan,
Bing-Jhong Billy Jheng, Jacob Soo, Pavel Begunkov
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavel Begunkov <asml.silence@gmail.com>
io_req_prep_async() can import provided buffers, commit the ring state
by giving up on that before, it'll be reimported later if needed.
Reported-by: Muhammad Ramdhan <ramdhan@starlabs.sg>
Reported-by: Bing-Jhong Billy Jheng <billy@starlabs.sg>
Reported-by: Jacob Soo <jacob.soo@starlabs.sg>
Fixes: c7fb19428d67d ("io_uring: add support for ring mapped supplied buffers")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/io_uring.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -1624,6 +1624,7 @@ bool io_alloc_async_data(struct io_kiocb
int io_req_prep_async(struct io_kiocb *req)
{
const struct io_op_def *def = &io_op_defs[req->opcode];
+ int ret;
/* assign early for deferred execution for non-fixed file */
if (def->needs_file && !(req->flags & REQ_F_FIXED_FILE) && !req->file)
@@ -1636,7 +1637,9 @@ int io_req_prep_async(struct io_kiocb *r
if (io_alloc_async_data(req))
return -EAGAIN;
}
- return def->prep_async(req);
+ ret = def->prep_async(req);
+ io_kbuf_recycle(req, 0);
+ return ret;
}
static u32 io_get_sequence(struct io_kiocb *req)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 448/578] io_uring/rw: commit provided buffer state on async
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (446 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 447/578] io_uring: fix io_req_prep_async with provided buffers Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 449/578] MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Greg Kroah-Hartman
` (138 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Muhammad Ramdhan,
Bing-Jhong Billy Jheng, Jacob Soo, Pavel Begunkov
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavel Begunkov <asml.silence@gmail.com>
When we get -EIOCBQUEUED, we need to ensure that the buffer is consumed
from the provided buffer ring, which can be done with io_kbuf_recycle()
+ REQ_F_PARTIAL_IO.
Reported-by: Muhammad Ramdhan <ramdhan@starlabs.sg>
Reported-by: Bing-Jhong Billy Jheng <billy@starlabs.sg>
Reported-by: Jacob Soo <jacob.soo@starlabs.sg>
Fixes: c7fb19428d67d ("io_uring: add support for ring mapped supplied buffers")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/rw.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/io_uring/rw.c
+++ b/io_uring/rw.c
@@ -772,6 +772,8 @@ static int __io_read(struct io_kiocb *re
goto done;
ret = 0;
} else if (ret == -EIOCBQUEUED) {
+ req->flags |= REQ_F_PARTIAL_IO;
+ io_kbuf_recycle(req, issue_flags);
if (iovec)
kfree(iovec);
return IOU_ISSUE_SKIP_COMPLETE;
@@ -795,6 +797,9 @@ static int __io_read(struct io_kiocb *re
goto done;
}
+ req->flags |= REQ_F_PARTIAL_IO;
+ io_kbuf_recycle(req, issue_flags);
+
io = req->async_data;
s = &io->s;
/*
@@ -935,6 +940,11 @@ int io_write(struct io_kiocb *req, unsig
else
ret2 = -EINVAL;
+ if (ret2 == -EIOCBQUEUED) {
+ req->flags |= REQ_F_PARTIAL_IO;
+ io_kbuf_recycle(req, issue_flags);
+ }
+
if (req->flags & REQ_F_REISSUE) {
req->flags &= ~REQ_F_REISSUE;
ret2 = -EAGAIN;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 449/578] MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (447 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 448/578] io_uring/rw: commit provided buffer state on async Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 450/578] net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling Greg Kroah-Hartman
` (137 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, WangYuli, Masami Hiramatsu (Google),
Philippe Mathieu-Daudé, Thomas Bogendoerfer
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: WangYuli <wangyuli@uniontech.com>
commit ddd068d81445b17ac0bed084dfeb9e58b4df3ddd upstream.
Declare ftrace_get_parent_ra_addr() as static to suppress clang
compiler warning that 'no previous prototype'. This function is
not intended to be called from other parts.
Fix follow error with clang-19:
arch/mips/kernel/ftrace.c:251:15: error: no previous prototype for function 'ftrace_get_parent_ra_addr' [-Werror,-Wmissing-prototypes]
251 | unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long
| ^
arch/mips/kernel/ftrace.c:251:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
251 | unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long
| ^
| static
1 error generated.
Signed-off-by: WangYuli <wangyuli@uniontech.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kernel/ftrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/kernel/ftrace.c
+++ b/arch/mips/kernel/ftrace.c
@@ -248,7 +248,7 @@ int ftrace_disable_ftrace_graph_caller(v
#define S_R_SP (0xafb0 << 16) /* s{d,w} R, offset(sp) */
#define OFFSET_MASK 0xffff /* stack offset range: 0 ~ PT_SIZE */
-unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long
+static unsigned long ftrace_get_parent_ra_addr(unsigned long self_ra, unsigned long
old_parent_ra, unsigned long parent_ra_addr, unsigned long fp)
{
unsigned long sp, ip, tmp;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 450/578] net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (448 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 449/578] MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 451/578] gpio: xilinx: remove excess kernel doc Greg Kroah-Hartman
` (136 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Paul Fertser, David S. Miller
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Fertser <fercerpav@gmail.com>
commit 05d91cdb1f9108426b14975ef4eeddf15875ca05 upstream.
Copy of the rationale from 790071347a0a1a89e618eedcd51c687ea783aeb3:
Change ndo_set_mac_address to dev_set_mac_address because
dev_set_mac_address provides a way to notify network layer about MAC
change. In other case, services may not aware about MAC change and keep
using old one which set from network adapter driver.
As example, DHCP client from systemd do not update MAC address without
notification from net subsystem which leads to the problem with acquiring
the right address from DHCP server.
Since dev_set_mac_address requires RTNL lock the operation can not be
performed directly in the response handler, see
9e2bbab94b88295dcc57c7580393c9ee08d7314d.
The way of selecting the first suitable MAC address from the list is
changed, instead of having the driver check it this patch just assumes
any valid MAC should be good.
Fixes: b8291cf3d118 ("net/ncsi: Add NC-SI 1.2 Get MC MAC Address command")
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ncsi/ncsi-rsp.c | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
--- a/net/ncsi/ncsi-rsp.c
+++ b/net/ncsi/ncsi-rsp.c
@@ -1089,14 +1089,12 @@ static int ncsi_rsp_handler_netlink(stru
static int ncsi_rsp_handler_gmcma(struct ncsi_request *nr)
{
struct ncsi_dev_priv *ndp = nr->ndp;
+ struct sockaddr *saddr = &ndp->pending_mac;
struct net_device *ndev = ndp->ndev.dev;
struct ncsi_rsp_gmcma_pkt *rsp;
- struct sockaddr saddr;
- int ret = -1;
int i;
rsp = (struct ncsi_rsp_gmcma_pkt *)skb_network_header(nr->rsp);
- saddr.sa_family = ndev->type;
ndev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
netdev_info(ndev, "NCSI: Received %d provisioned MAC addresses\n",
@@ -1108,20 +1106,20 @@ static int ncsi_rsp_handler_gmcma(struct
rsp->addresses[i][4], rsp->addresses[i][5]);
}
+ saddr->sa_family = ndev->type;
for (i = 0; i < rsp->address_count; i++) {
- memcpy(saddr.sa_data, &rsp->addresses[i], ETH_ALEN);
- ret = ndev->netdev_ops->ndo_set_mac_address(ndev, &saddr);
- if (ret < 0) {
+ if (!is_valid_ether_addr(rsp->addresses[i])) {
netdev_warn(ndev, "NCSI: Unable to assign %pM to device\n",
- saddr.sa_data);
+ rsp->addresses[i]);
continue;
}
- netdev_warn(ndev, "NCSI: Set MAC address to %pM\n", saddr.sa_data);
+ memcpy(saddr->sa_data, rsp->addresses[i], ETH_ALEN);
+ netdev_warn(ndev, "NCSI: Will set MAC address to %pM\n", saddr->sa_data);
break;
}
- ndp->gma_flag = ret == 0;
- return ret;
+ ndp->gma_flag = 1;
+ return 0;
}
static struct ncsi_rsp_handler {
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 451/578] gpio: xilinx: remove excess kernel doc
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (449 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 450/578] net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 452/578] ocfs2: check dir i_size in ocfs2_find_entry Greg Kroah-Hartman
` (135 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot,
Bartosz Golaszewski, Michal Simek, Randy Dunlap
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
commit 4c7fcbf5077532b80bc233c83d56e09a6bfa16b0 upstream.
The irqchip field has been removed from struct xgpio_instance so remove
the doc as well.
Fixes: b4510f8fd5d0 ("gpio: xilinx: Convert to immutable irq_chip")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202312150239.IyuTVvrL-lkp@intel.com/
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Reviewed-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpio/gpio-xilinx.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/gpio/gpio-xilinx.c
+++ b/drivers/gpio/gpio-xilinx.c
@@ -52,7 +52,6 @@
* @dir: GPIO direction shadow register
* @gpio_lock: Lock used for synchronization
* @irq: IRQ used by GPIO device
- * @irqchip: IRQ chip
* @enable: GPIO IRQ enable/disable bitfield
* @rising_edge: GPIO IRQ rising edge enable/disable bitfield
* @falling_edge: GPIO IRQ falling edge enable/disable bitfield
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 452/578] ocfs2: check dir i_size in ocfs2_find_entry
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (450 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 451/578] gpio: xilinx: remove excess kernel doc Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 453/578] cachefiles: Fix NULL pointer dereference in object->file Greg Kroah-Hartman
` (134 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiacheng Xu,
syzbot+5a64828fcc4c2ad9b04f, Su Yue, Heming Zhao, Joseph Qi,
Mark Fasheh, Joel Becker, Junxiao Bi, Changwei Ge, Jun Piao,
Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Su Yue <glass.su@suse.com>
commit b0fce54b8c0d8e5f2b4c243c803c5996e73baee8 upstream.
syz reports an out of bounds read:
==================================================================
BUG: KASAN: slab-out-of-bounds in ocfs2_match fs/ocfs2/dir.c:334
[inline]
BUG: KASAN: slab-out-of-bounds in ocfs2_search_dirblock+0x283/0x6e0
fs/ocfs2/dir.c:367
Read of size 1 at addr ffff88804d8b9982 by task syz-executor.2/14802
CPU: 0 UID: 0 PID: 14802 Comm: syz-executor.2 Not tainted 6.13.0-rc4 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1
04/01/2014
Sched_ext: serialise (enabled+all), task: runnable_at=-10ms
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x229/0x350 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0x164/0x530 mm/kasan/report.c:489
kasan_report+0x147/0x180 mm/kasan/report.c:602
ocfs2_match fs/ocfs2/dir.c:334 [inline]
ocfs2_search_dirblock+0x283/0x6e0 fs/ocfs2/dir.c:367
ocfs2_find_entry_id fs/ocfs2/dir.c:414 [inline]
ocfs2_find_entry+0x1143/0x2db0 fs/ocfs2/dir.c:1078
ocfs2_find_files_on_disk+0x18e/0x530 fs/ocfs2/dir.c:1981
ocfs2_lookup_ino_from_name+0xb6/0x110 fs/ocfs2/dir.c:2003
ocfs2_lookup+0x30a/0xd40 fs/ocfs2/namei.c:122
lookup_open fs/namei.c:3627 [inline]
open_last_lookups fs/namei.c:3748 [inline]
path_openat+0x145a/0x3870 fs/namei.c:3984
do_filp_open+0xe9/0x1c0 fs/namei.c:4014
do_sys_openat2+0x135/0x1d0 fs/open.c:1402
do_sys_open fs/open.c:1417 [inline]
__do_sys_openat fs/open.c:1433 [inline]
__se_sys_openat fs/open.c:1428 [inline]
__x64_sys_openat+0x15d/0x1c0 fs/open.c:1428
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f01076903ad
Code: c3 e8 a7 2b 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89
f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f01084acfc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f01077cbf80 RCX: 00007f01076903ad
RDX: 0000000000105042 RSI: 0000000020000080 RDI: ffffffffffffff9c
RBP: 00007f01077cbf80 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000
R13: 00007f01077cbf80 R14: 00007f010764fc90 R15: 00007f010848d000
</TASK>
==================================================================
And a general protection fault in ocfs2_prepare_dir_for_insert:
==================================================================
loop0: detected capacity change from 0 to 32768
JBD2: Ignoring recovery information on journal
ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data
mode.
Oops: general protection fault, probably for non-canonical address
0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 UID: 0 PID: 5096 Comm: syz-executor792 Not tainted
6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:ocfs2_find_dir_space_id fs/ocfs2/dir.c:3406 [inline]
RIP: 0010:ocfs2_prepare_dir_for_insert+0x3309/0x5c70 fs/ocfs2/dir.c:4280
Code: 00 00 e8 2a 25 13 fe e9 ba 06 00 00 e8 20 25 13 fe e9 4f 01 00 00
e8 16 25 13 fe 49 8d 7f 08 49 8d 5f 09 48 89 f8 48 c1 e8 03 <42> 0f b6
04 20 84 c0 0f 85 bd 23 00 00 48 89 d8 48 c1 e8 03 42 0f
RSP: 0018:ffffc9000af9f020 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000009 RCX: ffff88801e27a440
RDX: 0000000000000000 RSI: 0000000000000400 RDI: 0000000000000008
RBP: ffffc9000af9f830 R08: ffffffff8380395b R09: ffffffff838090a7
R10: 0000000000000002 R11: ffff88801e27a440 R12: dffffc0000000000
R13: ffff88803c660878 R14: f700000000000088 R15: 0000000000000000
FS: 000055555a677380(0000) GS:ffff888020800000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000560bce569178 CR3: 000000001de5a000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ocfs2_mknod+0xcaf/0x2b40 fs/ocfs2/namei.c:292
vfs_mknod+0x36d/0x3b0 fs/namei.c:4088
do_mknodat+0x3ec/0x5b0
__do_sys_mknodat fs/namei.c:4166 [inline]
__se_sys_mknodat fs/namei.c:4163 [inline]
__x64_sys_mknodat+0xa7/0xc0 fs/namei.c:4163
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2dafda3a99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89
f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08
0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8
64 89 01 48
RSP: 002b:00007ffe336a6658 EFLAGS: 00000246 ORIG_RAX:
0000000000000103
RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007f2dafda3a99
RDX: 00000000000021c0 RSI: 0000000020000040 RDI:
00000000ffffff9c
RBP: 00007f2dafe1b5f0 R08: 0000000000004480 R09:
000055555a6784c0
R10: 0000000000000103 R11: 0000000000000246 R12:
00007ffe336a6680
R13: 00007ffe336a68a8 R14: 431bde82d7b634db R15:
00007f2dafdec03b
</TASK>
==================================================================
The two reports are all caused invalid negative i_size of dir inode. For
ocfs2, dir_inode can't be negative or zero.
Here add a check in which is called by ocfs2_check_dir_for_entry(). It
fixes the second report as ocfs2_check_dir_for_entry() must be called
before ocfs2_prepare_dir_for_insert(). Also set a up limit for dir with
OCFS2_INLINE_DATA_FL. The i_size can't be great than blocksize.
Link: https://lkml.kernel.org/r/20250106140640.92260-1-glass.su@suse.com
Reported-by: Jiacheng Xu <stitch@zju.edu.cn>
Link: https://lore.kernel.org/ocfs2-devel/17a04f01.1ae74.19436d003fc.Coremail.stitch@zju.edu.cn/T/#u
Reported-by: syzbot+5a64828fcc4c2ad9b04f@syzkaller.appspotmail.com
Link: https://lore.kernel.org/all/0000000000005894f3062018caf1@google.com/T/
Signed-off-by: Su Yue <glass.su@suse.com>
Reviewed-by: Heming Zhao <heming.zhao@suse.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/dir.c | 25 +++++++++++++++++++++----
1 file changed, 21 insertions(+), 4 deletions(-)
--- a/fs/ocfs2/dir.c
+++ b/fs/ocfs2/dir.c
@@ -1065,26 +1065,39 @@ int ocfs2_find_entry(const char *name, i
{
struct buffer_head *bh;
struct ocfs2_dir_entry *res_dir = NULL;
+ int ret = 0;
if (ocfs2_dir_indexed(dir))
return ocfs2_find_entry_dx(name, namelen, dir, lookup);
+ if (unlikely(i_size_read(dir) <= 0)) {
+ ret = -EFSCORRUPTED;
+ mlog_errno(ret);
+ goto out;
+ }
/*
* The unindexed dir code only uses part of the lookup
* structure, so there's no reason to push it down further
* than this.
*/
- if (OCFS2_I(dir)->ip_dyn_features & OCFS2_INLINE_DATA_FL)
+ if (OCFS2_I(dir)->ip_dyn_features & OCFS2_INLINE_DATA_FL) {
+ if (unlikely(i_size_read(dir) > dir->i_sb->s_blocksize)) {
+ ret = -EFSCORRUPTED;
+ mlog_errno(ret);
+ goto out;
+ }
bh = ocfs2_find_entry_id(name, namelen, dir, &res_dir);
- else
+ } else {
bh = ocfs2_find_entry_el(name, namelen, dir, &res_dir);
+ }
if (bh == NULL)
return -ENOENT;
lookup->dl_leaf_bh = bh;
lookup->dl_entry = res_dir;
- return 0;
+out:
+ return ret;
}
/*
@@ -2011,6 +2024,7 @@ int ocfs2_lookup_ino_from_name(struct in
*
* Return 0 if the name does not exist
* Return -EEXIST if the directory contains the name
+ * Return -EFSCORRUPTED if found corruption
*
* Callers should have i_rwsem + a cluster lock on dir
*/
@@ -2024,9 +2038,12 @@ int ocfs2_check_dir_for_entry(struct ino
trace_ocfs2_check_dir_for_entry(
(unsigned long long)OCFS2_I(dir)->ip_blkno, namelen, name);
- if (ocfs2_find_entry(name, namelen, dir, &lookup) == 0) {
+ ret = ocfs2_find_entry(name, namelen, dir, &lookup);
+ if (ret == 0) {
ret = -EEXIST;
mlog_errno(ret);
+ } else if (ret == -ENOENT) {
+ ret = 0;
}
ocfs2_free_dir_lookup_result(&lookup);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 453/578] cachefiles: Fix NULL pointer dereference in object->file
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (451 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 452/578] ocfs2: check dir i_size in ocfs2_find_entry Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 454/578] mptcp: pm: only set fullmesh for subflow endp Greg Kroah-Hartman
` (133 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zizhi Wo, David Howells,
Christian Brauner, Bin Lan
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zizhi Wo <wozizhi@huawei.com>
commit 31ad74b20227ce6b40910ff78b1c604e42975cf1 upstream.
At present, the object->file has the NULL pointer dereference problem in
ondemand-mode. The root cause is that the allocated fd and object->file
lifetime are inconsistent, and the user-space invocation to anon_fd uses
object->file. Following is the process that triggers the issue:
[write fd] [umount]
cachefiles_ondemand_fd_write_iter
fscache_cookie_state_machine
cachefiles_withdraw_cookie
if (!file) return -ENOBUFS
cachefiles_clean_up_object
cachefiles_unmark_inode_in_use
fput(object->file)
object->file = NULL
// file NULL pointer dereference!
__cachefiles_write(..., file, ...)
Fix this issue by add an additional reference count to the object->file
before write/llseek, and decrement after it finished.
Fixes: c8383054506c ("cachefiles: notify the user daemon when looking up cookie")
Signed-off-by: Zizhi Wo <wozizhi@huawei.com>
Link: https://lore.kernel.org/r/20241107110649.3980193-5-wozizhi@huawei.com
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Bin Lan <lanbincn@qq.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cachefiles/interface.c | 14 ++++++++++----
fs/cachefiles/ondemand.c | 30 ++++++++++++++++++++++++------
2 files changed, 34 insertions(+), 10 deletions(-)
--- a/fs/cachefiles/interface.c
+++ b/fs/cachefiles/interface.c
@@ -327,6 +327,8 @@ static void cachefiles_commit_object(str
static void cachefiles_clean_up_object(struct cachefiles_object *object,
struct cachefiles_cache *cache)
{
+ struct file *file;
+
if (test_bit(FSCACHE_COOKIE_RETIRED, &object->cookie->flags)) {
if (!test_bit(CACHEFILES_OBJECT_USING_TMPFILE, &object->flags)) {
cachefiles_see_object(object, cachefiles_obj_see_clean_delete);
@@ -342,10 +344,14 @@ static void cachefiles_clean_up_object(s
}
cachefiles_unmark_inode_in_use(object, object->file);
- if (object->file) {
- fput(object->file);
- object->file = NULL;
- }
+
+ spin_lock(&object->lock);
+ file = object->file;
+ object->file = NULL;
+ spin_unlock(&object->lock);
+
+ if (file)
+ fput(file);
}
/*
--- a/fs/cachefiles/ondemand.c
+++ b/fs/cachefiles/ondemand.c
@@ -61,20 +61,26 @@ static ssize_t cachefiles_ondemand_fd_wr
{
struct cachefiles_object *object = kiocb->ki_filp->private_data;
struct cachefiles_cache *cache = object->volume->cache;
- struct file *file = object->file;
+ struct file *file;
size_t len = iter->count;
loff_t pos = kiocb->ki_pos;
const struct cred *saved_cred;
int ret;
- if (!file)
+ spin_lock(&object->lock);
+ file = object->file;
+ if (!file) {
+ spin_unlock(&object->lock);
return -ENOBUFS;
+ }
+ get_file(file);
+ spin_unlock(&object->lock);
cachefiles_begin_secure(cache, &saved_cred);
ret = __cachefiles_prepare_write(object, file, &pos, &len, true);
cachefiles_end_secure(cache, saved_cred);
if (ret < 0)
- return ret;
+ goto out;
trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len);
ret = __cachefiles_write(object, file, pos, iter, NULL, NULL);
@@ -83,6 +89,8 @@ static ssize_t cachefiles_ondemand_fd_wr
kiocb->ki_pos += ret;
}
+out:
+ fput(file);
return ret;
}
@@ -90,12 +98,22 @@ static loff_t cachefiles_ondemand_fd_lls
int whence)
{
struct cachefiles_object *object = filp->private_data;
- struct file *file = object->file;
+ struct file *file;
+ loff_t ret;
- if (!file)
+ spin_lock(&object->lock);
+ file = object->file;
+ if (!file) {
+ spin_unlock(&object->lock);
return -ENOBUFS;
+ }
+ get_file(file);
+ spin_unlock(&object->lock);
- return vfs_llseek(file, pos, whence);
+ ret = vfs_llseek(file, pos, whence);
+ fput(file);
+
+ return ret;
}
static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 454/578] mptcp: pm: only set fullmesh for subflow endp
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (452 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 453/578] cachefiles: Fix NULL pointer dereference in object->file Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 455/578] mptcp: prevent excessive coalescing on receive Greg Kroah-Hartman
` (132 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+cd16e79c1e45f3fe0377,
Mat Martineau, Matthieu Baerts (NGI0), Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
commit 1bb0d1348546ad059f55c93def34e67cb2a034a6 upstream.
With the in-kernel path-manager, it is possible to change the 'fullmesh'
flag. The code in mptcp_pm_nl_fullmesh() expects to change it only on
'subflow' endpoints, to recreate more or less subflows using the linked
address.
Unfortunately, the set_flags() hook was a bit more permissive, and
allowed 'implicit' endpoints to get the 'fullmesh' flag while it is not
allowed before.
That's what syzbot found, triggering the following warning:
WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]
WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]
WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]
WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064
Modules linked in:
CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0
Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]
RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]
RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]
RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064
Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 <0f> 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48
RSP: 0018:ffffc9000d307240 EFLAGS: 00010293
RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e
R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0
R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d
FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]
netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347
netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:726
____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583
___sys_sendmsg net/socket.c:2637 [inline]
__sys_sendmsg+0x269/0x350 net/socket.c:2669
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5fe8785d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29
RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007
RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 00000000000011f4
</TASK>
Here, syzbot managed to set the 'fullmesh' flag on an 'implicit' and
used -- according to 'id_avail_bitmap' -- endpoint, causing the PM to
try decrement the local_addr_used counter which is only incremented for
the 'subflow' endpoint.
Note that 'no type' endpoints -- not 'subflow', 'signal', 'implicit' --
are fine, because their ID will not be marked as used in the 'id_avail'
bitmap, and setting 'fullmesh' can help forcing the creation of subflow
when receiving an ADD_ADDR.
Fixes: 73c762c1f07d ("mptcp: set fullmesh flag in pm_netlink")
Cc: stable@vger.kernel.org
Reported-by: syzbot+cd16e79c1e45f3fe0377@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/6786ac51.050a0220.216c54.00a6.GAE@google.com
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/540
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20250123-net-mptcp-syzbot-issues-v1-2-af73258a726f@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
[ Conflicts in pm_netlink.c, because the code has been moved around in
commit 6a42477fe449 ("mptcp: update set_flags interfaces"), but the
same fix can still be applied at the original place. ]
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mptcp/pm_netlink.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -2086,7 +2086,8 @@ static int mptcp_nl_cmd_set_flags(struct
return -EINVAL;
}
if ((addr.flags & MPTCP_PM_ADDR_FLAG_FULLMESH) &&
- (entry->flags & MPTCP_PM_ADDR_FLAG_SIGNAL)) {
+ (entry->flags & (MPTCP_PM_ADDR_FLAG_SIGNAL |
+ MPTCP_PM_ADDR_FLAG_IMPLICIT))) {
spin_unlock_bh(&pernet->lock);
return -EINVAL;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 455/578] mptcp: prevent excessive coalescing on receive
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (453 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 454/578] mptcp: pm: only set fullmesh for subflow endp Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 456/578] tty: xilinx_uartps: split sysrq handling Greg Kroah-Hartman
` (131 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paolo Abeni, Mat Martineau,
Matthieu Baerts (NGI0), Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Abeni <pabeni@redhat.com>
commit 56b824eb49d6258aa0bad09a406ceac3f643cdae upstream.
Currently the skb size after coalescing is only limited by the skb
layout (the skb must not carry frag_list). A single coalesced skb
covering several MSS can potentially fill completely the receive
buffer. In such a case, the snd win will zero until the receive buffer
will be empty again, affecting tput badly.
Fixes: 8268ed4c9d19 ("mptcp: introduce and use mptcp_try_coalesce()")
Cc: stable@vger.kernel.org # please delay 2 weeks after 6.13-final release
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20241230-net-mptcp-rbuf-fixes-v1-3-8608af434ceb@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mptcp/protocol.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -149,6 +149,7 @@ static bool mptcp_try_coalesce(struct so
int delta;
if (MPTCP_SKB_CB(from)->offset ||
+ ((to->len + from->len) > (sk->sk_rcvbuf >> 3)) ||
!skb_try_coalesce(to, from, &fragstolen, &delta))
return false;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 456/578] tty: xilinx_uartps: split sysrq handling
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (454 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 455/578] mptcp: prevent excessive coalescing on receive Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 457/578] maple_tree: fix static analyser cppcheck issue Greg Kroah-Hartman
` (130 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sean Anderson, John Ogness
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Anderson <sean.anderson@linux.dev>
commit b06f388994500297bb91be60ffaf6825ecfd2afe upstream.
lockdep detects the following circular locking dependency:
CPU 0 CPU 1
========================== ============================
cdns_uart_isr() printk()
uart_port_lock(port) console_lock()
cdns_uart_console_write()
if (!port->sysrq)
uart_port_lock(port)
uart_handle_break()
port->sysrq = ...
uart_handle_sysrq_char()
printk()
console_lock()
The fixed commit attempts to avoid this situation by only taking the
port lock in cdns_uart_console_write if port->sysrq unset. However, if
(as shown above) cdns_uart_console_write runs before port->sysrq is set,
then it will try to take the port lock anyway. This may result in a
deadlock.
Fix this by splitting sysrq handling into two parts. We use the prepare
helper under the port lock and defer handling until we release the lock.
Fixes: 74ea66d4ca06 ("tty: xuartps: Improve sysrq handling")
Signed-off-by: Sean Anderson <sean.anderson@linux.dev>
Cc: stable@vger.kernel.org # c980248179d: serial: xilinx_uartps: Use port lock wrappers
Acked-by: John Ogness <john.ogness@linutronix.de>
Link: https://lore.kernel.org/r/20250110213822.2107462-1-sean.anderson@linux.dev
Signed-off-by: Sean Anderson <sean.anderson@linux.dev>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/xilinx_uartps.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
--- a/drivers/tty/serial/xilinx_uartps.c
+++ b/drivers/tty/serial/xilinx_uartps.c
@@ -268,7 +268,7 @@ static void cdns_uart_handle_rx(void *de
continue;
}
- if (uart_handle_sysrq_char(port, data))
+ if (uart_prepare_sysrq_char(port, data))
continue;
if (is_rxbs_support) {
@@ -371,7 +371,7 @@ static irqreturn_t cdns_uart_isr(int irq
!(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS))
cdns_uart_handle_rx(dev_id, isrstatus);
- spin_unlock(&port->lock);
+ uart_unlock_and_check_sysrq(port);
return IRQ_HANDLED;
}
@@ -1231,10 +1231,8 @@ static void cdns_uart_console_write(stru
unsigned int imr, ctrl;
int locked = 1;
- if (port->sysrq)
- locked = 0;
- else if (oops_in_progress)
- locked = spin_trylock_irqsave(&port->lock, flags);
+ if (oops_in_progress)
+ locked = uart_port_trylock_irqsave(port, &flags);
else
spin_lock_irqsave(&port->lock, flags);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 457/578] maple_tree: fix static analyser cppcheck issue
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (455 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 456/578] tty: xilinx_uartps: split sysrq handling Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 458/578] maple_tree: simplify split calculation Greg Kroah-Hartman
` (129 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liam R. Howlett, David Binderman,
Peng Zhang, Sergey Senozhatsky, Vernon Yang, Wei Yang,
Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liam R. Howlett <Liam.Howlett@oracle.com>
commit 5729e06c819184b7ba40869c1ad53e1a463040b2 upstream.
Patch series "Maple tree mas_{next,prev}_range() and cleanup", v4.
This patchset contains a number of clean ups to the code to make it more
usable (next/prev range), the addition of debug output formatting, the
addition of printing the maple state information in the WARN_ON/BUG_ON
code.
There is also work done here to keep nodes active during iterations to
reduce the necessity of re-walking the tree.
Finally, there is a new interface added to move to the next or previous
range in the tree, even if it is empty.
The organisation of the patches is as follows:
0001-0004 - Small clean ups
0005-0018 - Additional debug options and WARN_ON/BUG_ON changes
0019 - Test module __init and __exit addition
0020-0021 - More functional clean ups
0022-0026 - Changes to keep nodes active
0027-0034 - Add new mas_{prev,next}_range()
0035 - Use new mas_{prev,next}_range() in mmap_region()
This patch (of 35):
Static analyser of the maple tree code noticed that the split variable is
being used to dereference into an array prior to checking the variable
itself. Fix this issue by changing the order of the statement to check
the variable first.
Link: https://lkml.kernel.org/r/20230518145544.1722059-1-Liam.Howlett@oracle.com
Link: https://lkml.kernel.org/r/20230518145544.1722059-2-Liam.Howlett@oracle.com
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Reported-by: David Binderman <dcb314@hotmail.com>
Reviewed-by: Peng Zhang<zhangpeng.00@bytedance.com>
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: Vernon Yang <vernon2gm@gmail.com>
Cc: Wei Yang <richard.weiyang@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/maple_tree.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -1935,8 +1935,9 @@ static inline int mab_calc_split(struct
* causes one node to be deficient.
* NOTE: mt_min_slots is 1 based, b_end and split are zero.
*/
- while (((bn->pivot[split] - min) < slot_count - 1) &&
- (split < slot_count - 1) && (b_end - split > slot_min))
+ while ((split < slot_count - 1) &&
+ ((bn->pivot[split] - min) < slot_count - 1) &&
+ (b_end - split > slot_min))
split++;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 458/578] maple_tree: simplify split calculation
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (456 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 457/578] maple_tree: fix static analyser cppcheck issue Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 459/578] pps: Fix a use-after-free Greg Kroah-Hartman
` (128 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Yang, Liam R. Howlett,
Sidhartha Kumar, Lorenzo Stoakes, Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wei Yang <richard.weiyang@gmail.com>
commit 4f6a6bed0bfef4b966f076f33eb4f5547226056a upstream.
Patch series "simplify split calculation", v3.
This patch (of 3):
The current calculation for splitting nodes tries to enforce a minimum
span on the leaf nodes. This code is complex and never worked correctly
to begin with, due to the min value being passed as 0 for all leaves.
The calculation should just split the data as equally as possible
between the new nodes. Note that b_end will be one more than the data,
so the left side is still favoured in the calculation.
The current code may also lead to a deficient node by not leaving enough
data for the right side of the split. This issue is also addressed with
the split calculation change.
[Liam.Howlett@Oracle.com: rephrase the change log]
Link: https://lkml.kernel.org/r/20241113031616.10530-1-richard.weiyang@gmail.com
Link: https://lkml.kernel.org/r/20241113031616.10530-2-richard.weiyang@gmail.com
Fixes: 54a611b60590 ("Maple Tree: add new data structure")
Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
Cc: Sidhartha Kumar <sidhartha.kumar@oracle.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/maple_tree.c | 23 ++++++-----------------
1 file changed, 6 insertions(+), 17 deletions(-)
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -1890,11 +1890,11 @@ static inline int mab_no_null_split(stru
* Return: The first split location. The middle split is set in @mid_split.
*/
static inline int mab_calc_split(struct ma_state *mas,
- struct maple_big_node *bn, unsigned char *mid_split, unsigned long min)
+ struct maple_big_node *bn, unsigned char *mid_split)
{
unsigned char b_end = bn->b_end;
int split = b_end / 2; /* Assume equal split. */
- unsigned char slot_min, slot_count = mt_slots[bn->type];
+ unsigned char slot_count = mt_slots[bn->type];
/*
* To support gap tracking, all NULL entries are kept together and a node cannot
@@ -1927,18 +1927,7 @@ static inline int mab_calc_split(struct
split = b_end / 3;
*mid_split = split * 2;
} else {
- slot_min = mt_min_slots[bn->type];
-
*mid_split = 0;
- /*
- * Avoid having a range less than the slot count unless it
- * causes one node to be deficient.
- * NOTE: mt_min_slots is 1 based, b_end and split are zero.
- */
- while ((split < slot_count - 1) &&
- ((bn->pivot[split] - min) < slot_count - 1) &&
- (b_end - split > slot_min))
- split++;
}
/* Avoid ending a node on a NULL entry */
@@ -2664,7 +2653,7 @@ static inline struct maple_enode
static inline unsigned char mas_mab_to_node(struct ma_state *mas,
struct maple_big_node *b_node, struct maple_enode **left,
struct maple_enode **right, struct maple_enode **middle,
- unsigned char *mid_split, unsigned long min)
+ unsigned char *mid_split)
{
unsigned char split = 0;
unsigned char slot_count = mt_slots[b_node->type];
@@ -2677,7 +2666,7 @@ static inline unsigned char mas_mab_to_n
if (b_node->b_end < slot_count) {
split = b_node->b_end;
} else {
- split = mab_calc_split(mas, b_node, mid_split, min);
+ split = mab_calc_split(mas, b_node, mid_split);
*right = mas_new_ma_node(mas, b_node);
}
@@ -3076,7 +3065,7 @@ static int mas_spanning_rebalance(struct
mast->bn->b_end--;
mast->bn->type = mte_node_type(mast->orig_l->node);
split = mas_mab_to_node(mas, mast->bn, &left, &right, &middle,
- &mid_split, mast->orig_l->min);
+ &mid_split);
mast_set_split_parents(mast, left, middle, right, split,
mid_split);
mast_cp_to_nodes(mast, left, middle, right, split, mid_split);
@@ -3591,7 +3580,7 @@ static int mas_split(struct ma_state *ma
if (mas_push_data(mas, height, &mast, false))
break;
- split = mab_calc_split(mas, b_node, &mid_split, prev_l_mas.min);
+ split = mab_calc_split(mas, b_node, &mid_split);
mast_split_data(&mast, mas, split);
/*
* Usually correct, mab_mas_cp in the above call overwrites
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 459/578] pps: Fix a use-after-free
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (457 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 458/578] maple_tree: simplify split calculation Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 460/578] Revert "btrfs: avoid monopolizing a core when activating a swap file" Greg Kroah-Hartman
` (127 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Calvin Owens, Michal Schmidt
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Calvin Owens <calvin@wbinvd.org>
commit c79a39dc8d060b9e64e8b0fa9d245d44befeefbe upstream.
On a board running ntpd and gpsd, I'm seeing a consistent use-after-free
in sys_exit() from gpsd when rebooting:
pps pps1: removed
------------[ cut here ]------------
kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called.
WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150
CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1
Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kobject_put+0x120/0x150
lr : kobject_put+0x120/0x150
sp : ffffffc0803d3ae0
x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001
x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440
x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600
x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20
x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
kobject_put+0x120/0x150
cdev_put+0x20/0x3c
__fput+0x2c4/0x2d8
____fput+0x1c/0x38
task_work_run+0x70/0xfc
do_exit+0x2a0/0x924
do_group_exit+0x34/0x90
get_signal+0x7fc/0x8c0
do_signal+0x128/0x13b4
do_notify_resume+0xdc/0x160
el0_svc+0xd4/0xf8
el0t_64_sync_handler+0x140/0x14c
el0t_64_sync+0x190/0x194
---[ end trace 0000000000000000 ]---
...followed by more symptoms of corruption, with similar stacks:
refcount_t: underflow; use-after-free.
kernel BUG at lib/list_debug.c:62!
Kernel panic - not syncing: Oops - BUG: Fatal exception
This happens because pps_device_destruct() frees the pps_device with the
embedded cdev immediately after calling cdev_del(), but, as the comment
above cdev_del() notes, fops for previously opened cdevs are still
callable even after cdev_del() returns. I think this bug has always
been there: I can't explain why it suddenly started happening every time
I reboot this particular board.
In commit d953e0e837e6 ("pps: Fix a use-after free bug when
unregistering a source."), George Spelvin suggested removing the
embedded cdev. That seems like the simplest way to fix this, so I've
implemented his suggestion, using __register_chrdev() with pps_idr
becoming the source of truth for which minor corresponds to which
device.
But now that pps_idr defines userspace visibility instead of cdev_add(),
we need to be sure the pps->dev refcount can't reach zero while
userspace can still find it again. So, the idr_remove() call moves to
pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev.
pps_core: source serial1 got cdev (251:1)
<...>
pps pps1: removed
pps_core: unregistering pps1
pps_core: deallocating pps1
Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.")
Cc: stable@vger.kernel.org
Signed-off-by: Calvin Owens <calvin@wbinvd.org>
Reviewed-by: Michal Schmidt <mschmidt@redhat.com>
Link: https://lore.kernel.org/r/a17975fd5ae99385791929e563f72564edbcf28f.1731383727.git.calvin@wbinvd.org
Signed-off-by: Calvin Owens <calvin@wbinvd.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pps/clients/pps-gpio.c | 4 -
drivers/pps/clients/pps-ktimer.c | 4 -
drivers/pps/clients/pps-ldisc.c | 6 -
drivers/pps/clients/pps_parport.c | 4 -
drivers/pps/kapi.c | 10 +-
drivers/pps/kc.c | 10 +-
drivers/pps/pps.c | 127 +++++++++++++++++++-------------------
drivers/ptp/ptp_ocp.c | 2
include/linux/pps_kernel.h | 3
9 files changed, 87 insertions(+), 83 deletions(-)
--- a/drivers/pps/clients/pps-gpio.c
+++ b/drivers/pps/clients/pps-gpio.c
@@ -214,8 +214,8 @@ static int pps_gpio_probe(struct platfor
return -EINVAL;
}
- dev_info(data->pps->dev, "Registered IRQ %d as PPS source\n",
- data->irq);
+ dev_dbg(&data->pps->dev, "Registered IRQ %d as PPS source\n",
+ data->irq);
return 0;
}
--- a/drivers/pps/clients/pps-ktimer.c
+++ b/drivers/pps/clients/pps-ktimer.c
@@ -56,7 +56,7 @@ static struct pps_source_info pps_ktimer
static void __exit pps_ktimer_exit(void)
{
- dev_info(pps->dev, "ktimer PPS source unregistered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source unregistered\n");
del_timer_sync(&ktimer);
pps_unregister_source(pps);
@@ -74,7 +74,7 @@ static int __init pps_ktimer_init(void)
timer_setup(&ktimer, pps_ktimer_event, 0);
mod_timer(&ktimer, jiffies + HZ);
- dev_info(pps->dev, "ktimer PPS source registered\n");
+ dev_dbg(&pps->dev, "ktimer PPS source registered\n");
return 0;
}
--- a/drivers/pps/clients/pps-ldisc.c
+++ b/drivers/pps/clients/pps-ldisc.c
@@ -32,7 +32,7 @@ static void pps_tty_dcd_change(struct tt
pps_event(pps, &ts, active ? PPS_CAPTUREASSERT :
PPS_CAPTURECLEAR, NULL);
- dev_dbg(pps->dev, "PPS %s at %lu\n",
+ dev_dbg(&pps->dev, "PPS %s at %lu\n",
active ? "assert" : "clear", jiffies);
}
@@ -69,7 +69,7 @@ static int pps_tty_open(struct tty_struc
goto err_unregister;
}
- dev_info(pps->dev, "source \"%s\" added\n", info.path);
+ dev_dbg(&pps->dev, "source \"%s\" added\n", info.path);
return 0;
@@ -89,7 +89,7 @@ static void pps_tty_close(struct tty_str
if (WARN_ON(!pps))
return;
- dev_info(pps->dev, "removed\n");
+ dev_info(&pps->dev, "removed\n");
pps_unregister_source(pps);
}
--- a/drivers/pps/clients/pps_parport.c
+++ b/drivers/pps/clients/pps_parport.c
@@ -81,7 +81,7 @@ static void parport_irq(void *handle)
/* check the signal (no signal means the pulse is lost this time) */
if (!signal_is_set(port)) {
local_irq_restore(flags);
- dev_err(dev->pps->dev, "lost the signal\n");
+ dev_err(&dev->pps->dev, "lost the signal\n");
goto out_assert;
}
@@ -98,7 +98,7 @@ static void parport_irq(void *handle)
/* timeout */
dev->cw_err++;
if (dev->cw_err >= CLEAR_WAIT_MAX_ERRORS) {
- dev_err(dev->pps->dev, "disabled clear edge capture after %d"
+ dev_err(&dev->pps->dev, "disabled clear edge capture after %d"
" timeouts\n", dev->cw_err);
dev->cw = 0;
dev->cw_err = 0;
--- a/drivers/pps/kapi.c
+++ b/drivers/pps/kapi.c
@@ -41,7 +41,7 @@ static void pps_add_offset(struct pps_kt
static void pps_echo_client_default(struct pps_device *pps, int event,
void *data)
{
- dev_info(pps->dev, "echo %s %s\n",
+ dev_info(&pps->dev, "echo %s %s\n",
event & PPS_CAPTUREASSERT ? "assert" : "",
event & PPS_CAPTURECLEAR ? "clear" : "");
}
@@ -112,7 +112,7 @@ struct pps_device *pps_register_source(s
goto kfree_pps;
}
- dev_info(pps->dev, "new PPS source %s\n", info->name);
+ dev_dbg(&pps->dev, "new PPS source %s\n", info->name);
return pps;
@@ -166,7 +166,7 @@ void pps_event(struct pps_device *pps, s
/* check event type */
BUG_ON((event & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR)) == 0);
- dev_dbg(pps->dev, "PPS event at %lld.%09ld\n",
+ dev_dbg(&pps->dev, "PPS event at %lld.%09ld\n",
(s64)ts->ts_real.tv_sec, ts->ts_real.tv_nsec);
timespec_to_pps_ktime(&ts_real, ts->ts_real);
@@ -188,7 +188,7 @@ void pps_event(struct pps_device *pps, s
/* Save the time stamp */
pps->assert_tu = ts_real;
pps->assert_sequence++;
- dev_dbg(pps->dev, "capture assert seq #%u\n",
+ dev_dbg(&pps->dev, "capture assert seq #%u\n",
pps->assert_sequence);
captured = ~0;
@@ -202,7 +202,7 @@ void pps_event(struct pps_device *pps, s
/* Save the time stamp */
pps->clear_tu = ts_real;
pps->clear_sequence++;
- dev_dbg(pps->dev, "capture clear seq #%u\n",
+ dev_dbg(&pps->dev, "capture clear seq #%u\n",
pps->clear_sequence);
captured = ~0;
--- a/drivers/pps/kc.c
+++ b/drivers/pps/kc.c
@@ -43,11 +43,11 @@ int pps_kc_bind(struct pps_device *pps,
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel"
+ dev_info(&pps->dev, "unbound kernel"
" consumer\n");
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "selected kernel consumer"
+ dev_err(&pps->dev, "selected kernel consumer"
" is not bound\n");
return -EINVAL;
}
@@ -57,11 +57,11 @@ int pps_kc_bind(struct pps_device *pps,
pps_kc_hardpps_mode = bind_args->edge;
pps_kc_hardpps_dev = pps;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "bound kernel consumer: "
+ dev_info(&pps->dev, "bound kernel consumer: "
"edge=0x%x\n", bind_args->edge);
} else {
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_err(pps->dev, "another kernel consumer"
+ dev_err(&pps->dev, "another kernel consumer"
" is already bound\n");
return -EINVAL;
}
@@ -83,7 +83,7 @@ void pps_kc_remove(struct pps_device *pp
pps_kc_hardpps_mode = 0;
pps_kc_hardpps_dev = NULL;
spin_unlock_irq(&pps_kc_hardpps_lock);
- dev_info(pps->dev, "unbound kernel consumer"
+ dev_info(&pps->dev, "unbound kernel consumer"
" on device removal\n");
} else
spin_unlock_irq(&pps_kc_hardpps_lock);
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -25,7 +25,7 @@
* Local variables
*/
-static dev_t pps_devt;
+static int pps_major;
static struct class *pps_class;
static DEFINE_MUTEX(pps_idr_lock);
@@ -62,7 +62,7 @@ static int pps_cdev_pps_fetch(struct pps
else {
unsigned long ticks;
- dev_dbg(pps->dev, "timeout %lld.%09d\n",
+ dev_dbg(&pps->dev, "timeout %lld.%09d\n",
(long long) fdata->timeout.sec,
fdata->timeout.nsec);
ticks = fdata->timeout.sec * HZ;
@@ -80,7 +80,7 @@ static int pps_cdev_pps_fetch(struct pps
/* Check for pending signals */
if (err == -ERESTARTSYS) {
- dev_dbg(pps->dev, "pending signal caught\n");
+ dev_dbg(&pps->dev, "pending signal caught\n");
return -EINTR;
}
@@ -98,7 +98,7 @@ static long pps_cdev_ioctl(struct file *
switch (cmd) {
case PPS_GETPARAMS:
- dev_dbg(pps->dev, "PPS_GETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_GETPARAMS\n");
spin_lock_irq(&pps->lock);
@@ -114,7 +114,7 @@ static long pps_cdev_ioctl(struct file *
break;
case PPS_SETPARAMS:
- dev_dbg(pps->dev, "PPS_SETPARAMS\n");
+ dev_dbg(&pps->dev, "PPS_SETPARAMS\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -124,14 +124,14 @@ static long pps_cdev_ioctl(struct file *
if (err)
return -EFAULT;
if (!(params.mode & (PPS_CAPTUREASSERT | PPS_CAPTURECLEAR))) {
- dev_dbg(pps->dev, "capture mode unspecified (%x)\n",
+ dev_dbg(&pps->dev, "capture mode unspecified (%x)\n",
params.mode);
return -EINVAL;
}
/* Check for supported capabilities */
if ((params.mode & ~pps->info.mode) != 0) {
- dev_dbg(pps->dev, "unsupported capabilities (%x)\n",
+ dev_dbg(&pps->dev, "unsupported capabilities (%x)\n",
params.mode);
return -EINVAL;
}
@@ -144,7 +144,7 @@ static long pps_cdev_ioctl(struct file *
/* Restore the read only parameters */
if ((params.mode & (PPS_TSFMT_TSPEC | PPS_TSFMT_NTPFP)) == 0) {
/* section 3.3 of RFC 2783 interpreted */
- dev_dbg(pps->dev, "time format unspecified (%x)\n",
+ dev_dbg(&pps->dev, "time format unspecified (%x)\n",
params.mode);
pps->params.mode |= PPS_TSFMT_TSPEC;
}
@@ -165,7 +165,7 @@ static long pps_cdev_ioctl(struct file *
break;
case PPS_GETCAP:
- dev_dbg(pps->dev, "PPS_GETCAP\n");
+ dev_dbg(&pps->dev, "PPS_GETCAP\n");
err = put_user(pps->info.mode, iuarg);
if (err)
@@ -176,7 +176,7 @@ static long pps_cdev_ioctl(struct file *
case PPS_FETCH: {
struct pps_fdata fdata;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&fdata, uarg, sizeof(struct pps_fdata));
if (err)
@@ -206,7 +206,7 @@ static long pps_cdev_ioctl(struct file *
case PPS_KC_BIND: {
struct pps_bind_args bind_args;
- dev_dbg(pps->dev, "PPS_KC_BIND\n");
+ dev_dbg(&pps->dev, "PPS_KC_BIND\n");
/* Check the capabilities */
if (!capable(CAP_SYS_TIME))
@@ -218,7 +218,7 @@ static long pps_cdev_ioctl(struct file *
/* Check for supported capabilities */
if ((bind_args.edge & ~pps->info.mode) != 0) {
- dev_err(pps->dev, "unsupported capabilities (%x)\n",
+ dev_err(&pps->dev, "unsupported capabilities (%x)\n",
bind_args.edge);
return -EINVAL;
}
@@ -227,7 +227,7 @@ static long pps_cdev_ioctl(struct file *
if (bind_args.tsformat != PPS_TSFMT_TSPEC ||
(bind_args.edge & ~PPS_CAPTUREBOTH) != 0 ||
bind_args.consumer != PPS_KC_HARDPPS) {
- dev_err(pps->dev, "invalid kernel consumer bind"
+ dev_err(&pps->dev, "invalid kernel consumer bind"
" parameters (%x)\n", bind_args.edge);
return -EINVAL;
}
@@ -259,7 +259,7 @@ static long pps_cdev_compat_ioctl(struct
struct pps_fdata fdata;
int err;
- dev_dbg(pps->dev, "PPS_FETCH\n");
+ dev_dbg(&pps->dev, "PPS_FETCH\n");
err = copy_from_user(&compat, uarg, sizeof(struct pps_fdata_compat));
if (err)
@@ -296,20 +296,36 @@ static long pps_cdev_compat_ioctl(struct
#define pps_cdev_compat_ioctl NULL
#endif
+static struct pps_device *pps_idr_get(unsigned long id)
+{
+ struct pps_device *pps;
+
+ mutex_lock(&pps_idr_lock);
+ pps = idr_find(&pps_idr, id);
+ if (pps)
+ get_device(&pps->dev);
+
+ mutex_unlock(&pps_idr_lock);
+ return pps;
+}
+
static int pps_cdev_open(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
+ struct pps_device *pps = pps_idr_get(iminor(inode));
+
+ if (!pps)
+ return -ENODEV;
+
file->private_data = pps;
- kobject_get(&pps->dev->kobj);
return 0;
}
static int pps_cdev_release(struct inode *inode, struct file *file)
{
- struct pps_device *pps = container_of(inode->i_cdev,
- struct pps_device, cdev);
- kobject_put(&pps->dev->kobj);
+ struct pps_device *pps = file->private_data;
+
+ WARN_ON(pps->id != iminor(inode));
+ put_device(&pps->dev);
return 0;
}
@@ -332,22 +348,13 @@ static void pps_device_destruct(struct d
{
struct pps_device *pps = dev_get_drvdata(dev);
- cdev_del(&pps->cdev);
-
- /* Now we can release the ID for re-use */
pr_debug("deallocating pps%d\n", pps->id);
- mutex_lock(&pps_idr_lock);
- idr_remove(&pps_idr, pps->id);
- mutex_unlock(&pps_idr_lock);
-
- kfree(dev);
kfree(pps);
}
int pps_register_cdev(struct pps_device *pps)
{
int err;
- dev_t devt;
mutex_lock(&pps_idr_lock);
/*
@@ -364,40 +371,29 @@ int pps_register_cdev(struct pps_device
goto out_unlock;
}
pps->id = err;
- mutex_unlock(&pps_idr_lock);
-
- devt = MKDEV(MAJOR(pps_devt), pps->id);
-
- cdev_init(&pps->cdev, &pps_cdev_fops);
- pps->cdev.owner = pps->info.owner;
- err = cdev_add(&pps->cdev, devt, 1);
- if (err) {
- pr_err("%s: failed to add char device %d:%d\n",
- pps->info.name, MAJOR(pps_devt), pps->id);
+ pps->dev.class = pps_class;
+ pps->dev.parent = pps->info.dev;
+ pps->dev.devt = MKDEV(pps_major, pps->id);
+ dev_set_drvdata(&pps->dev, pps);
+ dev_set_name(&pps->dev, "pps%d", pps->id);
+ err = device_register(&pps->dev);
+ if (err)
goto free_idr;
- }
- pps->dev = device_create(pps_class, pps->info.dev, devt, pps,
- "pps%d", pps->id);
- if (IS_ERR(pps->dev)) {
- err = PTR_ERR(pps->dev);
- goto del_cdev;
- }
/* Override the release function with our own */
- pps->dev->release = pps_device_destruct;
+ pps->dev.release = pps_device_destruct;
- pr_debug("source %s got cdev (%d:%d)\n", pps->info.name,
- MAJOR(pps_devt), pps->id);
+ pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major,
+ pps->id);
+ get_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
return 0;
-del_cdev:
- cdev_del(&pps->cdev);
-
free_idr:
- mutex_lock(&pps_idr_lock);
idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
out_unlock:
mutex_unlock(&pps_idr_lock);
return err;
@@ -407,7 +403,13 @@ void pps_unregister_cdev(struct pps_devi
{
pr_debug("unregistering pps%d\n", pps->id);
pps->lookup_cookie = NULL;
- device_destroy(pps_class, pps->dev->devt);
+ device_destroy(pps_class, pps->dev.devt);
+
+ /* Now we can release the ID for re-use */
+ mutex_lock(&pps_idr_lock);
+ idr_remove(&pps_idr, pps->id);
+ put_device(&pps->dev);
+ mutex_unlock(&pps_idr_lock);
}
/*
@@ -427,6 +429,11 @@ void pps_unregister_cdev(struct pps_devi
* so that it will not be used again, even if the pps device cannot
* be removed from the idr due to pending references holding the minor
* number in use.
+ *
+ * Since pps_idr holds a reference to the device, the returned
+ * pps_device is guaranteed to be valid until pps_unregister_cdev() is
+ * called on it. But after calling pps_unregister_cdev(), it may be
+ * freed at any time.
*/
struct pps_device *pps_lookup_dev(void const *cookie)
{
@@ -449,13 +456,11 @@ EXPORT_SYMBOL(pps_lookup_dev);
static void __exit pps_exit(void)
{
class_destroy(pps_class);
- unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES);
+ __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps");
}
static int __init pps_init(void)
{
- int err;
-
pps_class = class_create(THIS_MODULE, "pps");
if (IS_ERR(pps_class)) {
pr_err("failed to allocate class\n");
@@ -463,8 +468,9 @@ static int __init pps_init(void)
}
pps_class->dev_groups = pps_groups;
- err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps");
- if (err < 0) {
+ pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps",
+ &pps_cdev_fops);
+ if (pps_major < 0) {
pr_err("failed to allocate char device region\n");
goto remove_class;
}
@@ -477,8 +483,7 @@ static int __init pps_init(void)
remove_class:
class_destroy(pps_class);
-
- return err;
+ return pps_major;
}
subsys_initcall(pps_init);
--- a/drivers/ptp/ptp_ocp.c
+++ b/drivers/ptp/ptp_ocp.c
@@ -3589,7 +3589,7 @@ ptp_ocp_complete(struct ptp_ocp *bp)
pps = pps_lookup_dev(bp->ptp);
if (pps)
- ptp_ocp_symlink(bp, pps->dev, "pps");
+ ptp_ocp_symlink(bp, &pps->dev, "pps");
ptp_ocp_debugfs_add_device(bp);
--- a/include/linux/pps_kernel.h
+++ b/include/linux/pps_kernel.h
@@ -56,8 +56,7 @@ struct pps_device {
unsigned int id; /* PPS source unique ID */
void const *lookup_cookie; /* For pps_lookup_dev() only */
- struct cdev cdev;
- struct device *dev;
+ struct device dev;
struct fasync_struct *async_queue; /* fasync method */
spinlock_t lock;
};
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 460/578] Revert "btrfs: avoid monopolizing a core when activating a swap file"
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (458 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 459/578] pps: Fix a use-after-free Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 461/578] btrfs: avoid monopolizing a core when activating a swap file Greg Kroah-Hartman
` (126 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Koichiro Den
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Koichiro Den <koichiro.den@canonical.com>
This reverts commit bb8e287f596b62fac18ed84cc03a9f1752f6b3b8.
The backport for linux-6.1.y, commit bb8e287f596b ("btrfs: avoid
monopolizing a core when activating a swap file"), inserted
cond_resched() in the wrong location.
Revert it now; a subsequent commit will re-backport the original patch.
Fixes: bb8e287f596b ("btrfs: avoid monopolizing a core when activating a swap file") # linux-6.1.y
Signed-off-by: Koichiro Den <koichiro.den@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 2 --
1 file changed, 2 deletions(-)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7387,8 +7387,6 @@ noinline int can_nocow_extent(struct ino
ret = -EAGAIN;
goto out;
}
-
- cond_resched();
}
if (orig_start)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 461/578] btrfs: avoid monopolizing a core when activating a swap file
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (459 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 460/578] Revert "btrfs: avoid monopolizing a core when activating a swap file" Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 462/578] nfsd: clear acl_access/acl_default after releasing them Greg Kroah-Hartman
` (125 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Qu Wenruo, Filipe Manana,
David Sterba, Koichiro Den
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 2c8507c63f5498d4ee4af404a8e44ceae4345056 upstream.
This commit re-attempts the backport of the change to the linux-6.1.y
branch. Commit bb8e287f596b ("btrfs: avoid monopolizing a core when
activating a swap file") on this branch was reverted.
During swap activation we iterate over the extents of a file and we can
have many thousands of them, so we can end up in a busy loop monopolizing
a core. Avoid this by doing a voluntary reschedule after processing each
extent.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Koichiro Den <koichiro.den@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -11368,6 +11368,8 @@ static int btrfs_swap_activate(struct sw
}
start += len;
+
+ cond_resched();
}
if (bsi.block_len)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 462/578] nfsd: clear acl_access/acl_default after releasing them
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (460 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 461/578] btrfs: avoid monopolizing a core when activating a swap file Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 463/578] NFSD: fix hang in nfsd4_shutdown_callback Greg Kroah-Hartman
` (124 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Lingfeng, Rick Macklem,
Jeff Layton, Chuck Lever
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Lingfeng <lilingfeng3@huawei.com>
commit 7faf14a7b0366f153284db0ad3347c457ea70136 upstream.
If getting acl_default fails, acl_access and acl_default will be released
simultaneously. However, acl_access will still retain a pointer pointing
to the released posix_acl, which will trigger a WARNING in
nfs3svc_release_getacl like this:
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 26 PID: 3199 at lib/refcount.c:28
refcount_warn_saturate+0xb5/0x170
Modules linked in:
CPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted
6.12.0-rc6-00079-g04ae226af01f-dirty #8
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.16.1-2.fc37 04/01/2014
RIP: 0010:refcount_warn_saturate+0xb5/0x170
Code: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75
e4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff <0f> 0b eb
cd 0f b6 1d 8a3
RSP: 0018:ffffc90008637cd8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde
RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380
RBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56
R10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001
R13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0
FS: 0000000000000000(0000) GS:ffff88871ed00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? refcount_warn_saturate+0xb5/0x170
? __warn+0xa5/0x140
? refcount_warn_saturate+0xb5/0x170
? report_bug+0x1b1/0x1e0
? handle_bug+0x53/0xa0
? exc_invalid_op+0x17/0x40
? asm_exc_invalid_op+0x1a/0x20
? tick_nohz_tick_stopped+0x1e/0x40
? refcount_warn_saturate+0xb5/0x170
? refcount_warn_saturate+0xb5/0x170
nfs3svc_release_getacl+0xc9/0xe0
svc_process_common+0x5db/0xb60
? __pfx_svc_process_common+0x10/0x10
? __rcu_read_unlock+0x69/0xa0
? __pfx_nfsd_dispatch+0x10/0x10
? svc_xprt_received+0xa1/0x120
? xdr_init_decode+0x11d/0x190
svc_process+0x2a7/0x330
svc_handle_xprt+0x69d/0x940
svc_recv+0x180/0x2d0
nfsd+0x168/0x200
? __pfx_nfsd+0x10/0x10
kthread+0x1a2/0x1e0
? kthread+0xf4/0x1e0
? __pfx_kthread+0x10/0x10
ret_from_fork+0x34/0x60
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1a/0x30
</TASK>
Kernel panic - not syncing: kernel: panic_on_warn set ...
Clear acl_access/acl_default after posix_acl_release is called to prevent
UAF from being triggered.
Fixes: a257cdd0e217 ("[PATCH] NFSD: Add server support for NFSv3 ACLs.")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/20241107014705.2509463-1-lilingfeng@huaweicloud.com/
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
Reviewed-by: Rick Macklem <rmacklem@uoguelph.ca>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs2acl.c | 2 ++
fs/nfsd/nfs3acl.c | 2 ++
2 files changed, 4 insertions(+)
--- a/fs/nfsd/nfs2acl.c
+++ b/fs/nfsd/nfs2acl.c
@@ -84,6 +84,8 @@ out:
fail:
posix_acl_release(resp->acl_access);
posix_acl_release(resp->acl_default);
+ resp->acl_access = NULL;
+ resp->acl_default = NULL;
goto out;
}
--- a/fs/nfsd/nfs3acl.c
+++ b/fs/nfsd/nfs3acl.c
@@ -76,6 +76,8 @@ out:
fail:
posix_acl_release(resp->acl_access);
posix_acl_release(resp->acl_default);
+ resp->acl_access = NULL;
+ resp->acl_default = NULL;
goto out;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 463/578] NFSD: fix hang in nfsd4_shutdown_callback
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (461 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 462/578] nfsd: clear acl_access/acl_default after releasing them Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 464/578] pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware Greg Kroah-Hartman
` (123 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dai Ngo, Jeff Layton, Chuck Lever
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dai Ngo <dai.ngo@oracle.com>
commit 036ac2778f7b28885814c6fbc07e156ad1624d03 upstream.
If nfs4_client is in courtesy state then there is no point to send
the callback. This causes nfsd4_shutdown_callback to hang since
cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP
notifies NFSD that the connection was dropped.
This patch modifies nfsd4_run_cb_work to skip the RPC call if
nfs4_client is in courtesy state.
Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
Fixes: 66af25799940 ("NFSD: add courteous server support for thread with only delegation")
Cc: stable@vger.kernel.org
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4callback.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -1410,8 +1410,11 @@ nfsd4_run_cb_work(struct work_struct *wo
nfsd4_process_cb_update(cb);
clnt = clp->cl_cb_client;
- if (!clnt) {
- /* Callback channel broken, or client killed; give up: */
+ if (!clnt || clp->cl_state == NFSD4_COURTESY) {
+ /*
+ * Callback channel broken, client killed or
+ * nfs4_client in courtesy state; give up.
+ */
nfsd41_destroy_cb(cb);
return;
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 464/578] pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (462 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 463/578] NFSD: fix hang in nfsd4_shutdown_callback Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 465/578] HID: multitouch: Add NULL check in mt_input_configured Greg Kroah-Hartman
` (122 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Linus Walleij,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 1ddee69108d305bbc059cbf31c0b47626796be77 ]
Some of the platforms may connect the INT pin via inversion logic
effectively make the triggering to be active-low.
Remove explicit trigger flag to respect the settings from firmware.
Without this change even idling chip produces spurious interrupts
and kernel disables the line in the result:
irq 33: nobody cared (try booting with the "irqpoll" option)
CPU: 0 UID: 0 PID: 125 Comm: irq/33-i2c-INT3 Not tainted 6.12.0-00236-g8b874ed11dae #64
Hardware name: Intel Corp. QUARK/Galileo, BIOS 0x01000900 01/01/2014
...
handlers:
[<86e86bea>] irq_default_primary_handler threaded [<d153e44a>] cy8c95x0_irq_handler [pinctrl_cy8c95x0]
Disabling IRQ #33
Fixes: e6cbbe42944d ("pinctrl: Add Cypress cy8c95x0 support")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/20250117142304.596106-2-andriy.shevchenko@linux.intel.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/pinctrl-cy8c95x0.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pinctrl/pinctrl-cy8c95x0.c b/drivers/pinctrl/pinctrl-cy8c95x0.c
index 5abab6bc763ae..f7c8ae9808133 100644
--- a/drivers/pinctrl/pinctrl-cy8c95x0.c
+++ b/drivers/pinctrl/pinctrl-cy8c95x0.c
@@ -1234,7 +1234,7 @@ static int cy8c95x0_irq_setup(struct cy8c95x0_pinctrl *chip, int irq)
ret = devm_request_threaded_irq(chip->dev, irq,
NULL, cy8c95x0_irq_handler,
- IRQF_ONESHOT | IRQF_SHARED | IRQF_TRIGGER_HIGH,
+ IRQF_ONESHOT | IRQF_SHARED,
dev_name(chip->dev), chip);
if (ret) {
dev_err(chip->dev, "failed to request irq %d\n", irq);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 465/578] HID: multitouch: Add NULL check in mt_input_configured
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (463 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 464/578] pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 466/578] HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Greg Kroah-Hartman
` (121 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Charles Han, Jiri Kosina,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Charles Han <hanchunchao@inspur.com>
[ Upstream commit 9b8e2220d3a052a690b1d1b23019673e612494c5 ]
devm_kasprintf() can return a NULL pointer on failure,but this
returned value in mt_input_configured() is not checked.
Add NULL check in mt_input_configured(), to handle kernel NULL
pointer dereference error.
Fixes: 479439463529 ("HID: multitouch: Correct devm device reference for hidinput input_dev name")
Signed-off-by: Charles Han <hanchunchao@inspur.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-multitouch.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
index 5ad871a7d1a44..6386043aab0bb 100644
--- a/drivers/hid/hid-multitouch.c
+++ b/drivers/hid/hid-multitouch.c
@@ -1668,9 +1668,12 @@ static int mt_input_configured(struct hid_device *hdev, struct hid_input *hi)
break;
}
- if (suffix)
+ if (suffix) {
hi->input->name = devm_kasprintf(&hdev->dev, GFP_KERNEL,
"%s %s", hdev->name, suffix);
+ if (!hi->input->name)
+ return -ENOMEM;
+ }
return 0;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 466/578] HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (464 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 465/578] HID: multitouch: Add NULL check in mt_input_configured Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 467/578] ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Greg Kroah-Hartman
` (120 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+9c9179ac46169c56c1ad,
Túlio Fernandes, Jiri Kosina, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tulio Fernandes <tuliomf09@gmail.com>
[ Upstream commit 0b43d98ff29be3144e86294486b1373b5df74c0e ]
Syzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from
hid-thrustmaster driver. This array is passed to usb_check_int_endpoints
function from usb.c core driver, which executes a for loop that iterates
over the elements of the passed array. Not finding a null element at the end of
the array, it tries to read the next, non-existent element, crashing the kernel.
To fix this, a 0 element was added at the end of the array to break the for
loop.
[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad
Reported-by: syzbot+9c9179ac46169c56c1ad@syzkaller.appspotmail.com
Fixes: 50420d7c79c3 ("HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check")
Signed-off-by: Túlio Fernandes <tuliomf09@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-thrustmaster.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-thrustmaster.c b/drivers/hid/hid-thrustmaster.c
index 6c3e758bbb09e..3b81468a1df29 100644
--- a/drivers/hid/hid-thrustmaster.c
+++ b/drivers/hid/hid-thrustmaster.c
@@ -171,7 +171,7 @@ static void thrustmaster_interrupts(struct hid_device *hdev)
b_ep = ep->desc.bEndpointAddress;
/* Are the expected endpoints present? */
- u8 ep_addr[1] = {b_ep};
+ u8 ep_addr[2] = {b_ep, 0};
if (!usb_check_int_endpoints(usbif, ep_addr)) {
hid_err(hdev, "Unexpected non-int endpoint\n");
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 467/578] ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (465 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 466/578] HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 468/578] ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Greg Kroah-Hartman
` (119 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+33841dc6aa3e1d86b78a,
Murad Masimov, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Murad Masimov <m.masimov@mt-integration.ru>
[ Upstream commit bca0902e61731a75fc4860c8720168d9f1bae3b6 ]
If an AX25 device is bound to a socket by setting the SO_BINDTODEVICE
socket option, a refcount leak will occur in ax25_release().
Commit 9fd75b66b8f6 ("ax25: Fix refcount leaks caused by ax25_cb_del()")
added decrement of device refcounts in ax25_release(). In order for that
to work correctly the refcounts must already be incremented when the
device is bound to the socket. An AX25 device can be bound to a socket
by either calling ax25_bind() or setting SO_BINDTODEVICE socket option.
In both cases the refcounts should be incremented, but in fact it is done
only in ax25_bind().
This bug leads to the following issue reported by Syzkaller:
================================================================
refcount_t: decrement hit 0; leaking memory.
WARNING: CPU: 1 PID: 5932 at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31
Modules linked in:
CPU: 1 UID: 0 PID: 5932 Comm: syz-executor424 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31
Call Trace:
<TASK>
__refcount_dec include/linux/refcount.h:336 [inline]
refcount_dec include/linux/refcount.h:351 [inline]
ref_tracker_free+0x710/0x820 lib/ref_tracker.c:236
netdev_tracker_free include/linux/netdevice.h:4156 [inline]
netdev_put include/linux/netdevice.h:4173 [inline]
netdev_put include/linux/netdevice.h:4169 [inline]
ax25_release+0x33f/0xa10 net/ax25/af_ax25.c:1069
__sock_release+0xb0/0x270 net/socket.c:640
sock_close+0x1c/0x30 net/socket.c:1408
...
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
...
</TASK>
================================================================
Fix the implementation of ax25_setsockopt() by adding increment of
refcounts for the new device bound, and decrement of refcounts for
the old unbound device.
Fixes: 9fd75b66b8f6 ("ax25: Fix refcount leaks caused by ax25_cb_del()")
Reported-by: syzbot+33841dc6aa3e1d86b78a@syzkaller.appspotmail.com
Signed-off-by: Murad Masimov <m.masimov@mt-integration.ru>
Link: https://patch.msgid.link/20250203091203.1744-1-m.masimov@mt-integration.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ax25/af_ax25.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 4b96dedcc3c9c..862e03493b7ed 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -685,6 +685,15 @@ static int ax25_setsockopt(struct socket *sock, int level, int optname,
break;
}
+ if (ax25->ax25_dev) {
+ if (dev == ax25->ax25_dev->dev) {
+ rcu_read_unlock();
+ break;
+ }
+ netdev_put(ax25->ax25_dev->dev, &ax25->dev_tracker);
+ ax25_dev_put(ax25->ax25_dev);
+ }
+
ax25->ax25_dev = ax25_dev_ax25dev(dev);
if (!ax25->ax25_dev) {
rcu_read_unlock();
@@ -692,6 +701,8 @@ static int ax25_setsockopt(struct socket *sock, int level, int optname,
break;
}
ax25_fillin_cb(ax25, ax25->ax25_dev);
+ netdev_hold(dev, &ax25->dev_tracker, GFP_ATOMIC);
+ ax25_dev_hold(ax25->ax25_dev);
rcu_read_unlock();
break;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 468/578] ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (466 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 467/578] ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 469/578] vrf: use RCU protection in l3mdev_l3_out() Greg Kroah-Hartman
` (118 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Stephen Suryaputra,
David Ahern, Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 48145a57d4bbe3496e8e4880b23ea6b511e6e519 ]
ndisc_send_redirect() is called under RCU protection, not RTNL.
It must use dev_get_by_index_rcu() instead of __dev_get_by_index()
Fixes: 2f17becfbea5 ("vrf: check the original netdevice for generating redirect")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Stephen Suryaputra <ssuryaextr@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250207135841.1948589-2-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/ndisc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 44d3e6ab0c7d4..6df3f4aadf641 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1684,7 +1684,7 @@ void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
bool ret;
if (netif_is_l3_master(skb->dev)) {
- dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
+ dev = dev_get_by_index_rcu(dev_net(skb->dev), IPCB(skb)->iif);
if (!dev)
return;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 469/578] vrf: use RCU protection in l3mdev_l3_out()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (467 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 468/578] ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 470/578] vxlan: check vxlan_vnigroup_init() return value Greg Kroah-Hartman
` (117 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David Ahern,
Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 6d0ce46a93135d96b7fa075a94a88fe0da8e8773 ]
l3mdev_l3_out() can be called without RCU being held:
raw_sendmsg()
ip_push_pending_frames()
ip_send_skb()
ip_local_out()
__ip_local_out()
l3mdev_ip_out()
Add rcu_read_lock() / rcu_read_unlock() pair to avoid
a potential UAF.
Fixes: a8e3e1a9f020 ("net: l3mdev: Add hook to output path")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250207135841.1948589-7-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/l3mdev.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/net/l3mdev.h b/include/net/l3mdev.h
index 031c661aa14df..bdfa9d414360c 100644
--- a/include/net/l3mdev.h
+++ b/include/net/l3mdev.h
@@ -198,10 +198,12 @@ struct sk_buff *l3mdev_l3_out(struct sock *sk, struct sk_buff *skb, u16 proto)
if (netif_is_l3_slave(dev)) {
struct net_device *master;
+ rcu_read_lock();
master = netdev_master_upper_dev_get_rcu(dev);
if (master && master->l3mdev_ops->l3mdev_l3_out)
skb = master->l3mdev_ops->l3mdev_l3_out(master, sk,
skb, proto);
+ rcu_read_unlock();
}
return skb;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 470/578] vxlan: check vxlan_vnigroup_init() return value
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (468 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 469/578] vrf: use RCU protection in l3mdev_l3_out() Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 471/578] team: better TEAM_OPTION_TYPE_STRING validation Greg Kroah-Hartman
` (116 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+6a9624592218c2c5e7aa,
Eric Dumazet, Roopa Prabhu, Ido Schimmel, Jakub Kicinski,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 5805402dcc56241987bca674a1b4da79a249bab7 ]
vxlan_init() must check vxlan_vnigroup_init() success
otherwise a crash happens later, spotted by syzbot.
Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]
CPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912
Code: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00
RSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb
RDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18
RBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000
R13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000
FS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942
unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824
unregister_netdevice_many net/core/dev.c:11866 [inline]
unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736
register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901
__vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981
vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407
rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]
__rtnl_newlink net/core/rtnetlink.c:3906 [inline]
Fixes: f9c4bb0b245c ("vxlan: vni filtering support on collect metadata device")
Reported-by: syzbot+6a9624592218c2c5e7aa@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/67a9d9b4.050a0220.110943.002d.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Roopa Prabhu <roopa@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Link: https://patch.msgid.link/20250210105242.883482-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/vxlan/vxlan_core.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c
index 155d335c80a7e..50be5a3c47795 100644
--- a/drivers/net/vxlan/vxlan_core.c
+++ b/drivers/net/vxlan/vxlan_core.c
@@ -2982,8 +2982,11 @@ static int vxlan_init(struct net_device *dev)
struct vxlan_dev *vxlan = netdev_priv(dev);
int err;
- if (vxlan->cfg.flags & VXLAN_F_VNIFILTER)
- vxlan_vnigroup_init(vxlan);
+ if (vxlan->cfg.flags & VXLAN_F_VNIFILTER) {
+ err = vxlan_vnigroup_init(vxlan);
+ if (err)
+ return err;
+ }
dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
if (!dev->tstats) {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 471/578] team: better TEAM_OPTION_TYPE_STRING validation
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (469 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 470/578] vxlan: check vxlan_vnigroup_init() return value Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 472/578] arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Greg Kroah-Hartman
` (115 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+1fcd957a82e3a1baa94d,
Eric Dumazet, Jiri Pirko, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 5bef3ac184b5626ea62385d6b82a1992b89d7940 ]
syzbot reported following splat [1]
Make sure user-provided data contains one nul byte.
[1]
BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline]
BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714
string_nocheck lib/vsprintf.c:633 [inline]
string+0x3ec/0x5f0 lib/vsprintf.c:714
vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843
__request_module+0x252/0x9f0 kernel/module/kmod.c:149
team_mode_get drivers/net/team/team_core.c:480 [inline]
team_change_mode drivers/net/team/team_core.c:607 [inline]
team_mode_option_set+0x437/0x970 drivers/net/team/team_core.c:1401
team_option_set drivers/net/team/team_core.c:375 [inline]
team_nl_options_set_doit+0x1339/0x1f90 drivers/net/team/team_core.c:2662
genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2543
genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1348
netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1892
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:733
____sys_sendmsg+0x877/0xb60 net/socket.c:2573
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2627
__sys_sendmsg net/socket.c:2659 [inline]
__do_sys_sendmsg net/socket.c:2664 [inline]
__se_sys_sendmsg net/socket.c:2662 [inline]
__x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2662
x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Fixes: 3d249d4ca7d0 ("net: introduce ethernet teaming device")
Reported-by: syzbot+1fcd957a82e3a1baa94d@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=1fcd957a82e3a1baa94d
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Link: https://patch.msgid.link/20250212134928.1541609-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/team/team.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
index b23aa3c8bdf8e..c2327fa10747c 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
@@ -2670,7 +2670,9 @@ static int team_nl_cmd_options_set(struct sk_buff *skb, struct genl_info *info)
ctx.data.u32_val = nla_get_u32(attr_data);
break;
case TEAM_OPTION_TYPE_STRING:
- if (nla_len(attr_data) > TEAM_STRING_MAX_LEN) {
+ if (nla_len(attr_data) > TEAM_STRING_MAX_LEN ||
+ !memchr(nla_data(attr_data), '\0',
+ nla_len(attr_data))) {
err = -EINVAL;
goto team_put;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 472/578] arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (470 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 471/578] team: better TEAM_OPTION_TYPE_STRING validation Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 473/578] cgroup: Remove steal time from usage_usec Greg Kroah-Hartman
` (114 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Radu Rendec, Will Deacon,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Radu Rendec <rrendec@redhat.com>
[ Upstream commit 875d742cf5327c93cba1f11e12b08d3cce7a88d2 ]
The loop that detects/populates cache information already has a bounds
check on the array size but does not account for cache levels with
separate data/instructions cache. Fix this by incrementing the index
for any populated leaf (instead of any populated level).
Fixes: 5d425c186537 ("arm64: kernel: add support for cpu cache information")
Signed-off-by: Radu Rendec <rrendec@redhat.com>
Link: https://lore.kernel.org/r/20250206174420.2178724-1-rrendec@redhat.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/cacheinfo.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/arch/arm64/kernel/cacheinfo.c b/arch/arm64/kernel/cacheinfo.c
index 97c42be71338a..1510f457b6154 100644
--- a/arch/arm64/kernel/cacheinfo.c
+++ b/arch/arm64/kernel/cacheinfo.c
@@ -87,16 +87,18 @@ int populate_cache_leaves(unsigned int cpu)
unsigned int level, idx;
enum cache_type type;
struct cpu_cacheinfo *this_cpu_ci = get_cpu_cacheinfo(cpu);
- struct cacheinfo *this_leaf = this_cpu_ci->info_list;
+ struct cacheinfo *infos = this_cpu_ci->info_list;
for (idx = 0, level = 1; level <= this_cpu_ci->num_levels &&
- idx < this_cpu_ci->num_leaves; idx++, level++) {
+ idx < this_cpu_ci->num_leaves; level++) {
type = get_cache_type(level);
if (type == CACHE_TYPE_SEPARATE) {
- ci_leaf_init(this_leaf++, CACHE_TYPE_DATA, level);
- ci_leaf_init(this_leaf++, CACHE_TYPE_INST, level);
+ if (idx + 1 >= this_cpu_ci->num_leaves)
+ break;
+ ci_leaf_init(&infos[idx++], CACHE_TYPE_DATA, level);
+ ci_leaf_init(&infos[idx++], CACHE_TYPE_INST, level);
} else {
- ci_leaf_init(this_leaf++, type, level);
+ ci_leaf_init(&infos[idx++], type, level);
}
}
return 0;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 473/578] cgroup: Remove steal time from usage_usec
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (471 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 472/578] arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 474/578] drm/i915/selftests: avoid using uninitialized context Greg Kroah-Hartman
` (113 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Axel Busch, Michal Koutný,
Muhammad Adeel, Tejun Heo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Muhammad Adeel <Muhammad.Adeel@ibm.com>
[ Upstream commit db5fd3cf8bf41b84b577b8ad5234ea95f327c9be ]
The CPU usage time is the time when user, system or both are using the CPU.
Steal time is the time when CPU is waiting to be run by the Hypervisor. It
should not be added to the CPU usage time, hence removing it from the
usage_usec entry.
Fixes: 936f2a70f2077 ("cgroup: add cpu.stat file to root cgroup")
Acked-by: Axel Busch <axel.busch@ibm.com>
Acked-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Muhammad Adeel <muhammad.adeel@ibm.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/cgroup/rstat.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/kernel/cgroup/rstat.c b/kernel/cgroup/rstat.c
index 7006fc8dd6774..0ae90c15cad85 100644
--- a/kernel/cgroup/rstat.c
+++ b/kernel/cgroup/rstat.c
@@ -477,7 +477,6 @@ static void root_cgroup_cputime(struct cgroup_base_stat *bstat)
cputime->sum_exec_runtime += user;
cputime->sum_exec_runtime += sys;
- cputime->sum_exec_runtime += cpustat[CPUTIME_STEAL];
#ifdef CONFIG_SCHED_CORE
bstat->forceidle_sum += cpustat[CPUTIME_FORCEIDLE];
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 474/578] drm/i915/selftests: avoid using uninitialized context
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (472 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 473/578] cgroup: Remove steal time from usage_usec Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 475/578] gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Greg Kroah-Hartman
` (112 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Karas, Mikolaj Wasiak,
Andi Shyti, Rodrigo Vivi, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Karas <krzysztof.karas@intel.com>
[ Upstream commit 53139b3f9998ea07289e7b70b909fea2264a0de9 ]
There is an error path in igt_ppgtt_alloc(), which leads
to ww object being passed down to i915_gem_ww_ctx_fini() without
initialization. Correct that by only putting ppgtt->vm and
returning early.
Fixes: 480ae79537b2 ("drm/i915/selftests: Prepare gtt tests for obj->mm.lock removal")
Signed-off-by: Krzysztof Karas <krzysztof.karas@intel.com>
Reviewed-by: Mikolaj Wasiak <mikolaj.wasiak@intel.com>
Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com>
Signed-off-by: Andi Shyti <andi.shyti@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/iuaonpjc3rywmvhna6umjlvzilocn2uqsrxfxfob24e2taocbi@lkaivvfp4777
(cherry picked from commit 8d8334632ea62424233ac6529712868241d0f8df)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/i915/selftests/i915_gem_gtt.c b/drivers/gpu/drm/i915/selftests/i915_gem_gtt.c
index e050a2de5fd1d..e25f76b46b0a4 100644
--- a/drivers/gpu/drm/i915/selftests/i915_gem_gtt.c
+++ b/drivers/gpu/drm/i915/selftests/i915_gem_gtt.c
@@ -164,7 +164,7 @@ static int igt_ppgtt_alloc(void *arg)
return PTR_ERR(ppgtt);
if (!ppgtt->vm.allocate_va_range)
- goto err_ppgtt_cleanup;
+ goto ppgtt_vm_put;
/*
* While we only allocate the page tables here and so we could
@@ -232,7 +232,7 @@ static int igt_ppgtt_alloc(void *arg)
goto retry;
}
i915_gem_ww_ctx_fini(&ww);
-
+ppgtt_vm_put:
i915_vm_put(&ppgtt->vm);
return err;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 475/578] gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (473 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 474/578] drm/i915/selftests: avoid using uninitialized context Greg Kroah-Hartman
@ 2025-02-19 8:27 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 476/578] gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Greg Kroah-Hartman
` (111 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Fainelli, Markus Mayer,
Artur Weber, Linus Walleij, Bartosz Golaszewski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Artur Weber <aweber.kernel@gmail.com>
[ Upstream commit de1d0d160f64ee76df1d364d521b2faf465a091c ]
The GPIO lock/unlock functions clear/write a bit to the relevant
register for each bank. However, due to an oversight the bit that
was being written was based on the total GPIO number, not the index
of the GPIO within the relevant bank, causing it to fail for any
GPIO above 32 (thus any GPIO for banks above bank 0).
Fix lock/unlock for these banks by using the correct bit.
Fixes: bdb93c03c550 ("gpio: bcm281xx: Centralize register locking")
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Reviewed-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Artur Weber <aweber.kernel@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20250206-kona-gpio-fixes-v2-1-409135eab780@gmail.com
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-bcm-kona.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpio/gpio-bcm-kona.c b/drivers/gpio/gpio-bcm-kona.c
index 70770429ba483..7e8adc5cc15a0 100644
--- a/drivers/gpio/gpio-bcm-kona.c
+++ b/drivers/gpio/gpio-bcm-kona.c
@@ -85,11 +85,12 @@ static void bcm_kona_gpio_lock_gpio(struct bcm_kona_gpio *kona_gpio,
u32 val;
unsigned long flags;
int bank_id = GPIO_BANK(gpio);
+ int bit = GPIO_BIT(gpio);
raw_spin_lock_irqsave(&kona_gpio->lock, flags);
val = readl(kona_gpio->reg_base + GPIO_PWD_STATUS(bank_id));
- val |= BIT(gpio);
+ val |= BIT(bit);
bcm_kona_gpio_write_lock_regs(kona_gpio->reg_base, bank_id, val);
raw_spin_unlock_irqrestore(&kona_gpio->lock, flags);
@@ -101,11 +102,12 @@ static void bcm_kona_gpio_unlock_gpio(struct bcm_kona_gpio *kona_gpio,
u32 val;
unsigned long flags;
int bank_id = GPIO_BANK(gpio);
+ int bit = GPIO_BIT(gpio);
raw_spin_lock_irqsave(&kona_gpio->lock, flags);
val = readl(kona_gpio->reg_base + GPIO_PWD_STATUS(bank_id));
- val &= ~BIT(gpio);
+ val &= ~BIT(bit);
bcm_kona_gpio_write_lock_regs(kona_gpio->reg_base, bank_id, val);
raw_spin_unlock_irqrestore(&kona_gpio->lock, flags);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 476/578] gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (474 preceding siblings ...)
2025-02-19 8:27 ` [PATCH 6.1 475/578] gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 477/578] gpio: bcm-kona: Add missing newline to dev_err format string Greg Kroah-Hartman
` (110 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Fainelli, Markus Mayer,
Artur Weber, Linus Walleij, Bartosz Golaszewski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Artur Weber <aweber.kernel@gmail.com>
[ Upstream commit 57f5db77a915cc29461a679a6bcae7097967be1a ]
The settings for all GPIOs are locked by default in bcm_kona_gpio_reset.
The settings for a GPIO are unlocked when requesting it as a GPIO, but
not when requesting it as an interrupt, causing the IRQ settings to not
get applied.
Fix this by making sure to unlock the right bits when an IRQ is requested.
To avoid a situation where an IRQ being released causes a lock despite
the same GPIO being used by a GPIO request or vice versa, add an unlock
counter and only lock if it reaches 0.
Fixes: 757651e3d60e ("gpio: bcm281xx: Add GPIO driver")
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Reviewed-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Artur Weber <aweber.kernel@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20250206-kona-gpio-fixes-v2-2-409135eab780@gmail.com
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-bcm-kona.c | 67 +++++++++++++++++++++++++++++-------
1 file changed, 55 insertions(+), 12 deletions(-)
diff --git a/drivers/gpio/gpio-bcm-kona.c b/drivers/gpio/gpio-bcm-kona.c
index 7e8adc5cc15a0..602021e3e683e 100644
--- a/drivers/gpio/gpio-bcm-kona.c
+++ b/drivers/gpio/gpio-bcm-kona.c
@@ -68,6 +68,22 @@ struct bcm_kona_gpio {
struct bcm_kona_gpio_bank {
int id;
int irq;
+ /*
+ * Used to keep track of lock/unlock operations for each GPIO in the
+ * bank.
+ *
+ * All GPIOs are locked by default (see bcm_kona_gpio_reset), and the
+ * unlock count for all GPIOs is 0 by default. Each unlock increments
+ * the counter, and each lock decrements the counter.
+ *
+ * The lock function only locks the GPIO once its unlock counter is
+ * down to 0. This is necessary because the GPIO is unlocked in two
+ * places in this driver: once for requested GPIOs, and once for
+ * requested IRQs. Since it is possible for a GPIO to be requested
+ * as both a GPIO and an IRQ, we need to ensure that we don't lock it
+ * too early.
+ */
+ u8 gpio_unlock_count[GPIO_PER_BANK];
/* Used in the interrupt handler */
struct bcm_kona_gpio *kona_gpio;
};
@@ -86,14 +102,23 @@ static void bcm_kona_gpio_lock_gpio(struct bcm_kona_gpio *kona_gpio,
unsigned long flags;
int bank_id = GPIO_BANK(gpio);
int bit = GPIO_BIT(gpio);
+ struct bcm_kona_gpio_bank *bank = &kona_gpio->banks[bank_id];
- raw_spin_lock_irqsave(&kona_gpio->lock, flags);
+ if (bank->gpio_unlock_count[bit] == 0) {
+ dev_err(kona_gpio->gpio_chip.parent,
+ "Unbalanced locks for GPIO %u\n", gpio);
+ return;
+ }
- val = readl(kona_gpio->reg_base + GPIO_PWD_STATUS(bank_id));
- val |= BIT(bit);
- bcm_kona_gpio_write_lock_regs(kona_gpio->reg_base, bank_id, val);
+ if (--bank->gpio_unlock_count[bit] == 0) {
+ raw_spin_lock_irqsave(&kona_gpio->lock, flags);
- raw_spin_unlock_irqrestore(&kona_gpio->lock, flags);
+ val = readl(kona_gpio->reg_base + GPIO_PWD_STATUS(bank_id));
+ val |= BIT(bit);
+ bcm_kona_gpio_write_lock_regs(kona_gpio->reg_base, bank_id, val);
+
+ raw_spin_unlock_irqrestore(&kona_gpio->lock, flags);
+ }
}
static void bcm_kona_gpio_unlock_gpio(struct bcm_kona_gpio *kona_gpio,
@@ -103,14 +128,19 @@ static void bcm_kona_gpio_unlock_gpio(struct bcm_kona_gpio *kona_gpio,
unsigned long flags;
int bank_id = GPIO_BANK(gpio);
int bit = GPIO_BIT(gpio);
+ struct bcm_kona_gpio_bank *bank = &kona_gpio->banks[bank_id];
- raw_spin_lock_irqsave(&kona_gpio->lock, flags);
+ if (bank->gpio_unlock_count[bit] == 0) {
+ raw_spin_lock_irqsave(&kona_gpio->lock, flags);
- val = readl(kona_gpio->reg_base + GPIO_PWD_STATUS(bank_id));
- val &= ~BIT(bit);
- bcm_kona_gpio_write_lock_regs(kona_gpio->reg_base, bank_id, val);
+ val = readl(kona_gpio->reg_base + GPIO_PWD_STATUS(bank_id));
+ val &= ~BIT(bit);
+ bcm_kona_gpio_write_lock_regs(kona_gpio->reg_base, bank_id, val);
- raw_spin_unlock_irqrestore(&kona_gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&kona_gpio->lock, flags);
+ }
+
+ ++bank->gpio_unlock_count[bit];
}
static int bcm_kona_gpio_get_dir(struct gpio_chip *chip, unsigned gpio)
@@ -361,6 +391,7 @@ static void bcm_kona_gpio_irq_mask(struct irq_data *d)
kona_gpio = irq_data_get_irq_chip_data(d);
reg_base = kona_gpio->reg_base;
+
raw_spin_lock_irqsave(&kona_gpio->lock, flags);
val = readl(reg_base + GPIO_INT_MASK(bank_id));
@@ -383,6 +414,7 @@ static void bcm_kona_gpio_irq_unmask(struct irq_data *d)
kona_gpio = irq_data_get_irq_chip_data(d);
reg_base = kona_gpio->reg_base;
+
raw_spin_lock_irqsave(&kona_gpio->lock, flags);
val = readl(reg_base + GPIO_INT_MSKCLR(bank_id));
@@ -478,15 +510,26 @@ static void bcm_kona_gpio_irq_handler(struct irq_desc *desc)
static int bcm_kona_gpio_irq_reqres(struct irq_data *d)
{
struct bcm_kona_gpio *kona_gpio = irq_data_get_irq_chip_data(d);
+ unsigned int gpio = d->hwirq;
+
+ /*
+ * We need to unlock the GPIO before any other operations are performed
+ * on the relevant GPIO configuration registers
+ */
+ bcm_kona_gpio_unlock_gpio(kona_gpio, gpio);
- return gpiochip_reqres_irq(&kona_gpio->gpio_chip, d->hwirq);
+ return gpiochip_reqres_irq(&kona_gpio->gpio_chip, gpio);
}
static void bcm_kona_gpio_irq_relres(struct irq_data *d)
{
struct bcm_kona_gpio *kona_gpio = irq_data_get_irq_chip_data(d);
+ unsigned int gpio = d->hwirq;
+
+ /* Once we no longer use it, lock the GPIO again */
+ bcm_kona_gpio_lock_gpio(kona_gpio, gpio);
- gpiochip_relres_irq(&kona_gpio->gpio_chip, d->hwirq);
+ gpiochip_relres_irq(&kona_gpio->gpio_chip, gpio);
}
static struct irq_chip bcm_gpio_irq_chip = {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 477/578] gpio: bcm-kona: Add missing newline to dev_err format string
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (475 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 476/578] gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 478/578] xen/swiotlb: relax alignment requirements Greg Kroah-Hartman
` (109 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Fainelli, Markus Mayer,
Artur Weber, Linus Walleij, Bartosz Golaszewski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Artur Weber <aweber.kernel@gmail.com>
[ Upstream commit 615279db222c3ac56d5c93716efd72b843295c1f ]
Add a missing newline to the format string of the "Couldn't get IRQ
for bank..." error message.
Fixes: 757651e3d60e ("gpio: bcm281xx: Add GPIO driver")
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Reviewed-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Artur Weber <aweber.kernel@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20250206-kona-gpio-fixes-v2-3-409135eab780@gmail.com
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-bcm-kona.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpio/gpio-bcm-kona.c b/drivers/gpio/gpio-bcm-kona.c
index 602021e3e683e..3373e46e3ba0f 100644
--- a/drivers/gpio/gpio-bcm-kona.c
+++ b/drivers/gpio/gpio-bcm-kona.c
@@ -667,7 +667,7 @@ static int bcm_kona_gpio_probe(struct platform_device *pdev)
bank->irq = platform_get_irq(pdev, i);
bank->kona_gpio = kona_gpio;
if (bank->irq < 0) {
- dev_err(dev, "Couldn't get IRQ for bank %d", i);
+ dev_err(dev, "Couldn't get IRQ for bank %d\n", i);
ret = -ENOENT;
goto err_irq_domain;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 478/578] xen/swiotlb: relax alignment requirements
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (476 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 477/578] gpio: bcm-kona: Add missing newline to dev_err format string Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 479/578] xen: remove a confusing comment on auto-translated guest I/O Greg Kroah-Hartman
` (108 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Vejvalka, Juergen Gross,
Stefano Stabellini, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juergen Gross <jgross@suse.com>
[ Upstream commit 85fcb57c983f423180ba6ec5d0034242da05cc54 ]
When mapping a buffer for DMA via .map_page or .map_sg DMA operations,
there is no need to check the machine frames to be aligned according
to the mapped areas size. All what is needed in these cases is that the
buffer is contiguous at machine level.
So carve out the alignment check from range_straddles_page_boundary()
and move it to a helper called by xen_swiotlb_alloc_coherent() and
xen_swiotlb_free_coherent() directly.
Fixes: 9f40ec84a797 ("xen/swiotlb: add alignment check for dma buffers")
Reported-by: Jan Vejvalka <jan.vejvalka@lfmotol.cuni.cz>
Tested-by: Jan Vejvalka <jan.vejvalka@lfmotol.cuni.cz>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/xen/swiotlb-xen.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/drivers/xen/swiotlb-xen.c b/drivers/xen/swiotlb-xen.c
index 0451e6ebc21a3..0893c1012de62 100644
--- a/drivers/xen/swiotlb-xen.c
+++ b/drivers/xen/swiotlb-xen.c
@@ -74,19 +74,21 @@ static inline phys_addr_t xen_dma_to_phys(struct device *dev,
return xen_bus_to_phys(dev, dma_to_phys(dev, dma_addr));
}
+static inline bool range_requires_alignment(phys_addr_t p, size_t size)
+{
+ phys_addr_t algn = 1ULL << (get_order(size) + PAGE_SHIFT);
+ phys_addr_t bus_addr = pfn_to_bfn(XEN_PFN_DOWN(p)) << XEN_PAGE_SHIFT;
+
+ return IS_ALIGNED(p, algn) && !IS_ALIGNED(bus_addr, algn);
+}
+
static inline int range_straddles_page_boundary(phys_addr_t p, size_t size)
{
unsigned long next_bfn, xen_pfn = XEN_PFN_DOWN(p);
unsigned int i, nr_pages = XEN_PFN_UP(xen_offset_in_page(p) + size);
- phys_addr_t algn = 1ULL << (get_order(size) + PAGE_SHIFT);
next_bfn = pfn_to_bfn(xen_pfn);
- /* If buffer is physically aligned, ensure DMA alignment. */
- if (IS_ALIGNED(p, algn) &&
- !IS_ALIGNED((phys_addr_t)next_bfn << XEN_PAGE_SHIFT, algn))
- return 1;
-
for (i = 1; i < nr_pages; i++)
if (pfn_to_bfn(++xen_pfn) != ++next_bfn)
return 1;
@@ -155,7 +157,8 @@ xen_swiotlb_alloc_coherent(struct device *dev, size_t size,
*dma_handle = xen_phys_to_dma(dev, phys);
if (*dma_handle + size - 1 > dma_mask ||
- range_straddles_page_boundary(phys, size)) {
+ range_straddles_page_boundary(phys, size) ||
+ range_requires_alignment(phys, size)) {
if (xen_create_contiguous_region(phys, order, fls64(dma_mask),
dma_handle) != 0)
goto out_free_pages;
@@ -181,7 +184,8 @@ xen_swiotlb_free_coherent(struct device *dev, size_t size, void *vaddr,
size = ALIGN(size, XEN_PAGE_SIZE);
if (WARN_ON_ONCE(dma_handle + size - 1 > dev->coherent_dma_mask) ||
- WARN_ON_ONCE(range_straddles_page_boundary(phys, size)))
+ WARN_ON_ONCE(range_straddles_page_boundary(phys, size) ||
+ range_requires_alignment(phys, size)))
return;
if (TestClearPageXenRemapped(virt_to_page(vaddr)))
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 479/578] xen: remove a confusing comment on auto-translated guest I/O
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (477 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 478/578] xen/swiotlb: relax alignment requirements Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 480/578] x86/xen: allow larger contiguous memory regions in PV guests Greg Kroah-Hartman
` (107 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Petr Tesarik, Boris Ostrovsky,
Juergen Gross, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Petr Tesarik <petr.tesarik.ext@huawei.com>
[ Upstream commit d826c9e61c99120f8996f8fed6417167e32eb922 ]
After removing the conditional return from xen_create_contiguous_region(),
the accompanying comment was left in place, but it now precedes an
unrelated conditional and confuses readers.
Fixes: 989513a735f5 ("xen: cleanup pvh leftovers from pv-only sources")
Signed-off-by: Petr Tesarik <petr.tesarik.ext@huawei.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Link: https://lore.kernel.org/r/20230802163151.1486-1-petrtesarik@huaweicloud.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Stable-dep-of: e93ec87286bd ("x86/xen: allow larger contiguous memory regions in PV guests")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/xen/mmu_pv.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c
index ee29fb558f2e6..22b619f89a1d7 100644
--- a/arch/x86/xen/mmu_pv.c
+++ b/arch/x86/xen/mmu_pv.c
@@ -2302,12 +2302,6 @@ int xen_create_contiguous_region(phys_addr_t pstart, unsigned int order,
int success;
unsigned long vstart = (unsigned long)phys_to_virt(pstart);
- /*
- * Currently an auto-translated guest will not perform I/O, nor will
- * it require PAE page directories below 4GB. Therefore any calls to
- * this function are redundant and can be ignored.
- */
-
if (unlikely(order > MAX_CONTIG_ORDER))
return -ENOMEM;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 480/578] x86/xen: allow larger contiguous memory regions in PV guests
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (478 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 479/578] xen: remove a confusing comment on auto-translated guest I/O Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 481/578] RDMA/efa: Reset device on probe failure Greg Kroah-Hartman
` (106 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Juergen Gross, Alan Robinson,
Jan Beulich, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Juergen Gross <jgross@suse.com>
[ Upstream commit e93ec87286bd1fd30b7389e7a387cfb259f297e3 ]
Today a PV guest (including dom0) can create 2MB contiguous memory
regions for DMA buffers at max. This has led to problems at least
with the megaraid_sas driver, which wants to allocate a 2.3MB DMA
buffer.
The limiting factor is the frame array used to do the hypercall for
making the memory contiguous, which has 512 entries and is just a
static array in mmu_pv.c.
In order to not waste memory for non-PV guests, put the initial
frame array into .init.data section and dynamically allocate an array
from the .init_after_bootmem hook of PV guests.
In case a contiguous memory area larger than the initially supported
2MB is requested, allocate a larger buffer for the frame list. Note
that such an allocation is tried only after memory management has been
initialized properly, which is tested via a flag being set in the
.init_after_bootmem hook.
Fixes: 9f40ec84a797 ("xen/swiotlb: add alignment check for dma buffers")
Signed-off-by: Juergen Gross <jgross@suse.com>
Tested-by: Alan Robinson <Alan.Robinson@fujitsu.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/xen/mmu_pv.c | 71 +++++++++++++++++++++++++++++++++++++------
1 file changed, 62 insertions(+), 9 deletions(-)
diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c
index 22b619f89a1d7..6abce0816ca39 100644
--- a/arch/x86/xen/mmu_pv.c
+++ b/arch/x86/xen/mmu_pv.c
@@ -97,6 +97,51 @@ static pud_t level3_user_vsyscall[PTRS_PER_PUD] __page_aligned_bss;
*/
static DEFINE_SPINLOCK(xen_reservation_lock);
+/* Protected by xen_reservation_lock. */
+#define MIN_CONTIG_ORDER 9 /* 2MB */
+static unsigned int discontig_frames_order = MIN_CONTIG_ORDER;
+static unsigned long discontig_frames_early[1UL << MIN_CONTIG_ORDER] __initdata;
+static unsigned long *discontig_frames __refdata = discontig_frames_early;
+static bool discontig_frames_dyn;
+
+static int alloc_discontig_frames(unsigned int order)
+{
+ unsigned long *new_array, *old_array;
+ unsigned int old_order;
+ unsigned long flags;
+
+ BUG_ON(order < MIN_CONTIG_ORDER);
+ BUILD_BUG_ON(sizeof(discontig_frames_early) != PAGE_SIZE);
+
+ new_array = (unsigned long *)__get_free_pages(GFP_KERNEL,
+ order - MIN_CONTIG_ORDER);
+ if (!new_array)
+ return -ENOMEM;
+
+ spin_lock_irqsave(&xen_reservation_lock, flags);
+
+ old_order = discontig_frames_order;
+
+ if (order > discontig_frames_order || !discontig_frames_dyn) {
+ if (!discontig_frames_dyn)
+ old_array = NULL;
+ else
+ old_array = discontig_frames;
+
+ discontig_frames = new_array;
+ discontig_frames_order = order;
+ discontig_frames_dyn = true;
+ } else {
+ old_array = new_array;
+ }
+
+ spin_unlock_irqrestore(&xen_reservation_lock, flags);
+
+ free_pages((unsigned long)old_array, old_order - MIN_CONTIG_ORDER);
+
+ return 0;
+}
+
/*
* Note about cr3 (pagetable base) values:
*
@@ -797,6 +842,9 @@ static void __init xen_after_bootmem(void)
SetPagePinned(virt_to_page(level3_user_vsyscall));
#endif
xen_pgd_walk(&init_mm, xen_mark_pinned, FIXADDR_TOP);
+
+ if (alloc_discontig_frames(MIN_CONTIG_ORDER))
+ BUG();
}
static void xen_unpin_page(struct mm_struct *mm, struct page *page,
@@ -2177,10 +2225,6 @@ void __init xen_init_mmu_ops(void)
memset(dummy_mapping, 0xff, PAGE_SIZE);
}
-/* Protected by xen_reservation_lock. */
-#define MAX_CONTIG_ORDER 9 /* 2MB */
-static unsigned long discontig_frames[1<<MAX_CONTIG_ORDER];
-
#define VOID_PTE (mfn_pte(0, __pgprot(0)))
static void xen_zap_pfn_range(unsigned long vaddr, unsigned int order,
unsigned long *in_frames,
@@ -2297,18 +2341,25 @@ int xen_create_contiguous_region(phys_addr_t pstart, unsigned int order,
unsigned int address_bits,
dma_addr_t *dma_handle)
{
- unsigned long *in_frames = discontig_frames, out_frame;
+ unsigned long *in_frames, out_frame;
unsigned long flags;
int success;
unsigned long vstart = (unsigned long)phys_to_virt(pstart);
- if (unlikely(order > MAX_CONTIG_ORDER))
- return -ENOMEM;
+ if (unlikely(order > discontig_frames_order)) {
+ if (!discontig_frames_dyn)
+ return -ENOMEM;
+
+ if (alloc_discontig_frames(order))
+ return -ENOMEM;
+ }
memset((void *) vstart, 0, PAGE_SIZE << order);
spin_lock_irqsave(&xen_reservation_lock, flags);
+ in_frames = discontig_frames;
+
/* 1. Zap current PTEs, remembering MFNs. */
xen_zap_pfn_range(vstart, order, in_frames, NULL);
@@ -2332,12 +2383,12 @@ int xen_create_contiguous_region(phys_addr_t pstart, unsigned int order,
void xen_destroy_contiguous_region(phys_addr_t pstart, unsigned int order)
{
- unsigned long *out_frames = discontig_frames, in_frame;
+ unsigned long *out_frames, in_frame;
unsigned long flags;
int success;
unsigned long vstart;
- if (unlikely(order > MAX_CONTIG_ORDER))
+ if (unlikely(order > discontig_frames_order))
return;
vstart = (unsigned long)phys_to_virt(pstart);
@@ -2345,6 +2396,8 @@ void xen_destroy_contiguous_region(phys_addr_t pstart, unsigned int order)
spin_lock_irqsave(&xen_reservation_lock, flags);
+ out_frames = discontig_frames;
+
/* 1. Find start MFN of contiguous extent. */
in_frame = virt_to_mfn(vstart);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 481/578] RDMA/efa: Reset device on probe failure
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (479 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 480/578] x86/xen: allow larger contiguous memory regions in PV guests Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 482/578] fbdev: omap: use threaded IRQ for LCD DMA Greg Kroah-Hartman
` (105 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Firas Jahjah, Yonatan Nachum,
Michael Margolin, Gal Pressman, Leon Romanovsky, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Margolin <mrgolin@amazon.com>
[ Upstream commit 123c13f10ed3627ba112172d8bd122a72cae226d ]
Make sure the device is being reset on driver exit whatever the reason
is, to keep the device aligned and allow it to close shared resources
(e.g. admin queue).
Reviewed-by: Firas Jahjah <firasj@amazon.com>
Reviewed-by: Yonatan Nachum <ynachum@amazon.com>
Signed-off-by: Michael Margolin <mrgolin@amazon.com>
Link: https://patch.msgid.link/20241225131548.15155-1-mrgolin@amazon.com
Reviewed-by: Gal Pressman <gal.pressman@linux.dev>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/efa/efa_main.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/infiniband/hw/efa/efa_main.c b/drivers/infiniband/hw/efa/efa_main.c
index 15ee920811187..924940ca9de0a 100644
--- a/drivers/infiniband/hw/efa/efa_main.c
+++ b/drivers/infiniband/hw/efa/efa_main.c
@@ -452,7 +452,6 @@ static void efa_ib_device_remove(struct efa_dev *dev)
ibdev_info(&dev->ibdev, "Unregister ib device\n");
ib_unregister_device(&dev->ibdev);
efa_destroy_eqs(dev);
- efa_com_dev_reset(&dev->edev, EFA_REGS_RESET_NORMAL);
efa_release_doorbell_bar(dev);
}
@@ -623,12 +622,14 @@ static struct efa_dev *efa_probe_device(struct pci_dev *pdev)
return ERR_PTR(err);
}
-static void efa_remove_device(struct pci_dev *pdev)
+static void efa_remove_device(struct pci_dev *pdev,
+ enum efa_regs_reset_reason_types reset_reason)
{
struct efa_dev *dev = pci_get_drvdata(pdev);
struct efa_com_dev *edev;
edev = &dev->edev;
+ efa_com_dev_reset(edev, reset_reason);
efa_com_admin_destroy(edev);
efa_free_irq(dev, &dev->admin_irq);
efa_disable_msix(dev);
@@ -656,7 +657,7 @@ static int efa_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
return 0;
err_remove_device:
- efa_remove_device(pdev);
+ efa_remove_device(pdev, EFA_REGS_RESET_INIT_ERR);
return err;
}
@@ -665,7 +666,7 @@ static void efa_remove(struct pci_dev *pdev)
struct efa_dev *dev = pci_get_drvdata(pdev);
efa_ib_device_remove(dev);
- efa_remove_device(pdev);
+ efa_remove_device(pdev, EFA_REGS_RESET_NORMAL);
}
static struct pci_driver efa_pci_driver = {
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 482/578] fbdev: omap: use threaded IRQ for LCD DMA
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (480 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 481/578] RDMA/efa: Reset device on probe failure Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 483/578] media: cxd2841er: fix 64-bit division on gcc-9 Greg Kroah-Hartman
` (104 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aaro Koskinen, Linus Walleij,
Helge Deller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aaro Koskinen <aaro.koskinen@iki.fi>
[ Upstream commit e4b6b665df815b4841e71b72f06446884e8aad40 ]
When using touchscreen and framebuffer, Nokia 770 crashes easily with:
BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000
Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd
CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2
Hardware name: Nokia 770
Call trace:
unwind_backtrace from show_stack+0x10/0x14
show_stack from dump_stack_lvl+0x54/0x5c
dump_stack_lvl from __schedule_bug+0x50/0x70
__schedule_bug from __schedule+0x4d4/0x5bc
__schedule from schedule+0x34/0xa0
schedule from schedule_preempt_disabled+0xc/0x10
schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4
__mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4
clk_prepare_lock from clk_set_rate+0x18/0x154
clk_set_rate from sossi_read_data+0x4c/0x168
sossi_read_data from hwa742_read_reg+0x5c/0x8c
hwa742_read_reg from send_frame_handler+0xfc/0x300
send_frame_handler from process_pending_requests+0x74/0xd0
process_pending_requests from lcd_dma_irq_handler+0x50/0x74
lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130
__handle_irq_event_percpu from handle_irq_event+0x28/0x68
handle_irq_event from handle_level_irq+0x9c/0x170
handle_level_irq from generic_handle_domain_irq+0x2c/0x3c
generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c
omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c
generic_handle_arch_irq from call_with_stack+0x1c/0x24
call_with_stack from __irq_svc+0x94/0xa8
Exception stack(0xc5255da0 to 0xc5255de8)
5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248
5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94
5de0: 60000013 ffffffff
__irq_svc from clk_prepare_lock+0x4c/0xe4
clk_prepare_lock from clk_get_rate+0x10/0x74
clk_get_rate from uwire_setup_transfer+0x40/0x180
uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c
spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664
spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498
__spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8
__spi_sync from spi_sync+0x24/0x40
spi_sync from ads7846_halfd_read_state+0x5c/0x1c0
ads7846_halfd_read_state from ads7846_irq+0x58/0x348
ads7846_irq from irq_thread_fn+0x1c/0x78
irq_thread_fn from irq_thread+0x120/0x228
irq_thread from kthread+0xc8/0xe8
kthread from ret_from_fork+0x14/0x28
As a quick fix, switch to a threaded IRQ which provides a stable system.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/omap/lcd_dma.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/omap/lcd_dma.c b/drivers/video/fbdev/omap/lcd_dma.c
index f85817635a8c2..0da23c57e4757 100644
--- a/drivers/video/fbdev/omap/lcd_dma.c
+++ b/drivers/video/fbdev/omap/lcd_dma.c
@@ -432,8 +432,8 @@ static int __init omap_init_lcd_dma(void)
spin_lock_init(&lcd_dma.lock);
- r = request_irq(INT_DMA_LCD, lcd_dma_irq_handler, 0,
- "LCD DMA", NULL);
+ r = request_threaded_irq(INT_DMA_LCD, NULL, lcd_dma_irq_handler,
+ IRQF_ONESHOT, "LCD DMA", NULL);
if (r != 0)
pr_err("unable to request IRQ for LCD DMA (error %d)\n", r);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 483/578] media: cxd2841er: fix 64-bit division on gcc-9
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (481 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 482/578] fbdev: omap: use threaded IRQ for LCD DMA Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 484/578] media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Greg Kroah-Hartman
` (103 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Naresh Kamboju,
Linux Kernel Functional Testing, Arnd Bergmann, Hans Verkuil,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 8d46603eeeb4c6abff1d2e49f2a6ae289dac765e ]
It appears that do_div() once more gets confused by a complex
expression that ends up not quite being constant despite
__builtin_constant_p() thinking it is:
ERROR: modpost: "__aeabi_uldivmod" [drivers/media/dvb-frontends/cxd2841er.ko] undefined!
Use div_u64() instead, forcing the expression to be evaluated
first, and making it a bit more readable.
Cc: Dan Carpenter <dan.carpenter@linaro.org>
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Closes: https://lore.kernel.org/linux-media/CA+G9fYvvNm-aYodLaAwwTjEGtX0YxR-1R14FOA5aHKt0sSVsYg@mail.gmail.com/
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
Closes: https://lore.kernel.org/linux-media/CA+G9fYvvNm-aYodLaAwwTjEGtX0YxR-1R14FOA5aHKt0sSVsYg@mail.gmail.com/
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
[hverkuil: added Closes tags]
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-frontends/cxd2841er.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/media/dvb-frontends/cxd2841er.c b/drivers/media/dvb-frontends/cxd2841er.c
index e9d1eef40c627..798da50421368 100644
--- a/drivers/media/dvb-frontends/cxd2841er.c
+++ b/drivers/media/dvb-frontends/cxd2841er.c
@@ -311,12 +311,8 @@ static int cxd2841er_set_reg_bits(struct cxd2841er_priv *priv,
static u32 cxd2841er_calc_iffreq_xtal(enum cxd2841er_xtal xtal, u32 ifhz)
{
- u64 tmp;
-
- tmp = (u64) ifhz * 16777216;
- do_div(tmp, ((xtal == SONY_XTAL_24000) ? 48000000 : 41000000));
-
- return (u32) tmp;
+ return div_u64(ifhz * 16777216ull,
+ (xtal == SONY_XTAL_24000) ? 48000000 : 41000000);
}
static u32 cxd2841er_calc_iffreq(u32 ifhz)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 484/578] media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (482 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 483/578] media: cxd2841er: fix 64-bit division on gcc-9 Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 485/578] PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Greg Kroah-Hartman
` (102 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+5e248227c80a3be8e96a,
Edward Adam Davis, Hans Verkuil, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edward Adam Davis <eadavis@qq.com>
[ Upstream commit 1221989555db711578a327a9367f1be46500cb48 ]
syzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]
If dvb->mux is not initialized successfully by vidtv_mux_init() in the
vidtv_start_streaming(), it will trigger null pointer dereference about mux
in vidtv_mux_stop_thread().
Adjust the timing of streaming initialization and check it before
stopping it.
[1]
KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]
CPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471
Code: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8
RSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125
RDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128
RBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188
R13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710
FS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]
vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252
dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000
dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486
dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559
dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]
dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246
__fput+0x3f8/0xb60 fs/file_table.c:450
task_work_run+0x14e/0x250 kernel/task_work.c:239
get_signal+0x1d3/0x2610 kernel/signal.c:2790
arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Reported-by: syzbot+5e248227c80a3be8e96a@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=5e248227c80a3be8e96a
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/media/test-drivers/vidtv/vidtv_bridge.c b/drivers/media/test-drivers/vidtv/vidtv_bridge.c
index dff7265a42ca2..c1621680ec570 100644
--- a/drivers/media/test-drivers/vidtv/vidtv_bridge.c
+++ b/drivers/media/test-drivers/vidtv/vidtv_bridge.c
@@ -191,10 +191,11 @@ static int vidtv_start_streaming(struct vidtv_dvb *dvb)
mux_args.mux_buf_sz = mux_buf_sz;
- dvb->streaming = true;
dvb->mux = vidtv_mux_init(dvb->fe[0], dev, &mux_args);
if (!dvb->mux)
return -ENOMEM;
+
+ dvb->streaming = true;
vidtv_mux_start_thread(dvb->mux);
dev_dbg_ratelimited(dev, "Started streaming\n");
@@ -205,6 +206,11 @@ static int vidtv_stop_streaming(struct vidtv_dvb *dvb)
{
struct device *dev = &dvb->pdev->dev;
+ if (!dvb->streaming) {
+ dev_warn_ratelimited(dev, "No streaming. Skipping.\n");
+ return 0;
+ }
+
dvb->streaming = false;
vidtv_mux_stop_thread(dvb->mux);
vidtv_mux_destroy(dvb->mux);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 485/578] PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (483 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 484/578] media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 486/578] PCI: switchtec: Add Microchip PCI100X device IDs Greg Kroah-Hartman
` (101 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Takashi Iwai, Bjorn Helgaas,
Krzysztof Wilczyński, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit b198499c7d2508a76243b98e7cca992f6fd2b7f7 ]
Apparently the Raptor Lake-P reference firmware configures the PIO log size
correctly, but some vendor BIOSes, including at least ASUSTeK COMPUTER INC.
Zenbook UX3402VA_UX3402VA, do not.
Apply the quirk for Raptor Lake-P. This prevents kernel complaints like:
DPC: RP PIO log size 0 is invalid
and also enables the DPC driver to dump the RP PIO Log registers when DPC
is triggered.
Note that the bug report also mentions 8086:a76e, which has been already
added by 627c6db20703 ("PCI/DPC: Quirk PIO log size for Intel Raptor Lake
Root Ports").
Link: https://lore.kernel.org/r/20250102164315.7562-1-tiwai@suse.de
Link: https://bugzilla.suse.com/show_bug.cgi?id=1234623
Signed-off-by: Takashi Iwai <tiwai@suse.de>
[bhelgaas: commit log]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 2b3df65005ca8..c16c8507d048e 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -6139,6 +6139,7 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a2b, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a2d, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a2f, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a31, dpc_log_size);
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0xa72f, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0xa73f, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0xa76e, dpc_log_size);
#endif
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 486/578] PCI: switchtec: Add Microchip PCI100X device IDs
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (484 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 485/578] PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 487/578] scsi: ufs: bsg: Set bsg_queue to NULL after removal Greg Kroah-Hartman
` (100 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rakesh Babu Saladi, Bjorn Helgaas,
Logan Gunthorpe, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rakesh Babu Saladi <Saladi.Rakeshbabu@microchip.com>
[ Upstream commit a3282f84b2151d254dc4abf24d1255c6382be774 ]
Add Microchip parts to the Device ID table so the driver supports PCI100x
devices.
Add a new macro to quirk the Microchip Switchtec PCI100x parts to allow DMA
access via NTB to work when the IOMMU is turned on.
PCI100x family has 6 variants; each variant is designed for different
application usages, different port counts and lane counts:
PCI1001 has 1 x4 upstream port and 3 x4 downstream ports
PCI1002 has 1 x4 upstream port and 4 x2 downstream ports
PCI1003 has 2 x4 upstream ports, 2 x2 upstream ports, and 2 x2
downstream ports
PCI1004 has 4 x4 upstream ports
PCI1005 has 1 x4 upstream port and 6 x2 downstream ports
PCI1006 has 6 x2 upstream ports and 2 x2 downstream ports
[Historical note: these parts use PCI_VENDOR_ID_EFAR (0x1055), from EFAR
Microsystems, which was acquired in 1996 by Standard Microsystems Corp,
which was acquired by Microchip Technology in 2012. The PCI-SIG confirms
that Vendor ID 0x1055 is assigned to Microchip even though it's not
visible via https://pcisig.com/membership/member-companies]
Link: https://lore.kernel.org/r/20250120095524.243103-1-Saladi.Rakeshbabu@microchip.com
Signed-off-by: Rakesh Babu Saladi <Saladi.Rakeshbabu@microchip.com>
[bhelgaas: Vendor ID history]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-By: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 11 +++++++++++
drivers/pci/switch/switchtec.c | 26 ++++++++++++++++++++++++++
2 files changed, 37 insertions(+)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index c16c8507d048e..fb115b8ba342d 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -5870,6 +5870,17 @@ SWITCHTEC_QUIRK(0x5552); /* PAXA 52XG5 */
SWITCHTEC_QUIRK(0x5536); /* PAXA 36XG5 */
SWITCHTEC_QUIRK(0x5528); /* PAXA 28XG5 */
+#define SWITCHTEC_PCI100X_QUIRK(vid) \
+ DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_EFAR, vid, \
+ PCI_CLASS_BRIDGE_OTHER, 8, quirk_switchtec_ntb_dma_alias)
+SWITCHTEC_PCI100X_QUIRK(0x1001); /* PCI1001XG4 */
+SWITCHTEC_PCI100X_QUIRK(0x1002); /* PCI1002XG4 */
+SWITCHTEC_PCI100X_QUIRK(0x1003); /* PCI1003XG4 */
+SWITCHTEC_PCI100X_QUIRK(0x1004); /* PCI1004XG4 */
+SWITCHTEC_PCI100X_QUIRK(0x1005); /* PCI1005XG4 */
+SWITCHTEC_PCI100X_QUIRK(0x1006); /* PCI1006XG4 */
+
+
/*
* The PLX NTB uses devfn proxy IDs to move TLPs between NT endpoints.
* These IDs are used to forward responses to the originator on the other
diff --git a/drivers/pci/switch/switchtec.c b/drivers/pci/switch/switchtec.c
index 332af6938d7fd..9011518b1d132 100644
--- a/drivers/pci/switch/switchtec.c
+++ b/drivers/pci/switch/switchtec.c
@@ -1739,6 +1739,26 @@ static void switchtec_pci_remove(struct pci_dev *pdev)
.driver_data = gen, \
}
+#define SWITCHTEC_PCI100X_DEVICE(device_id, gen) \
+ { \
+ .vendor = PCI_VENDOR_ID_EFAR, \
+ .device = device_id, \
+ .subvendor = PCI_ANY_ID, \
+ .subdevice = PCI_ANY_ID, \
+ .class = (PCI_CLASS_MEMORY_OTHER << 8), \
+ .class_mask = 0xFFFFFFFF, \
+ .driver_data = gen, \
+ }, \
+ { \
+ .vendor = PCI_VENDOR_ID_EFAR, \
+ .device = device_id, \
+ .subvendor = PCI_ANY_ID, \
+ .subdevice = PCI_ANY_ID, \
+ .class = (PCI_CLASS_BRIDGE_OTHER << 8), \
+ .class_mask = 0xFFFFFFFF, \
+ .driver_data = gen, \
+ }
+
static const struct pci_device_id switchtec_pci_tbl[] = {
SWITCHTEC_PCI_DEVICE(0x8531, SWITCHTEC_GEN3), /* PFX 24xG3 */
SWITCHTEC_PCI_DEVICE(0x8532, SWITCHTEC_GEN3), /* PFX 32xG3 */
@@ -1833,6 +1853,12 @@ static const struct pci_device_id switchtec_pci_tbl[] = {
SWITCHTEC_PCI_DEVICE(0x5552, SWITCHTEC_GEN5), /* PAXA 52XG5 */
SWITCHTEC_PCI_DEVICE(0x5536, SWITCHTEC_GEN5), /* PAXA 36XG5 */
SWITCHTEC_PCI_DEVICE(0x5528, SWITCHTEC_GEN5), /* PAXA 28XG5 */
+ SWITCHTEC_PCI100X_DEVICE(0x1001, SWITCHTEC_GEN4), /* PCI1001 16XG4 */
+ SWITCHTEC_PCI100X_DEVICE(0x1002, SWITCHTEC_GEN4), /* PCI1002 12XG4 */
+ SWITCHTEC_PCI100X_DEVICE(0x1003, SWITCHTEC_GEN4), /* PCI1003 16XG4 */
+ SWITCHTEC_PCI100X_DEVICE(0x1004, SWITCHTEC_GEN4), /* PCI1004 16XG4 */
+ SWITCHTEC_PCI100X_DEVICE(0x1005, SWITCHTEC_GEN4), /* PCI1005 16XG4 */
+ SWITCHTEC_PCI100X_DEVICE(0x1006, SWITCHTEC_GEN4), /* PCI1006 16XG4 */
{0}
};
MODULE_DEVICE_TABLE(pci, switchtec_pci_tbl);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 487/578] scsi: ufs: bsg: Set bsg_queue to NULL after removal
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (485 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 486/578] PCI: switchtec: Add Microchip PCI100X device IDs Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 488/578] rtla/timerlat_hist: Abort event processing on second signal Greg Kroah-Hartman
` (99 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Guixin Liu, Avri Altman,
Martin K. Petersen, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guixin Liu <kanie@linux.alibaba.com>
[ Upstream commit 1e95c798d8a7f70965f0f88d4657b682ff0ec75f ]
Currently, this does not cause any issues, but I believe it is necessary to
set bsg_queue to NULL after removing it to prevent potential use-after-free
(UAF) access.
Signed-off-by: Guixin Liu <kanie@linux.alibaba.com>
Link: https://lore.kernel.org/r/20241218014214.64533-3-kanie@linux.alibaba.com
Reviewed-by: Avri Altman <avri.altman@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ufs/core/ufs_bsg.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c
index 87d89136cab90..ead55e063d2b5 100644
--- a/drivers/ufs/core/ufs_bsg.c
+++ b/drivers/ufs/core/ufs_bsg.c
@@ -181,6 +181,7 @@ void ufs_bsg_remove(struct ufs_hba *hba)
return;
bsg_remove_queue(hba->bsg_queue);
+ hba->bsg_queue = NULL;
device_del(bsg_dev);
put_device(bsg_dev);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 488/578] rtla/timerlat_hist: Abort event processing on second signal
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (486 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 487/578] scsi: ufs: bsg: Set bsg_queue to NULL after removal Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 489/578] rtla/timerlat_top: " Greg Kroah-Hartman
` (98 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Kacur, Luis Goncalves,
Gabriele Monaco, Tomas Glozar, Steven Rostedt (Google),
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomas Glozar <tglozar@redhat.com>
[ Upstream commit d6899e560366e10141189697502bc5521940c588 ]
If either SIGINT is received twice, or after a SIGALRM (that is, after
timerlat was supposed to stop), abort processing events currently left
in the tracefs buffer and exit immediately.
This allows the user to exit rtla without waiting for processing all
events, should that take longer than wanted, at the cost of not
processing all samples.
Cc: John Kacur <jkacur@redhat.com>
Cc: Luis Goncalves <lgoncalv@redhat.com>
Cc: Gabriele Monaco <gmonaco@redhat.com>
Link: https://lore.kernel.org/20250116144931.649593-5-tglozar@redhat.com
Signed-off-by: Tomas Glozar <tglozar@redhat.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/tracing/rtla/src/timerlat_hist.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tools/tracing/rtla/src/timerlat_hist.c b/tools/tracing/rtla/src/timerlat_hist.c
index 83cc7ef3d36b3..b7a7dcd68b570 100644
--- a/tools/tracing/rtla/src/timerlat_hist.c
+++ b/tools/tracing/rtla/src/timerlat_hist.c
@@ -786,6 +786,14 @@ static int stop_tracing;
static struct trace_instance *hist_inst = NULL;
static void stop_hist(int sig)
{
+ if (stop_tracing) {
+ /*
+ * Stop requested twice in a row; abort event processing and
+ * exit immediately
+ */
+ tracefs_iterate_stop(hist_inst->inst);
+ return;
+ }
stop_tracing = 1;
if (hist_inst)
trace_instance_stop(hist_inst);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 489/578] rtla/timerlat_top: Abort event processing on second signal
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (487 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 488/578] rtla/timerlat_hist: Abort event processing on second signal Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 490/578] vfio/pci: Enable iowrite64 and ioread64 for vfio pci Greg Kroah-Hartman
` (97 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Kacur, Luis Goncalves,
Gabriele Monaco, Tomas Glozar, Steven Rostedt (Google),
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomas Glozar <tglozar@redhat.com>
[ Upstream commit 80967b354a76b360943af384c10d807d98bea5c4 ]
If either SIGINT is received twice, or after a SIGALRM (that is, after
timerlat was supposed to stop), abort processing events currently left
in the tracefs buffer and exit immediately.
This allows the user to exit rtla without waiting for processing all
events, should that take longer than wanted, at the cost of not
processing all samples.
Cc: John Kacur <jkacur@redhat.com>
Cc: Luis Goncalves <lgoncalv@redhat.com>
Cc: Gabriele Monaco <gmonaco@redhat.com>
Link: https://lore.kernel.org/20250116144931.649593-6-tglozar@redhat.com
Signed-off-by: Tomas Glozar <tglozar@redhat.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/tracing/rtla/src/timerlat_top.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tools/tracing/rtla/src/timerlat_top.c b/tools/tracing/rtla/src/timerlat_top.c
index 08e940ecdc966..46c3405a356f5 100644
--- a/tools/tracing/rtla/src/timerlat_top.c
+++ b/tools/tracing/rtla/src/timerlat_top.c
@@ -578,6 +578,14 @@ static int stop_tracing;
static struct trace_instance *top_inst = NULL;
static void stop_top(int sig)
{
+ if (stop_tracing) {
+ /*
+ * Stop requested twice in a row; abort event processing and
+ * exit immediately
+ */
+ tracefs_iterate_stop(top_inst->inst);
+ return;
+ }
stop_tracing = 1;
if (top_inst)
trace_instance_stop(top_inst);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 490/578] vfio/pci: Enable iowrite64 and ioread64 for vfio pci
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (488 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 489/578] rtla/timerlat_top: " Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 491/578] Grab mm lock before grabbing pt lock Greg Kroah-Hartman
` (96 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ramesh Thomas, Jason Gunthorpe,
Alex Williamson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ramesh Thomas <ramesh.thomas@intel.com>
[ Upstream commit 2b938e3db335e3670475e31a722c2bee34748c5a ]
Definitions of ioread64 and iowrite64 macros in asm/io.h called by vfio
pci implementations are enclosed inside check for CONFIG_GENERIC_IOMAP.
They don't get defined if CONFIG_GENERIC_IOMAP is defined. Include
linux/io-64-nonatomic-lo-hi.h to define iowrite64 and ioread64 macros
when they are not defined. io-64-nonatomic-lo-hi.h maps the macros to
generic implementation in lib/iomap.c. The generic implementation does
64 bit rw if readq/writeq is defined for the architecture, otherwise it
would do 32 bit back to back rw.
Note that there are two versions of the generic implementation that
differs in the order the 32 bit words are written if 64 bit support is
not present. This is not the little/big endian ordering, which is
handled separately. This patch uses the lo followed by hi word ordering
which is consistent with current back to back implementation in the
vfio/pci code.
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/20241210131938.303500-2-ramesh.thomas@intel.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/pci/vfio_pci_rdwr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/vfio/pci/vfio_pci_rdwr.c b/drivers/vfio/pci/vfio_pci_rdwr.c
index e27de61ac9fe7..8191c8fcfb256 100644
--- a/drivers/vfio/pci/vfio_pci_rdwr.c
+++ b/drivers/vfio/pci/vfio_pci_rdwr.c
@@ -16,6 +16,7 @@
#include <linux/io.h>
#include <linux/vfio.h>
#include <linux/vgaarb.h>
+#include <linux/io-64-nonatomic-lo-hi.h>
#include "vfio_pci_priv.h"
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 491/578] Grab mm lock before grabbing pt lock
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (489 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 490/578] vfio/pci: Enable iowrite64 and ioread64 for vfio pci Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 492/578] selftests: gpio: gpio-sim: Fix missing chip disablements Greg Kroah-Hartman
` (95 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maksym Planeta, Juergen Gross,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maksym Planeta <maksym@exostellar.io>
[ Upstream commit 6d002348789bc16e9203e9818b7a3688787e3b29 ]
Function xen_pin_page calls xen_pte_lock, which in turn grab page
table lock (ptlock). When locking, xen_pte_lock expect mm->page_table_lock
to be held before grabbing ptlock, but this does not happen when pinning
is caused by xen_mm_pin_all.
This commit addresses lockdep warning below, which shows up when
suspending a Xen VM.
[ 3680.658422] Freezing user space processes
[ 3680.660156] Freezing user space processes completed (elapsed 0.001 seconds)
[ 3680.660182] OOM killer disabled.
[ 3680.660192] Freezing remaining freezable tasks
[ 3680.661485] Freezing remaining freezable tasks completed (elapsed 0.001 seconds)
[ 3680.685254]
[ 3680.685265] ==================================
[ 3680.685269] WARNING: Nested lock was not taken
[ 3680.685274] 6.12.0+ #16 Tainted: G W
[ 3680.685279] ----------------------------------
[ 3680.685283] migration/0/19 is trying to lock:
[ 3680.685288] ffff88800bac33c0 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: xen_pin_page+0x175/0x1d0
[ 3680.685303]
[ 3680.685303] but this task is not holding:
[ 3680.685308] init_mm.page_table_lock
[ 3680.685311]
[ 3680.685311] stack backtrace:
[ 3680.685316] CPU: 0 UID: 0 PID: 19 Comm: migration/0 Tainted: G W 6.12.0+ #16
[ 3680.685324] Tainted: [W]=WARN
[ 3680.685328] Stopper: multi_cpu_stop+0x0/0x120 <- __stop_cpus.constprop.0+0x8c/0xd0
[ 3680.685339] Call Trace:
[ 3680.685344] <TASK>
[ 3680.685347] dump_stack_lvl+0x77/0xb0
[ 3680.685356] __lock_acquire+0x917/0x2310
[ 3680.685364] lock_acquire+0xce/0x2c0
[ 3680.685369] ? xen_pin_page+0x175/0x1d0
[ 3680.685373] _raw_spin_lock_nest_lock+0x2f/0x70
[ 3680.685381] ? xen_pin_page+0x175/0x1d0
[ 3680.685386] xen_pin_page+0x175/0x1d0
[ 3680.685390] ? __pfx_xen_pin_page+0x10/0x10
[ 3680.685394] __xen_pgd_walk+0x233/0x2c0
[ 3680.685401] ? stop_one_cpu+0x91/0x100
[ 3680.685405] __xen_pgd_pin+0x5d/0x250
[ 3680.685410] xen_mm_pin_all+0x70/0xa0
[ 3680.685415] xen_pv_pre_suspend+0xf/0x280
[ 3680.685420] xen_suspend+0x57/0x1a0
[ 3680.685428] multi_cpu_stop+0x6b/0x120
[ 3680.685432] ? update_cpumasks_hier+0x7c/0xa60
[ 3680.685439] ? __pfx_multi_cpu_stop+0x10/0x10
[ 3680.685443] cpu_stopper_thread+0x8c/0x140
[ 3680.685448] ? smpboot_thread_fn+0x20/0x1f0
[ 3680.685454] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 3680.685458] smpboot_thread_fn+0xed/0x1f0
[ 3680.685462] kthread+0xde/0x110
[ 3680.685467] ? __pfx_kthread+0x10/0x10
[ 3680.685471] ret_from_fork+0x2f/0x50
[ 3680.685478] ? __pfx_kthread+0x10/0x10
[ 3680.685482] ret_from_fork_asm+0x1a/0x30
[ 3680.685489] </TASK>
[ 3680.685491]
[ 3680.685491] other info that might help us debug this:
[ 3680.685497] 1 lock held by migration/0/19:
[ 3680.685500] #0: ffffffff8284df38 (pgd_lock){+.+.}-{3:3}, at: xen_mm_pin_all+0x14/0xa0
[ 3680.685512]
[ 3680.685512] stack backtrace:
[ 3680.685518] CPU: 0 UID: 0 PID: 19 Comm: migration/0 Tainted: G W 6.12.0+ #16
[ 3680.685528] Tainted: [W]=WARN
[ 3680.685531] Stopper: multi_cpu_stop+0x0/0x120 <- __stop_cpus.constprop.0+0x8c/0xd0
[ 3680.685538] Call Trace:
[ 3680.685541] <TASK>
[ 3680.685544] dump_stack_lvl+0x77/0xb0
[ 3680.685549] __lock_acquire+0x93c/0x2310
[ 3680.685554] lock_acquire+0xce/0x2c0
[ 3680.685558] ? xen_pin_page+0x175/0x1d0
[ 3680.685562] _raw_spin_lock_nest_lock+0x2f/0x70
[ 3680.685568] ? xen_pin_page+0x175/0x1d0
[ 3680.685572] xen_pin_page+0x175/0x1d0
[ 3680.685578] ? __pfx_xen_pin_page+0x10/0x10
[ 3680.685582] __xen_pgd_walk+0x233/0x2c0
[ 3680.685588] ? stop_one_cpu+0x91/0x100
[ 3680.685592] __xen_pgd_pin+0x5d/0x250
[ 3680.685596] xen_mm_pin_all+0x70/0xa0
[ 3680.685600] xen_pv_pre_suspend+0xf/0x280
[ 3680.685607] xen_suspend+0x57/0x1a0
[ 3680.685611] multi_cpu_stop+0x6b/0x120
[ 3680.685615] ? update_cpumasks_hier+0x7c/0xa60
[ 3680.685620] ? __pfx_multi_cpu_stop+0x10/0x10
[ 3680.685625] cpu_stopper_thread+0x8c/0x140
[ 3680.685629] ? smpboot_thread_fn+0x20/0x1f0
[ 3680.685634] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 3680.685638] smpboot_thread_fn+0xed/0x1f0
[ 3680.685642] kthread+0xde/0x110
[ 3680.685645] ? __pfx_kthread+0x10/0x10
[ 3680.685649] ret_from_fork+0x2f/0x50
[ 3680.685654] ? __pfx_kthread+0x10/0x10
[ 3680.685657] ret_from_fork_asm+0x1a/0x30
[ 3680.685662] </TASK>
[ 3680.685267] xen:grant_table: Grant tables using version 1 layout
[ 3680.685921] OOM killer enabled.
[ 3680.685934] Restarting tasks ... done.
Signed-off-by: Maksym Planeta <maksym@exostellar.io>
Reviewed-by: Juergen Gross <jgross@suse.com>
Message-ID: <20241204103516.3309112-1-maksym@exostellar.io>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/xen/mmu_pv.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c
index 6abce0816ca39..7dabdb9995659 100644
--- a/arch/x86/xen/mmu_pv.c
+++ b/arch/x86/xen/mmu_pv.c
@@ -811,6 +811,7 @@ void xen_mm_pin_all(void)
{
struct page *page;
+ spin_lock(&init_mm.page_table_lock);
spin_lock(&pgd_lock);
list_for_each_entry(page, &pgd_list, lru) {
@@ -821,6 +822,7 @@ void xen_mm_pin_all(void)
}
spin_unlock(&pgd_lock);
+ spin_unlock(&init_mm.page_table_lock);
}
static void __init xen_mark_pinned(struct mm_struct *mm, struct page *page,
@@ -920,6 +922,7 @@ void xen_mm_unpin_all(void)
{
struct page *page;
+ spin_lock(&init_mm.page_table_lock);
spin_lock(&pgd_lock);
list_for_each_entry(page, &pgd_list, lru) {
@@ -931,6 +934,7 @@ void xen_mm_unpin_all(void)
}
spin_unlock(&pgd_lock);
+ spin_unlock(&init_mm.page_table_lock);
}
static void xen_activate_mm(struct mm_struct *prev, struct mm_struct *next)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 492/578] selftests: gpio: gpio-sim: Fix missing chip disablements
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (490 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 491/578] Grab mm lock before grabbing pt lock Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 493/578] x86/mm/tlb: Only trim the mm_cpumask once a second Greg Kroah-Hartman
` (94 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Koichiro Den,
Bartosz Golaszewski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Koichiro Den <koichiro.den@canonical.com>
[ Upstream commit f8524ac33cd452aef5384504b3264db6039a455e ]
Since upstream commit 8bd76b3d3f3a ("gpio: sim: lock up configfs that an
instantiated device depends on"), rmdir for an active virtual devices
been prohibited.
Update gpio-sim selftest to align with the change.
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202501221006.a1ca5dfa-lkp@intel.com
Signed-off-by: Koichiro Den <koichiro.den@canonical.com>
Link: https://lore.kernel.org/r/20250122043309.304621-1-koichiro.den@canonical.com
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/gpio/gpio-sim.sh | 31 +++++++++++++++++++-----
1 file changed, 25 insertions(+), 6 deletions(-)
diff --git a/tools/testing/selftests/gpio/gpio-sim.sh b/tools/testing/selftests/gpio/gpio-sim.sh
index bf67b23ed29ac..46101a800bebf 100755
--- a/tools/testing/selftests/gpio/gpio-sim.sh
+++ b/tools/testing/selftests/gpio/gpio-sim.sh
@@ -46,12 +46,6 @@ remove_chip() {
rmdir $CONFIGFS_DIR/$CHIP || fail "Unable to remove the chip"
}
-configfs_cleanup() {
- for CHIP in `ls $CONFIGFS_DIR/`; do
- remove_chip $CHIP
- done
-}
-
create_chip() {
local CHIP=$1
@@ -105,6 +99,13 @@ disable_chip() {
echo 0 > $CONFIGFS_DIR/$CHIP/live || fail "Unable to disable the chip"
}
+configfs_cleanup() {
+ for CHIP in `ls $CONFIGFS_DIR/`; do
+ disable_chip $CHIP
+ remove_chip $CHIP
+ done
+}
+
configfs_chip_name() {
local CHIP=$1
local BANK=$2
@@ -181,6 +182,7 @@ create_chip chip
create_bank chip bank
enable_chip chip
test -n `cat $CONFIGFS_DIR/chip/bank/chip_name` || fail "chip_name doesn't work"
+disable_chip chip
remove_chip chip
echo "1.2. chip_name returns 'none' if the chip is still pending"
@@ -195,6 +197,7 @@ create_chip chip
create_bank chip bank
enable_chip chip
test -n `cat $CONFIGFS_DIR/chip/dev_name` || fail "dev_name doesn't work"
+disable_chip chip
remove_chip chip
echo "2. Creating and configuring simulated chips"
@@ -204,6 +207,7 @@ create_chip chip
create_bank chip bank
enable_chip chip
test "`get_chip_num_lines chip bank`" = "1" || fail "default number of lines is not 1"
+disable_chip chip
remove_chip chip
echo "2.2. Number of lines can be specified"
@@ -212,6 +216,7 @@ create_bank chip bank
set_num_lines chip bank 16
enable_chip chip
test "`get_chip_num_lines chip bank`" = "16" || fail "number of lines is not 16"
+disable_chip chip
remove_chip chip
echo "2.3. Label can be set"
@@ -220,6 +225,7 @@ create_bank chip bank
set_label chip bank foobar
enable_chip chip
test "`get_chip_label chip bank`" = "foobar" || fail "label is incorrect"
+disable_chip chip
remove_chip chip
echo "2.4. Label can be left empty"
@@ -227,6 +233,7 @@ create_chip chip
create_bank chip bank
enable_chip chip
test -z "`cat $CONFIGFS_DIR/chip/bank/label`" || fail "label is not empty"
+disable_chip chip
remove_chip chip
echo "2.5. Line names can be configured"
@@ -238,6 +245,7 @@ set_line_name chip bank 2 bar
enable_chip chip
test "`get_line_name chip bank 0`" = "foo" || fail "line name is incorrect"
test "`get_line_name chip bank 2`" = "bar" || fail "line name is incorrect"
+disable_chip chip
remove_chip chip
echo "2.6. Line config can remain unused if offset is greater than number of lines"
@@ -248,6 +256,7 @@ set_line_name chip bank 5 foobar
enable_chip chip
test "`get_line_name chip bank 0`" = "" || fail "line name is incorrect"
test "`get_line_name chip bank 1`" = "" || fail "line name is incorrect"
+disable_chip chip
remove_chip chip
echo "2.7. Line configfs directory names are sanitized"
@@ -267,6 +276,7 @@ for CHIP in $CHIPS; do
enable_chip $CHIP
done
for CHIP in $CHIPS; do
+ disable_chip $CHIP
remove_chip $CHIP
done
@@ -278,6 +288,7 @@ echo foobar > $CONFIGFS_DIR/chip/bank/label 2> /dev/null && \
fail "Setting label of a live chip should fail"
echo 8 > $CONFIGFS_DIR/chip/bank/num_lines 2> /dev/null && \
fail "Setting number of lines of a live chip should fail"
+disable_chip chip
remove_chip chip
echo "2.10. Can't create line items when chip is live"
@@ -285,6 +296,7 @@ create_chip chip
create_bank chip bank
enable_chip chip
mkdir $CONFIGFS_DIR/chip/bank/line0 2> /dev/null && fail "Creating line item should fail"
+disable_chip chip
remove_chip chip
echo "2.11. Probe errors are propagated to user-space"
@@ -316,6 +328,7 @@ mkdir -p $CONFIGFS_DIR/chip/bank/line4/hog
enable_chip chip
$BASE_DIR/gpio-mockup-cdev -s 1 /dev/`configfs_chip_name chip bank` 4 2> /dev/null && \
fail "Setting the value of a hogged line shouldn't succeed"
+disable_chip chip
remove_chip chip
echo "3. Controlling simulated chips"
@@ -331,6 +344,7 @@ test "$?" = "1" || fail "pull set incorrectly"
sysfs_set_pull chip bank 0 pull-down
$BASE_DIR/gpio-mockup-cdev /dev/`configfs_chip_name chip bank` 1
test "$?" = "0" || fail "pull set incorrectly"
+disable_chip chip
remove_chip chip
echo "3.2. Pull can be read from sysfs"
@@ -344,6 +358,7 @@ SYSFS_PATH=/sys/devices/platform/$DEVNAME/$CHIPNAME/sim_gpio0/pull
test `cat $SYSFS_PATH` = "pull-down" || fail "reading the pull failed"
sysfs_set_pull chip bank 0 pull-up
test `cat $SYSFS_PATH` = "pull-up" || fail "reading the pull failed"
+disable_chip chip
remove_chip chip
echo "3.3. Incorrect input in sysfs is rejected"
@@ -355,6 +370,7 @@ DEVNAME=`configfs_dev_name chip`
CHIPNAME=`configfs_chip_name chip bank`
SYSFS_PATH="/sys/devices/platform/$DEVNAME/$CHIPNAME/sim_gpio0/pull"
echo foobar > $SYSFS_PATH 2> /dev/null && fail "invalid input not detected"
+disable_chip chip
remove_chip chip
echo "3.4. Can't write to value"
@@ -365,6 +381,7 @@ DEVNAME=`configfs_dev_name chip`
CHIPNAME=`configfs_chip_name chip bank`
SYSFS_PATH="/sys/devices/platform/$DEVNAME/$CHIPNAME/sim_gpio0/value"
echo 1 > $SYSFS_PATH 2> /dev/null && fail "writing to 'value' succeeded unexpectedly"
+disable_chip chip
remove_chip chip
echo "4. Simulated GPIO chips are functional"
@@ -382,6 +399,7 @@ $BASE_DIR/gpio-mockup-cdev -s 1 /dev/`configfs_chip_name chip bank` 0 &
sleep 0.1 # FIXME Any better way?
test `cat $SYSFS_PATH` = "1" || fail "incorrect value read from sysfs"
kill $!
+disable_chip chip
remove_chip chip
echo "4.2. Bias settings work correctly"
@@ -394,6 +412,7 @@ CHIPNAME=`configfs_chip_name chip bank`
SYSFS_PATH="/sys/devices/platform/$DEVNAME/$CHIPNAME/sim_gpio0/value"
$BASE_DIR/gpio-mockup-cdev -b pull-up /dev/`configfs_chip_name chip bank` 0
test `cat $SYSFS_PATH` = "1" || fail "bias setting does not work"
+disable_chip chip
remove_chip chip
echo "GPIO $MODULE test PASS"
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 493/578] x86/mm/tlb: Only trim the mm_cpumask once a second
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (491 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 492/578] selftests: gpio: gpio-sim: Fix missing chip disablements Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 494/578] orangefs: fix a oob in orangefs_debug_write Greg Kroah-Hartman
` (93 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test roboto, Rik van Riel,
Ingo Molnar, Dave Hansen, Andy Lutomirski, Mathieu Desnoyers,
Peter Zijlstra, Linus Torvalds, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rik van Riel <riel@fb.com>
[ Upstream commit 6db2526c1d694c91c6e05e2f186c085e9460f202 ]
Setting and clearing CPU bits in the mm_cpumask is only ever done
by the CPU itself, from the context switch code or the TLB flush
code.
Synchronization is handled by switch_mm_irqs_off() blocking interrupts.
Sending TLB flush IPIs to CPUs that are in the mm_cpumask, but no
longer running the program causes a regression in the will-it-scale
tlbflush2 test. This test is contrived, but a large regression here
might cause a small regression in some real world workload.
Instead of always sending IPIs to CPUs that are in the mm_cpumask,
but no longer running the program, send these IPIs only once a second.
The rest of the time we can skip over CPUs where the loaded_mm is
different from the target mm.
Reported-by: kernel test roboto <oliver.sang@intel.com>
Signed-off-by: Rik van Riel <riel@surriel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/r/20241204210316.612ee573@fangorn
Closes: https://lore.kernel.org/oe-lkp/202411282207.6bd28eae-lkp@intel.com/
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/mmu.h | 2 ++
arch/x86/include/asm/mmu_context.h | 1 +
arch/x86/include/asm/tlbflush.h | 1 +
arch/x86/mm/tlb.c | 35 +++++++++++++++++++++++++++---
4 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h
index 5d7494631ea95..c07c018a1c139 100644
--- a/arch/x86/include/asm/mmu.h
+++ b/arch/x86/include/asm/mmu.h
@@ -33,6 +33,8 @@ typedef struct {
*/
atomic64_t tlb_gen;
+ unsigned long next_trim_cpumask;
+
#ifdef CONFIG_MODIFY_LDT_SYSCALL
struct rw_semaphore ldt_usr_sem;
struct ldt_struct *ldt;
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
index b8d40ddeab00f..6f5c7584fe1e3 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -106,6 +106,7 @@ static inline int init_new_context(struct task_struct *tsk,
mm->context.ctx_id = atomic64_inc_return(&last_mm_ctx_id);
atomic64_set(&mm->context.tlb_gen, 0);
+ mm->context.next_trim_cpumask = jiffies + HZ;
#ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
if (cpu_feature_enabled(X86_FEATURE_OSPKE)) {
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
index cda3118f3b27d..d1eb6bbfd39e3 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -208,6 +208,7 @@ struct flush_tlb_info {
unsigned int initiating_cpu;
u8 stride_shift;
u8 freed_tables;
+ u8 trim_cpumask;
};
void flush_tlb_local(void);
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index c1e31e9a85d76..b07e2167fcebf 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -878,9 +878,36 @@ static void flush_tlb_func(void *info)
nr_invalidate);
}
-static bool tlb_is_not_lazy(int cpu, void *data)
+static bool should_flush_tlb(int cpu, void *data)
{
- return !per_cpu(cpu_tlbstate_shared.is_lazy, cpu);
+ struct flush_tlb_info *info = data;
+
+ /* Lazy TLB will get flushed at the next context switch. */
+ if (per_cpu(cpu_tlbstate_shared.is_lazy, cpu))
+ return false;
+
+ /* No mm means kernel memory flush. */
+ if (!info->mm)
+ return true;
+
+ /* The target mm is loaded, and the CPU is not lazy. */
+ if (per_cpu(cpu_tlbstate.loaded_mm, cpu) == info->mm)
+ return true;
+
+ /* In cpumask, but not the loaded mm? Periodically remove by flushing. */
+ if (info->trim_cpumask)
+ return true;
+
+ return false;
+}
+
+static bool should_trim_cpumask(struct mm_struct *mm)
+{
+ if (time_after(jiffies, READ_ONCE(mm->context.next_trim_cpumask))) {
+ WRITE_ONCE(mm->context.next_trim_cpumask, jiffies + HZ);
+ return true;
+ }
+ return false;
}
DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state_shared, cpu_tlbstate_shared);
@@ -914,7 +941,7 @@ STATIC_NOPV void native_flush_tlb_multi(const struct cpumask *cpumask,
if (info->freed_tables)
on_each_cpu_mask(cpumask, flush_tlb_func, (void *)info, true);
else
- on_each_cpu_cond_mask(tlb_is_not_lazy, flush_tlb_func,
+ on_each_cpu_cond_mask(should_flush_tlb, flush_tlb_func,
(void *)info, 1, cpumask);
}
@@ -965,6 +992,7 @@ static struct flush_tlb_info *get_flush_tlb_info(struct mm_struct *mm,
info->freed_tables = freed_tables;
info->new_tlb_gen = new_tlb_gen;
info->initiating_cpu = smp_processor_id();
+ info->trim_cpumask = 0;
return info;
}
@@ -1007,6 +1035,7 @@ void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
* flush_tlb_func_local() directly in this case.
*/
if (cpumask_any_but(mm_cpumask(mm), cpu) < nr_cpu_ids) {
+ info->trim_cpumask = should_trim_cpumask(mm);
flush_tlb_multi(mm_cpumask(mm), info);
} else if (mm == this_cpu_read(cpu_tlbstate.loaded_mm)) {
lockdep_assert_irqs_enabled();
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 494/578] orangefs: fix a oob in orangefs_debug_write
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (492 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 493/578] x86/mm/tlb: Only trim the mm_cpumask once a second Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 495/578] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Greg Kroah-Hartman
` (92 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mike Marshall,
syzbot+fc519d7875f2d9186c1f, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Marshall <hubcap@omnibond.com>
[ Upstream commit f7c848431632598ff9bce57a659db6af60d75b39 ]
I got a syzbot report: slab-out-of-bounds Read in
orangefs_debug_write... several people suggested fixes,
I tested Al Viro's suggestion and made this patch.
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
Reported-by: syzbot+fc519d7875f2d9186c1f@syzkaller.appspotmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/orangefs/orangefs-debugfs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/orangefs/orangefs-debugfs.c b/fs/orangefs/orangefs-debugfs.c
index 1b508f5433846..fa41db0884880 100644
--- a/fs/orangefs/orangefs-debugfs.c
+++ b/fs/orangefs/orangefs-debugfs.c
@@ -393,9 +393,9 @@ static ssize_t orangefs_debug_write(struct file *file,
* Thwart users who try to jamb a ridiculous number
* of bytes into the debug file...
*/
- if (count > ORANGEFS_MAX_DEBUG_STRING_LEN + 1) {
+ if (count > ORANGEFS_MAX_DEBUG_STRING_LEN) {
silly = count;
- count = ORANGEFS_MAX_DEBUG_STRING_LEN + 1;
+ count = ORANGEFS_MAX_DEBUG_STRING_LEN;
}
buf = kzalloc(ORANGEFS_MAX_DEBUG_STRING_LEN, GFP_KERNEL);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 495/578] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (493 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 494/578] orangefs: fix a oob in orangefs_debug_write Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 496/578] batman-adv: fix panic during interface removal Greg Kroah-Hartman
` (91 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Mark Brown,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 6917192378c1ce17ba31df51c4e0d8b1c97a453b ]
The Vexia EDU ATLA 10 tablet comes in 2 different versions with
significantly different mainboards. The only outward difference is that
the charging barrel on one is marked 5V and the other is marked 9V.
The 5V version mostly works with the BYTCR defaults, except that it is
missing a CHAN package in its ACPI tables and the default of using
SSP0-AIF2 is wrong, instead SSP0-AIF1 must be used. That and its jack
detect signal is not inverted as it usually is.
Add a DMI quirk for the 5V version to fix sound not working.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://patch.msgid.link/20250123132507.18434-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/bytcr_rt5640.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c
index e7d20011e2884..67b343632a10d 100644
--- a/sound/soc/intel/boards/bytcr_rt5640.c
+++ b/sound/soc/intel/boards/bytcr_rt5640.c
@@ -1122,7 +1122,22 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = {
BYT_RT5640_SSP0_AIF2 |
BYT_RT5640_MCLK_EN),
},
- { /* Vexia Edu Atla 10 tablet */
+ {
+ /* Vexia Edu Atla 10 tablet 5V version */
+ .matches = {
+ /* Having all 3 of these not set is somewhat unique */
+ DMI_MATCH(DMI_SYS_VENDOR, "To be filled by O.E.M."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "To be filled by O.E.M."),
+ DMI_MATCH(DMI_BOARD_NAME, "To be filled by O.E.M."),
+ /* Above strings are too generic, also match on BIOS date */
+ DMI_MATCH(DMI_BIOS_DATE, "05/14/2015"),
+ },
+ .driver_data = (void *)(BYTCR_INPUT_DEFAULTS |
+ BYT_RT5640_JD_NOT_INV |
+ BYT_RT5640_SSP0_AIF1 |
+ BYT_RT5640_MCLK_EN),
+ },
+ { /* Vexia Edu Atla 10 tablet 9V version */
.matches = {
DMI_MATCH(DMI_BOARD_VENDOR, "AMI Corporation"),
DMI_MATCH(DMI_BOARD_NAME, "Aptio CRB"),
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 496/578] batman-adv: fix panic during interface removal
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (494 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 495/578] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 497/578] batman-adv: Ignore neighbor throughput metrics in error case Greg Kroah-Hartman
` (90 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Strohman, Sven Eckelmann,
Simon Wunderlich
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Strohman <andrew@andrewstrohman.com>
commit ccb7276a6d26d6f8416e315b43b45e15ee7f29e2 upstream.
Reference counting is used to ensure that
batadv_hardif_neigh_node and batadv_hard_iface
are not freed before/during
batadv_v_elp_throughput_metric_update work is
finished.
But there isn't a guarantee that the hard if will
remain associated with a soft interface up until
the work is finished.
This fixes a crash triggered by reboot that looks
like this:
Call trace:
batadv_v_mesh_free+0xd0/0x4dc [batman_adv]
batadv_v_elp_throughput_metric_update+0x1c/0xa4
process_one_work+0x178/0x398
worker_thread+0x2e8/0x4d0
kthread+0xd8/0xdc
ret_from_fork+0x10/0x20
(the batadv_v_mesh_free call is misleading,
and does not actually happen)
I was able to make the issue happen more reliably
by changing hardif_neigh->bat_v.metric_work work
to be delayed work. This allowed me to track down
and confirm the fix.
Cc: stable@vger.kernel.org
Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput")
Signed-off-by: Andy Strohman <andrew@andrewstrohman.com>
[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without
soft_iface]
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/bat_v_elp.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/net/batman-adv/bat_v_elp.c
+++ b/net/batman-adv/bat_v_elp.c
@@ -67,12 +67,19 @@ static void batadv_v_elp_start_timer(str
static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
{
struct batadv_hard_iface *hard_iface = neigh->if_incoming;
+ struct net_device *soft_iface = hard_iface->soft_iface;
struct ethtool_link_ksettings link_settings;
struct net_device *real_netdev;
struct station_info sinfo;
u32 throughput;
int ret;
+ /* don't query throughput when no longer associated with any
+ * batman-adv interface
+ */
+ if (!soft_iface)
+ return BATADV_THROUGHPUT_DEFAULT_VALUE;
+
/* if the user specified a customised value for this interface, then
* return it directly
*/
@@ -142,7 +149,7 @@ static u32 batadv_v_elp_get_throughput(s
default_throughput:
if (!(hard_iface->bat_v.flags & BATADV_WARNING_DEFAULT)) {
- batadv_info(hard_iface->soft_iface,
+ batadv_info(soft_iface,
"WiFi driver or ethtool info does not provide information about link speeds on interface %s, therefore defaulting to hardcoded throughput values of %u.%1u Mbps. Consider overriding the throughput manually or checking your driver.\n",
hard_iface->net_dev->name,
BATADV_THROUGHPUT_DEFAULT_VALUE / 10,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 497/578] batman-adv: Ignore neighbor throughput metrics in error case
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (495 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 496/578] batman-adv: fix panic during interface removal Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 498/578] batman-adv: Drop unmanaged ELP metric worker Greg Kroah-Hartman
` (89 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sven Eckelmann, Simon Wunderlich
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sven Eckelmann <sven@narfation.org>
commit e7e34ffc976aaae4f465b7898303241b81ceefc3 upstream.
If a temporary error happened in the evaluation of the neighbor throughput
information, then the invalid throughput result should not be stored in the
throughtput EWMA.
Cc: stable@vger.kernel.org
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/bat_v_elp.c | 50 ++++++++++++++++++++++++++++++---------------
1 file changed, 34 insertions(+), 16 deletions(-)
--- a/net/batman-adv/bat_v_elp.c
+++ b/net/batman-adv/bat_v_elp.c
@@ -60,11 +60,13 @@ static void batadv_v_elp_start_timer(str
/**
* batadv_v_elp_get_throughput() - get the throughput towards a neighbour
* @neigh: the neighbour for which the throughput has to be obtained
+ * @pthroughput: calculated throughput towards the given neighbour in multiples
+ * of 100kpbs (a value of '1' equals 0.1Mbps, '10' equals 1Mbps, etc).
*
- * Return: The throughput towards the given neighbour in multiples of 100kpbs
- * (a value of '1' equals 0.1Mbps, '10' equals 1Mbps, etc).
+ * Return: true when value behind @pthroughput was set
*/
-static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
+static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh,
+ u32 *pthroughput)
{
struct batadv_hard_iface *hard_iface = neigh->if_incoming;
struct net_device *soft_iface = hard_iface->soft_iface;
@@ -78,14 +80,16 @@ static u32 batadv_v_elp_get_throughput(s
* batman-adv interface
*/
if (!soft_iface)
- return BATADV_THROUGHPUT_DEFAULT_VALUE;
+ return false;
/* if the user specified a customised value for this interface, then
* return it directly
*/
throughput = atomic_read(&hard_iface->bat_v.throughput_override);
- if (throughput != 0)
- return throughput;
+ if (throughput != 0) {
+ *pthroughput = throughput;
+ return true;
+ }
/* if this is a wireless device, then ask its throughput through
* cfg80211 API
@@ -112,19 +116,24 @@ static u32 batadv_v_elp_get_throughput(s
* possible to delete this neighbor. For now set
* the throughput metric to 0.
*/
- return 0;
+ *pthroughput = 0;
+ return true;
}
if (ret)
goto default_throughput;
- if (sinfo.filled & BIT(NL80211_STA_INFO_EXPECTED_THROUGHPUT))
- return sinfo.expected_throughput / 100;
+ if (sinfo.filled & BIT(NL80211_STA_INFO_EXPECTED_THROUGHPUT)) {
+ *pthroughput = sinfo.expected_throughput / 100;
+ return true;
+ }
/* try to estimate the expected throughput based on reported tx
* rates
*/
- if (sinfo.filled & BIT(NL80211_STA_INFO_TX_BITRATE))
- return cfg80211_calculate_bitrate(&sinfo.txrate) / 3;
+ if (sinfo.filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
+ *pthroughput = cfg80211_calculate_bitrate(&sinfo.txrate) / 3;
+ return true;
+ }
goto default_throughput;
}
@@ -143,8 +152,10 @@ static u32 batadv_v_elp_get_throughput(s
hard_iface->bat_v.flags &= ~BATADV_FULL_DUPLEX;
throughput = link_settings.base.speed;
- if (throughput && throughput != SPEED_UNKNOWN)
- return throughput * 10;
+ if (throughput && throughput != SPEED_UNKNOWN) {
+ *pthroughput = throughput * 10;
+ return true;
+ }
}
default_throughput:
@@ -158,7 +169,8 @@ default_throughput:
}
/* if none of the above cases apply, return the base_throughput */
- return BATADV_THROUGHPUT_DEFAULT_VALUE;
+ *pthroughput = BATADV_THROUGHPUT_DEFAULT_VALUE;
+ return true;
}
/**
@@ -170,15 +182,21 @@ void batadv_v_elp_throughput_metric_upda
{
struct batadv_hardif_neigh_node_bat_v *neigh_bat_v;
struct batadv_hardif_neigh_node *neigh;
+ u32 throughput;
+ bool valid;
neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v,
metric_work);
neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node,
bat_v);
- ewma_throughput_add(&neigh->bat_v.throughput,
- batadv_v_elp_get_throughput(neigh));
+ valid = batadv_v_elp_get_throughput(neigh, &throughput);
+ if (!valid)
+ goto put_neigh;
+
+ ewma_throughput_add(&neigh->bat_v.throughput, throughput);
+put_neigh:
/* decrement refcounter to balance increment performed before scheduling
* this task
*/
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 498/578] batman-adv: Drop unmanaged ELP metric worker
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (496 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 497/578] batman-adv: Ignore neighbor throughput metrics in error case Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 499/578] drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Greg Kroah-Hartman
` (88 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sven Eckelmann, Simon Wunderlich
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sven Eckelmann <sven@narfation.org>
commit 8c8ecc98f5c65947b0070a24bac11e12e47cc65d upstream.
The ELP worker needs to calculate new metric values for all neighbors
"reachable" over an interface. Some of the used metric sources require
locks which might need to sleep. This sleep is incompatible with the RCU
list iterator used for the recorded neighbors. The initial approach to work
around of this problem was to queue another work item per neighbor and then
run this in a new context.
Even when this solved the RCU vs might_sleep() conflict, it has a major
problems: Nothing was stopping the work item in case it is not needed
anymore - for example because one of the related interfaces was removed or
the batman-adv module was unloaded - resulting in potential invalid memory
accesses.
Directly canceling the metric worker also has various problems:
* cancel_work_sync for a to-be-deactivated interface is called with
rtnl_lock held. But the code in the ELP metric worker also tries to use
rtnl_lock() - which will never return in this case. This also means that
cancel_work_sync would never return because it is waiting for the worker
to finish.
* iterating over the neighbor list for the to-be-deactivated interface is
currently done using the RCU specific methods. Which means that it is
possible to miss items when iterating over it without the associated
spinlock - a behaviour which is acceptable for a periodic metric check
but not for a cleanup routine (which must "stop" all still running
workers)
The better approch is to get rid of the per interface neighbor metric
worker and handle everything in the interface worker. The original problems
are solved by:
* creating a list of neighbors which require new metric information inside
the RCU protected context, gathering the metric according to the new list
outside the RCU protected context
* only use rcu_trylock inside metric gathering code to avoid a deadlock
when the cancel_delayed_work_sync is called in the interface removal code
(which is called with the rtnl_lock held)
Cc: stable@vger.kernel.org
Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/bat_v.c | 2 -
net/batman-adv/bat_v_elp.c | 71 ++++++++++++++++++++++++++++++---------------
net/batman-adv/bat_v_elp.h | 2 -
net/batman-adv/types.h | 3 -
4 files changed, 48 insertions(+), 30 deletions(-)
--- a/net/batman-adv/bat_v.c
+++ b/net/batman-adv/bat_v.c
@@ -113,8 +113,6 @@ static void
batadv_v_hardif_neigh_init(struct batadv_hardif_neigh_node *hardif_neigh)
{
ewma_throughput_init(&hardif_neigh->bat_v.throughput);
- INIT_WORK(&hardif_neigh->bat_v.metric_work,
- batadv_v_elp_throughput_metric_update);
}
/**
--- a/net/batman-adv/bat_v_elp.c
+++ b/net/batman-adv/bat_v_elp.c
@@ -18,6 +18,7 @@
#include <linux/if_ether.h>
#include <linux/jiffies.h>
#include <linux/kref.h>
+#include <linux/list.h>
#include <linux/minmax.h>
#include <linux/netdevice.h>
#include <linux/nl80211.h>
@@ -27,6 +28,7 @@
#include <linux/rcupdate.h>
#include <linux/rtnetlink.h>
#include <linux/skbuff.h>
+#include <linux/slab.h>
#include <linux/stddef.h>
#include <linux/string.h>
#include <linux/types.h>
@@ -43,6 +45,18 @@
#include "send.h"
/**
+ * struct batadv_v_metric_queue_entry - list of hardif neighbors which require
+ * and metric update
+ */
+struct batadv_v_metric_queue_entry {
+ /** @hardif_neigh: hardif neighbor scheduled for metric update */
+ struct batadv_hardif_neigh_node *hardif_neigh;
+
+ /** @list: list node for metric_queue */
+ struct list_head list;
+};
+
+/**
* batadv_v_elp_start_timer() - restart timer for ELP periodic work
* @hard_iface: the interface for which the timer has to be reset
*/
@@ -138,10 +152,17 @@ static bool batadv_v_elp_get_throughput(
goto default_throughput;
}
+ /* only use rtnl_trylock because the elp worker will be cancelled while
+ * the rntl_lock is held. the cancel_delayed_work_sync() would otherwise
+ * wait forever when the elp work_item was started and it is then also
+ * trying to rtnl_lock
+ */
+ if (!rtnl_trylock())
+ return false;
+
/* if not a wifi interface, check if this device provides data via
* ethtool (e.g. an Ethernet adapter)
*/
- rtnl_lock();
ret = __ethtool_get_link_ksettings(hard_iface->net_dev, &link_settings);
rtnl_unlock();
if (ret == 0) {
@@ -176,31 +197,19 @@ default_throughput:
/**
* batadv_v_elp_throughput_metric_update() - worker updating the throughput
* metric of a single hop neighbour
- * @work: the work queue item
+ * @neigh: the neighbour to probe
*/
-void batadv_v_elp_throughput_metric_update(struct work_struct *work)
+static void
+batadv_v_elp_throughput_metric_update(struct batadv_hardif_neigh_node *neigh)
{
- struct batadv_hardif_neigh_node_bat_v *neigh_bat_v;
- struct batadv_hardif_neigh_node *neigh;
u32 throughput;
bool valid;
- neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v,
- metric_work);
- neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node,
- bat_v);
-
valid = batadv_v_elp_get_throughput(neigh, &throughput);
if (!valid)
- goto put_neigh;
+ return;
ewma_throughput_add(&neigh->bat_v.throughput, throughput);
-
-put_neigh:
- /* decrement refcounter to balance increment performed before scheduling
- * this task
- */
- batadv_hardif_neigh_put(neigh);
}
/**
@@ -274,14 +283,16 @@ batadv_v_elp_wifi_neigh_probe(struct bat
*/
static void batadv_v_elp_periodic_work(struct work_struct *work)
{
+ struct batadv_v_metric_queue_entry *metric_entry;
+ struct batadv_v_metric_queue_entry *metric_safe;
struct batadv_hardif_neigh_node *hardif_neigh;
struct batadv_hard_iface *hard_iface;
struct batadv_hard_iface_bat_v *bat_v;
struct batadv_elp_packet *elp_packet;
+ struct list_head metric_queue;
struct batadv_priv *bat_priv;
struct sk_buff *skb;
u32 elp_interval;
- bool ret;
bat_v = container_of(work, struct batadv_hard_iface_bat_v, elp_wq.work);
hard_iface = container_of(bat_v, struct batadv_hard_iface, bat_v);
@@ -317,6 +328,8 @@ static void batadv_v_elp_periodic_work(s
atomic_inc(&hard_iface->bat_v.elp_seqno);
+ INIT_LIST_HEAD(&metric_queue);
+
/* The throughput metric is updated on each sent packet. This way, if a
* node is dead and no longer sends packets, batman-adv is still able to
* react timely to its death.
@@ -341,16 +354,28 @@ static void batadv_v_elp_periodic_work(s
/* Reading the estimated throughput from cfg80211 is a task that
* may sleep and that is not allowed in an rcu protected
- * context. Therefore schedule a task for that.
+ * context. Therefore add it to metric_queue and process it
+ * outside rcu protected context.
*/
- ret = queue_work(batadv_event_workqueue,
- &hardif_neigh->bat_v.metric_work);
-
- if (!ret)
+ metric_entry = kzalloc(sizeof(*metric_entry), GFP_ATOMIC);
+ if (!metric_entry) {
batadv_hardif_neigh_put(hardif_neigh);
+ continue;
+ }
+
+ metric_entry->hardif_neigh = hardif_neigh;
+ list_add(&metric_entry->list, &metric_queue);
}
rcu_read_unlock();
+ list_for_each_entry_safe(metric_entry, metric_safe, &metric_queue, list) {
+ batadv_v_elp_throughput_metric_update(metric_entry->hardif_neigh);
+
+ batadv_hardif_neigh_put(metric_entry->hardif_neigh);
+ list_del(&metric_entry->list);
+ kfree(metric_entry);
+ }
+
restart_timer:
batadv_v_elp_start_timer(hard_iface);
out:
--- a/net/batman-adv/bat_v_elp.h
+++ b/net/batman-adv/bat_v_elp.h
@@ -10,7 +10,6 @@
#include "main.h"
#include <linux/skbuff.h>
-#include <linux/workqueue.h>
int batadv_v_elp_iface_enable(struct batadv_hard_iface *hard_iface);
void batadv_v_elp_iface_disable(struct batadv_hard_iface *hard_iface);
@@ -19,6 +18,5 @@ void batadv_v_elp_iface_activate(struct
void batadv_v_elp_primary_iface_set(struct batadv_hard_iface *primary_iface);
int batadv_v_elp_packet_recv(struct sk_buff *skb,
struct batadv_hard_iface *if_incoming);
-void batadv_v_elp_throughput_metric_update(struct work_struct *work);
#endif /* _NET_BATMAN_ADV_BAT_V_ELP_H_ */
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -596,9 +596,6 @@ struct batadv_hardif_neigh_node_bat_v {
* neighbor
*/
unsigned long last_unicast_tx;
-
- /** @metric_work: work queue callback item for metric update */
- struct work_struct metric_work;
};
/**
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 499/578] drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (497 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 498/578] batman-adv: Drop unmanaged ELP metric worker Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 500/578] KVM: x86: Reject Hyper-Vs SEND_IPI hypercalls if local APIC isnt in-kernel Greg Kroah-Hartman
` (87 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lijo Lazar, Jiang Liu, Alex Deucher
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiang Liu <gerry@linux.alibaba.com>
commit 1abb2648698bf10783d2236a6b4a7ca5e8021699 upstream.
It malicious user provides a small pptable through sysfs and then
a bigger pptable, it may cause buffer overflow attack in function
smu_sys_set_pp_table().
Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
@@ -516,7 +516,8 @@ static int smu_sys_set_pp_table(void *ha
return -EIO;
}
- if (!smu_table->hardcode_pptable) {
+ if (!smu_table->hardcode_pptable || smu_table->power_play_table_size < size) {
+ kfree(smu_table->hardcode_pptable);
smu_table->hardcode_pptable = kzalloc(size, GFP_KERNEL);
if (!smu_table->hardcode_pptable)
return -ENOMEM;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 500/578] KVM: x86: Reject Hyper-Vs SEND_IPI hypercalls if local APIC isnt in-kernel
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (498 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 499/578] drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 501/578] KVM: nSVM: Enter guest mode before initializing nested NPT MMU Greg Kroah-Hartman
` (86 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dongjie Zou, Vitaly Kuznetsov,
Sean Christopherson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
commit a8de7f100bb5989d9c3627d3a223ee1c863f3b69 upstream.
Advertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if and
only if the local API is emulated/virtualized by KVM, and explicitly reject
said hypercalls if the local APIC is emulated in userspace, i.e. don't rely
on userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.
Rejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if
Hyper-V enlightenments are exposed to the guest without an in-kernel local
APIC:
dump_stack+0xbe/0xfd
__kasan_report.cold+0x34/0x84
kasan_report+0x3a/0x50
__apic_accept_irq+0x3a/0x5c0
kvm_hv_send_ipi.isra.0+0x34e/0x820
kvm_hv_hypercall+0x8d9/0x9d0
kvm_emulate_hypercall+0x506/0x7e0
__vmx_handle_exit+0x283/0xb60
vmx_handle_exit+0x1d/0xd0
vcpu_enter_guest+0x16b0/0x24c0
vcpu_run+0xc0/0x550
kvm_arch_vcpu_ioctl_run+0x170/0x6d0
kvm_vcpu_ioctl+0x413/0xb20
__se_sys_ioctl+0x111/0x160
do_syscal1_64+0x30/0x40
entry_SYSCALL_64_after_hwframe+0x67/0xd1
Note, checking the sending vCPU is sufficient, as the per-VM irqchip_mode
can't be modified after vCPUs are created, i.e. if one vCPU has an
in-kernel local APIC, then all vCPUs have an in-kernel local APIC.
Reported-by: Dongjie Zou <zoudongjie@huawei.com>
Fixes: 214ff83d4473 ("KVM: x86: hyperv: implement PV IPI send hypercalls")
Fixes: 2bc39970e932 ("x86/kvm/hyper-v: Introduce KVM_GET_SUPPORTED_HV_CPUID")
Cc: stable@vger.kernel.org
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Link: https://lore.kernel.org/r/20250118003454.2619573-2-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/hyperv.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/arch/x86/kvm/hyperv.c
+++ b/arch/x86/kvm/hyperv.c
@@ -1915,6 +1915,9 @@ static u64 kvm_hv_send_ipi(struct kvm_vc
u32 vector;
bool all_cpus;
+ if (!lapic_in_kernel(vcpu))
+ return HV_STATUS_INVALID_HYPERCALL_INPUT;
+
if (hc->code == HVCALL_SEND_IPI) {
if (!hc->fast) {
if (unlikely(kvm_read_guest(kvm, hc->ingpa, &send_ipi,
@@ -2518,7 +2521,8 @@ int kvm_get_hv_cpuid(struct kvm_vcpu *vc
ent->eax |= HV_X64_REMOTE_TLB_FLUSH_RECOMMENDED;
ent->eax |= HV_X64_APIC_ACCESS_RECOMMENDED;
ent->eax |= HV_X64_RELAXED_TIMING_RECOMMENDED;
- ent->eax |= HV_X64_CLUSTER_IPI_RECOMMENDED;
+ if (!vcpu || lapic_in_kernel(vcpu))
+ ent->eax |= HV_X64_CLUSTER_IPI_RECOMMENDED;
ent->eax |= HV_X64_EX_PROCESSOR_MASKS_RECOMMENDED;
if (evmcs_ver)
ent->eax |= HV_X64_ENLIGHTENED_VMCS_RECOMMENDED;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 501/578] KVM: nSVM: Enter guest mode before initializing nested NPT MMU
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (499 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 500/578] KVM: x86: Reject Hyper-Vs SEND_IPI hypercalls if local APIC isnt in-kernel Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 502/578] perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Greg Kroah-Hartman
` (85 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yosry Ahmed, Sean Christopherson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
commit 46d6c6f3ef0eaff71c2db6d77d4e2ebb7adac34f upstream.
When preparing vmcb02 for nested VMRUN (or state restore), "enter" guest
mode prior to initializing the MMU for nested NPT so that guest_mode is
set in the MMU's role. KVM's model is that all L2 MMUs are tagged with
guest_mode, as the behavior of hypervisor MMUs tends to be significantly
different than kernel MMUs.
Practically speaking, the bug is relatively benign, as KVM only directly
queries role.guest_mode in kvm_mmu_free_guest_mode_roots() and
kvm_mmu_page_ad_need_write_protect(), which SVM doesn't use, and in paths
that are optimizations (mmu_page_zap_pte() and
shadow_mmu_try_split_huge_pages()).
And while the role is incorprated into shadow page usage, because nested
NPT requires KVM to be using NPT for L1, reusing shadow pages across L1
and L2 is impossible as L1 MMUs will always have direct=1, while L2 MMUs
will have direct=0.
Hoist the TLB processing and setting of HF_GUEST_MASK to the beginning
of the flow instead of forcing guest_mode in the MMU, as nothing in
nested_vmcb02_prepare_control() between the old and new locations touches
TLB flush requests or HF_GUEST_MASK, i.e. there's no reason to present
inconsistent vCPU state to the MMU.
Fixes: 69cb877487de ("KVM: nSVM: move MMU setup to nested_prepare_vmcb_control")
Cc: stable@vger.kernel.org
Reported-by: Yosry Ahmed <yosry.ahmed@linux.dev>
Reviewed-by: Yosry Ahmed <yosry.ahmed@linux.dev>
Link: https://lore.kernel.org/r/20250130010825.220346-1-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/mmu/mmu.c | 2 +-
arch/x86/kvm/svm/nested.c | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -5150,7 +5150,7 @@ void kvm_init_shadow_npt_mmu(struct kvm_
union kvm_mmu_page_role root_role;
/* NPT requires CR0.PG=1. */
- WARN_ON_ONCE(cpu_role.base.direct);
+ WARN_ON_ONCE(cpu_role.base.direct || !cpu_role.base.guest_mode);
root_role = cpu_role.base;
root_role.level = kvm_mmu_get_tdp_level(vcpu);
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -619,6 +619,11 @@ static void nested_vmcb02_prepare_contro
u32 pause_count12;
u32 pause_thresh12;
+ nested_svm_transition_tlb_flush(vcpu);
+
+ /* Enter Guest-Mode */
+ enter_guest_mode(vcpu);
+
/*
* Filled at exit: exit_code, exit_code_hi, exit_info_1, exit_info_2,
* exit_int_info, exit_int_info_err, next_rip, insn_len, insn_bytes.
@@ -717,11 +722,6 @@ static void nested_vmcb02_prepare_contro
}
}
- nested_svm_transition_tlb_flush(vcpu);
-
- /* Enter Guest-Mode */
- enter_guest_mode(vcpu);
-
/*
* Merge guest and host intercepts - must be called with vcpu in
* guest-mode to take effect.
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 502/578] perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (500 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 501/578] KVM: nSVM: Enter guest mode before initializing nested NPT MMU Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 503/578] usb: dwc3: Fix timeout issue during controller enter/exit from halt state Greg Kroah-Hartman
` (84 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxim Levitsky, Sean Christopherson,
Peter Zijlstra (Intel)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
commit c631a2de7ae48d50434bdc205d901423f8577c65 upstream.
Explicitly clear DEBUGCTL.LBR when a CPU is starting, prior to purging the
LBR MSRs themselves, as at least one system has been found to transfer
control to the kernel with LBRs enabled (it's unclear whether it's a BIOS
flaw or a CPU goof). Because the kernel preserves the original DEBUGCTL,
even when toggling LBRs, leaving DEBUGCTL.LBR as is results in running
with LBRs enabled at all times.
Closes: https://lore.kernel.org/all/c9d8269bff69f6359731d758e3b1135dedd7cc61.camel@redhat.com
Reported-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20250131010721.470503-1-seanjc@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/events/intel/core.c | 5 ++++-
arch/x86/include/asm/msr-index.h | 3 ++-
2 files changed, 6 insertions(+), 2 deletions(-)
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -4582,8 +4582,11 @@ static void intel_pmu_cpu_starting(int c
init_debug_store_on_cpu(cpu);
/*
- * Deal with CPUs that don't clear their LBRs on power-up.
+ * Deal with CPUs that don't clear their LBRs on power-up, and that may
+ * even boot with LBRs enabled.
*/
+ if (!static_cpu_has(X86_FEATURE_ARCH_LBR) && x86_pmu.lbr_nr)
+ msr_clear_bit(MSR_IA32_DEBUGCTLMSR, DEBUGCTLMSR_LBR_BIT);
intel_pmu_lbr_reset();
cpuc->lbr_sel = NULL;
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -357,7 +357,8 @@
#define MSR_IA32_PASID_VALID BIT_ULL(31)
/* DEBUGCTLMSR bits (others vary by model): */
-#define DEBUGCTLMSR_LBR (1UL << 0) /* last branch recording */
+#define DEBUGCTLMSR_LBR_BIT 0 /* last branch recording */
+#define DEBUGCTLMSR_LBR (1UL << DEBUGCTLMSR_LBR_BIT)
#define DEBUGCTLMSR_BTF_SHIFT 1
#define DEBUGCTLMSR_BTF (1UL << 1) /* single-step on branches */
#define DEBUGCTLMSR_BUS_LOCK_DETECT (1UL << 2)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 503/578] usb: dwc3: Fix timeout issue during controller enter/exit from halt state
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (501 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 502/578] perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 504/578] usb: roles: set switch registered flag early on Greg Kroah-Hartman
` (83 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Selvarasu Ganesan,
Thinh Nguyen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Selvarasu Ganesan <selvarasu.g@samsung.com>
commit d3a8c28426fc1fb3252753a9f1db0d691ffc21b0 upstream.
There is a frequent timeout during controller enter/exit from halt state
after toggling the run_stop bit by SW. This timeout occurs when
performing frequent role switches between host and device, causing
device enumeration issues due to the timeout. This issue was not present
when USB2 suspend PHY was disabled by passing the SNPS quirks
(snps,dis_u2_susphy_quirk and snps,dis_enblslpm_quirk) from the DTS.
However, there is a requirement to enable USB2 suspend PHY by setting of
GUSB2PHYCFG.ENBLSLPM and GUSB2PHYCFG.SUSPHY bits when controller starts
in gadget or host mode results in the timeout issue.
This commit addresses this timeout issue by ensuring that the bits
GUSB2PHYCFG.ENBLSLPM and GUSB2PHYCFG.SUSPHY are cleared before starting
the dwc3_gadget_run_stop sequence and restoring them after the
dwc3_gadget_run_stop sequence is completed.
Fixes: 72246da40f37 ("usb: Introduce DesignWare USB3 DRD Driver")
Cc: stable <stable@kernel.org>
Signed-off-by: Selvarasu Ganesan <selvarasu.g@samsung.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/20250201163903.459-1-selvarasu.g@samsung.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/gadget.c | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -2485,10 +2485,38 @@ static int dwc3_gadget_run_stop(struct d
{
u32 reg;
u32 timeout = 2000;
+ u32 saved_config = 0;
if (pm_runtime_suspended(dwc->dev))
return 0;
+ /*
+ * When operating in USB 2.0 speeds (HS/FS), ensure that
+ * GUSB2PHYCFG.ENBLSLPM and GUSB2PHYCFG.SUSPHY are cleared before starting
+ * or stopping the controller. This resolves timeout issues that occur
+ * during frequent role switches between host and device modes.
+ *
+ * Save and clear these settings, then restore them after completing the
+ * controller start or stop sequence.
+ *
+ * This solution was discovered through experimentation as it is not
+ * mentioned in the dwc3 programming guide. It has been tested on an
+ * Exynos platforms.
+ */
+ reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0));
+ if (reg & DWC3_GUSB2PHYCFG_SUSPHY) {
+ saved_config |= DWC3_GUSB2PHYCFG_SUSPHY;
+ reg &= ~DWC3_GUSB2PHYCFG_SUSPHY;
+ }
+
+ if (reg & DWC3_GUSB2PHYCFG_ENBLSLPM) {
+ saved_config |= DWC3_GUSB2PHYCFG_ENBLSLPM;
+ reg &= ~DWC3_GUSB2PHYCFG_ENBLSLPM;
+ }
+
+ if (saved_config)
+ dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg);
+
reg = dwc3_readl(dwc->regs, DWC3_DCTL);
if (is_on) {
if (DWC3_VER_IS_WITHIN(DWC3, ANY, 187A)) {
@@ -2516,6 +2544,12 @@ static int dwc3_gadget_run_stop(struct d
reg &= DWC3_DSTS_DEVCTRLHLT;
} while (--timeout && !(!is_on ^ !reg));
+ if (saved_config) {
+ reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0));
+ reg |= saved_config;
+ dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg);
+ }
+
if (!timeout)
return -ETIMEDOUT;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 504/578] usb: roles: set switch registered flag early on
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (502 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 503/578] usb: dwc3: Fix timeout issue during controller enter/exit from halt state Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 505/578] usb: gadget: udc: renesas_usb3: Fix compiler warning Greg Kroah-Hartman
` (82 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Elson Roy Serrao,
Heikki Krogerus
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Elson Roy Serrao <quic_eserrao@quicinc.com>
commit 634775a752a86784511018a108f3b530cc3399a7 upstream.
The role switch registration and set_role() can happen in parallel as they
are invoked independent of each other. There is a possibility that a driver
might spend significant amount of time in usb_role_switch_register() API
due to the presence of time intensive operations like component_add()
which operate under common mutex. This leads to a time window after
allocating the switch and before setting the registered flag where the set
role notifications are dropped. Below timeline summarizes this behavior
Thread1 | Thread2
usb_role_switch_register() |
| |
---> allocate switch |
| |
---> component_add() | usb_role_switch_set_role()
| | |
| | --> Drop role notifications
| | since sw->registered
| | flag is not set.
| |
--->Set registered flag.|
To avoid this, set the registered flag early on in the switch register
API.
Fixes: b787a3e78175 ("usb: roles: don't get/set_role() when usb_role_switch is unregistered")
Cc: stable <stable@kernel.org>
Signed-off-by: Elson Roy Serrao <quic_eserrao@quicinc.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20250206193950.22421-1-quic_eserrao@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/roles/class.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/usb/roles/class.c
+++ b/drivers/usb/roles/class.c
@@ -354,14 +354,15 @@ usb_role_switch_register(struct device *
dev_set_name(&sw->dev, "%s-role-switch",
desc->name ? desc->name : dev_name(parent));
+ sw->registered = true;
+
ret = device_register(&sw->dev);
if (ret) {
+ sw->registered = false;
put_device(&sw->dev);
return ERR_PTR(ret);
}
- sw->registered = true;
-
/* TODO: Symlinks for the host port and the device controller. */
return sw;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 505/578] usb: gadget: udc: renesas_usb3: Fix compiler warning
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (503 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 504/578] usb: roles: set switch registered flag early on Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 506/578] usb: dwc2: gadget: remove of_node reference upon udc_stop Greg Kroah-Hartman
` (81 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, kernel test robot, Guo Ren
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guo Ren <guoren@linux.alibaba.com>
commit 335a1fc1193481f8027f176649c72868172f6f8b upstream.
drivers/usb/gadget/udc/renesas_usb3.c: In function 'renesas_usb3_probe':
drivers/usb/gadget/udc/renesas_usb3.c:2638:73: warning: '%d'
directive output may be truncated writing between 1 and 11 bytes into a
region of size 6 [-Wformat-truncation=]
2638 | snprintf(usb3_ep->ep_name, sizeof(usb3_ep->ep_name), "ep%d", i);
^~~~~~~~~~~~~~~~~~~~~~~~ ^~ ^
Fixes: 746bfe63bba3 ("usb: gadget: renesas_usb3: add support for Renesas USB3.0 peripheral controller")
Cc: stable@vger.kernel.org
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202501201409.BIQPtkeB-lkp@intel.com/
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Link: https://lore.kernel.org/r/20250122081231.47594-1-guoren@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/udc/renesas_usb3.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/gadget/udc/renesas_usb3.c
+++ b/drivers/usb/gadget/udc/renesas_usb3.c
@@ -309,7 +309,7 @@ struct renesas_usb3_request {
struct list_head queue;
};
-#define USB3_EP_NAME_SIZE 8
+#define USB3_EP_NAME_SIZE 16
struct renesas_usb3_ep {
struct usb_ep ep;
struct renesas_usb3 *usb3;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 506/578] usb: dwc2: gadget: remove of_node reference upon udc_stop
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (504 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 505/578] usb: gadget: udc: renesas_usb3: Fix compiler warning Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 507/578] USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Greg Kroah-Hartman
` (80 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Fabrice Gasnier
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fabrice Gasnier <fabrice.gasnier@foss.st.com>
commit 58cd423820d5b5610977e55e4acdd06628829ede upstream.
In dwc2_hsotg_udc_start(), e.g. when binding composite driver, "of_node"
is set to hsotg->dev->of_node.
It causes errors when binding the gadget driver several times, on
stm32mp157c-ev1 board. Below error is seen:
"pin PA10 already requested by 49000000.usb-otg; cannot claim for gadget.0"
The first time, no issue is seen as when registering the driver, of_node
isn't NULL:
-> gadget_dev_desc_UDC_store
-> usb_gadget_register_driver_owner
-> driver_register
...
-> really_probe -> pinctrl_bind_pins (no effect)
Then dwc2_hsotg_udc_start() sets of_node.
The second time (stop the gadget, reconfigure it, then start it again),
of_node has been set, so the probing code tries to acquire pins for the
gadget. These pins are hold by the controller, hence the error.
So clear gadget.dev.of_node in udc_stop() routine to avoid the issue.
Fixes: 7d7b22928b90 ("usb: gadget: s3c-hsotg: Propagate devicetree to gadget drivers")
Cc: stable <stable@kernel.org>
Signed-off-by: Fabrice Gasnier <fabrice.gasnier@foss.st.com>
Link: https://lore.kernel.org/r/20250124173325.2747710-1-fabrice.gasnier@foss.st.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc2/gadget.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/dwc2/gadget.c
+++ b/drivers/usb/dwc2/gadget.c
@@ -4613,6 +4613,7 @@ static int dwc2_hsotg_udc_stop(struct us
spin_lock_irqsave(&hsotg->lock, flags);
hsotg->driver = NULL;
+ hsotg->gadget.dev.of_node = NULL;
hsotg->gadget.speed = USB_SPEED_UNKNOWN;
hsotg->enabled = 0;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 507/578] USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (505 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 506/578] usb: dwc2: gadget: remove of_node reference upon udc_stop Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 508/578] usb: core: fix pipe creation for get_bMaxPacketSize0 Greg Kroah-Hartman
` (79 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Baoqi Zhang, Huacai Chen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Huacai Chen <chenhuacai@loongson.cn>
commit e71f7f42e3c874ac3314b8f250e8416a706165af upstream.
LS7A EHCI controller doesn't have extended capabilities, so the EECP
(EHCI Extended Capabilities Pointer) field of HCCPARAMS register should
be 0x0, but it reads as 0xa0 now. This is a hardware flaw and will be
fixed in future, now just clear the EECP field to avoid error messages
on boot:
......
[ 0.581675] pci 0000:00:04.1: EHCI: unrecognized capability ff
[ 0.581699] pci 0000:00:04.1: EHCI: unrecognized capability ff
[ 0.581716] pci 0000:00:04.1: EHCI: unrecognized capability ff
[ 0.581851] pci 0000:00:04.1: EHCI: unrecognized capability ff
......
[ 0.581916] pci 0000:00:05.1: EHCI: unrecognized capability ff
[ 0.581951] pci 0000:00:05.1: EHCI: unrecognized capability ff
[ 0.582704] pci 0000:00:05.1: EHCI: unrecognized capability ff
[ 0.582799] pci 0000:00:05.1: EHCI: unrecognized capability ff
......
Cc: stable <stable@kernel.org>
Signed-off-by: Baoqi Zhang <zhangbaoqi@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Link: https://lore.kernel.org/r/20250202124935.480500-1-chenhuacai@loongson.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/pci-quirks.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/usb/host/pci-quirks.c
+++ b/drivers/usb/host/pci-quirks.c
@@ -946,6 +946,15 @@ static void quirk_usb_disable_ehci(struc
* booting from USB disk or using a usb keyboard
*/
hcc_params = readl(base + EHCI_HCC_PARAMS);
+
+ /* LS7A EHCI controller doesn't have extended capabilities, the
+ * EECP (EHCI Extended Capabilities Pointer) field of HCCPARAMS
+ * register should be 0x0 but it reads as 0xa0. So clear it to
+ * avoid error messages on boot.
+ */
+ if (pdev->vendor == PCI_VENDOR_ID_LOONGSON && pdev->device == 0x7a14)
+ hcc_params &= ~(0xffL << 8);
+
offset = (hcc_params >> 8) & 0xff;
while (offset && --count) {
pci_read_config_dword(pdev, offset, &cap);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 508/578] usb: core: fix pipe creation for get_bMaxPacketSize0
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (506 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 507/578] USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 509/578] USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Greg Kroah-Hartman
` (78 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Stefan Eichenberger,
Alan Stern
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Eichenberger <stefan.eichenberger@toradex.com>
commit 4aac0db5a0ebc599d4ad9bf5ebab78afa1f33e10 upstream.
When usb_control_msg is used in the get_bMaxPacketSize0 function, the
USB pipe does not include the endpoint device number. This can cause
failures when a usb hub port is reinitialized after encountering a bad
cable connection. As a result, the system logs the following error
messages:
usb usb2-port1: cannot reset (err = -32)
usb usb2-port1: Cannot enable. Maybe the USB cable is bad?
usb usb2-port1: attempt power cycle
usb 2-1: new high-speed USB device number 5 using ci_hdrc
usb 2-1: device descriptor read/8, error -71
The problem began after commit 85d07c556216 ("USB: core: Unite old
scheme and new scheme descriptor reads"). There
usb_get_device_descriptor was replaced with get_bMaxPacketSize0. Unlike
usb_get_device_descriptor, the get_bMaxPacketSize0 function uses the
macro usb_rcvaddr0pipe, which does not include the endpoint device
number. usb_get_device_descriptor, on the other hand, used the macro
usb_rcvctrlpipe, which includes the endpoint device number.
By modifying the get_bMaxPacketSize0 function to use usb_rcvctrlpipe
instead of usb_rcvaddr0pipe, the issue can be resolved. This change will
ensure that the endpoint device number is included in the USB pipe,
preventing reinitialization failures. If the endpoint has not set the
device number yet, it will still work because the device number is 0 in
udev.
Cc: stable <stable@kernel.org>
Fixes: 85d07c556216 ("USB: core: Unite old scheme and new scheme descriptor reads")
Signed-off-by: Stefan Eichenberger <stefan.eichenberger@toradex.com>
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/20250203105840.17539-1-eichest@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hub.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -4651,7 +4651,6 @@ void usb_ep0_reinit(struct usb_device *u
EXPORT_SYMBOL_GPL(usb_ep0_reinit);
#define usb_sndaddr0pipe() (PIPE_CONTROL << 30)
-#define usb_rcvaddr0pipe() ((PIPE_CONTROL << 30) | USB_DIR_IN)
static int hub_set_address(struct usb_device *udev, int devnum)
{
@@ -4757,7 +4756,7 @@ static int get_bMaxPacketSize0(struct us
for (i = 0; i < GET_MAXPACKET0_TRIES; ++i) {
/* Start with invalid values in case the transfer fails */
buf->bDescriptorType = buf->bMaxPacketSize0 = 0;
- rc = usb_control_msg(udev, usb_rcvaddr0pipe(),
+ rc = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
USB_REQ_GET_DESCRIPTOR, USB_DIR_IN,
USB_DT_DEVICE << 8, 0,
buf, size,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 509/578] USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (507 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 508/578] usb: core: fix pipe creation for get_bMaxPacketSize0 Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 510/578] USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Greg Kroah-Hartman
` (77 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lei Huang, stable
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lei Huang <huanglei@kylinos.cn>
commit e169d96eecd447ff7fd7542ca5fa0911f5622054 upstream.
Teclast disk used on Huawei hisi platforms doesn't work well,
losing connectivity intermittently if LPM is enabled.
Add quirk disable LPM to resolve the issue.
Signed-off-by: Lei Huang <huanglei@kylinos.cn>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/20250212093829.7379-1-huanglei814@163.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -522,6 +522,9 @@ static const struct usb_device_id usb_qu
/* Blackmagic Design UltraStudio SDI */
{ USB_DEVICE(0x1edb, 0xbd4f), .driver_info = USB_QUIRK_NO_LPM },
+ /* Teclast disk */
+ { USB_DEVICE(0x1f75, 0x0917), .driver_info = USB_QUIRK_NO_LPM },
+
/* Hauppauge HVR-950q */
{ USB_DEVICE(0x2040, 0x7200), .driver_info =
USB_QUIRK_CONFIG_INTF_STRINGS },
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 510/578] USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (508 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 509/578] USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 511/578] usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Greg Kroah-Hartman
` (76 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Forest, Mathias Nyman
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit 159daf1258227f44b26b5d38f4aa8f37b8cca663 upstream.
The fastboot tool for communicating with Android bootloaders does not
work reliably with this device if USB 2 Link Power Management (LPM)
is enabled.
Various fastboot commands are affected, including the
following, which usually reproduces the problem within two tries:
fastboot getvar kernel
getvar:kernel FAILED (remote: 'GetVar Variable Not found')
This issue was hidden on many systems up until commit 63a1f8454962
("xhci: stored cached port capability values in one place") as the xhci
driver failed to detect USB 2 LPM support if USB 3 ports were listed
before USB 2 ports in the "supported protocol capabilities".
Adding the quirk resolves the issue. No drawbacks are expected since
the device uses different USB product IDs outside of fastboot mode, and
since fastboot commands worked before, until LPM was enabled on the
tested system by the aforementioned commit.
Based on a patch from Forest <forestix@nom.one> from which most of the
code and commit message is taken.
Cc: stable <stable@kernel.org>
Reported-by: Forest <forestix@nom.one>
Closes: https://lore.kernel.org/hk8umj9lv4l4qguftdq1luqtdrpa1gks5l@sonic.net
Tested-by: Forest <forestix@nom.one>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20250206151836.51742-1-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -432,6 +432,9 @@ static const struct usb_device_id usb_qu
{ USB_DEVICE(0x0c45, 0x7056), .driver_info =
USB_QUIRK_IGNORE_REMOTE_WAKEUP },
+ /* Sony Xperia XZ1 Compact (lilac) smartphone in fastboot mode */
+ { USB_DEVICE(0x0fce, 0x0dde), .driver_info = USB_QUIRK_NO_LPM },
+
/* Action Semiconductor flash disk */
{ USB_DEVICE(0x10d6, 0x2200), .driver_info =
USB_QUIRK_STRING_FETCH_255 },
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 511/578] usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (509 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 510/578] USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 512/578] USB: hub: Ignore non-compliant devices with too many configs or interfaces Greg Kroah-Hartman
` (75 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, John Keeping, Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Keeping <jkeeping@inmusicbrands.com>
commit da1668997052ed1cb00322e1f3b63702615c9429 upstream.
While the MIDI jacks are configured correctly, and the MIDIStreaming
endpoint descriptors are filled with the correct information,
bNumEmbMIDIJack and bLength are set incorrectly in these descriptors.
This does not matter when the numbers of in and out ports are equal, but
when they differ the host will receive broken descriptors with
uninitialized stack memory leaking into the descriptor for whichever
value is smaller.
The precise meaning of "in" and "out" in the port counts is not clearly
defined and can be confusing. But elsewhere the driver consistently
uses this to match the USB meaning of IN and OUT viewed from the host,
so that "in" ports send data to the host and "out" ports receive data
from it.
Cc: stable <stable@kernel.org>
Fixes: c8933c3f79568 ("USB: gadget: f_midi: allow a dynamic number of input and output ports")
Signed-off-by: John Keeping <jkeeping@inmusicbrands.com>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20250130195035.3883857-1-jkeeping@inmusicbrands.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_midi.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/usb/gadget/function/f_midi.c
+++ b/drivers/usb/gadget/function/f_midi.c
@@ -999,11 +999,11 @@ static int f_midi_bind(struct usb_config
}
/* configure the endpoint descriptors ... */
- ms_out_desc.bLength = USB_DT_MS_ENDPOINT_SIZE(midi->in_ports);
- ms_out_desc.bNumEmbMIDIJack = midi->in_ports;
+ ms_out_desc.bLength = USB_DT_MS_ENDPOINT_SIZE(midi->out_ports);
+ ms_out_desc.bNumEmbMIDIJack = midi->out_ports;
- ms_in_desc.bLength = USB_DT_MS_ENDPOINT_SIZE(midi->out_ports);
- ms_in_desc.bNumEmbMIDIJack = midi->out_ports;
+ ms_in_desc.bLength = USB_DT_MS_ENDPOINT_SIZE(midi->in_ports);
+ ms_in_desc.bNumEmbMIDIJack = midi->in_ports;
/* ... and add them to the list */
endpoint_descriptor_index = i;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 512/578] USB: hub: Ignore non-compliant devices with too many configs or interfaces
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (510 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 511/578] usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 513/578] USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Greg Kroah-Hartman
` (74 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Alan Stern, Robert Morris
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit 2240fed37afbcdb5e8b627bc7ad986891100e05d upstream.
Robert Morris created a test program which can cause
usb_hub_to_struct_hub() to dereference a NULL or inappropriate
pointer:
Oops: general protection fault, probably for non-canonical address
0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI
CPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14
Hardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110
...
Call Trace:
<TASK>
? die_addr+0x31/0x80
? exc_general_protection+0x1b4/0x3c0
? asm_exc_general_protection+0x26/0x30
? usb_hub_adjust_deviceremovable+0x78/0x110
hub_probe+0x7c7/0xab0
usb_probe_interface+0x14b/0x350
really_probe+0xd0/0x2d0
? __pfx___device_attach_driver+0x10/0x10
__driver_probe_device+0x6e/0x110
driver_probe_device+0x1a/0x90
__device_attach_driver+0x7e/0xc0
bus_for_each_drv+0x7f/0xd0
__device_attach+0xaa/0x1a0
bus_probe_device+0x8b/0xa0
device_add+0x62e/0x810
usb_set_configuration+0x65d/0x990
usb_generic_driver_probe+0x4b/0x70
usb_probe_device+0x36/0xd0
The cause of this error is that the device has two interfaces, and the
hub driver binds to interface 1 instead of interface 0, which is where
usb_hub_to_struct_hub() looks.
We can prevent the problem from occurring by refusing to accept hub
devices that violate the USB spec by having more than one
configuration or interface.
Reported-and-tested-by: Robert Morris <rtm@csail.mit.edu>
Cc: stable <stable@kernel.org>
Closes: https://lore.kernel.org/linux-usb/95564.1737394039@localhost/
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/c27f3bf4-63d8-4fb5-ac82-09e3cd19f61c@rowland.harvard.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hub.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1819,6 +1819,17 @@ static int hub_probe(struct usb_interfac
hdev = interface_to_usbdev(intf);
/*
+ * The USB 2.0 spec prohibits hubs from having more than one
+ * configuration or interface, and we rely on this prohibition.
+ * Refuse to accept a device that violates it.
+ */
+ if (hdev->descriptor.bNumConfigurations > 1 ||
+ hdev->actconfig->desc.bNumInterfaces > 1) {
+ dev_err(&intf->dev, "Invalid hub with more than one config or interface\n");
+ return -EINVAL;
+ }
+
+ /*
* Set default autosuspend delay as 0 to speedup bus suspend,
* based on the below considerations:
*
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 513/578] USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (511 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 512/578] USB: hub: Ignore non-compliant devices with too many configs or interfaces Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 514/578] usb: cdc-acm: Check control transfer buffer size before access Greg Kroah-Hartman
` (73 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Marek Vasut,
Geert Uytterhoeven
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Vasut <marek.vasut+renesas@mailbox.org>
commit 7284922f3e4fa285dff1b8bb593aa9a0b8458f30 upstream.
Add Renesas R-Car D3 USB Download mode quirk and update comments
on all the other Renesas R-Car USB Download mode quirks to discern
them from each other. This follows R-Car Series, 3rd Generation
reference manual Rev.2.00 chapter 19.2.8 USB download mode .
Fixes: 6d853c9e4104 ("usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode")
Cc: stable <stable@kernel.org>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20250209145708.106914-1-marek.vasut+renesas@mailbox.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/class/cdc-acm.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1703,13 +1703,16 @@ static const struct usb_device_id acm_id
{ USB_DEVICE(0x0870, 0x0001), /* Metricom GS Modem */
.driver_info = NO_UNION_NORMAL, /* has no union descriptor */
},
- { USB_DEVICE(0x045b, 0x023c), /* Renesas USB Download mode */
+ { USB_DEVICE(0x045b, 0x023c), /* Renesas R-Car H3 USB Download mode */
.driver_info = DISABLE_ECHO, /* Don't echo banner */
},
- { USB_DEVICE(0x045b, 0x0248), /* Renesas USB Download mode */
+ { USB_DEVICE(0x045b, 0x0247), /* Renesas R-Car D3 USB Download mode */
.driver_info = DISABLE_ECHO, /* Don't echo banner */
},
- { USB_DEVICE(0x045b, 0x024D), /* Renesas USB Download mode */
+ { USB_DEVICE(0x045b, 0x0248), /* Renesas R-Car M3-N USB Download mode */
+ .driver_info = DISABLE_ECHO, /* Don't echo banner */
+ },
+ { USB_DEVICE(0x045b, 0x024D), /* Renesas R-Car E3 USB Download mode */
.driver_info = DISABLE_ECHO, /* Don't echo banner */
},
{ USB_DEVICE(0x0e8d, 0x0003), /* FIREFLY, MediaTek Inc; andrey.arapov@gmail.com */
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 514/578] usb: cdc-acm: Check control transfer buffer size before access
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (512 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 513/578] USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 515/578] usb: cdc-acm: Fix handling of oversized fragments Greg Kroah-Hartman
` (72 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Jann Horn
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jann Horn <jannh@google.com>
commit e563b01208f4d1f609bcab13333b6c0e24ce6a01 upstream.
If the first fragment is shorter than struct usb_cdc_notification, we can't
calculate an expected_size. Log an error and discard the notification
instead of reading lengths from memory outside the received data, which can
lead to memory corruption when the expected_size decreases between
fragments, causing `expected_size - acm->nb_index` to wrap.
This issue has been present since the beginning of git history; however,
it only leads to memory corruption since commit ea2583529cd1
("cdc-acm: reassemble fragmented notifications").
A mitigating factor is that acm_ctrl_irq() can only execute after userspace
has opened /dev/ttyACM*; but if ModemManager is running, ModemManager will
do that automatically depending on the USB device's vendor/product IDs and
its other interfaces.
Cc: stable <stable@kernel.org>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/class/cdc-acm.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -360,7 +360,7 @@ static void acm_process_notification(str
static void acm_ctrl_irq(struct urb *urb)
{
struct acm *acm = urb->context;
- struct usb_cdc_notification *dr = urb->transfer_buffer;
+ struct usb_cdc_notification *dr;
unsigned int current_size = urb->actual_length;
unsigned int expected_size, copy_size, alloc_size;
int retval;
@@ -387,9 +387,20 @@ static void acm_ctrl_irq(struct urb *urb
usb_mark_last_busy(acm->dev);
- if (acm->nb_index)
+ if (acm->nb_index == 0) {
+ /*
+ * The first chunk of a message must contain at least the
+ * notification header with the length field, otherwise we
+ * can't get an expected_size.
+ */
+ if (current_size < sizeof(struct usb_cdc_notification)) {
+ dev_dbg(&acm->control->dev, "urb too short\n");
+ goto exit;
+ }
+ dr = urb->transfer_buffer;
+ } else {
dr = (struct usb_cdc_notification *)acm->notification_buffer;
-
+ }
/* size = notification-header + (optional) data */
expected_size = sizeof(struct usb_cdc_notification) +
le16_to_cpu(dr->wLength);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 515/578] usb: cdc-acm: Fix handling of oversized fragments
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (513 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 514/578] usb: cdc-acm: Check control transfer buffer size before access Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 516/578] USB: serial: option: add MeiG Smart SLM828 Greg Kroah-Hartman
` (71 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Jann Horn
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jann Horn <jannh@google.com>
commit 12e712964f41d05ae034989892de445781c46730 upstream.
If we receive an initial fragment of size 8 bytes which specifies a wLength
of 1 byte (so the reassembled message is supposed to be 9 bytes long), and
we then receive a second fragment of size 9 bytes (which is not supposed to
happen), we currently wrongly bypass the fragment reassembly code but still
pass the pointer to the acm->notification_buffer to
acm_process_notification().
Make this less wrong by always going through fragment reassembly when we
expect more fragments.
Before this patch, receiving an overlong fragment could lead to `newctrl`
in acm_process_notification() being uninitialized data (instead of data
coming from the device).
Cc: stable <stable@kernel.org>
Fixes: ea2583529cd1 ("cdc-acm: reassemble fragmented notifications")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/class/cdc-acm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -405,7 +405,7 @@ static void acm_ctrl_irq(struct urb *urb
expected_size = sizeof(struct usb_cdc_notification) +
le16_to_cpu(dr->wLength);
- if (current_size < expected_size) {
+ if (acm->nb_index != 0 || current_size < expected_size) {
/* notification is transmitted fragmented, reassemble */
if (acm->nb_size < expected_size) {
u8 *new_buffer;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 516/578] USB: serial: option: add MeiG Smart SLM828
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (514 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 515/578] usb: cdc-acm: Fix handling of oversized fragments Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 517/578] USB: serial: option: add Telit Cinterion FN990B compositions Greg Kroah-Hartman
` (70 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chester A. Unal, Johan Hovold
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chester A. Unal <chester.a.unal@arinc9.com>
commit db79e75460fc59b19f9c89d4b068e61cee59f37d upstream.
MeiG Smart SLM828 is an LTE-A CAT6 modem with the mPCIe form factor. The
"Cls=ff(vend.) Sub=10 Prot=02" and "Cls=ff(vend.) Sub=10 Prot=03"
interfaces respond to AT commands. Add these interfaces.
The product ID the modem uses is shared across multiple modems. Therefore,
add comments to describe which interface is used for which modem.
T: Bus=01 Lev=01 Prnt=05 Port=01 Cnt=01 Dev#= 6 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2dee ProdID=4d22 Rev=05.04
S: Manufacturer=MEIG
S: Product=LTE-A Module
S: SerialNumber=4da7ec42
C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=10 Prot=01 Driver=(none)
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=10 Prot=02 Driver=(none)
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=10 Prot=03 Driver=(none)
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=10 Prot=04 Driver=(none)
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 4 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=88(I) Atr=03(Int.) MxPS= 64 Ivl=32ms
I: If#= 5 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=10 Prot=05 Driver=qmi_wwan
E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Link: https://lore.kernel.org/20250124-for-johan-meig-slm828-v2-1-6b4cd3f6344f@arinc9.com
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -621,7 +621,10 @@ static void option_instat_callback(struc
/* MeiG Smart Technology products */
#define MEIGSMART_VENDOR_ID 0x2dee
-/* MeiG Smart SRM815/SRM825L based on Qualcomm 315 */
+/*
+ * MeiG Smart SLM828, SRM815, and SRM825L use the same product ID. SLM828 is
+ * based on Qualcomm SDX12. SRM815 and SRM825L are based on Qualcomm 315.
+ */
#define MEIGSMART_PRODUCT_SRM825L 0x4d22
/* MeiG Smart SLM320 based on UNISOC UIS8910 */
#define MEIGSMART_PRODUCT_SLM320 0x4d41
@@ -2405,10 +2408,12 @@ static const struct usb_device_id option
{ USB_DEVICE_AND_INTERFACE_INFO(UNISOC_VENDOR_ID, LUAT_PRODUCT_AIR720U, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SLM320, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SLM770A, 0xff, 0, 0) },
- { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0, 0) },
- { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0xff, 0x30) },
- { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0xff, 0x40) },
- { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0xff, 0x60) },
+ { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0, 0) }, /* MeiG Smart SRM815 */
+ { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0x10, 0x02) }, /* MeiG Smart SLM828 */
+ { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0x10, 0x03) }, /* MeiG Smart SLM828 */
+ { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0xff, 0x30) }, /* MeiG Smart SRM815 and SRM825L */
+ { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0xff, 0x40) }, /* MeiG Smart SRM825L */
+ { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0xff, 0x60) }, /* MeiG Smart SRM825L */
{ USB_DEVICE_INTERFACE_CLASS(0x1bbb, 0x0530, 0xff), /* TCL IK512 MBIM */
.driver_info = NCTRL(1) },
{ USB_DEVICE_INTERFACE_CLASS(0x1bbb, 0x0640, 0xff), /* TCL IK512 ECM */
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 517/578] USB: serial: option: add Telit Cinterion FN990B compositions
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (515 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 516/578] USB: serial: option: add MeiG Smart SLM828 Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 518/578] USB: serial: option: fix Telit Cinterion FN990A name Greg Kroah-Hartman
` (69 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fabio Porcedda, Daniele Palmas,
Johan Hovold
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fabio Porcedda <fabio.porcedda@gmail.com>
commit c979fb5ece2dc11cc9cc3d5c66f750e210bfdee2 upstream.
Add the following Telit Cinterion FN990B40 compositions:
0x10d0: rmnet + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) +
tty (diag) + DPL + QDSS (Qualcomm Debug SubSystem) + adb
T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 17 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=10d0 Rev=05.15
S: Manufacturer=Telit Cinterion
S: Product=FN990
S: SerialNumber=43b38f19
C: #Ifs= 9 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 6 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none)
E: Ad=8c(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none)
E: Ad=8d(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 8 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=usbfs
E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
0x10d1: MBIM + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) +
tty (diag) + DPL + QDSS (Qualcomm Debug SubSystem) + adb
T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 16 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=10d1 Rev=05.15
S: Manufacturer=Telit Cinterion
S: Product=FN990
S: SerialNumber=43b38f19
C: #Ifs=10 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim
E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=32ms
I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 5 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 6 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none)
E: Ad=8c(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 8 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none)
E: Ad=8d(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 9 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=usbfs
E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
0x10d2: RNDIS + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) +
tty (diag) + DPL + QDSS (Qualcomm Debug SubSystem) + adb
T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 18 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=10d2 Rev=05.15
S: Manufacturer=Telit Cinterion
S: Product=FN990
S: SerialNumber=43b38f19
C: #Ifs=10 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 1 Cls=ef(misc ) Sub=04 Prot=01 Driver=rndis_host
E: Ad=82(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
I: If#= 1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 5 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 6 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none)
E: Ad=8c(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 8 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none)
E: Ad=8d(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 9 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=usbfs
E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
0x10d3: ECM + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) +
tty (diag) + DPL + QDSS (Qualcomm Debug SubSystem) + adb
T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 20 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=10d3 Rev=05.15
S: Manufacturer=Telit Cinterion
S: Product=FN990
S: SerialNumber=43b38f19
C: #Ifs=10 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether
E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms
I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 5 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 6 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none)
E: Ad=8c(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 8 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none)
E: Ad=8d(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 9 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=usbfs
E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Cc: stable@vger.kernel.org
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Reviewed-by: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1406,6 +1406,22 @@ static const struct usb_device_id option
.driver_info = RSVD(0) | NCTRL(3) },
{ USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x10c8, 0xff), /* Telit FE910C04 (rmnet) */
.driver_info = RSVD(0) | NCTRL(2) | RSVD(3) | RSVD(4) },
+ { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d0, 0x60) }, /* Telit FN990B (rmnet) */
+ { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d0, 0x40) },
+ { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d0, 0x30),
+ .driver_info = NCTRL(5) },
+ { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d1, 0x60) }, /* Telit FN990B (MBIM) */
+ { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d1, 0x40) },
+ { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d1, 0x30),
+ .driver_info = NCTRL(6) },
+ { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d2, 0x60) }, /* Telit FN990B (RNDIS) */
+ { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d2, 0x40) },
+ { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d2, 0x30),
+ .driver_info = NCTRL(6) },
+ { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d3, 0x60) }, /* Telit FN990B (ECM) */
+ { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d3, 0x40) },
+ { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d3, 0x30),
+ .driver_info = NCTRL(6) },
{ USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910),
.driver_info = NCTRL(0) | RSVD(1) | RSVD(3) },
{ USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910_DUAL_MODEM),
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 518/578] USB: serial: option: fix Telit Cinterion FN990A name
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (516 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 517/578] USB: serial: option: add Telit Cinterion FN990B compositions Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 519/578] USB: serial: option: drop MeiG Smart defines Greg Kroah-Hartman
` (68 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Fabio Porcedda, Johan Hovold
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fabio Porcedda <fabio.porcedda@gmail.com>
commit 12606fe73f33647c5e79bf666833bf0b225e649d upstream.
The correct name for FN990 is FN990A so use it in order to avoid
confusion with FN990B.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1370,15 +1370,15 @@ static const struct usb_device_id option
.driver_info = NCTRL(2) | RSVD(3) },
{ USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1063, 0xff), /* Telit LN920 (ECM) */
.driver_info = NCTRL(0) | RSVD(1) },
- { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1070, 0xff), /* Telit FN990 (rmnet) */
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1070, 0xff), /* Telit FN990A (rmnet) */
.driver_info = NCTRL(0) | RSVD(1) | RSVD(2) },
- { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1071, 0xff), /* Telit FN990 (MBIM) */
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1071, 0xff), /* Telit FN990A (MBIM) */
.driver_info = NCTRL(0) | RSVD(1) },
- { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1072, 0xff), /* Telit FN990 (RNDIS) */
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1072, 0xff), /* Telit FN990A (RNDIS) */
.driver_info = NCTRL(2) | RSVD(3) },
- { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1073, 0xff), /* Telit FN990 (ECM) */
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1073, 0xff), /* Telit FN990A (ECM) */
.driver_info = NCTRL(0) | RSVD(1) },
- { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1075, 0xff), /* Telit FN990 (PCIe) */
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1075, 0xff), /* Telit FN990A (PCIe) */
.driver_info = RSVD(0) },
{ USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1080, 0xff), /* Telit FE990 (rmnet) */
.driver_info = NCTRL(0) | RSVD(1) | RSVD(2) },
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 519/578] USB: serial: option: drop MeiG Smart defines
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (517 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 518/578] USB: serial: option: fix Telit Cinterion FN990A name Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 520/578] can: ctucanfd: handle skb allocation failure Greg Kroah-Hartman
` (67 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chester A. Unal, Johan Hovold
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit 6aa8a63c471eb6756aabd03f880feffe6a7af6c9 upstream.
Several MeiG Smart modems apparently use the same product id, making the
defines even less useful.
Drop them in favour of using comments consistently to make the id table
slightly less unwieldy.
Cc: stable@vger.kernel.org
Acked-by: Chester A. Unal <chester.a.unal@arinc9.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 28 ++++++++--------------------
1 file changed, 8 insertions(+), 20 deletions(-)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -619,18 +619,6 @@ static void option_instat_callback(struc
/* Luat Air72*U series based on UNISOC UIS8910 uses UNISOC's vendor ID */
#define LUAT_PRODUCT_AIR720U 0x4e00
-/* MeiG Smart Technology products */
-#define MEIGSMART_VENDOR_ID 0x2dee
-/*
- * MeiG Smart SLM828, SRM815, and SRM825L use the same product ID. SLM828 is
- * based on Qualcomm SDX12. SRM815 and SRM825L are based on Qualcomm 315.
- */
-#define MEIGSMART_PRODUCT_SRM825L 0x4d22
-/* MeiG Smart SLM320 based on UNISOC UIS8910 */
-#define MEIGSMART_PRODUCT_SLM320 0x4d41
-/* MeiG Smart SLM770A based on ASR1803 */
-#define MEIGSMART_PRODUCT_SLM770A 0x4d57
-
/* Device flags */
/* Highest interface number which can be used with NCTRL() and RSVD() */
@@ -2366,6 +2354,14 @@ static const struct usb_device_id option
{ USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0a05, 0xff) }, /* Fibocom FM650-CN (NCM mode) */
{ USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0a06, 0xff) }, /* Fibocom FM650-CN (RNDIS mode) */
{ USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0a07, 0xff) }, /* Fibocom FM650-CN (MBIM mode) */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x2dee, 0x4d41, 0xff, 0, 0) }, /* MeiG Smart SLM320 */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x2dee, 0x4d57, 0xff, 0, 0) }, /* MeiG Smart SLM770A */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x2dee, 0x4d22, 0xff, 0, 0) }, /* MeiG Smart SRM815 */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x2dee, 0x4d22, 0xff, 0x10, 0x02) }, /* MeiG Smart SLM828 */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x2dee, 0x4d22, 0xff, 0x10, 0x03) }, /* MeiG Smart SLM828 */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x2dee, 0x4d22, 0xff, 0xff, 0x30) }, /* MeiG Smart SRM815 and SRM825L */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x2dee, 0x4d22, 0xff, 0xff, 0x40) }, /* MeiG Smart SRM825L */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x2dee, 0x4d22, 0xff, 0xff, 0x60) }, /* MeiG Smart SRM825L */
{ USB_DEVICE_INTERFACE_CLASS(0x2df3, 0x9d03, 0xff) }, /* LongSung M5710 */
{ USB_DEVICE_INTERFACE_CLASS(0x305a, 0x1404, 0xff) }, /* GosunCn GM500 RNDIS */
{ USB_DEVICE_INTERFACE_CLASS(0x305a, 0x1405, 0xff) }, /* GosunCn GM500 MBIM */
@@ -2422,14 +2418,6 @@ static const struct usb_device_id option
{ USB_DEVICE_AND_INTERFACE_INFO(SIERRA_VENDOR_ID, SIERRA_PRODUCT_EM9191, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(UNISOC_VENDOR_ID, TOZED_PRODUCT_LT70C, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(UNISOC_VENDOR_ID, LUAT_PRODUCT_AIR720U, 0xff, 0, 0) },
- { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SLM320, 0xff, 0, 0) },
- { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SLM770A, 0xff, 0, 0) },
- { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0, 0) }, /* MeiG Smart SRM815 */
- { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0x10, 0x02) }, /* MeiG Smart SLM828 */
- { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0x10, 0x03) }, /* MeiG Smart SLM828 */
- { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0xff, 0x30) }, /* MeiG Smart SRM815 and SRM825L */
- { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0xff, 0x40) }, /* MeiG Smart SRM825L */
- { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SRM825L, 0xff, 0xff, 0x60) }, /* MeiG Smart SRM825L */
{ USB_DEVICE_INTERFACE_CLASS(0x1bbb, 0x0530, 0xff), /* TCL IK512 MBIM */
.driver_info = NCTRL(1) },
{ USB_DEVICE_INTERFACE_CLASS(0x1bbb, 0x0640, 0xff), /* TCL IK512 ECM */
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 520/578] can: ctucanfd: handle skb allocation failure
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (518 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 519/578] USB: serial: option: drop MeiG Smart defines Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 521/578] can: c_can: fix unbalanced runtime PM disable in error path Greg Kroah-Hartman
` (66 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin, Pavel Pisa,
Vincent Mailhol, Marc Kleine-Budde
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fedor Pchelkin <pchelkin@ispras.ru>
commit 9bd24927e3eeb85642c7baa3b28be8bea6c2a078 upstream.
If skb allocation fails, the pointer to struct can_frame is NULL. This
is actually handled everywhere inside ctucan_err_interrupt() except for
the only place.
Add the missed NULL check.
Found by Linux Verification Center (linuxtesting.org) with SVACE static
analysis tool.
Fixes: 2dcb8e8782d8 ("can: ctucanfd: add support for CTU CAN FD open-source IP core - bus independent part.")
Cc: stable@vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Acked-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Reviewed-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Link: https://patch.msgid.link/20250114152138.139580-1-pchelkin@ispras.ru
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/ctucanfd/ctucanfd_base.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/net/can/ctucanfd/ctucanfd_base.c
+++ b/drivers/net/can/ctucanfd/ctucanfd_base.c
@@ -867,10 +867,12 @@ static void ctucan_err_interrupt(struct
}
break;
case CAN_STATE_ERROR_ACTIVE:
- cf->can_id |= CAN_ERR_CNT;
- cf->data[1] = CAN_ERR_CRTL_ACTIVE;
- cf->data[6] = bec.txerr;
- cf->data[7] = bec.rxerr;
+ if (skb) {
+ cf->can_id |= CAN_ERR_CNT;
+ cf->data[1] = CAN_ERR_CRTL_ACTIVE;
+ cf->data[6] = bec.txerr;
+ cf->data[7] = bec.rxerr;
+ }
break;
default:
netdev_warn(ndev, "unhandled error state (%d:%s)!\n",
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 521/578] can: c_can: fix unbalanced runtime PM disable in error path
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (519 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 520/578] can: ctucanfd: handle skb allocation failure Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 522/578] can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Greg Kroah-Hartman
` (65 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Vincent Mailhol,
Marc Kleine-Budde
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit 257a2cd3eb578ee63d6bf90475dc4f4b16984139 upstream.
Runtime PM is enabled as one of the last steps of probe(), so all
earlier gotos to "exit_free_device" label were not correct and were
leading to unbalanced runtime PM disable depth.
Fixes: 6e2fe01dd6f9 ("can: c_can: move runtime PM enable/disable to c_can_platform")
Cc: stable@vger.kernel.org
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Link: https://patch.msgid.link/20250112-syscon-phandle-args-can-v1-1-314d9549906f@linaro.org
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/c_can/c_can_platform.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/net/can/c_can/c_can_platform.c
+++ b/drivers/net/can/c_can/c_can_platform.c
@@ -395,15 +395,16 @@ static int c_can_plat_probe(struct platf
if (ret) {
dev_err(&pdev->dev, "registering %s failed (err=%d)\n",
KBUILD_MODNAME, ret);
- goto exit_free_device;
+ goto exit_pm_runtime;
}
dev_info(&pdev->dev, "%s device registered (regs=%p, irq=%d)\n",
KBUILD_MODNAME, priv->base, dev->irq);
return 0;
-exit_free_device:
+exit_pm_runtime:
pm_runtime_disable(priv->device);
+exit_free_device:
free_c_can_dev(dev);
exit:
dev_err(&pdev->dev, "probe failed\n");
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 522/578] can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (520 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 521/578] can: c_can: fix unbalanced runtime PM disable in error path Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 523/578] alpha: make stack 16-byte aligned (most cases) Greg Kroah-Hartman
` (64 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Hölzl, Oleksij Rempel,
Marc Kleine-Budde
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Hölzl <alexander.hoelzl@gmx.net>
commit 44de577e61ed239db09f0da9d436866bef9b77dd upstream.
The J1939 standard requires the transmission of messages of length 0.
For example proprietary messages are specified with a data length of 0
to 1785. The transmission of such messages is not possible. Sending
results in no error being returned but no corresponding can frame
being generated.
Enable the transmission of zero length J1939 messages. In order to
facilitate this two changes are necessary:
1) If the transmission of a new message is requested from user space
the message is segmented in j1939_sk_send_loop(). Let the segmentation
take into account zero length messages, do not terminate immediately,
queue the corresponding skb.
2) j1939_session_skb_get_by_offset() selects the next skb to transmit
for a session. Take into account that there might be zero length skbs
in the queue.
Signed-off-by: Alexander Hölzl <alexander.hoelzl@gmx.net>
Acked-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://patch.msgid.link/20250205174651.103238-1-alexander.hoelzl@gmx.net
Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Cc: stable@vger.kernel.org
[mkl: commit message rephrased]
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/can/j1939/socket.c | 4 ++--
net/can/j1939/transport.c | 5 +++--
2 files changed, 5 insertions(+), 4 deletions(-)
--- a/net/can/j1939/socket.c
+++ b/net/can/j1939/socket.c
@@ -1132,7 +1132,7 @@ static int j1939_sk_send_loop(struct j19
todo_size = size;
- while (todo_size) {
+ do {
struct j1939_sk_buff_cb *skcb;
segment_size = min_t(size_t, J1939_MAX_TP_PACKET_SIZE,
@@ -1177,7 +1177,7 @@ static int j1939_sk_send_loop(struct j19
todo_size -= segment_size;
session->total_queued_size += segment_size;
- }
+ } while (todo_size);
switch (ret) {
case 0: /* OK */
--- a/net/can/j1939/transport.c
+++ b/net/can/j1939/transport.c
@@ -382,8 +382,9 @@ sk_buff *j1939_session_skb_get_by_offset
skb_queue_walk(&session->skb_queue, do_skb) {
do_skcb = j1939_skb_to_cb(do_skb);
- if (offset_start >= do_skcb->offset &&
- offset_start < (do_skcb->offset + do_skb->len)) {
+ if ((offset_start >= do_skcb->offset &&
+ offset_start < (do_skcb->offset + do_skb->len)) ||
+ (offset_start == 0 && do_skcb->offset == 0 && do_skb->len == 0)) {
skb = do_skb;
}
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 523/578] alpha: make stack 16-byte aligned (most cases)
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (521 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 522/578] can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 524/578] efi: Avoid cold plugged memory for placing the kernel Greg Kroah-Hartman
` (63 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maciej W. Rozycki, Magnus Lindholm,
Matt Turner, Ivan Kokshaysky
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ivan Kokshaysky <ink@unseen.parts>
commit 0a0f7362b0367634a2d5cb7c96226afc116f19c9 upstream.
The problem is that GCC expects 16-byte alignment of the incoming stack
since early 2004, as Maciej found out [1]:
Having actually dug speculatively I can see that the psABI was changed in
GCC 3.5 with commit e5e10fb4a350 ("re PR target/14539 (128-bit long double
improperly aligned)") back in Mar 2004, when the stack pointer alignment
was increased from 8 bytes to 16 bytes, and arch/alpha/kernel/entry.S has
various suspicious stack pointer adjustments, starting with SP_OFF which
is not a whole multiple of 16.
Also, as Magnus noted, "ALPHA Calling Standard" [2] required the same:
D.3.1 Stack Alignment
This standard requires that stacks be octaword aligned at the time a
new procedure is invoked.
However:
- the "normal" kernel stack is always misaligned by 8 bytes, thanks to
the odd number of 64-bit words in 'struct pt_regs', which is the very
first thing pushed onto the kernel thread stack;
- syscall, fault, interrupt etc. handlers may, or may not, receive aligned
stack depending on numerous factors.
Somehow we got away with it until recently, when we ended up with
a stack corruption in kernel/smp.c:smp_call_function_single() due to
its use of 32-byte aligned local data and the compiler doing clever
things allocating it on the stack.
This adds padding between the PAL-saved and kernel-saved registers
so that 'struct pt_regs' have an even number of 64-bit words.
This makes the stack properly aligned for most of the kernel
code, except two handlers which need special threatment.
Note: struct pt_regs doesn't belong in uapi/asm; this should be fixed,
but let's put this off until later.
Link: https://lore.kernel.org/rcu/alpine.DEB.2.21.2501130248010.18889@angie.orcam.me.uk/ [1]
Link: https://bitsavers.org/pdf/dec/alpha/Alpha_Calling_Standard_Rev_2.0_19900427.pdf [2]
Cc: stable@vger.kernel.org
Tested-by: Maciej W. Rozycki <macro@orcam.me.uk>
Tested-by: Magnus Lindholm <linmag7@gmail.com>
Tested-by: Matt Turner <mattst88@gmail.com>
Reviewed-by: Maciej W. Rozycki <macro@orcam.me.uk>
Signed-off-by: Ivan Kokshaysky <ink@unseen.parts>
Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/alpha/include/uapi/asm/ptrace.h | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/alpha/include/uapi/asm/ptrace.h
+++ b/arch/alpha/include/uapi/asm/ptrace.h
@@ -42,6 +42,8 @@ struct pt_regs {
unsigned long trap_a0;
unsigned long trap_a1;
unsigned long trap_a2;
+/* This makes the stack 16-byte aligned as GCC expects */
+ unsigned long __pad0;
/* These are saved by PAL-code: */
unsigned long ps;
unsigned long pc;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 524/578] efi: Avoid cold plugged memory for placing the kernel
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (522 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 523/578] alpha: make stack 16-byte aligned (most cases) Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 525/578] cgroup: fix race between fork and cgroup.kill Greg Kroah-Hartman
` (62 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ard Biesheuvel
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ardb@kernel.org>
commit ba69e0750b0362870294adab09339a0c39c3beaf upstream.
UEFI 2.11 introduced EFI_MEMORY_HOT_PLUGGABLE to annotate system memory
regions that are 'cold plugged' at boot, i.e., hot pluggable memory that
is available from early boot, and described as system RAM by the
firmware.
Existing loaders and EFI applications running in the boot context will
happily use this memory for allocating data structures that cannot be
freed or moved at runtime, and this prevents the memory from being
unplugged. Going forward, the new EFI_MEMORY_HOT_PLUGGABLE attribute
should be tested, and memory annotated as such should be avoided for
such allocations.
In the EFI stub, there are a couple of occurrences where, instead of the
high-level AllocatePages() UEFI boot service, a low-level code sequence
is used that traverses the EFI memory map and carves out the requested
number of pages from a free region. This is needed, e.g., for allocating
as low as possible, or for allocating pages at random.
While AllocatePages() should presumably avoid special purpose memory and
cold plugged regions, this manual approach needs to incorporate this
logic itself, in order to prevent the kernel itself from ending up in a
hot unpluggable region, preventing it from being unplugged.
So add the EFI_MEMORY_HOTPLUGGABLE macro definition, and check for it
where appropriate.
Cc: stable@vger.kernel.org
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/efi/efi.c | 6 ++++--
drivers/firmware/efi/libstub/randomalloc.c | 3 +++
drivers/firmware/efi/libstub/relocate.c | 3 +++
include/linux/efi.h | 1 +
4 files changed, 11 insertions(+), 2 deletions(-)
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -835,13 +835,15 @@ char * __init efi_md_typeattr_format(cha
EFI_MEMORY_WB | EFI_MEMORY_UCE | EFI_MEMORY_RO |
EFI_MEMORY_WP | EFI_MEMORY_RP | EFI_MEMORY_XP |
EFI_MEMORY_NV | EFI_MEMORY_SP | EFI_MEMORY_CPU_CRYPTO |
- EFI_MEMORY_RUNTIME | EFI_MEMORY_MORE_RELIABLE))
+ EFI_MEMORY_MORE_RELIABLE | EFI_MEMORY_HOT_PLUGGABLE |
+ EFI_MEMORY_RUNTIME))
snprintf(pos, size, "|attr=0x%016llx]",
(unsigned long long)attr);
else
snprintf(pos, size,
- "|%3s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%3s|%2s|%2s|%2s|%2s]",
+ "|%3s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%3s|%2s|%2s|%2s|%2s]",
attr & EFI_MEMORY_RUNTIME ? "RUN" : "",
+ attr & EFI_MEMORY_HOT_PLUGGABLE ? "HP" : "",
attr & EFI_MEMORY_MORE_RELIABLE ? "MR" : "",
attr & EFI_MEMORY_CPU_CRYPTO ? "CC" : "",
attr & EFI_MEMORY_SP ? "SP" : "",
--- a/drivers/firmware/efi/libstub/randomalloc.c
+++ b/drivers/firmware/efi/libstub/randomalloc.c
@@ -25,6 +25,9 @@ static unsigned long get_entry_num_slots
if (md->type != EFI_CONVENTIONAL_MEMORY)
return 0;
+ if (md->attribute & EFI_MEMORY_HOT_PLUGGABLE)
+ return 0;
+
if (efi_soft_reserve_enabled() &&
(md->attribute & EFI_MEMORY_SP))
return 0;
--- a/drivers/firmware/efi/libstub/relocate.c
+++ b/drivers/firmware/efi/libstub/relocate.c
@@ -53,6 +53,9 @@ efi_status_t efi_low_alloc_above(unsigne
if (desc->type != EFI_CONVENTIONAL_MEMORY)
continue;
+ if (desc->attribute & EFI_MEMORY_HOT_PLUGGABLE)
+ continue;
+
if (efi_soft_reserve_enabled() &&
(desc->attribute & EFI_MEMORY_SP))
continue;
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -125,6 +125,7 @@ typedef struct {
#define EFI_MEMORY_RO ((u64)0x0000000000020000ULL) /* read-only */
#define EFI_MEMORY_SP ((u64)0x0000000000040000ULL) /* soft reserved */
#define EFI_MEMORY_CPU_CRYPTO ((u64)0x0000000000080000ULL) /* supports encryption */
+#define EFI_MEMORY_HOT_PLUGGABLE BIT_ULL(20) /* supports unplugging at runtime */
#define EFI_MEMORY_RUNTIME ((u64)0x8000000000000000ULL) /* range requires runtime mapping */
#define EFI_MEMORY_DESCRIPTOR_VERSION 1
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 525/578] cgroup: fix race between fork and cgroup.kill
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (523 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 524/578] efi: Avoid cold plugged memory for placing the kernel Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 526/578] serial: 8250: Fix fifo underflow on flush Greg Kroah-Hartman
` (61 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tejun Heo, Shakeel Butt,
Michal Koutný
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shakeel Butt <shakeel.butt@linux.dev>
commit b69bb476dee99d564d65d418e9a20acca6f32c3f upstream.
Tejun reported the following race between fork() and cgroup.kill at [1].
Tejun:
I was looking at cgroup.kill implementation and wondering whether there
could be a race window. So, __cgroup_kill() does the following:
k1. Set CGRP_KILL.
k2. Iterate tasks and deliver SIGKILL.
k3. Clear CGRP_KILL.
The copy_process() does the following:
c1. Copy a bunch of stuff.
c2. Grab siglock.
c3. Check fatal_signal_pending().
c4. Commit to forking.
c5. Release siglock.
c6. Call cgroup_post_fork() which puts the task on the css_set and tests
CGRP_KILL.
The intention seems to be that either a forking task gets SIGKILL and
terminates on c3 or it sees CGRP_KILL on c6 and kills the child. However, I
don't see what guarantees that k3 can't happen before c6. ie. After a
forking task passes c5, k2 can take place and then before the forking task
reaches c6, k3 can happen. Then, nobody would send SIGKILL to the child.
What am I missing?
This is indeed a race. One way to fix this race is by taking
cgroup_threadgroup_rwsem in write mode in __cgroup_kill() as the fork()
side takes cgroup_threadgroup_rwsem in read mode from cgroup_can_fork()
to cgroup_post_fork(). However that would be heavy handed as this adds
one more potential stall scenario for cgroup.kill which is usually
called under extreme situation like memory pressure.
To fix this race, let's maintain a sequence number per cgroup which gets
incremented on __cgroup_kill() call. On the fork() side, the
cgroup_can_fork() will cache the sequence number locally and recheck it
against the cgroup's sequence number at cgroup_post_fork() site. If the
sequence numbers mismatch, it means __cgroup_kill() can been called and
we should send SIGKILL to the newly created task.
Reported-by: Tejun Heo <tj@kernel.org>
Closes: https://lore.kernel.org/all/Z5QHE2Qn-QZ6M-KW@slm.duckdns.org/ [1]
Fixes: 661ee6280931 ("cgroup: introduce cgroup.kill")
Cc: stable@vger.kernel.org # v5.14+
Signed-off-by: Shakeel Butt <shakeel.butt@linux.dev>
Reviewed-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/cgroup-defs.h | 6 +++---
include/linux/sched/task.h | 1 +
kernel/cgroup/cgroup.c | 20 ++++++++++++--------
3 files changed, 16 insertions(+), 11 deletions(-)
--- a/include/linux/cgroup-defs.h
+++ b/include/linux/cgroup-defs.h
@@ -71,9 +71,6 @@ enum {
/* Cgroup is frozen. */
CGRP_FROZEN,
-
- /* Control group has to be killed. */
- CGRP_KILL,
};
/* cgroup_root->flags */
@@ -424,6 +421,9 @@ struct cgroup {
int nr_threaded_children; /* # of live threaded child cgroups */
+ /* sequence number for cgroup.kill, serialized by css_set_lock. */
+ unsigned int kill_seq;
+
struct kernfs_node *kn; /* cgroup kernfs entry */
struct cgroup_file procs_file; /* handle for "cgroup.procs" */
struct cgroup_file events_file; /* handle for "cgroup.events" */
--- a/include/linux/sched/task.h
+++ b/include/linux/sched/task.h
@@ -38,6 +38,7 @@ struct kernel_clone_args {
void *fn_arg;
struct cgroup *cgrp;
struct css_set *cset;
+ unsigned int kill_seq;
};
/*
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -3952,7 +3952,7 @@ static void __cgroup_kill(struct cgroup
lockdep_assert_held(&cgroup_mutex);
spin_lock_irq(&css_set_lock);
- set_bit(CGRP_KILL, &cgrp->flags);
+ cgrp->kill_seq++;
spin_unlock_irq(&css_set_lock);
css_task_iter_start(&cgrp->self, CSS_TASK_ITER_PROCS | CSS_TASK_ITER_THREADED, &it);
@@ -3968,10 +3968,6 @@ static void __cgroup_kill(struct cgroup
send_sig(SIGKILL, task, 0);
}
css_task_iter_end(&it);
-
- spin_lock_irq(&css_set_lock);
- clear_bit(CGRP_KILL, &cgrp->flags);
- spin_unlock_irq(&css_set_lock);
}
static void cgroup_kill(struct cgroup *cgrp)
@@ -6409,6 +6405,10 @@ static int cgroup_css_set_fork(struct ke
spin_lock_irq(&css_set_lock);
cset = task_css_set(current);
get_css_set(cset);
+ if (kargs->cgrp)
+ kargs->kill_seq = kargs->cgrp->kill_seq;
+ else
+ kargs->kill_seq = cset->dfl_cgrp->kill_seq;
spin_unlock_irq(&css_set_lock);
if (!(kargs->flags & CLONE_INTO_CGROUP)) {
@@ -6592,6 +6592,7 @@ void cgroup_post_fork(struct task_struct
struct kernel_clone_args *kargs)
__releases(&cgroup_threadgroup_rwsem) __releases(&cgroup_mutex)
{
+ unsigned int cgrp_kill_seq = 0;
unsigned long cgrp_flags = 0;
bool kill = false;
struct cgroup_subsys *ss;
@@ -6605,10 +6606,13 @@ void cgroup_post_fork(struct task_struct
/* init tasks are special, only link regular threads */
if (likely(child->pid)) {
- if (kargs->cgrp)
+ if (kargs->cgrp) {
cgrp_flags = kargs->cgrp->flags;
- else
+ cgrp_kill_seq = kargs->cgrp->kill_seq;
+ } else {
cgrp_flags = cset->dfl_cgrp->flags;
+ cgrp_kill_seq = cset->dfl_cgrp->kill_seq;
+ }
WARN_ON_ONCE(!list_empty(&child->cg_list));
cset->nr_tasks++;
@@ -6643,7 +6647,7 @@ void cgroup_post_fork(struct task_struct
* child down right after we finished preparing it for
* userspace.
*/
- kill = test_bit(CGRP_KILL, &cgrp_flags);
+ kill = kargs->kill_seq != cgrp_kill_seq;
}
spin_unlock_irq(&css_set_lock);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 526/578] serial: 8250: Fix fifo underflow on flush
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (524 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 525/578] cgroup: fix race between fork and cgroup.kill Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 527/578] alpha: align stack for page fault and user unaligned trap handlers Greg Kroah-Hartman
` (60 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, John Keeping
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Keeping <jkeeping@inmusicbrands.com>
commit 9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 upstream.
When flushing the serial port's buffer, uart_flush_buffer() calls
kfifo_reset() but if there is an outstanding DMA transfer then the
completion function will consume data from the kfifo via
uart_xmit_advance(), underflowing and leading to ongoing DMA as the
driver tries to transmit another 2^32 bytes.
This is readily reproduced with serial-generic and amidi sending even
short messages as closing the device on exit will wait for the fifo to
drain and in the underflow case amidi hangs for 30 seconds on exit in
tty_wait_until_sent(). A trace of that gives:
kworker/1:1-84 [001] 51.769423: bprint: serial8250_tx_dma: tx_size=3 fifo_len=3
amidi-763 [001] 51.769460: bprint: uart_flush_buffer: resetting fifo
irq/21-fe530000-76 [000] 51.769474: bprint: __dma_tx_complete: tx_size=3
irq/21-fe530000-76 [000] 51.769479: bprint: serial8250_tx_dma: tx_size=4096 fifo_len=4294967293
irq/21-fe530000-76 [000] 51.781295: bprint: __dma_tx_complete: tx_size=4096
irq/21-fe530000-76 [000] 51.781301: bprint: serial8250_tx_dma: tx_size=4096 fifo_len=4294963197
irq/21-fe530000-76 [000] 51.793131: bprint: __dma_tx_complete: tx_size=4096
irq/21-fe530000-76 [000] 51.793135: bprint: serial8250_tx_dma: tx_size=4096 fifo_len=4294959101
irq/21-fe530000-76 [000] 51.804949: bprint: __dma_tx_complete: tx_size=4096
Since the port lock is held in when the kfifo is reset in
uart_flush_buffer() and in __dma_tx_complete(), adding a flush_buffer
hook to adjust the outstanding DMA byte count is sufficient to avoid the
kfifo underflow.
Fixes: 9ee4b83e51f74 ("serial: 8250: Add support for dmaengine")
Cc: stable <stable@kernel.org>
Signed-off-by: John Keeping <jkeeping@inmusicbrands.com>
Link: https://lore.kernel.org/r/20250208124148.1189191-1-jkeeping@inmusicbrands.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250.h | 2 ++
drivers/tty/serial/8250/8250_dma.c | 16 ++++++++++++++++
drivers/tty/serial/8250/8250_port.c | 9 +++++++++
3 files changed, 27 insertions(+)
--- a/drivers/tty/serial/8250/8250.h
+++ b/drivers/tty/serial/8250/8250.h
@@ -344,6 +344,7 @@ static inline int is_omap1510_8250(struc
#ifdef CONFIG_SERIAL_8250_DMA
extern int serial8250_tx_dma(struct uart_8250_port *);
+extern void serial8250_tx_dma_flush(struct uart_8250_port *);
extern int serial8250_rx_dma(struct uart_8250_port *);
extern void serial8250_rx_dma_flush(struct uart_8250_port *);
extern int serial8250_request_dma(struct uart_8250_port *);
@@ -376,6 +377,7 @@ static inline int serial8250_tx_dma(stru
{
return -1;
}
+static inline void serial8250_tx_dma_flush(struct uart_8250_port *p) { }
static inline int serial8250_rx_dma(struct uart_8250_port *p)
{
return -1;
--- a/drivers/tty/serial/8250/8250_dma.c
+++ b/drivers/tty/serial/8250/8250_dma.c
@@ -133,6 +133,22 @@ err:
return ret;
}
+void serial8250_tx_dma_flush(struct uart_8250_port *p)
+{
+ struct uart_8250_dma *dma = p->dma;
+
+ if (!dma->tx_running)
+ return;
+
+ /*
+ * kfifo_reset() has been called by the serial core, avoid
+ * advancing and underflowing in __dma_tx_complete().
+ */
+ dma->tx_size = 0;
+
+ dmaengine_terminate_async(dma->rxchan);
+}
+
int serial8250_rx_dma(struct uart_8250_port *p)
{
struct uart_8250_dma *dma = p->dma;
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -2550,6 +2550,14 @@ static unsigned int npcm_get_divisor(str
return DIV_ROUND_CLOSEST(port->uartclk, 16 * baud + 2) - 2;
}
+static void serial8250_flush_buffer(struct uart_port *port)
+{
+ struct uart_8250_port *up = up_to_u8250p(port);
+
+ if (up->dma)
+ serial8250_tx_dma_flush(up);
+}
+
static unsigned int serial8250_do_get_divisor(struct uart_port *port,
unsigned int baud,
unsigned int *frac)
@@ -3260,6 +3268,7 @@ static const struct uart_ops serial8250_
.break_ctl = serial8250_break_ctl,
.startup = serial8250_startup,
.shutdown = serial8250_shutdown,
+ .flush_buffer = serial8250_flush_buffer,
.set_termios = serial8250_set_termios,
.set_ldisc = serial8250_set_ldisc,
.pm = serial8250_pm,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 527/578] alpha: align stack for page fault and user unaligned trap handlers
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (525 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 526/578] serial: 8250: Fix fifo underflow on flush Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 528/578] gpiolib: acpi: Add a quirk for Acer Nitro ANV14 Greg Kroah-Hartman
` (59 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maciej W. Rozycki, Magnus Lindholm,
Matt Turner, Ivan Kokshaysky
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ivan Kokshaysky <ink@unseen.parts>
commit 3b35a171060f846b08b48646b38c30b5d57d17ff upstream.
do_page_fault() and do_entUna() are special because they use
non-standard stack frame layout. Fix them manually.
Cc: stable@vger.kernel.org
Tested-by: Maciej W. Rozycki <macro@orcam.me.uk>
Tested-by: Magnus Lindholm <linmag7@gmail.com>
Tested-by: Matt Turner <mattst88@gmail.com>
Reviewed-by: Maciej W. Rozycki <macro@orcam.me.uk>
Suggested-by: Maciej W. Rozycki <macro@orcam.me.uk>
Signed-off-by: Ivan Kokshaysky <ink@unseen.parts>
Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/alpha/kernel/entry.S | 20 ++++++++++----------
arch/alpha/kernel/traps.c | 2 +-
arch/alpha/mm/fault.c | 4 ++--
3 files changed, 13 insertions(+), 13 deletions(-)
--- a/arch/alpha/kernel/entry.S
+++ b/arch/alpha/kernel/entry.S
@@ -199,8 +199,8 @@ CFI_END_OSF_FRAME entArith
CFI_START_OSF_FRAME entMM
SAVE_ALL
/* save $9 - $15 so the inline exception code can manipulate them. */
- subq $sp, 56, $sp
- .cfi_adjust_cfa_offset 56
+ subq $sp, 64, $sp
+ .cfi_adjust_cfa_offset 64
stq $9, 0($sp)
stq $10, 8($sp)
stq $11, 16($sp)
@@ -215,7 +215,7 @@ CFI_START_OSF_FRAME entMM
.cfi_rel_offset $13, 32
.cfi_rel_offset $14, 40
.cfi_rel_offset $15, 48
- addq $sp, 56, $19
+ addq $sp, 64, $19
/* handle the fault */
lda $8, 0x3fff
bic $sp, $8, $8
@@ -228,7 +228,7 @@ CFI_START_OSF_FRAME entMM
ldq $13, 32($sp)
ldq $14, 40($sp)
ldq $15, 48($sp)
- addq $sp, 56, $sp
+ addq $sp, 64, $sp
.cfi_restore $9
.cfi_restore $10
.cfi_restore $11
@@ -236,7 +236,7 @@ CFI_START_OSF_FRAME entMM
.cfi_restore $13
.cfi_restore $14
.cfi_restore $15
- .cfi_adjust_cfa_offset -56
+ .cfi_adjust_cfa_offset -64
/* finish up the syscall as normal. */
br ret_from_sys_call
CFI_END_OSF_FRAME entMM
@@ -383,8 +383,8 @@ entUnaUser:
.cfi_restore $0
.cfi_adjust_cfa_offset -256
SAVE_ALL /* setup normal kernel stack */
- lda $sp, -56($sp)
- .cfi_adjust_cfa_offset 56
+ lda $sp, -64($sp)
+ .cfi_adjust_cfa_offset 64
stq $9, 0($sp)
stq $10, 8($sp)
stq $11, 16($sp)
@@ -400,7 +400,7 @@ entUnaUser:
.cfi_rel_offset $14, 40
.cfi_rel_offset $15, 48
lda $8, 0x3fff
- addq $sp, 56, $19
+ addq $sp, 64, $19
bic $sp, $8, $8
jsr $26, do_entUnaUser
ldq $9, 0($sp)
@@ -410,7 +410,7 @@ entUnaUser:
ldq $13, 32($sp)
ldq $14, 40($sp)
ldq $15, 48($sp)
- lda $sp, 56($sp)
+ lda $sp, 64($sp)
.cfi_restore $9
.cfi_restore $10
.cfi_restore $11
@@ -418,7 +418,7 @@ entUnaUser:
.cfi_restore $13
.cfi_restore $14
.cfi_restore $15
- .cfi_adjust_cfa_offset -56
+ .cfi_adjust_cfa_offset -64
br ret_from_sys_call
CFI_END_OSF_FRAME entUna
--- a/arch/alpha/kernel/traps.c
+++ b/arch/alpha/kernel/traps.c
@@ -707,7 +707,7 @@ s_reg_to_mem (unsigned long s_reg)
static int unauser_reg_offsets[32] = {
R(r0), R(r1), R(r2), R(r3), R(r4), R(r5), R(r6), R(r7), R(r8),
/* r9 ... r15 are stored in front of regs. */
- -56, -48, -40, -32, -24, -16, -8,
+ -64, -56, -48, -40, -32, -24, -16, /* padding at -8 */
R(r16), R(r17), R(r18),
R(r19), R(r20), R(r21), R(r22), R(r23), R(r24), R(r25), R(r26),
R(r27), R(r28), R(gp),
--- a/arch/alpha/mm/fault.c
+++ b/arch/alpha/mm/fault.c
@@ -78,8 +78,8 @@ __load_new_mm_context(struct mm_struct *
/* Macro for exception fixup code to access integer registers. */
#define dpf_reg(r) \
- (((unsigned long *)regs)[(r) <= 8 ? (r) : (r) <= 15 ? (r)-16 : \
- (r) <= 18 ? (r)+10 : (r)-10])
+ (((unsigned long *)regs)[(r) <= 8 ? (r) : (r) <= 15 ? (r)-17 : \
+ (r) <= 18 ? (r)+11 : (r)-10])
asmlinkage void
do_page_fault(unsigned long address, unsigned long mmcsr,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 528/578] gpiolib: acpi: Add a quirk for Acer Nitro ANV14
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (526 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 527/578] alpha: align stack for page fault and user unaligned trap handlers Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 529/578] gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Greg Kroah-Hartman
` (58 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Delgan, Mario Limonciello,
Mika Westerberg, Bartosz Golaszewski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mario Limonciello <mario.limonciello@amd.com>
commit 8743d66979e494c5378563e6b5a32e913380abd8 upstream.
Spurious immediate wake up events are reported on Acer Nitro ANV14. GPIO 11 is
specified as an edge triggered input and also a wake source but this pin is
supposed to be an output pin for an LED, so it's effectively floating.
Block the interrupt from getting set up for this GPIO on this device.
Cc: stable@vger.kernel.org
Reported-by: Delgan <delgan.py@gmail.com>
Tested-by: Delgan <delgan.py@gmail.com>
Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3954
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Mika Westerberg <westeri@kernel.org>
Link: https://lore.kernel.org/r/20250211203222.761206-1-superm1@kernel.org
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpio/gpiolib-acpi.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/drivers/gpio/gpiolib-acpi.c
+++ b/drivers/gpio/gpiolib-acpi.c
@@ -1640,6 +1640,20 @@ static const struct dmi_system_id gpioli
.ignore_wake = "PNP0C50:00@8",
},
},
+ {
+ /*
+ * Spurious wakeups from GPIO 11
+ * Found in BIOS 1.04
+ * https://gitlab.freedesktop.org/drm/amd/-/issues/3954
+ */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Acer"),
+ DMI_MATCH(DMI_PRODUCT_FAMILY, "Acer Nitro V 14"),
+ },
+ .driver_data = &(struct acpi_gpiolib_dmi_quirk) {
+ .ignore_interrupt = "AMDI0030:00@11",
+ },
+ },
{} /* Terminating entry */
};
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 529/578] gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (527 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 528/578] gpiolib: acpi: Add a quirk for Acer Nitro ANV14 Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 530/578] partitions: mac: fix handling of bogus partition table Greg Kroah-Hartman
` (57 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wentao Liang, Bartosz Golaszewski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wentao Liang <vulab@iscas.ac.cn>
commit b9644fbfbcab13da7f8b37bef7c51e5b8407d031 upstream.
The stmpe_reg_read function can fail, but its return value is not checked
in stmpe_gpio_irq_sync_unlock. This can lead to silent failures and
incorrect behavior if the hardware access fails.
This patch adds checks for the return value of stmpe_reg_read. If the
function fails, an error message is logged and the function returns
early to avoid further issues.
Fixes: b888fb6f2a27 ("gpio: stmpe: i2c transfer are forbiden in atomic context")
Cc: stable@vger.kernel.org # 4.16+
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
Link: https://lore.kernel.org/r/20250212021849.275-1-vulab@iscas.ac.cn
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpio/gpio-stmpe.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
--- a/drivers/gpio/gpio-stmpe.c
+++ b/drivers/gpio/gpio-stmpe.c
@@ -191,7 +191,7 @@ static void stmpe_gpio_irq_sync_unlock(s
[REG_IE][CSB] = STMPE_IDX_IEGPIOR_CSB,
[REG_IE][MSB] = STMPE_IDX_IEGPIOR_MSB,
};
- int i, j;
+ int ret, i, j;
/*
* STMPE1600: to be able to get IRQ from pins,
@@ -199,8 +199,16 @@ static void stmpe_gpio_irq_sync_unlock(s
* GPSR or GPCR registers
*/
if (stmpe->partnum == STMPE1600) {
- stmpe_reg_read(stmpe, stmpe->regs[STMPE_IDX_GPMR_LSB]);
- stmpe_reg_read(stmpe, stmpe->regs[STMPE_IDX_GPMR_CSB]);
+ ret = stmpe_reg_read(stmpe, stmpe->regs[STMPE_IDX_GPMR_LSB]);
+ if (ret < 0) {
+ dev_err(stmpe->dev, "Failed to read GPMR_LSB: %d\n", ret);
+ goto err;
+ }
+ ret = stmpe_reg_read(stmpe, stmpe->regs[STMPE_IDX_GPMR_CSB]);
+ if (ret < 0) {
+ dev_err(stmpe->dev, "Failed to read GPMR_CSB: %d\n", ret);
+ goto err;
+ }
}
for (i = 0; i < CACHE_NR_REGS; i++) {
@@ -222,6 +230,7 @@ static void stmpe_gpio_irq_sync_unlock(s
}
}
+err:
mutex_unlock(&stmpe_gpio->irq_lock);
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 530/578] partitions: mac: fix handling of bogus partition table
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (528 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 529/578] gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 531/578] regmap-irq: Add missing kfree() Greg Kroah-Hartman
` (56 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jann Horn, Jens Axboe
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jann Horn <jannh@google.com>
commit 80e648042e512d5a767da251d44132553fe04ae0 upstream.
Fix several issues in partition probing:
- The bailout for a bad partoffset must use put_dev_sector(), since the
preceding read_part_sector() succeeded.
- If the partition table claims a silly sector size like 0xfff bytes
(which results in partition table entries straddling sector boundaries),
bail out instead of accessing out-of-bounds memory.
- We must not assume that the partition table contains proper NUL
termination - use strnlen() and strncmp() instead of strlen() and
strcmp().
Cc: stable@vger.kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Link: https://lore.kernel.org/r/20250214-partition-mac-v1-1-c1c626dffbd5@google.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/partitions/mac.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
--- a/block/partitions/mac.c
+++ b/block/partitions/mac.c
@@ -51,13 +51,25 @@ int mac_partition(struct parsed_partitio
}
secsize = be16_to_cpu(md->block_size);
put_dev_sector(sect);
+
+ /*
+ * If the "block size" is not a power of 2, things get weird - we might
+ * end up with a partition straddling a sector boundary, so we wouldn't
+ * be able to read a partition entry with read_part_sector().
+ * Real block sizes are probably (?) powers of two, so just require
+ * that.
+ */
+ if (!is_power_of_2(secsize))
+ return -1;
datasize = round_down(secsize, 512);
data = read_part_sector(state, datasize / 512, §);
if (!data)
return -1;
partoffset = secsize % 512;
- if (partoffset + sizeof(*part) > datasize)
+ if (partoffset + sizeof(*part) > datasize) {
+ put_dev_sector(sect);
return -1;
+ }
part = (struct mac_partition *) (data + partoffset);
if (be16_to_cpu(part->signature) != MAC_PARTITION_MAGIC) {
put_dev_sector(sect);
@@ -110,8 +122,8 @@ int mac_partition(struct parsed_partitio
int i, l;
goodness++;
- l = strlen(part->name);
- if (strcmp(part->name, "/") == 0)
+ l = strnlen(part->name, sizeof(part->name));
+ if (strncmp(part->name, "/", sizeof(part->name)) == 0)
goodness++;
for (i = 0; i <= l - 4; ++i) {
if (strncasecmp(part->name + i, "root",
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 531/578] regmap-irq: Add missing kfree()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (529 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 530/578] partitions: mac: fix handling of bogus partition table Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 532/578] arm64: Handle .ARM.attributes section in linker scripts Greg Kroah-Hartman
` (55 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Mark Brown
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
commit 32ffed055dcee17f6705f545b069e44a66067808 upstream.
Add kfree() for "d->main_status_buf" to the error-handling path to prevent
a memory leak.
Fixes: a2d21848d921 ("regmap: regmap-irq: Add main status register support")
Cc: stable@vger.kernel.org # v5.1+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Link: https://patch.msgid.link/20250205004343.14413-1-jiashengjiangcool@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/regmap/regmap-irq.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/base/regmap/regmap-irq.c
+++ b/drivers/base/regmap/regmap-irq.c
@@ -1059,6 +1059,7 @@ err_alloc:
kfree(d->wake_buf);
kfree(d->mask_buf_def);
kfree(d->mask_buf);
+ kfree(d->main_status_buf);
kfree(d->status_buf);
kfree(d->status_reg_buf);
if (d->virt_buf) {
@@ -1139,6 +1140,7 @@ void regmap_del_irq_chip(int irq, struct
kfree(d->wake_buf);
kfree(d->mask_buf_def);
kfree(d->mask_buf);
+ kfree(d->main_status_buf);
kfree(d->status_reg_buf);
kfree(d->status_buf);
if (d->config_buf) {
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 532/578] arm64: Handle .ARM.attributes section in linker scripts
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (530 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 531/578] regmap-irq: Add missing kfree() Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 533/578] mmc: mtk-sd: Fix register settings for hs400(es) mode Greg Kroah-Hartman
` (54 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Will Deacon
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
commit ca0f4fe7cf7183bfbdc67ca2de56ae1fc3a8db2b upstream.
A recent LLVM commit [1] started generating an .ARM.attributes section
similar to the one that exists for 32-bit, which results in orphan
section warnings (or errors if CONFIG_WERROR is enabled) from the linker
because it is not handled in the arm64 linker scripts.
ld.lld: error: arch/arm64/kernel/vdso/vgettimeofday.o:(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: arch/arm64/kernel/vdso/vgetrandom.o:(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/vsprintf.o):(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/win_minmax.o):(.ARM.attributes) is being placed in '.ARM.attributes'
ld.lld: error: vmlinux.a(lib/xarray.o):(.ARM.attributes) is being placed in '.ARM.attributes'
Discard the new sections in the necessary linker scripts to resolve the
warnings, as the kernel and vDSO do not need to retain it, similar to
the .note.gnu.property section.
Cc: stable@vger.kernel.org
Fixes: b3e5d80d0c48 ("arm64/build: Warn on orphan section placement")
Link: https://github.com/llvm/llvm-project/commit/ee99c4d4845db66c4daa2373352133f4b237c942 [1]
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/r/20250206-arm64-handle-arm-attributes-in-linker-script-v3-1-d53d169913eb@kernel.org
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/vdso/vdso.lds.S | 1 +
arch/arm64/kernel/vmlinux.lds.S | 1 +
2 files changed, 2 insertions(+)
--- a/arch/arm64/kernel/vdso/vdso.lds.S
+++ b/arch/arm64/kernel/vdso/vdso.lds.S
@@ -38,6 +38,7 @@ SECTIONS
*/
/DISCARD/ : {
*(.note.GNU-stack .note.gnu.property)
+ *(.ARM.attributes)
}
.note : { *(.note.*) } :text :note
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -149,6 +149,7 @@ SECTIONS
/DISCARD/ : {
*(.interp .dynamic)
*(.dynsym .dynstr .hash .gnu.hash)
+ *(.ARM.attributes)
}
. = KIMAGE_VADDR;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 533/578] mmc: mtk-sd: Fix register settings for hs400(es) mode
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (531 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 532/578] arm64: Handle .ARM.attributes section in linker scripts Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 534/578] mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Greg Kroah-Hartman
` (53 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy-ld Lu,
AngeloGioacchino Del Regno, Ulf Hansson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy-ld Lu <andy-ld.lu@mediatek.com>
commit 3e68abf2b9cebe76c6cd4b1aca8e95cd671035a3 upstream.
For hs400(es) mode, the 'hs400-ds-delay' is typically configured in the
dts. However, some projects may only define 'mediatek,hs400-ds-dly3',
which can lead to initialization failures in hs400es mode. CMD13 reported
response crc error in the mmc_switch_status() just after switching to
hs400es mode.
[ 1.914038][ T82] mmc0: mmc_select_hs400es failed, error -84
[ 1.914954][ T82] mmc0: error -84 whilst initialising MMC card
Currently, the hs400_ds_dly3 value is set within the tuning function. This
means that the PAD_DS_DLY3 field is not configured before tuning process,
which is the reason for the above-mentioned CMD13 response crc error.
Move the PAD_DS_DLY3 field configuration into msdc_prepare_hs400_tuning(),
and add a value check of hs400_ds_delay to prevent overwriting by zero when
the 'hs400-ds-delay' is not set in the dts. In addition, since hs400(es)
only tune the PAD_DS_DLY1, the PAD_DS_DLY2_SEL bit should be cleared to
bypass it.
Fixes: c4ac38c6539b ("mmc: mtk-sd: Add HS400 online tuning support")
Signed-off-by: Andy-ld Lu <andy-ld.lu@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20250123092644.7359-1-andy-ld.lu@mediatek.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/mtk-sd.c | 31 ++++++++++++++++++++-----------
1 file changed, 20 insertions(+), 11 deletions(-)
--- a/drivers/mmc/host/mtk-sd.c
+++ b/drivers/mmc/host/mtk-sd.c
@@ -262,6 +262,7 @@
#define MSDC_PAD_TUNE_CMD_SEL BIT(21) /* RW */
#define PAD_DS_TUNE_DLY_SEL BIT(0) /* RW */
+#define PAD_DS_TUNE_DLY2_SEL BIT(1) /* RW */
#define PAD_DS_TUNE_DLY1 GENMASK(6, 2) /* RW */
#define PAD_DS_TUNE_DLY2 GENMASK(11, 7) /* RW */
#define PAD_DS_TUNE_DLY3 GENMASK(16, 12) /* RW */
@@ -307,6 +308,7 @@
/* EMMC50_PAD_DS_TUNE mask */
#define PAD_DS_DLY_SEL BIT(16) /* RW */
+#define PAD_DS_DLY2_SEL BIT(15) /* RW */
#define PAD_DS_DLY1 GENMASK(14, 10) /* RW */
#define PAD_DS_DLY3 GENMASK(4, 0) /* RW */
@@ -2293,13 +2295,23 @@ tune_done:
static int msdc_prepare_hs400_tuning(struct mmc_host *mmc, struct mmc_ios *ios)
{
struct msdc_host *host = mmc_priv(mmc);
+
host->hs400_mode = true;
- if (host->top_base)
- writel(host->hs400_ds_delay,
- host->top_base + EMMC50_PAD_DS_TUNE);
- else
- writel(host->hs400_ds_delay, host->base + PAD_DS_TUNE);
+ if (host->top_base) {
+ if (host->hs400_ds_dly3)
+ sdr_set_field(host->top_base + EMMC50_PAD_DS_TUNE,
+ PAD_DS_DLY3, host->hs400_ds_dly3);
+ if (host->hs400_ds_delay)
+ writel(host->hs400_ds_delay,
+ host->top_base + EMMC50_PAD_DS_TUNE);
+ } else {
+ if (host->hs400_ds_dly3)
+ sdr_set_field(host->base + PAD_DS_TUNE,
+ PAD_DS_TUNE_DLY3, host->hs400_ds_dly3);
+ if (host->hs400_ds_delay)
+ writel(host->hs400_ds_delay, host->base + PAD_DS_TUNE);
+ }
/* hs400 mode must set it to 0 */
sdr_clr_bits(host->base + MSDC_PATCH_BIT2, MSDC_PATCH_BIT2_CFGCRCSTS);
/* to improve read performance, set outstanding to 2 */
@@ -2319,14 +2331,11 @@ static int msdc_execute_hs400_tuning(str
if (host->top_base) {
sdr_set_bits(host->top_base + EMMC50_PAD_DS_TUNE,
PAD_DS_DLY_SEL);
- if (host->hs400_ds_dly3)
- sdr_set_field(host->top_base + EMMC50_PAD_DS_TUNE,
- PAD_DS_DLY3, host->hs400_ds_dly3);
+ sdr_clr_bits(host->top_base + EMMC50_PAD_DS_TUNE,
+ PAD_DS_DLY2_SEL);
} else {
sdr_set_bits(host->base + PAD_DS_TUNE, PAD_DS_TUNE_DLY_SEL);
- if (host->hs400_ds_dly3)
- sdr_set_field(host->base + PAD_DS_TUNE,
- PAD_DS_TUNE_DLY3, host->hs400_ds_dly3);
+ sdr_clr_bits(host->base + PAD_DS_TUNE, PAD_DS_TUNE_DLY2_SEL);
}
host->hs400_tuning = true;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 534/578] mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (532 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 533/578] mmc: mtk-sd: Fix register settings for hs400(es) mode Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 535/578] btrfs: fix hole expansion when writing at an offset beyond EOF Greg Kroah-Hartman
` (52 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wentao Liang, Petr Machata,
Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wentao Liang <vulab@iscas.ac.cn>
commit fee5d688940690cc845937459e340e4e02598e90 upstream.
Add a check for the return value of mlxsw_sp_port_get_stats_raw()
in __mlxsw_sp_port_get_stats(). If mlxsw_sp_port_get_stats_raw()
returns an error, exit the function to prevent further processing
with potentially invalid data.
Fixes: 614d509aa1e7 ("mlxsw: Move ethtool_ops to spectrum_ethtool.c")
Cc: stable@vger.kernel.org # 5.9+
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Link: https://patch.msgid.link/20250212152311.1332-1-vulab@iscas.ac.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c
@@ -768,7 +768,9 @@ static void __mlxsw_sp_port_get_stats(st
err = mlxsw_sp_get_hw_stats_by_group(&hw_stats, &len, grp);
if (err)
return;
- mlxsw_sp_port_get_stats_raw(dev, grp, prio, ppcnt_pl);
+ err = mlxsw_sp_port_get_stats_raw(dev, grp, prio, ppcnt_pl);
+ if (err)
+ return;
for (i = 0; i < len; i++) {
data[data_index + i] = hw_stats[i].getter(ppcnt_pl);
if (!hw_stats[i].cells_bytes)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 535/578] btrfs: fix hole expansion when writing at an offset beyond EOF
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (533 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 534/578] mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Greg Kroah-Hartman
@ 2025-02-19 8:28 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 536/578] clocksource: Use pr_info() for "Checking clocksource synchronization" message Greg Kroah-Hartman
` (51 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qu Wenruo, Filipe Manana,
David Sterba
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit da2dccd7451de62b175fb8f0808d644959e964c7 upstream.
At btrfs_write_check() if our file's i_size is not sector size aligned and
we have a write that starts at an offset larger than the i_size that falls
within the same page of the i_size, then we end up not zeroing the file
range [i_size, write_offset).
The code is this:
start_pos = round_down(pos, fs_info->sectorsize);
oldsize = i_size_read(inode);
if (start_pos > oldsize) {
/* Expand hole size to cover write data, preventing empty gap */
loff_t end_pos = round_up(pos + count, fs_info->sectorsize);
ret = btrfs_cont_expand(BTRFS_I(inode), oldsize, end_pos);
if (ret)
return ret;
}
So if our file's i_size is 90269 bytes and a write at offset 90365 bytes
comes in, we get 'start_pos' set to 90112 bytes, which is less than the
i_size and therefore we don't zero out the range [90269, 90365) by
calling btrfs_cont_expand().
This is an old bug introduced in commit 9036c10208e1 ("Btrfs: update hole
handling v2"), from 2008, and the buggy code got moved around over the
years.
Fix this by discarding 'start_pos' and comparing against the write offset
('pos') without any alignment.
This bug was recently exposed by test case generic/363 which tests this
scenario by polluting ranges beyond EOF with an mmap write and than verify
that after a file increases we get zeroes for the range which is supposed
to be a hole and not what we wrote with the previous mmaped write.
We're only seeing this exposed now because generic/363 used to run only
on xfs until last Sunday's fstests update.
The test was failing like this:
$ ./check generic/363
FSTYP -- btrfs
PLATFORM -- Linux/x86_64 debian0 6.13.0-rc7-btrfs-next-185+ #17 SMP PREEMPT_DYNAMIC Mon Feb 3 12:28:46 WET 2025
MKFS_OPTIONS -- /dev/sdc
MOUNT_OPTIONS -- /dev/sdc /home/fdmanana/btrfs-tests/scratch_1
generic/363 0s ... [failed, exit status 1]- output mismatch (see /home/fdmanana/git/hub/xfstests/results//generic/363.out.bad)
# --- tests/generic/363.out 2025-02-05 15:31:14.013646509 +0000
# +++ /home/fdmanana/git/hub/xfstests/results//generic/363.out.bad 2025-02-05 17:25:33.112630781 +0000
@@ -1 +1,46 @@
QA output created by 363
+READ BAD DATA: offset = 0xdcad, size = 0xd921, fname = /home/fdmanana/btrfs-tests/dev/junk
+OFFSET GOOD BAD RANGE
+0x1609d 0x0000 0x3104 0x0
+operation# (mod 256) for the bad data may be 4
+0x1609e 0x0000 0x0472 0x1
+operation# (mod 256) for the bad data may be 4
...
(Run 'diff -u /home/fdmanana/git/hub/xfstests/tests/generic/363.out /home/fdmanana/git/hub/xfstests/results//generic/363.out.bad' to see the entire diff)
Ran: generic/363
Failures: generic/363
Failed 1 of 1 tests
Fixes: 9036c10208e1 ("Btrfs: update hole handling v2")
CC: stable@vger.kernel.org
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/file.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -1122,7 +1122,6 @@ static int btrfs_write_check(struct kioc
loff_t pos = iocb->ki_pos;
int ret;
loff_t oldsize;
- loff_t start_pos;
/*
* Quickly bail out on NOWAIT writes if we don't have the nodatacow or
@@ -1147,9 +1146,8 @@ static int btrfs_write_check(struct kioc
*/
update_time_for_write(inode);
- start_pos = round_down(pos, fs_info->sectorsize);
oldsize = i_size_read(inode);
- if (start_pos > oldsize) {
+ if (pos > oldsize) {
/* Expand hole size to cover write data, preventing empty gap */
loff_t end_pos = round_up(pos + count, fs_info->sectorsize);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 536/578] clocksource: Use pr_info() for "Checking clocksource synchronization" message
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (534 preceding siblings ...)
2025-02-19 8:28 ` [PATCH 6.1 535/578] btrfs: fix hole expansion when writing at an offset beyond EOF Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 537/578] clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Greg Kroah-Hartman
` (50 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Waiman Long, Thomas Gleixner,
Paul E. McKenney, John Stultz, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Waiman Long <longman@redhat.com>
[ Upstream commit 1f566840a82982141f94086061927a90e79440e5 ]
The "Checking clocksource synchronization" message is normally printed
when clocksource_verify_percpu() is called for a given clocksource if
both the CLOCK_SOURCE_UNSTABLE and CLOCK_SOURCE_VERIFY_PERCPU flags
are set.
It is an informational message and so pr_info() is the correct choice.
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Paul E. McKenney <paulmck@kernel.org>
Acked-by: John Stultz <jstultz@google.com>
Link: https://lore.kernel.org/all/20250125015442.3740588-1-longman@redhat.com
Stable-dep-of: 6bb05a33337b ("clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/time/clocksource.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c
index a3650699463bb..51afd4cc2d004 100644
--- a/kernel/time/clocksource.c
+++ b/kernel/time/clocksource.c
@@ -357,7 +357,8 @@ void clocksource_verify_percpu(struct clocksource *cs)
return;
}
testcpu = smp_processor_id();
- pr_warn("Checking clocksource %s synchronization from CPU %d to CPUs %*pbl.\n", cs->name, testcpu, cpumask_pr_args(&cpus_chosen));
+ pr_info("Checking clocksource %s synchronization from CPU %d to CPUs %*pbl.\n",
+ cs->name, testcpu, cpumask_pr_args(&cpus_chosen));
for_each_cpu(cpu, &cpus_chosen) {
if (cpu == testcpu)
continue;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 537/578] clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (535 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 536/578] clocksource: Use pr_info() for "Checking clocksource synchronization" message Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 538/578] ipv4: add RCU protection to ip4_dst_hoplimit() Greg Kroah-Hartman
` (49 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sebastian Andrzej Siewior,
Waiman Long, Thomas Gleixner, Paul E. McKenney, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Waiman Long <longman@redhat.com>
[ Upstream commit 6bb05a33337b2c842373857b63de5c9bf1ae2a09 ]
The following bug report happened with a PREEMPT_RT kernel:
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
get_random_u32+0x4f/0x110
clocksource_verify_choose_cpus+0xab/0x1a0
clocksource_verify_percpu.part.0+0x6b/0x330
clocksource_watchdog_kthread+0x193/0x1a0
It is due to the fact that clocksource_verify_choose_cpus() is invoked with
preemption disabled. This function invokes get_random_u32() to obtain
random numbers for choosing CPUs. The batched_entropy_32 local lock and/or
the base_crng.lock spinlock in driver/char/random.c will be acquired during
the call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot
be acquired in atomic context.
Fix this problem by using migrate_disable() to allow smp_processor_id() to
be reliably used without introducing atomic context. preempt_disable() is
then called after clocksource_verify_choose_cpus() but before the
clocksource measurement is being run to avoid introducing unexpected
latency.
Fixes: 7560c02bdffb ("clocksource: Check per-CPU clock synchronization when marked unstable")
Suggested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Paul E. McKenney <paulmck@kernel.org>
Reviewed-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Link: https://lore.kernel.org/all/20250131173323.891943-2-longman@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/time/clocksource.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c
index 51afd4cc2d004..9e221a97d2274 100644
--- a/kernel/time/clocksource.c
+++ b/kernel/time/clocksource.c
@@ -348,10 +348,10 @@ void clocksource_verify_percpu(struct clocksource *cs)
cpumask_clear(&cpus_ahead);
cpumask_clear(&cpus_behind);
cpus_read_lock();
- preempt_disable();
+ migrate_disable();
clocksource_verify_choose_cpus();
if (cpumask_empty(&cpus_chosen)) {
- preempt_enable();
+ migrate_enable();
cpus_read_unlock();
pr_warn("Not enough CPUs to check clocksource '%s'.\n", cs->name);
return;
@@ -359,6 +359,7 @@ void clocksource_verify_percpu(struct clocksource *cs)
testcpu = smp_processor_id();
pr_info("Checking clocksource %s synchronization from CPU %d to CPUs %*pbl.\n",
cs->name, testcpu, cpumask_pr_args(&cpus_chosen));
+ preempt_disable();
for_each_cpu(cpu, &cpus_chosen) {
if (cpu == testcpu)
continue;
@@ -378,6 +379,7 @@ void clocksource_verify_percpu(struct clocksource *cs)
cs_nsec_min = cs_nsec;
}
preempt_enable();
+ migrate_enable();
cpus_read_unlock();
if (!cpumask_empty(&cpus_ahead))
pr_warn(" CPUs %*pbl ahead of CPU %d for clocksource %s.\n",
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 538/578] ipv4: add RCU protection to ip4_dst_hoplimit()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (536 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 537/578] clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 539/578] net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Greg Kroah-Hartman
` (48 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Kuniyuki Iwashima,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 469308552ca4560176cfc100e7ca84add1bebd7c ]
ip4_dst_hoplimit() must use RCU protection to make
sure the net structure it reads does not disappear.
Fixes: fa50d974d104 ("ipv4: Namespaceify ip_default_ttl sysctl knob")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250205155120.1676781-3-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/route.h | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/include/net/route.h b/include/net/route.h
index af8431b25f800..f396176022377 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -362,10 +362,15 @@ static inline int inet_iif(const struct sk_buff *skb)
static inline int ip4_dst_hoplimit(const struct dst_entry *dst)
{
int hoplimit = dst_metric_raw(dst, RTAX_HOPLIMIT);
- struct net *net = dev_net(dst->dev);
- if (hoplimit == 0)
+ if (hoplimit == 0) {
+ const struct net *net;
+
+ rcu_read_lock();
+ net = dev_net_rcu(dst->dev);
hoplimit = READ_ONCE(net->ipv4.sysctl_ip_default_ttl);
+ rcu_read_unlock();
+ }
return hoplimit;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 539/578] net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (537 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 538/578] ipv4: add RCU protection to ip4_dst_hoplimit() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 540/578] net: add dev_net_rcu() helper Greg Kroah-Hartman
` (47 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiri Pirko, Simon Horman,
David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Pirko <jiri@nvidia.com>
[ Upstream commit 2034d90ae41ae93e30d492ebcf1f06f97a9cfba6 ]
Make the net pointer stored in possible_net_t structure annotated as
an RCU pointer. Change the access helpers to treat it as such.
Introduce read_pnet_rcu() helper to allow caller to dereference
the net pointer under RCU read lock.
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 71b8471c93fa ("ipv4: use RCU protection in ipv4_default_advmss()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/net_namespace.h | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index 17c7a88418345..3ffcc1b02a590 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -353,21 +353,30 @@ static inline void put_net_track(struct net *net, netns_tracker *tracker)
typedef struct {
#ifdef CONFIG_NET_NS
- struct net *net;
+ struct net __rcu *net;
#endif
} possible_net_t;
static inline void write_pnet(possible_net_t *pnet, struct net *net)
{
#ifdef CONFIG_NET_NS
- pnet->net = net;
+ rcu_assign_pointer(pnet->net, net);
#endif
}
static inline struct net *read_pnet(const possible_net_t *pnet)
{
#ifdef CONFIG_NET_NS
- return pnet->net;
+ return rcu_dereference_protected(pnet->net, true);
+#else
+ return &init_net;
+#endif
+}
+
+static inline struct net *read_pnet_rcu(possible_net_t *pnet)
+{
+#ifdef CONFIG_NET_NS
+ return rcu_dereference(pnet->net);
#else
return &init_net;
#endif
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 540/578] net: add dev_net_rcu() helper
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (538 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 539/578] net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 541/578] ipv4: use RCU protection in ipv4_default_advmss() Greg Kroah-Hartman
` (46 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Kuniyuki Iwashima,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 482ad2a4ace2740ca0ff1cbc8f3c7f862f3ab507 ]
dev->nd_net can change, readers should either
use rcu_read_lock() or RTNL.
We currently use a generic helper, dev_net() with
no debugging support. We probably have many hidden bugs.
Add dev_net_rcu() helper for callers using rcu_read_lock()
protection.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250205155120.1676781-2-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 71b8471c93fa ("ipv4: use RCU protection in ipv4_default_advmss()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/netdevice.h | 6 ++++++
include/net/net_namespace.h | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index c75aed1fff7d1..d0b4920dee730 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -2538,6 +2538,12 @@ struct net *dev_net(const struct net_device *dev)
return read_pnet(&dev->nd_net);
}
+static inline
+struct net *dev_net_rcu(const struct net_device *dev)
+{
+ return read_pnet_rcu(&dev->nd_net);
+}
+
static inline
void dev_net_set(struct net_device *dev, struct net *net)
{
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index 3ffcc1b02a590..ee50d54936629 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -373,7 +373,7 @@ static inline struct net *read_pnet(const possible_net_t *pnet)
#endif
}
-static inline struct net *read_pnet_rcu(possible_net_t *pnet)
+static inline struct net *read_pnet_rcu(const possible_net_t *pnet)
{
#ifdef CONFIG_NET_NS
return rcu_dereference(pnet->net);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 541/578] ipv4: use RCU protection in ipv4_default_advmss()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (539 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 540/578] net: add dev_net_rcu() helper Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 542/578] ipv4: use RCU protection in rt_is_expired() Greg Kroah-Hartman
` (45 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Kuniyuki Iwashima,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 71b8471c93fa0bcab911fcb65da1eb6c4f5f735f ]
ipv4_default_advmss() must use RCU protection to make
sure the net structure it reads does not disappear.
Fixes: 2e9589ff809e ("ipv4: Namespaceify min_adv_mss sysctl knob")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250205155120.1676781-5-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/route.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index f877a96fd1eb5..5f18520d054c0 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1306,10 +1306,15 @@ static void set_class_tag(struct rtable *rt, u32 tag)
static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
{
- struct net *net = dev_net(dst->dev);
unsigned int header_size = sizeof(struct tcphdr) + sizeof(struct iphdr);
- unsigned int advmss = max_t(unsigned int, ipv4_mtu(dst) - header_size,
- net->ipv4.ip_rt_min_advmss);
+ unsigned int advmss;
+ struct net *net;
+
+ rcu_read_lock();
+ net = dev_net_rcu(dst->dev);
+ advmss = max_t(unsigned int, ipv4_mtu(dst) - header_size,
+ net->ipv4.ip_rt_min_advmss);
+ rcu_read_unlock();
return min(advmss, IPV4_MAX_PMTU - header_size);
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 542/578] ipv4: use RCU protection in rt_is_expired()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (540 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 541/578] ipv4: use RCU protection in ipv4_default_advmss() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 543/578] ipv4: use RCU protection in inet_select_addr() Greg Kroah-Hartman
` (44 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Kuniyuki Iwashima,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit dd205fcc33d92d54eee4d7f21bb073af9bd5ce2b ]
rt_is_expired() must use RCU protection to make
sure the net structure it reads does not disappear.
Fixes: e84f84f27647 ("netns: place rt_genid into struct net")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250205155120.1676781-6-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/route.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 5f18520d054c0..ae56d94f68d9f 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -393,7 +393,13 @@ static inline int ip_rt_proc_init(void)
static inline bool rt_is_expired(const struct rtable *rth)
{
- return rth->rt_genid != rt_genid_ipv4(dev_net(rth->dst.dev));
+ bool res;
+
+ rcu_read_lock();
+ res = rth->rt_genid != rt_genid_ipv4(dev_net_rcu(rth->dst.dev));
+ rcu_read_unlock();
+
+ return res;
}
void rt_cache_flush(struct net *net)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 543/578] ipv4: use RCU protection in inet_select_addr()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (541 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 542/578] ipv4: use RCU protection in rt_is_expired() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 544/578] net: ipv4: Cache pmtu for all packet paths if multipath enabled Greg Kroah-Hartman
` (43 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Jakub Kicinski,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 719817cd293e4fa389e1f69c396f3f816ed5aa41 ]
inet_select_addr() must use RCU protection to make
sure the net structure it reads does not disappear.
Fixes: c4544c724322 ("[NETNS]: Process inet_select_addr inside a namespace.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20250205155120.1676781-7-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/devinet.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 430ca93ba939d..1738cc2bfc7f0 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1320,10 +1320,11 @@ __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope)
__be32 addr = 0;
unsigned char localnet_scope = RT_SCOPE_HOST;
struct in_device *in_dev;
- struct net *net = dev_net(dev);
+ struct net *net;
int master_idx;
rcu_read_lock();
+ net = dev_net_rcu(dev);
in_dev = __in_dev_get_rcu(dev);
if (!in_dev)
goto no_in_dev;
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 544/578] net: ipv4: Cache pmtu for all packet paths if multipath enabled
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (542 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 543/578] ipv4: use RCU protection in inet_select_addr() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 545/578] ipv4: use RCU protection in __ip_rt_update_pmtu() Greg Kroah-Hartman
` (42 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Vdovin, Ido Schimmel,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vladimir Vdovin <deliran@verdict.gg>
[ Upstream commit 7d3f3b4367f315a61fc615e3138f3d320da8c466 ]
Check number of paths by fib_info_num_path(),
and update_or_create_fnhe() for every path.
Problem is that pmtu is cached only for the oif
that has received icmp message "need to frag",
other oifs will still try to use "default" iface mtu.
An example topology showing the problem:
| host1
+---------+
| dummy0 | 10.179.20.18/32 mtu9000
+---------+
+-----------+----------------+
+---------+ +---------+
| ens17f0 | 10.179.2.141/31 | ens17f1 | 10.179.2.13/31
+---------+ +---------+
| (all here have mtu 9000) |
+------+ +------+
| ro1 | 10.179.2.140/31 | ro2 | 10.179.2.12/31
+------+ +------+
| |
---------+------------+-------------------+------
|
+-----+
| ro3 | 10.10.10.10 mtu1500
+-----+
|
========================================
some networks
========================================
|
+-----+
| eth0| 10.10.30.30 mtu9000
+-----+
| host2
host1 have enabled multipath and
sysctl net.ipv4.fib_multipath_hash_policy = 1:
default proto static src 10.179.20.18
nexthop via 10.179.2.12 dev ens17f1 weight 1
nexthop via 10.179.2.140 dev ens17f0 weight 1
When host1 tries to do pmtud from 10.179.20.18/32 to host2,
host1 receives at ens17f1 iface an icmp packet from ro3 that ro3 mtu=1500.
And host1 caches it in nexthop exceptions cache.
Problem is that it is cached only for the iface that has received icmp,
and there is no way that ro3 will send icmp msg to host1 via another path.
Host1 now have this routes to host2:
ip r g 10.10.30.30 sport 30000 dport 443
10.10.30.30 via 10.179.2.12 dev ens17f1 src 10.179.20.18 uid 0
cache expires 521sec mtu 1500
ip r g 10.10.30.30 sport 30033 dport 443
10.10.30.30 via 10.179.2.140 dev ens17f0 src 10.179.20.18 uid 0
cache
So when host1 tries again to reach host2 with mtu>1500,
if packet flow is lucky enough to be hashed with oif=ens17f1 its ok,
if oif=ens17f0 it blackholes and still gets icmp msgs from ro3 to ens17f1,
until lucky day when ro3 will send it through another flow to ens17f0.
Signed-off-by: Vladimir Vdovin <deliran@verdict.gg>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Link: https://patch.msgid.link/20241108093427.317942-1-deliran@verdict.gg
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 139512191bd0 ("ipv4: use RCU protection in __ip_rt_update_pmtu()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/route.c | 13 ++++
tools/testing/selftests/net/pmtu.sh | 112 +++++++++++++++++++++++-----
2 files changed, 108 insertions(+), 17 deletions(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index ae56d94f68d9f..0bda6916ebcfb 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1046,6 +1046,19 @@ static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
struct fib_nh_common *nhc;
fib_select_path(net, &res, fl4, NULL);
+#ifdef CONFIG_IP_ROUTE_MULTIPATH
+ if (fib_info_num_path(res.fi) > 1) {
+ int nhsel;
+
+ for (nhsel = 0; nhsel < fib_info_num_path(res.fi); nhsel++) {
+ nhc = fib_info_nhc(res.fi, nhsel);
+ update_or_create_fnhe(nhc, fl4->daddr, 0, mtu, lock,
+ jiffies + net->ipv4.ip_rt_mtu_expires);
+ }
+ rcu_read_unlock();
+ return;
+ }
+#endif /* CONFIG_IP_ROUTE_MULTIPATH */
nhc = FIB_RES_NHC(res);
update_or_create_fnhe(nhc, fl4->daddr, 0, mtu, lock,
jiffies + net->ipv4.ip_rt_mtu_expires);
diff --git a/tools/testing/selftests/net/pmtu.sh b/tools/testing/selftests/net/pmtu.sh
index dbfa56173d291..33f4fb34ac9b2 100755
--- a/tools/testing/selftests/net/pmtu.sh
+++ b/tools/testing/selftests/net/pmtu.sh
@@ -197,6 +197,12 @@
#
# - pmtu_ipv6_route_change
# Same as above but with IPv6
+#
+# - pmtu_ipv4_mp_exceptions
+# Use the same topology as in pmtu_ipv4, but add routeable addresses
+# on host A and B on lo reachable via both routers. Host A and B
+# addresses have multipath routes to each other, b_r1 mtu = 1500.
+# Check that PMTU exceptions are created for both paths.
# Kselftest framework requirement - SKIP code is 4.
ksft_skip=4
@@ -266,7 +272,8 @@ tests="
list_flush_ipv4_exception ipv4: list and flush cached exceptions 1
list_flush_ipv6_exception ipv6: list and flush cached exceptions 1
pmtu_ipv4_route_change ipv4: PMTU exception w/route replace 1
- pmtu_ipv6_route_change ipv6: PMTU exception w/route replace 1"
+ pmtu_ipv6_route_change ipv6: PMTU exception w/route replace 1
+ pmtu_ipv4_mp_exceptions ipv4: PMTU multipath nh exceptions 1"
NS_A="ns-A"
NS_B="ns-B"
@@ -353,6 +360,9 @@ tunnel6_a_addr="fd00:2::a"
tunnel6_b_addr="fd00:2::b"
tunnel6_mask="64"
+host4_a_addr="192.168.99.99"
+host4_b_addr="192.168.88.88"
+
dummy6_0_prefix="fc00:1000::"
dummy6_1_prefix="fc00:1001::"
dummy6_mask="64"
@@ -907,6 +917,52 @@ setup_ovs_bridge() {
run_cmd ip route add ${prefix6}:${b_r1}::1 via ${prefix6}:${a_r1}::2
}
+setup_multipath_new() {
+ # Set up host A with multipath routes to host B host4_b_addr
+ run_cmd ${ns_a} ip addr add ${host4_a_addr} dev lo
+ run_cmd ${ns_a} ip nexthop add id 401 via ${prefix4}.${a_r1}.2 dev veth_A-R1
+ run_cmd ${ns_a} ip nexthop add id 402 via ${prefix4}.${a_r2}.2 dev veth_A-R2
+ run_cmd ${ns_a} ip nexthop add id 403 group 401/402
+ run_cmd ${ns_a} ip route add ${host4_b_addr} src ${host4_a_addr} nhid 403
+
+ # Set up host B with multipath routes to host A host4_a_addr
+ run_cmd ${ns_b} ip addr add ${host4_b_addr} dev lo
+ run_cmd ${ns_b} ip nexthop add id 401 via ${prefix4}.${b_r1}.2 dev veth_B-R1
+ run_cmd ${ns_b} ip nexthop add id 402 via ${prefix4}.${b_r2}.2 dev veth_B-R2
+ run_cmd ${ns_b} ip nexthop add id 403 group 401/402
+ run_cmd ${ns_b} ip route add ${host4_a_addr} src ${host4_b_addr} nhid 403
+}
+
+setup_multipath_old() {
+ # Set up host A with multipath routes to host B host4_b_addr
+ run_cmd ${ns_a} ip addr add ${host4_a_addr} dev lo
+ run_cmd ${ns_a} ip route add ${host4_b_addr} \
+ src ${host4_a_addr} \
+ nexthop via ${prefix4}.${a_r1}.2 weight 1 \
+ nexthop via ${prefix4}.${a_r2}.2 weight 1
+
+ # Set up host B with multipath routes to host A host4_a_addr
+ run_cmd ${ns_b} ip addr add ${host4_b_addr} dev lo
+ run_cmd ${ns_b} ip route add ${host4_a_addr} \
+ src ${host4_b_addr} \
+ nexthop via ${prefix4}.${b_r1}.2 weight 1 \
+ nexthop via ${prefix4}.${b_r2}.2 weight 1
+}
+
+setup_multipath() {
+ if [ "$USE_NH" = "yes" ]; then
+ setup_multipath_new
+ else
+ setup_multipath_old
+ fi
+
+ # Set up routers with routes to dummies
+ run_cmd ${ns_r1} ip route add ${host4_a_addr} via ${prefix4}.${a_r1}.1
+ run_cmd ${ns_r2} ip route add ${host4_a_addr} via ${prefix4}.${a_r2}.1
+ run_cmd ${ns_r1} ip route add ${host4_b_addr} via ${prefix4}.${b_r1}.1
+ run_cmd ${ns_r2} ip route add ${host4_b_addr} via ${prefix4}.${b_r2}.1
+}
+
setup() {
[ "$(id -u)" -ne 0 ] && echo " need to run as root" && return $ksft_skip
@@ -988,23 +1044,15 @@ link_get_mtu() {
}
route_get_dst_exception() {
- ns_cmd="${1}"
- dst="${2}"
- dsfield="${3}"
+ ns_cmd="${1}"; shift
- if [ -z "${dsfield}" ]; then
- dsfield=0
- fi
-
- ${ns_cmd} ip route get "${dst}" dsfield "${dsfield}"
+ ${ns_cmd} ip route get "$@"
}
route_get_dst_pmtu_from_exception() {
- ns_cmd="${1}"
- dst="${2}"
- dsfield="${3}"
+ ns_cmd="${1}"; shift
- mtu_parse "$(route_get_dst_exception "${ns_cmd}" "${dst}" "${dsfield}")"
+ mtu_parse "$(route_get_dst_exception "${ns_cmd}" "$@")"
}
check_pmtu_value() {
@@ -1147,10 +1195,10 @@ test_pmtu_ipv4_dscp_icmp_exception() {
run_cmd "${ns_a}" ping -q -M want -Q "${dsfield}" -c 1 -w 1 -s "${len}" "${dst2}"
# Check that exceptions have been created with the correct PMTU
- pmtu_1="$(route_get_dst_pmtu_from_exception "${ns_a}" "${dst1}" "${policy_mark}")"
+ pmtu_1="$(route_get_dst_pmtu_from_exception "${ns_a}" "${dst1}" dsfield "${policy_mark}")"
check_pmtu_value "1400" "${pmtu_1}" "exceeding MTU" || return 1
- pmtu_2="$(route_get_dst_pmtu_from_exception "${ns_a}" "${dst2}" "${policy_mark}")"
+ pmtu_2="$(route_get_dst_pmtu_from_exception "${ns_a}" "${dst2}" dsfield "${policy_mark}")"
check_pmtu_value "1500" "${pmtu_2}" "exceeding MTU" || return 1
}
@@ -1197,9 +1245,9 @@ test_pmtu_ipv4_dscp_udp_exception() {
UDP:"${dst2}":50000,tos="${dsfield}"
# Check that exceptions have been created with the correct PMTU
- pmtu_1="$(route_get_dst_pmtu_from_exception "${ns_a}" "${dst1}" "${policy_mark}")"
+ pmtu_1="$(route_get_dst_pmtu_from_exception "${ns_a}" "${dst1}" dsfield "${policy_mark}")"
check_pmtu_value "1400" "${pmtu_1}" "exceeding MTU" || return 1
- pmtu_2="$(route_get_dst_pmtu_from_exception "${ns_a}" "${dst2}" "${policy_mark}")"
+ pmtu_2="$(route_get_dst_pmtu_from_exception "${ns_a}" "${dst2}" dsfield "${policy_mark}")"
check_pmtu_value "1500" "${pmtu_2}" "exceeding MTU" || return 1
}
@@ -2205,6 +2253,36 @@ test_pmtu_ipv6_route_change() {
test_pmtu_ipvX_route_change 6
}
+test_pmtu_ipv4_mp_exceptions() {
+ setup namespaces routing multipath || return $ksft_skip
+
+ trace "${ns_a}" veth_A-R1 "${ns_r1}" veth_R1-A \
+ "${ns_r1}" veth_R1-B "${ns_b}" veth_B-R1 \
+ "${ns_a}" veth_A-R2 "${ns_r2}" veth_R2-A \
+ "${ns_r2}" veth_R2-B "${ns_b}" veth_B-R2
+
+ # Set up initial MTU values
+ mtu "${ns_a}" veth_A-R1 2000
+ mtu "${ns_r1}" veth_R1-A 2000
+ mtu "${ns_r1}" veth_R1-B 1500
+ mtu "${ns_b}" veth_B-R1 1500
+
+ mtu "${ns_a}" veth_A-R2 2000
+ mtu "${ns_r2}" veth_R2-A 2000
+ mtu "${ns_r2}" veth_R2-B 1500
+ mtu "${ns_b}" veth_B-R2 1500
+
+ # Ping and expect two nexthop exceptions for two routes
+ run_cmd ${ns_a} ping -q -M want -i 0.1 -c 1 -s 1800 "${host4_b_addr}"
+
+ # Check that exceptions have been created with the correct PMTU
+ pmtu_a_R1="$(route_get_dst_pmtu_from_exception "${ns_a}" "${host4_b_addr}" oif veth_A-R1)"
+ pmtu_a_R2="$(route_get_dst_pmtu_from_exception "${ns_a}" "${host4_b_addr}" oif veth_A-R2)"
+
+ check_pmtu_value "1500" "${pmtu_a_R1}" "exceeding MTU (veth_A-R1)" || return 1
+ check_pmtu_value "1500" "${pmtu_a_R2}" "exceeding MTU (veth_A-R2)" || return 1
+}
+
usage() {
echo
echo "$0 [OPTIONS] [TEST]..."
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 545/578] ipv4: use RCU protection in __ip_rt_update_pmtu()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (543 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 544/578] net: ipv4: Cache pmtu for all packet paths if multipath enabled Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 546/578] ipv4: icmp: convert to dev_net_rcu() Greg Kroah-Hartman
` (41 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Jakub Kicinski,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 139512191bd06f1b496117c76372b2ce372c9a41 ]
__ip_rt_update_pmtu() must use RCU protection to make
sure the net structure it reads does not disappear.
Fixes: 2fbc6e89b2f1 ("ipv4: Update exception handling for multipath routes via same device")
Fixes: 1de6b15a434c ("Namespaceify min_pmtu sysctl")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20250205155120.1676781-8-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/route.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 0bda6916ebcfb..4574dcba9f193 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1020,9 +1020,9 @@ out: kfree_skb_reason(skb, reason);
static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
{
struct dst_entry *dst = &rt->dst;
- struct net *net = dev_net(dst->dev);
struct fib_result res;
bool lock = false;
+ struct net *net;
u32 old_mtu;
if (ip_mtu_locked(dst))
@@ -1032,6 +1032,8 @@ static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
if (old_mtu < mtu)
return;
+ rcu_read_lock();
+ net = dev_net_rcu(dst->dev);
if (mtu < net->ipv4.ip_rt_min_pmtu) {
lock = true;
mtu = min(old_mtu, net->ipv4.ip_rt_min_pmtu);
@@ -1039,9 +1041,8 @@ static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
if (rt->rt_pmtu == mtu && !lock &&
time_before(jiffies, dst->expires - net->ipv4.ip_rt_mtu_expires / 2))
- return;
+ goto out;
- rcu_read_lock();
if (fib_lookup(net, fl4, &res, 0) == 0) {
struct fib_nh_common *nhc;
@@ -1055,14 +1056,14 @@ static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
update_or_create_fnhe(nhc, fl4->daddr, 0, mtu, lock,
jiffies + net->ipv4.ip_rt_mtu_expires);
}
- rcu_read_unlock();
- return;
+ goto out;
}
#endif /* CONFIG_IP_ROUTE_MULTIPATH */
nhc = FIB_RES_NHC(res);
update_or_create_fnhe(nhc, fl4->daddr, 0, mtu, lock,
jiffies + net->ipv4.ip_rt_mtu_expires);
}
+out:
rcu_read_unlock();
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 546/578] ipv4: icmp: convert to dev_net_rcu()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (544 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 545/578] ipv4: use RCU protection in __ip_rt_update_pmtu() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 547/578] flow_dissector: use RCU protection to fetch dev_net() Greg Kroah-Hartman
` (40 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakub Kicinski, Eric Dumazet,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 4b8474a0951e605d2a27a2c483da4eb4b8c63760 ]
__icmp_send() must ensure rcu_read_lock() is held, as spotted
by Jakub.
Other ICMP uses of dev_net() seem safe, change them to dev_net_rcu()
to get LOCKDEP support.
Fixes: dde1bc0e6f86 ("[NETNS]: Add namespace for ICMP replying code.")
Closes: https://lore.kernel.org/netdev/20250203153633.46ce0337@kernel.org/
Reported-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20250205155120.1676781-9-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/icmp.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index a6adf6a2ec4b5..a21d32b3ae6c3 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -403,10 +403,10 @@ static void icmp_push_reply(struct sock *sk,
static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
{
- struct ipcm_cookie ipc;
struct rtable *rt = skb_rtable(skb);
- struct net *net = dev_net(rt->dst.dev);
+ struct net *net = dev_net_rcu(rt->dst.dev);
bool apply_ratelimit = false;
+ struct ipcm_cookie ipc;
struct flowi4 fl4;
struct sock *sk;
struct inet_sock *inet;
@@ -609,12 +609,14 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info,
struct sock *sk;
if (!rt)
- goto out;
+ return;
+
+ rcu_read_lock();
if (rt->dst.dev)
- net = dev_net(rt->dst.dev);
+ net = dev_net_rcu(rt->dst.dev);
else if (skb_in->dev)
- net = dev_net(skb_in->dev);
+ net = dev_net_rcu(skb_in->dev);
else
goto out;
@@ -783,7 +785,8 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info,
icmp_xmit_unlock(sk);
out_bh_enable:
local_bh_enable();
-out:;
+out:
+ rcu_read_unlock();
}
EXPORT_SYMBOL(__icmp_send);
@@ -832,7 +835,7 @@ static void icmp_socket_deliver(struct sk_buff *skb, u32 info)
* avoid additional coding at protocol handlers.
*/
if (!pskb_may_pull(skb, iph->ihl * 4 + 8)) {
- __ICMP_INC_STATS(dev_net(skb->dev), ICMP_MIB_INERRORS);
+ __ICMP_INC_STATS(dev_net_rcu(skb->dev), ICMP_MIB_INERRORS);
return;
}
@@ -866,7 +869,7 @@ static enum skb_drop_reason icmp_unreach(struct sk_buff *skb)
struct net *net;
u32 info = 0;
- net = dev_net(skb_dst(skb)->dev);
+ net = dev_net_rcu(skb_dst(skb)->dev);
/*
* Incomplete header ?
@@ -977,7 +980,7 @@ static enum skb_drop_reason icmp_unreach(struct sk_buff *skb)
static enum skb_drop_reason icmp_redirect(struct sk_buff *skb)
{
if (skb->len < sizeof(struct iphdr)) {
- __ICMP_INC_STATS(dev_net(skb->dev), ICMP_MIB_INERRORS);
+ __ICMP_INC_STATS(dev_net_rcu(skb->dev), ICMP_MIB_INERRORS);
return SKB_DROP_REASON_PKT_TOO_SMALL;
}
@@ -1009,7 +1012,7 @@ static enum skb_drop_reason icmp_echo(struct sk_buff *skb)
struct icmp_bxm icmp_param;
struct net *net;
- net = dev_net(skb_dst(skb)->dev);
+ net = dev_net_rcu(skb_dst(skb)->dev);
/* should there be an ICMP stat for ignored echos? */
if (READ_ONCE(net->ipv4.sysctl_icmp_echo_ignore_all))
return SKB_NOT_DROPPED_YET;
@@ -1038,9 +1041,9 @@ static enum skb_drop_reason icmp_echo(struct sk_buff *skb)
bool icmp_build_probe(struct sk_buff *skb, struct icmphdr *icmphdr)
{
+ struct net *net = dev_net_rcu(skb->dev);
struct icmp_ext_hdr *ext_hdr, _ext_hdr;
struct icmp_ext_echo_iio *iio, _iio;
- struct net *net = dev_net(skb->dev);
struct inet6_dev *in6_dev;
struct in_device *in_dev;
struct net_device *dev;
@@ -1179,7 +1182,7 @@ static enum skb_drop_reason icmp_timestamp(struct sk_buff *skb)
return SKB_NOT_DROPPED_YET;
out_err:
- __ICMP_INC_STATS(dev_net(skb_dst(skb)->dev), ICMP_MIB_INERRORS);
+ __ICMP_INC_STATS(dev_net_rcu(skb_dst(skb)->dev), ICMP_MIB_INERRORS);
return SKB_DROP_REASON_PKT_TOO_SMALL;
}
@@ -1196,7 +1199,7 @@ int icmp_rcv(struct sk_buff *skb)
{
enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED;
struct rtable *rt = skb_rtable(skb);
- struct net *net = dev_net(rt->dst.dev);
+ struct net *net = dev_net_rcu(rt->dst.dev);
struct icmphdr *icmph;
if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
@@ -1369,9 +1372,9 @@ int icmp_err(struct sk_buff *skb, u32 info)
struct iphdr *iph = (struct iphdr *)skb->data;
int offset = iph->ihl<<2;
struct icmphdr *icmph = (struct icmphdr *)(skb->data + offset);
+ struct net *net = dev_net_rcu(skb->dev);
int type = icmp_hdr(skb)->type;
int code = icmp_hdr(skb)->code;
- struct net *net = dev_net(skb->dev);
/*
* Use ping_err to handle all icmp errors except those
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 547/578] flow_dissector: use RCU protection to fetch dev_net()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (545 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 546/578] ipv4: icmp: convert to dev_net_rcu() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 548/578] ipv6: use RCU protection in ip6_default_advmss() Greg Kroah-Hartman
` (39 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Kuniyuki Iwashima,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit afec62cd0a4191cde6dd3a75382be4d51a38ce9b ]
__skb_flow_dissect() can be called from arbitrary contexts.
It must extend its RCU protection section to include
the call to dev_net(), which can become dev_net_rcu().
This makes sure the net structure can not disappear under us.
Fixes: 9b52e3f267a6 ("flow_dissector: handle no-skb use case")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250205155120.1676781-10-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/flow_dissector.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index fba8eb1bb2815..de17f13232381 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -1004,10 +1004,12 @@ bool __skb_flow_dissect(const struct net *net,
FLOW_DISSECTOR_KEY_BASIC,
target_container);
+ rcu_read_lock();
+
if (skb) {
if (!net) {
if (skb->dev)
- net = dev_net(skb->dev);
+ net = dev_net_rcu(skb->dev);
else if (skb->sk)
net = sock_net(skb->sk);
}
@@ -1018,7 +1020,6 @@ bool __skb_flow_dissect(const struct net *net,
enum netns_bpf_attach_type type = NETNS_BPF_FLOW_DISSECTOR;
struct bpf_prog_array *run_array;
- rcu_read_lock();
run_array = rcu_dereference(init_net.bpf.run_array[type]);
if (!run_array)
run_array = rcu_dereference(net->bpf.run_array[type]);
@@ -1046,17 +1047,17 @@ bool __skb_flow_dissect(const struct net *net,
prog = READ_ONCE(run_array->items[0].prog);
result = bpf_flow_dissect(prog, &ctx, n_proto, nhoff,
hlen, flags);
- if (result == BPF_FLOW_DISSECTOR_CONTINUE)
- goto dissect_continue;
- __skb_flow_bpf_to_target(&flow_keys, flow_dissector,
- target_container);
- rcu_read_unlock();
- return result == BPF_OK;
+ if (result != BPF_FLOW_DISSECTOR_CONTINUE) {
+ __skb_flow_bpf_to_target(&flow_keys, flow_dissector,
+ target_container);
+ rcu_read_unlock();
+ return result == BPF_OK;
+ }
}
-dissect_continue:
- rcu_read_unlock();
}
+ rcu_read_unlock();
+
if (dissector_uses_key(flow_dissector,
FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
struct ethhdr *eth = eth_hdr(skb);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 548/578] ipv6: use RCU protection in ip6_default_advmss()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (546 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 547/578] flow_dissector: use RCU protection to fetch dev_net() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 549/578] ndisc: use RCU protection in ndisc_alloc_skb() Greg Kroah-Hartman
` (38 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Kuniyuki Iwashima,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 3c8ffcd248da34fc41e52a46e51505900115fc2a ]
ip6_default_advmss() needs rcu protection to make
sure the net structure it reads does not disappear.
Fixes: 5578689a4e3c ("[NETNS][IPV6] route6 - make route6 per namespace")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250205155120.1676781-11-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/route.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index f3268bac9f198..17918f411386a 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -3190,13 +3190,18 @@ static unsigned int ip6_default_advmss(const struct dst_entry *dst)
{
struct net_device *dev = dst->dev;
unsigned int mtu = dst_mtu(dst);
- struct net *net = dev_net(dev);
+ struct net *net;
mtu -= sizeof(struct ipv6hdr) + sizeof(struct tcphdr);
+ rcu_read_lock();
+
+ net = dev_net_rcu(dev);
if (mtu < net->ipv6.sysctl.ip6_rt_min_advmss)
mtu = net->ipv6.sysctl.ip6_rt_min_advmss;
+ rcu_read_unlock();
+
/*
* Maximal non-jumbo IPv6 payload is IPV6_MAXPLEN and
* corresponding MSS is IPV6_MAXPLEN - tcp_header_size.
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 549/578] ndisc: use RCU protection in ndisc_alloc_skb()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (547 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 548/578] ipv6: use RCU protection in ip6_default_advmss() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 550/578] neighbour: delete redundant judgment statements Greg Kroah-Hartman
` (37 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David Ahern,
Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 628e6d18930bbd21f2d4562228afe27694f66da9 ]
ndisc_alloc_skb() can be called without RTNL or RCU being held.
Add RCU protection to avoid possible UAF.
Fixes: de09334b9326 ("ndisc: Introduce ndisc_alloc_skb() helper.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250207135841.1948589-3-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/ndisc.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 6df3f4aadf641..2e8e0847631e3 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -418,15 +418,11 @@ static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
{
int hlen = LL_RESERVED_SPACE(dev);
int tlen = dev->needed_tailroom;
- struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
struct sk_buff *skb;
skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
- if (!skb) {
- ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
- __func__);
+ if (!skb)
return NULL;
- }
skb->protocol = htons(ETH_P_IPV6);
skb->dev = dev;
@@ -437,7 +433,9 @@ static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
/* Manually assign socket ownership as we avoid calling
* sock_alloc_send_pskb() to bypass wmem buffer limits
*/
- skb_set_owner_w(skb, sk);
+ rcu_read_lock();
+ skb_set_owner_w(skb, dev_net_rcu(dev)->ipv6.ndisc_sk);
+ rcu_read_unlock();
return skb;
}
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 550/578] neighbour: delete redundant judgment statements
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (548 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 549/578] ndisc: use RCU protection in ndisc_alloc_skb() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 551/578] neighbour: use RCU protection in __neigh_notify() Greg Kroah-Hartman
` (36 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Zetao, Petr Machata,
David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Zetao <lizetao1@huawei.com>
[ Upstream commit c25bdd2ac8cf7da70a226f1a66cdce7af15ff86f ]
The initial value of err is -ENOBUFS, and err is guaranteed to be
less than 0 before all goto errout. Therefore, on the error path
of errout, there is no need to repeatedly judge that err is less than 0,
and delete redundant judgments to make the code more concise.
Signed-off-by: Li Zetao <lizetao1@huawei.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: becbd5850c03 ("neighbour: use RCU protection in __neigh_notify()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/neighbour.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index dd0965e1afe85..b127533e74f37 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -3516,8 +3516,7 @@ static void __neigh_notify(struct neighbour *n, int type, int flags,
rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
return;
errout:
- if (err < 0)
- rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
+ rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
}
void neigh_app_ns(struct neighbour *n)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 551/578] neighbour: use RCU protection in __neigh_notify()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (549 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 550/578] neighbour: delete redundant judgment statements Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 552/578] arp: use RCU protection in arp_xmit() Greg Kroah-Hartman
` (35 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David Ahern,
Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit becbd5850c03ed33b232083dd66c6e38c0c0e569 ]
__neigh_notify() can be called without RTNL or RCU protection.
Use RCU protection to avoid potential UAF.
Fixes: 426b5303eb43 ("[NETNS]: Modify the neighbour table code so it handles multiple network namespaces")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250207135841.1948589-4-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/neighbour.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index b127533e74f37..2e2c009b5a2db 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -3498,10 +3498,12 @@ static const struct seq_operations neigh_stat_seq_ops = {
static void __neigh_notify(struct neighbour *n, int type, int flags,
u32 pid)
{
- struct net *net = dev_net(n->dev);
struct sk_buff *skb;
int err = -ENOBUFS;
+ struct net *net;
+ rcu_read_lock();
+ net = dev_net_rcu(n->dev);
skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
if (skb == NULL)
goto errout;
@@ -3514,9 +3516,11 @@ static void __neigh_notify(struct neighbour *n, int type, int flags,
goto errout;
}
rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
- return;
+ goto out;
errout:
rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
+out:
+ rcu_read_unlock();
}
void neigh_app_ns(struct neighbour *n)
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 552/578] arp: use RCU protection in arp_xmit()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (550 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 551/578] neighbour: use RCU protection in __neigh_notify() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 553/578] openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Greg Kroah-Hartman
` (34 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David Ahern,
Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit a42b69f692165ec39db42d595f4f65a4c8f42e44 ]
arp_xmit() can be called without RTNL or RCU protection.
Use RCU protection to avoid potential UAF.
Fixes: 29a26a568038 ("netfilter: Pass struct net into the netfilter hooks")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250207135841.1948589-5-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/arp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index ccff96820a703..8f9b5568f1dc1 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -658,10 +658,12 @@ static int arp_xmit_finish(struct net *net, struct sock *sk, struct sk_buff *skb
*/
void arp_xmit(struct sk_buff *skb)
{
+ rcu_read_lock();
/* Send it off, maybe filter it using firewalling first. */
NF_HOOK(NFPROTO_ARP, NF_ARP_OUT,
- dev_net(skb->dev), NULL, skb, NULL, skb->dev,
+ dev_net_rcu(skb->dev), NULL, skb, NULL, skb->dev,
arp_xmit_finish);
+ rcu_read_unlock();
}
EXPORT_SYMBOL(arp_xmit);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 553/578] openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (551 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 552/578] arp: use RCU protection in arp_xmit() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 554/578] ndisc: extend RCU protection in ndisc_send_skb() Greg Kroah-Hartman
` (33 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Kuniyuki Iwashima,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 90b2f49a502fa71090d9f4fe29a2f51fe5dff76d ]
ovs_vport_cmd_fill_info() can be called without RTNL or RCU.
Use RCU protection and dev_net_rcu() to avoid potential UAF.
Fixes: 9354d4520342 ("openvswitch: reliable interface indentification in port dumps")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250207135841.1948589-6-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/openvswitch/datapath.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index 3c7b245354096..a2d8b1b4c83e5 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -2076,6 +2076,7 @@ static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
{
struct ovs_header *ovs_header;
struct ovs_vport_stats vport_stats;
+ struct net *net_vport;
int err;
ovs_header = genlmsg_put(skb, portid, seq, &dp_vport_genl_family,
@@ -2092,12 +2093,15 @@ static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
nla_put_u32(skb, OVS_VPORT_ATTR_IFINDEX, vport->dev->ifindex))
goto nla_put_failure;
- if (!net_eq(net, dev_net(vport->dev))) {
- int id = peernet2id_alloc(net, dev_net(vport->dev), gfp);
+ rcu_read_lock();
+ net_vport = dev_net_rcu(vport->dev);
+ if (!net_eq(net, net_vport)) {
+ int id = peernet2id_alloc(net, net_vport, GFP_ATOMIC);
if (nla_put_s32(skb, OVS_VPORT_ATTR_NETNSID, id))
- goto nla_put_failure;
+ goto nla_put_failure_unlock;
}
+ rcu_read_unlock();
ovs_vport_get_stats(vport, &vport_stats);
if (nla_put_64bit(skb, OVS_VPORT_ATTR_STATS,
@@ -2115,6 +2119,8 @@ static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
genlmsg_end(skb, ovs_header);
return 0;
+nla_put_failure_unlock:
+ rcu_read_unlock();
nla_put_failure:
err = -EMSGSIZE;
error:
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 554/578] ndisc: extend RCU protection in ndisc_send_skb()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (552 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 553/578] openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 555/578] ipv6: mcast: add RCU protection to mld_newpack() Greg Kroah-Hartman
` (32 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David Ahern,
Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit ed6ae1f325d3c43966ec1b62ac1459e2b8e45640 ]
ndisc_send_skb() can be called without RTNL or RCU held.
Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu()
and avoid a potential UAF.
Fixes: 1762f7e88eb3 ("[NETNS][IPV6] ndisc - make socket control per namespace")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250207135841.1948589-8-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/ndisc.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 2e8e0847631e3..1a6408a24d21c 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -471,16 +471,20 @@ static void ip6_nd_hdr(struct sk_buff *skb,
void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
const struct in6_addr *saddr)
{
+ struct icmp6hdr *icmp6h = icmp6_hdr(skb);
struct dst_entry *dst = skb_dst(skb);
- struct net *net = dev_net(skb->dev);
- struct sock *sk = net->ipv6.ndisc_sk;
struct inet6_dev *idev;
+ struct net *net;
+ struct sock *sk;
int err;
- struct icmp6hdr *icmp6h = icmp6_hdr(skb);
u8 type;
type = icmp6h->icmp6_type;
+ rcu_read_lock();
+
+ net = dev_net_rcu(skb->dev);
+ sk = net->ipv6.ndisc_sk;
if (!dst) {
struct flowi6 fl6;
int oif = skb->dev->ifindex;
@@ -488,6 +492,7 @@ void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
dst = icmp6_dst_alloc(skb->dev, &fl6);
if (IS_ERR(dst)) {
+ rcu_read_unlock();
kfree_skb(skb);
return;
}
@@ -502,7 +507,6 @@ void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
- rcu_read_lock();
idev = __in6_dev_get(dst->dev);
IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 555/578] ipv6: mcast: add RCU protection to mld_newpack()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (553 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 554/578] ndisc: extend RCU protection in ndisc_send_skb() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 556/578] drm/tidss: Fix issue in irq handling causing irq-flood issue Greg Kroah-Hartman
` (31 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David Ahern,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit a527750d877fd334de87eef81f1cb5f0f0ca3373 ]
mld_newpack() can be called without RTNL or RCU being held.
Note that we no longer can use sock_alloc_send_skb() because
ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.
Instead use alloc_skb() and charge the net->ipv6.igmp_sk
socket under RCU protection.
Fixes: b8ad0cbc58f7 ("[NETNS][IPV6] mcast - handle several network namespace")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20250212141021.1663666-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/mcast.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index a777695389403..a1b3f3e7921fa 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -1731,21 +1731,19 @@ static struct sk_buff *mld_newpack(struct inet6_dev *idev, unsigned int mtu)
struct net_device *dev = idev->dev;
int hlen = LL_RESERVED_SPACE(dev);
int tlen = dev->needed_tailroom;
- struct net *net = dev_net(dev);
const struct in6_addr *saddr;
struct in6_addr addr_buf;
struct mld2_report *pmr;
struct sk_buff *skb;
unsigned int size;
struct sock *sk;
- int err;
+ struct net *net;
- sk = net->ipv6.igmp_sk;
/* we assume size > sizeof(ra) here
* Also try to not allocate high-order pages for big MTU
*/
size = min_t(int, mtu, PAGE_SIZE / 2) + hlen + tlen;
- skb = sock_alloc_send_skb(sk, size, 1, &err);
+ skb = alloc_skb(size, GFP_KERNEL);
if (!skb)
return NULL;
@@ -1753,6 +1751,12 @@ static struct sk_buff *mld_newpack(struct inet6_dev *idev, unsigned int mtu)
skb_reserve(skb, hlen);
skb_tailroom_reserve(skb, mtu, tlen);
+ rcu_read_lock();
+
+ net = dev_net_rcu(dev);
+ sk = net->ipv6.igmp_sk;
+ skb_set_owner_w(skb, sk);
+
if (ipv6_get_lladdr(dev, &addr_buf, IFA_F_TENTATIVE)) {
/* <draft-ietf-magma-mld-source-05.txt>:
* use unspecified address as the source address
@@ -1764,6 +1768,8 @@ static struct sk_buff *mld_newpack(struct inet6_dev *idev, unsigned int mtu)
ip6_mc_hdr(sk, skb, dev, saddr, &mld2_all_mcr, NEXTHDR_HOP, 0);
+ rcu_read_unlock();
+
skb_put_data(skb, ra, sizeof(ra));
skb_set_transport_header(skb, skb_tail_pointer(skb) - skb->data);
--
2.39.5
^ permalink raw reply related [flat|nested] 591+ messages in thread
* [PATCH 6.1 556/578] drm/tidss: Fix issue in irq handling causing irq-flood issue
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (554 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 555/578] ipv6: mcast: add RCU protection to mld_newpack() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 17:27 ` Jon Cormier
2025-02-19 8:29 ` [PATCH 6.1 557/578] drm/tidss: Clear the interrupt status for interrupts being disabled Greg Kroah-Hartman
` (30 subsequent siblings)
586 siblings, 1 reply; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bin Liu, Devarsh Thakkar,
Jonathan Cormier, Aradhya Bhatia, Tomi Valkeinen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
commit 44b6730ab53ef04944fbaf6da0e77397531517b7 upstream.
It has been observed that sometimes DSS will trigger an interrupt and
the top level interrupt (DISPC_IRQSTATUS) is not zero, but the VP and
VID level interrupt-statuses are zero.
As the top level irqstatus is supposed to tell whether we have VP/VID
interrupts, the thinking of the driver authors was that this particular
case could never happen. Thus the driver only clears the DISPC_IRQSTATUS
bits which has corresponding interrupts in VP/VID status. So when this
issue happens, the driver will not clear DISPC_IRQSTATUS, and we get an
interrupt flood.
It is unclear why the issue happens. It could be a race issue in the
driver, but no such race has been found. It could also be an issue with
the HW. However a similar case can be easily triggered by manually
writing to DISPC_IRQSTATUS_RAW. This will forcibly set a bit in the
DISPC_IRQSTATUS and trigger an interrupt, and as the driver never clears
the bit, we get an interrupt flood.
To fix the issue, always clear DISPC_IRQSTATUS. The concern with this
solution is that if the top level irqstatus is the one that triggers the
interrupt, always clearing DISPC_IRQSTATUS might leave some interrupts
unhandled if VP/VID interrupt statuses have bits set. However, testing
shows that if any of the irqstatuses is set (i.e. even if
DISPC_IRQSTATUS == 0, but a VID irqstatus has a bit set), we will get an
interrupt.
Co-developed-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Bin Liu <b-liu@ti.com>
Co-developed-by: Devarsh Thakkar <devarsht@ti.com>
Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
Co-developed-by: Jonathan Cormier <jcormier@criticallink.com>
Signed-off-by: Jonathan Cormier <jcormier@criticallink.com>
Fixes: 32a1795f57ee ("drm/tidss: New driver for TI Keystone platform Display SubSystem")
Cc: stable@vger.kernel.org
Tested-by: Jonathan Cormier <jcormier@criticallink.com>
Reviewed-by: Aradhya Bhatia <aradhya.bhatia@linux.dev>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241021-tidss-irq-fix-v1-1-82ddaec94e4a@ideasonboard.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/tidss/tidss_dispc.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
--- a/drivers/gpu/drm/tidss/tidss_dispc.c
+++ b/drivers/gpu/drm/tidss/tidss_dispc.c
@@ -679,24 +679,20 @@ static
void dispc_k3_clear_irqstatus(struct dispc_device *dispc, dispc_irq_t clearmask)
{
unsigned int i;
- u32 top_clear = 0;
for (i = 0; i < dispc->feat->num_vps; ++i) {
- if (clearmask & DSS_IRQ_VP_MASK(i)) {
+ if (clearmask & DSS_IRQ_VP_MASK(i))
dispc_k3_vp_write_irqstatus(dispc, i, clearmask);
- top_clear |= BIT(i);
- }
}
for (i = 0; i < dispc->feat->num_planes; ++i) {
- if (clearmask & DSS_IRQ_PLANE_MASK(i)) {
+ if (clearmask & DSS_IRQ_PLANE_MASK(i))
dispc_k3_vid_write_irqstatus(dispc, i, clearmask);
- top_clear |= BIT(4 + i);
- }
}
if (dispc->feat->subrev == DISPC_K2G)
return;
- dispc_write(dispc, DISPC_IRQSTATUS, top_clear);
+ /* always clear the top level irqstatus */
+ dispc_write(dispc, DISPC_IRQSTATUS, dispc_read(dispc, DISPC_IRQSTATUS));
/* Flush posted writes */
dispc_read(dispc, DISPC_IRQSTATUS);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 557/578] drm/tidss: Clear the interrupt status for interrupts being disabled
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (555 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 556/578] drm/tidss: Fix issue in irq handling causing irq-flood issue Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 17:26 ` Jon Cormier
2025-02-19 8:29 ` [PATCH 6.1 558/578] drm/v3d: Stop active perfmon if it is being destroyed Greg Kroah-Hartman
` (29 subsequent siblings)
586 siblings, 1 reply; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonathan Cormier, Devarsh Thakkar,
Aradhya Bhatia, Tomi Valkeinen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Devarsh Thakkar <devarsht@ti.com>
commit 361a2ebb5cad211732ec3c5d962de49b21895590 upstream.
The driver does not touch the irqstatus register when it is disabling
interrupts. This might cause an interrupt to trigger for an interrupt
that was just disabled.
To fix the issue, clear the irqstatus registers right after disabling
the interrupts.
Fixes: 32a1795f57ee ("drm/tidss: New driver for TI Keystone platform Display SubSystem")
Cc: stable@vger.kernel.org
Reported-by: Jonathan Cormier <jcormier@criticallink.com>
Closes: https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1394222/am625-issue-about-tidss-rcu_preempt-self-detected-stall-on-cpu/5424479#5424479
Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
[Tomi: mostly rewrote the patch]
Reviewed-by: Jonathan Cormier <jcormier@criticallink.com>
Tested-by: Jonathan Cormier <jcormier@criticallink.com>
Reviewed-by: Aradhya Bhatia <aradhya.bhatia@linux.dev>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241021-tidss-irq-fix-v1-5-82ddaec94e4a@ideasonboard.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/tidss/tidss_dispc.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/tidss/tidss_dispc.c
+++ b/drivers/gpu/drm/tidss/tidss_dispc.c
@@ -599,7 +599,7 @@ void dispc_k2g_set_irqenable(struct disp
{
dispc_irq_t old_mask = dispc_k2g_read_irqenable(dispc);
- /* clear the irqstatus for newly enabled irqs */
+ /* clear the irqstatus for irqs that will be enabled */
dispc_k2g_clear_irqstatus(dispc, (mask ^ old_mask) & mask);
dispc_k2g_vp_set_irqenable(dispc, 0, mask);
@@ -607,6 +607,9 @@ void dispc_k2g_set_irqenable(struct disp
dispc_write(dispc, DISPC_IRQENABLE_SET, (1 << 0) | (1 << 7));
+ /* clear the irqstatus for irqs that were disabled */
+ dispc_k2g_clear_irqstatus(dispc, (mask ^ old_mask) & old_mask);
+
/* flush posted write */
dispc_k2g_read_irqenable(dispc);
}
@@ -738,7 +741,7 @@ static void dispc_k3_set_irqenable(struc
old_mask = dispc_k3_read_irqenable(dispc);
- /* clear the irqstatus for newly enabled irqs */
+ /* clear the irqstatus for irqs that will be enabled */
dispc_k3_clear_irqstatus(dispc, (old_mask ^ mask) & mask);
for (i = 0; i < dispc->feat->num_vps; ++i) {
@@ -763,6 +766,9 @@ static void dispc_k3_set_irqenable(struc
if (main_disable)
dispc_write(dispc, DISPC_IRQENABLE_CLR, main_disable);
+ /* clear the irqstatus for irqs that were disabled */
+ dispc_k3_clear_irqstatus(dispc, (old_mask ^ mask) & old_mask);
+
/* Flush posted writes */
dispc_read(dispc, DISPC_IRQENABLE_SET);
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 558/578] drm/v3d: Stop active perfmon if it is being destroyed
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (556 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 557/578] drm/tidss: Clear the interrupt status for interrupts being disabled Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 559/578] kdb: Do not assume write() callback available Greg Kroah-Hartman
` (28 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Christian Gmeiner, Maíra Canal
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Gmeiner <cgmeiner@igalia.com>
commit 21f1435b1e6b012a07c42f36b206d2b66fc8f13b upstream.
If the active performance monitor (`v3d->active_perfmon`) is being
destroyed, stop it first. Currently, the active perfmon is not
stopped during destruction, leaving the `v3d->active_perfmon` pointer
stale. This can lead to undefined behavior and instability.
This patch ensures that the active perfmon is stopped before being
destroyed, aligning with the behavior introduced in commit
7d1fd3638ee3 ("drm/v3d: Stop the active perfmon before being destroyed").
Cc: stable@vger.kernel.org # v5.15+
Fixes: 26a4dc29b74a ("drm/v3d: Expose performance counters to userspace")
Signed-off-by: Christian Gmeiner <cgmeiner@igalia.com>
Signed-off-by: Maíra Canal <mcanal@igalia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241118221948.1758130-1-christian.gmeiner@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/v3d/v3d_perfmon.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/gpu/drm/v3d/v3d_perfmon.c
+++ b/drivers/gpu/drm/v3d/v3d_perfmon.c
@@ -175,6 +175,7 @@ int v3d_perfmon_destroy_ioctl(struct drm
{
struct v3d_file_priv *v3d_priv = file_priv->driver_priv;
struct drm_v3d_perfmon_destroy *req = data;
+ struct v3d_dev *v3d = v3d_priv->v3d;
struct v3d_perfmon *perfmon;
mutex_lock(&v3d_priv->perfmon.lock);
@@ -184,6 +185,10 @@ int v3d_perfmon_destroy_ioctl(struct drm
if (!perfmon)
return -EINVAL;
+ /* If the active perfmon is being destroyed, stop it first */
+ if (perfmon == v3d->active_perfmon)
+ v3d_perfmon_stop(v3d, perfmon, false);
+
v3d_perfmon_put(perfmon);
return 0;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 559/578] kdb: Do not assume write() callback available
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (557 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 558/578] drm/v3d: Stop active perfmon if it is being destroyed Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 560/578] x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Greg Kroah-Hartman
` (27 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Ogness, Petr Mladek,
Douglas Anderson, Daniel Thompson, Sergey Senozhatsky,
Brian Norris
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Ogness <john.ogness@linutronix.de>
commit 6d3e0d8cc63221dec670d0ee92ac57961581e975 upstream.
It is allowed for consoles to not provide a write() callback. For
example ttynull does this.
Check if a write() callback is available before using it.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Acked-by: Daniel Thompson <daniel.thompson@linaro.org>
Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20230717194607.145135-2-john.ogness@linutronix.de
Cc: Brian Norris <briannorris@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/debug/kdb/kdb_io.c | 2 ++
1 file changed, 2 insertions(+)
--- a/kernel/debug/kdb/kdb_io.c
+++ b/kernel/debug/kdb/kdb_io.c
@@ -576,6 +576,8 @@ static void kdb_msg_write(const char *ms
continue;
if (c == dbg_io_ops->cons)
continue;
+ if (!c->write)
+ continue;
/*
* Set oops_in_progress to encourage the console drivers to
* disregard their internal spin locks: in the current calling
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 560/578] x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (558 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 559/578] kdb: Do not assume write() callback available Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 561/578] iommu: Return right value in iommu_sva_bind_device() Greg Kroah-Hartman
` (26 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alex Zenla, Peter Zijlstra,
Andrew Cooper, Borislav Petkov (AMD), Juergen Gross
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrew Cooper <andrew.cooper3@citrix.com>
commit 5cc2db37124bb33914996d6fdbb2ddb3811f2945 upstream.
__static_call_update_early() has a check for early_boot_irqs_disabled, but
is used before early_boot_irqs_disabled is set up in start_kernel().
Xen PV has always special cased early_boot_irqs_disabled, but Xen PVH does
not and falls over the BUG when booting as dom0.
It is very suspect that early_boot_irqs_disabled starts as 0, becomes 1 for
a time, then becomes 0 again, but as this needs backporting to fix a
breakage in a security fix, dropping the BUG_ON() is the far safer option.
Fixes: 0ef8047b737d ("x86/static-call: provide a way to do very early static-call updates")
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219620
Reported-by: Alex Zenla <alex@edera.dev>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Juergen Gross <jgross@suse.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Alex Zenla <alex@edera.dev>
Link: https://lore.kernel.org/r/20241221211046.6475-1-andrew.cooper3@citrix.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/static_call.c | 1 -
1 file changed, 1 deletion(-)
--- a/arch/x86/kernel/static_call.c
+++ b/arch/x86/kernel/static_call.c
@@ -173,7 +173,6 @@ EXPORT_SYMBOL_GPL(arch_static_call_trans
noinstr void __static_call_update_early(void *tramp, void *func)
{
BUG_ON(system_state != SYSTEM_BOOTING);
- BUG_ON(!early_boot_irqs_disabled);
BUG_ON(static_call_initialized);
__text_gen_insn(tramp, JMP32_INSN_OPCODE, tramp, func, JMP32_INSN_SIZE);
sync_core();
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 561/578] iommu: Return right value in iommu_sva_bind_device()
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (559 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 560/578] x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 562/578] arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Greg Kroah-Hartman
` (25 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lu Baolu, Jean-Philippe Brucker,
Kevin Tian, Vasant Hegde, Joerg Roedel, Bin Lan
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lu Baolu <baolu.lu@linux.intel.com>
commit 89e8a2366e3bce584b6c01549d5019c5cda1205e upstream.
iommu_sva_bind_device() should return either a sva bond handle or an
ERR_PTR value in error cases. Existing drivers (idxd and uacce) only
check the return value with IS_ERR(). This could potentially lead to
a kernel NULL pointer dereference issue if the function returns NULL
instead of an error pointer.
In reality, this doesn't cause any problems because iommu_sva_bind_device()
only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.
In this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will
return an error, and the device drivers won't call iommu_sva_bind_device()
at all.
Fixes: 26b25a2b98e4 ("iommu: Bind process address spaces to devices")
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Vasant Hegde <vasant.hegde@amd.com>
Link: https://lore.kernel.org/r/20240528042528.71396-1-baolu.lu@linux.intel.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Bin Lan <lanbincn@qq.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/iommu.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/iommu.h
+++ b/include/linux/iommu.h
@@ -999,7 +999,7 @@ iommu_dev_disable_feature(struct device
static inline struct iommu_sva *
iommu_sva_bind_device(struct device *dev, struct mm_struct *mm, void *drvdata)
{
- return NULL;
+ return ERR_PTR(-ENODEV);
}
static inline void iommu_sva_unbind_device(struct iommu_sva *handle)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 562/578] arm64: tegra: Fix typo in Tegra234 dce-fabric compatible
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (560 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 561/578] iommu: Return right value in iommu_sva_bind_device() Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 563/578] mm: gup: fix infinite loop within __get_longterm_locked Greg Kroah-Hartman
` (24 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sumit Gupta, Ivy Huang, Brad Griffis,
Jon Hunter, Thierry Reding
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sumit Gupta <sumitg@nvidia.com>
commit 604120fd9e9df50ee0e803d3c6e77a1f45d2c58e upstream.
The compatible string for the Tegra DCE fabric is currently defined as
'nvidia,tegra234-sce-fabric' but this is incorrect because this is the
compatible string for SCE fabric. Update the compatible for the DCE
fabric to correct the compatible string.
This compatible needs to be correct in order for the interconnect
to catch things such as improper data accesses.
Cc: stable@vger.kernel.org
Fixes: 302e154000ec ("arm64: tegra: Add node for CBB 2.0 on Tegra234")
Signed-off-by: Sumit Gupta <sumitg@nvidia.com>
Signed-off-by: Ivy Huang <yijuh@nvidia.com>
Reviewed-by: Brad Griffis <bgriffis@nvidia.com>
Reviewed-by: Jon Hunter <jonathanh@nvidia.com>
Link: https://lore.kernel.org/r/20241218000737.1789569-2-yijuh@nvidia.com
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Brad Griffis <bgriffis@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/nvidia/tegra234.dtsi
+++ b/arch/arm64/boot/dts/nvidia/tegra234.dtsi
@@ -1558,7 +1558,7 @@
};
dce-fabric@de00000 {
- compatible = "nvidia,tegra234-sce-fabric";
+ compatible = "nvidia,tegra234-dce-fabric";
reg = <0xde00000 0x40000>;
interrupts = <GIC_SPI 381 IRQ_TYPE_LEVEL_HIGH>;
status = "okay";
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 563/578] mm: gup: fix infinite loop within __get_longterm_locked
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (561 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 562/578] arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 564/578] alpha: replace hardcoded stack offsets with autogenerated ones Greg Kroah-Hartman
` (23 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhaoyang Huang, John Hubbard,
David Hildenbrand, Aijun Sun, Alistair Popple, Andrew Morton,
Wentao Guan
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhaoyang Huang <zhaoyang.huang@unisoc.com>
commit 1aaf8c122918aa8897605a9aa1e8ed6600d6f930 upstream.
We can run into an infinite loop in __get_longterm_locked() when
collect_longterm_unpinnable_folios() finds only folios that are isolated
from the LRU or were never added to the LRU. This can happen when all
folios to be pinned are never added to the LRU, for example when
vm_ops->fault allocated pages using cma_alloc() and never added them to
the LRU.
Fix it by simply taking a look at the list in the single caller, to see if
anything was added.
[zhaoyang.huang@unisoc.com: move definition of local]
Link: https://lkml.kernel.org/r/20250122012604.3654667-1-zhaoyang.huang@unisoc.com
Link: https://lkml.kernel.org/r/20250121020159.3636477-1-zhaoyang.huang@unisoc.com
Fixes: 67e139b02d99 ("mm/gup.c: refactor check_and_migrate_movable_pages()")
Signed-off-by: Zhaoyang Huang <zhaoyang.huang@unisoc.com>
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Suggested-by: David Hildenbrand <david@redhat.com>
Acked-by: David Hildenbrand <david@redhat.com>
Cc: Aijun Sun <aijun.sun@unisoc.com>
Cc: Alistair Popple <apopple@nvidia.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/gup.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -1944,14 +1944,14 @@ struct page *get_dump_page(unsigned long
/*
* Returns the number of collected pages. Return value is always >= 0.
*/
-static unsigned long collect_longterm_unpinnable_pages(
+static void collect_longterm_unpinnable_pages(
struct list_head *movable_page_list,
unsigned long nr_pages,
struct page **pages)
{
- unsigned long i, collected = 0;
struct folio *prev_folio = NULL;
bool drain_allow = true;
+ unsigned long i;
for (i = 0; i < nr_pages; i++) {
struct folio *folio = page_folio(pages[i]);
@@ -1963,8 +1963,6 @@ static unsigned long collect_longterm_un
if (folio_is_longterm_pinnable(folio))
continue;
- collected++;
-
if (folio_is_device_coherent(folio))
continue;
@@ -1986,8 +1984,6 @@ static unsigned long collect_longterm_un
NR_ISOLATED_ANON + folio_is_file_lru(folio),
folio_nr_pages(folio));
}
-
- return collected;
}
/*
@@ -2080,12 +2076,10 @@ err:
static long check_and_migrate_movable_pages(unsigned long nr_pages,
struct page **pages)
{
- unsigned long collected;
LIST_HEAD(movable_page_list);
- collected = collect_longterm_unpinnable_pages(&movable_page_list,
- nr_pages, pages);
- if (!collected)
+ collect_longterm_unpinnable_pages(&movable_page_list, nr_pages, pages);
+ if (list_empty(&movable_page_list))
return 0;
return migrate_longterm_unpinnable_pages(&movable_page_list, nr_pages,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 564/578] alpha: replace hardcoded stack offsets with autogenerated ones
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (562 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 563/578] mm: gup: fix infinite loop within __get_longterm_locked Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 565/578] i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition Greg Kroah-Hartman
` (22 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maciej W. Rozycki, Matt Turner,
Ivan Kokshaysky
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ivan Kokshaysky <ink@unseen.parts>
commit 77b823fa619f97d16409ca37ad4f7936e28c5f83 upstream.
This allows the assembly in entry.S to automatically keep in sync with
changes in the stack layout (struct pt_regs and struct switch_stack).
Cc: stable@vger.kernel.org
Tested-by: Maciej W. Rozycki <macro@orcam.me.uk>
Tested-by: Matt Turner <mattst88@gmail.com>
Reviewed-by: Maciej W. Rozycki <macro@orcam.me.uk>
Signed-off-by: Ivan Kokshaysky <ink@unseen.parts>
Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/alpha/kernel/asm-offsets.c | 2 ++
arch/alpha/kernel/entry.S | 4 ----
2 files changed, 2 insertions(+), 4 deletions(-)
--- a/arch/alpha/kernel/asm-offsets.c
+++ b/arch/alpha/kernel/asm-offsets.c
@@ -32,7 +32,9 @@ void foo(void)
DEFINE(CRED_EGID, offsetof(struct cred, egid));
BLANK();
+ DEFINE(SP_OFF, offsetof(struct pt_regs, ps));
DEFINE(SIZEOF_PT_REGS, sizeof(struct pt_regs));
+ DEFINE(SWITCH_STACK_SIZE, sizeof(struct switch_stack));
DEFINE(PT_PTRACED, PT_PTRACED);
DEFINE(CLONE_VM, CLONE_VM);
DEFINE(CLONE_UNTRACED, CLONE_UNTRACED);
--- a/arch/alpha/kernel/entry.S
+++ b/arch/alpha/kernel/entry.S
@@ -15,10 +15,6 @@
.set noat
.cfi_sections .debug_frame
-/* Stack offsets. */
-#define SP_OFF 184
-#define SWITCH_STACK_SIZE 320
-
.macro CFI_START_OSF_FRAME func
.align 4
.globl \func
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 565/578] i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (563 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 564/578] alpha: replace hardcoded stack offsets with autogenerated ones Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 566/578] nilfs2: do not output warnings when clearing dirty buffers Greg Kroah-Hartman
` (21 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kaixin Wang, Alexandre Belloni
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kaixin Wang <kxwang23@m.fudan.edu.cn>
commit 609366e7a06d035990df78f1562291c3bf0d4a12 upstream.
In the cdns_i3c_master_probe function, &master->hj_work is bound with
cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call
cnds_i3c_master_demux_ibis function to start the work.
If we remove the module which will call cdns_i3c_master_remove to
make cleanup, it will free master->base through i3c_master_unregister
while the work mentioned above will be used. The sequence of operations
that may lead to a UAF bug is as follows:
CPU0 CPU1
| cdns_i3c_master_hj
cdns_i3c_master_remove |
i3c_master_unregister(&master->base) |
device_unregister(&master->dev) |
device_release |
//free master->base |
| i3c_master_do_daa(&master->base)
| //use master->base
Fix it by ensuring that the work is canceled before proceeding with
the cleanup in cdns_i3c_master_remove.
Signed-off-by: Kaixin Wang <kxwang23@m.fudan.edu.cn>
Link: https://lore.kernel.org/r/20240911153544.848398-1-kxwang23@m.fudan.edu.cn
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/i3c/master/i3c-master-cdns.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/i3c/master/i3c-master-cdns.c
+++ b/drivers/i3c/master/i3c-master-cdns.c
@@ -1667,6 +1667,7 @@ static int cdns_i3c_master_remove(struct
{
struct cdns_i3c_master *master = platform_get_drvdata(pdev);
+ cancel_work_sync(&master->hj_work);
i3c_master_unregister(&master->base);
clk_disable_unprepare(master->sysclk);
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 566/578] nilfs2: do not output warnings when clearing dirty buffers
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (564 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 565/578] i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 567/578] nilfs2: do not force clear folio if buffer is referenced Greg Kroah-Hartman
` (20 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Andrew Morton, Ryusuke Konishi
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit 299910dcb4525ac0274f3efa9527876315ba4f67 upstream.
After detecting file system corruption and degrading to a read-only mount,
dirty folios and buffers in the page cache are cleared, and a large number
of warnings are output at that time, often filling up the kernel log.
In this case, since the degrading to a read-only mount is output to the
kernel log, these warnings are not very meaningful, and are rather a
nuisance in system management and debugging.
The related nilfs2-specific page/folio routines have a silent argument
that suppresses the warning output, but since it is not currently used
meaningfully, remove both the silent argument and the warning output.
[konishi.ryusuke@gmail.com: adjusted for page/folio conversion]
Link: https://lkml.kernel.org/r/20240816090128.4561-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Stable-dep-of: ca76bb226bf4 ("nilfs2: do not force clear folio if buffer is referenced")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/inode.c | 4 ++--
fs/nilfs2/mdt.c | 6 +++---
fs/nilfs2/page.c | 20 +++-----------------
fs/nilfs2/page.h | 4 ++--
4 files changed, 10 insertions(+), 24 deletions(-)
--- a/fs/nilfs2/inode.c
+++ b/fs/nilfs2/inode.c
@@ -162,7 +162,7 @@ static int nilfs_writepages(struct addre
int err = 0;
if (sb_rdonly(inode->i_sb)) {
- nilfs_clear_dirty_pages(mapping, false);
+ nilfs_clear_dirty_pages(mapping);
return -EROFS;
}
@@ -185,7 +185,7 @@ static int nilfs_writepage(struct page *
* have dirty pages that try to be flushed in background.
* So, here we simply discard this dirty page.
*/
- nilfs_clear_dirty_page(page, false);
+ nilfs_clear_dirty_page(page);
unlock_page(page);
return -EROFS;
}
--- a/fs/nilfs2/mdt.c
+++ b/fs/nilfs2/mdt.c
@@ -411,7 +411,7 @@ nilfs_mdt_write_page(struct page *page,
* have dirty pages that try to be flushed in background.
* So, here we simply discard this dirty page.
*/
- nilfs_clear_dirty_page(page, false);
+ nilfs_clear_dirty_page(page);
unlock_page(page);
return -EROFS;
}
@@ -634,10 +634,10 @@ void nilfs_mdt_restore_from_shadow_map(s
if (mi->mi_palloc_cache)
nilfs_palloc_clear_cache(inode);
- nilfs_clear_dirty_pages(inode->i_mapping, true);
+ nilfs_clear_dirty_pages(inode->i_mapping);
nilfs_copy_back_pages(inode->i_mapping, shadow->inode->i_mapping);
- nilfs_clear_dirty_pages(ii->i_assoc_inode->i_mapping, true);
+ nilfs_clear_dirty_pages(ii->i_assoc_inode->i_mapping);
nilfs_copy_back_pages(ii->i_assoc_inode->i_mapping,
NILFS_I(shadow->inode)->i_assoc_inode->i_mapping);
--- a/fs/nilfs2/page.c
+++ b/fs/nilfs2/page.c
@@ -354,9 +354,8 @@ repeat:
/**
* nilfs_clear_dirty_pages - discard dirty pages in address space
* @mapping: address space with dirty pages for discarding
- * @silent: suppress [true] or print [false] warning messages
*/
-void nilfs_clear_dirty_pages(struct address_space *mapping, bool silent)
+void nilfs_clear_dirty_pages(struct address_space *mapping)
{
struct pagevec pvec;
unsigned int i;
@@ -377,7 +376,7 @@ void nilfs_clear_dirty_pages(struct addr
* was acquired. Skip processing in that case.
*/
if (likely(page->mapping == mapping))
- nilfs_clear_dirty_page(page, silent);
+ nilfs_clear_dirty_page(page);
unlock_page(page);
}
@@ -389,19 +388,11 @@ void nilfs_clear_dirty_pages(struct addr
/**
* nilfs_clear_dirty_page - discard dirty page
* @page: dirty page that will be discarded
- * @silent: suppress [true] or print [false] warning messages
*/
-void nilfs_clear_dirty_page(struct page *page, bool silent)
+void nilfs_clear_dirty_page(struct page *page)
{
- struct inode *inode = page->mapping->host;
- struct super_block *sb = inode->i_sb;
-
BUG_ON(!PageLocked(page));
- if (!silent)
- nilfs_warn(sb, "discard dirty page: offset=%lld, ino=%lu",
- page_offset(page), inode->i_ino);
-
ClearPageUptodate(page);
ClearPageMappedToDisk(page);
ClearPageChecked(page);
@@ -417,11 +408,6 @@ void nilfs_clear_dirty_page(struct page
bh = head = page_buffers(page);
do {
lock_buffer(bh);
- if (!silent)
- nilfs_warn(sb,
- "discard dirty block: blocknr=%llu, size=%zu",
- (u64)bh->b_blocknr, bh->b_size);
-
set_mask_bits(&bh->b_state, clear_bits, 0);
unlock_buffer(bh);
} while (bh = bh->b_this_page, bh != head);
--- a/fs/nilfs2/page.h
+++ b/fs/nilfs2/page.h
@@ -41,8 +41,8 @@ void nilfs_page_bug(struct page *);
int nilfs_copy_dirty_pages(struct address_space *, struct address_space *);
void nilfs_copy_back_pages(struct address_space *, struct address_space *);
-void nilfs_clear_dirty_page(struct page *, bool);
-void nilfs_clear_dirty_pages(struct address_space *, bool);
+void nilfs_clear_dirty_page(struct page *page);
+void nilfs_clear_dirty_pages(struct address_space *mapping);
unsigned int nilfs_page_count_clean_buffers(struct page *, unsigned int,
unsigned int);
unsigned long nilfs_find_uncommitted_extent(struct inode *inode,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 567/578] nilfs2: do not force clear folio if buffer is referenced
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (565 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 566/578] nilfs2: do not output warnings when clearing dirty buffers Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 568/578] nilfs2: protect access to buffers with no active references Greg Kroah-Hartman
` (19 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrew Morton, Ryusuke Konishi,
syzbot+b2b14916b77acf8626d7, syzbot+d98fd19acd08b36ff422
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit ca76bb226bf47ff04c782cacbd299f12ddee1ec1 upstream.
Patch series "nilfs2: protect busy buffer heads from being force-cleared".
This series fixes the buffer head state inconsistency issues reported by
syzbot that occurs when the filesystem is corrupted and falls back to
read-only, and the associated buffer head use-after-free issue.
This patch (of 2):
Syzbot has reported that after nilfs2 detects filesystem corruption and
falls back to read-only, inconsistencies in the buffer state may occur.
One of the inconsistencies is that when nilfs2 calls mark_buffer_dirty()
to set a data or metadata buffer as dirty, but it detects that the buffer
is not in the uptodate state:
WARNING: CPU: 0 PID: 6049 at fs/buffer.c:1177 mark_buffer_dirty+0x2e5/0x520
fs/buffer.c:1177
...
Call Trace:
<TASK>
nilfs_palloc_commit_alloc_entry+0x4b/0x160 fs/nilfs2/alloc.c:598
nilfs_ifile_create_inode+0x1dd/0x3a0 fs/nilfs2/ifile.c:73
nilfs_new_inode+0x254/0x830 fs/nilfs2/inode.c:344
nilfs_mkdir+0x10d/0x340 fs/nilfs2/namei.c:218
vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257
do_mkdirat+0x264/0x3a0 fs/namei.c:4280
__do_sys_mkdirat fs/namei.c:4295 [inline]
__se_sys_mkdirat fs/namei.c:4293 [inline]
__x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4293
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The other is when nilfs_btree_propagate(), which propagates the dirty
state to the ancestor nodes of a b-tree that point to a dirty buffer,
detects that the origin buffer is not dirty, even though it should be:
WARNING: CPU: 0 PID: 5245 at fs/nilfs2/btree.c:2089
nilfs_btree_propagate+0xc79/0xdf0 fs/nilfs2/btree.c:2089
...
Call Trace:
<TASK>
nilfs_bmap_propagate+0x75/0x120 fs/nilfs2/bmap.c:345
nilfs_collect_file_data+0x4d/0xd0 fs/nilfs2/segment.c:587
nilfs_segctor_apply_buffers+0x184/0x340 fs/nilfs2/segment.c:1006
nilfs_segctor_scan_file+0x28c/0xa50 fs/nilfs2/segment.c:1045
nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1216 [inline]
nilfs_segctor_collect fs/nilfs2/segment.c:1540 [inline]
nilfs_segctor_do_construct+0x1c28/0x6b90 fs/nilfs2/segment.c:2115
nilfs_segctor_construct+0x181/0x6b0 fs/nilfs2/segment.c:2479
nilfs_segctor_thread_construct fs/nilfs2/segment.c:2587 [inline]
nilfs_segctor_thread+0x69e/0xe80 fs/nilfs2/segment.c:2701
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Both of these issues are caused by the callbacks that handle the
page/folio write requests, forcibly clear various states, including the
working state of the buffers they hold, at unexpected times when they
detect read-only fallback.
Fix these issues by checking if the buffer is referenced before clearing
the page/folio state, and skipping the clear if it is.
[konishi.ryusuke@gmail.com: adjusted for page/folio conversion]
Link: https://lkml.kernel.org/r/20250107200202.6432-1-konishi.ryusuke@gmail.com
Link: https://lkml.kernel.org/r/20250107200202.6432-2-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+b2b14916b77acf8626d7@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b2b14916b77acf8626d7
Reported-by: syzbot+d98fd19acd08b36ff422@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=d98fd19acd08b36ff422
Fixes: 8c26c4e2694a ("nilfs2: fix issue with flush kernel thread after remount in RO mode because of driver's internal error or metadata corruption")
Tested-by: syzbot+b2b14916b77acf8626d7@syzkaller.appspotmail.com
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/page.c | 35 +++++++++++++++++++++++++++++------
1 file changed, 29 insertions(+), 6 deletions(-)
--- a/fs/nilfs2/page.c
+++ b/fs/nilfs2/page.c
@@ -388,24 +388,44 @@ void nilfs_clear_dirty_pages(struct addr
/**
* nilfs_clear_dirty_page - discard dirty page
* @page: dirty page that will be discarded
+ *
+ * nilfs_clear_dirty_page() clears working states including dirty state for
+ * the page and its buffers. If the page has buffers, clear only if it is
+ * confirmed that none of the buffer heads are busy (none have valid
+ * references and none are locked).
*/
void nilfs_clear_dirty_page(struct page *page)
{
BUG_ON(!PageLocked(page));
- ClearPageUptodate(page);
- ClearPageMappedToDisk(page);
- ClearPageChecked(page);
-
if (page_has_buffers(page)) {
- struct buffer_head *bh, *head;
+ struct buffer_head *bh, *head = page_buffers(page);
const unsigned long clear_bits =
(BIT(BH_Uptodate) | BIT(BH_Dirty) | BIT(BH_Mapped) |
BIT(BH_Async_Write) | BIT(BH_NILFS_Volatile) |
BIT(BH_NILFS_Checked) | BIT(BH_NILFS_Redirected) |
BIT(BH_Delay));
+ bool busy, invalidated = false;
- bh = head = page_buffers(page);
+recheck_buffers:
+ busy = false;
+ bh = head;
+ do {
+ if (atomic_read(&bh->b_count) | buffer_locked(bh)) {
+ busy = true;
+ break;
+ }
+ } while (bh = bh->b_this_page, bh != head);
+
+ if (busy) {
+ if (invalidated)
+ return;
+ invalidate_bh_lrus();
+ invalidated = true;
+ goto recheck_buffers;
+ }
+
+ bh = head;
do {
lock_buffer(bh);
set_mask_bits(&bh->b_state, clear_bits, 0);
@@ -413,6 +433,9 @@ void nilfs_clear_dirty_page(struct page
} while (bh = bh->b_this_page, bh != head);
}
+ ClearPageUptodate(page);
+ ClearPageMappedToDisk(page);
+ ClearPageChecked(page);
__nilfs_clear_page_dirty(page);
}
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 568/578] nilfs2: protect access to buffers with no active references
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (566 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 567/578] nilfs2: do not force clear folio if buffer is referenced Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 569/578] can: ems_pci: move ASIX AX99100 ids to pci_ids.h Greg Kroah-Hartman
` (18 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Andrew Morton, Ryusuke Konishi
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit 367a9bffabe08c04f6d725032cce3d891b2b9e1a upstream.
nilfs_lookup_dirty_data_buffers(), which iterates through the buffers
attached to dirty data folios/pages, accesses the attached buffers without
locking the folios/pages.
For data cache, nilfs_clear_folio_dirty() may be called asynchronously
when the file system degenerates to read only, so
nilfs_lookup_dirty_data_buffers() still has the potential to cause use
after free issues when buffers lose the protection of their dirty state
midway due to this asynchronous clearing and are unintentionally freed by
try_to_free_buffers().
Eliminate this race issue by adjusting the lock section in this function.
[konishi.ryusuke@gmail.com: adjusted for page/folio conversion]
Link: https://lkml.kernel.org/r/20250107200202.6432-3-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Fixes: 8c26c4e2694a ("nilfs2: fix issue with flush kernel thread after remount in RO mode because of driver's internal error or metadata corruption")
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/segment.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/nilfs2/segment.c
+++ b/fs/nilfs2/segment.c
@@ -732,7 +732,6 @@ static size_t nilfs_lookup_dirty_data_bu
}
if (!page_has_buffers(page))
create_empty_buffers(page, i_blocksize(inode), 0);
- unlock_page(page);
bh = head = page_buffers(page);
do {
@@ -742,11 +741,14 @@ static size_t nilfs_lookup_dirty_data_bu
list_add_tail(&bh->b_assoc_buffers, listp);
ndirties++;
if (unlikely(ndirties >= nlimit)) {
+ unlock_page(page);
pagevec_release(&pvec);
cond_resched();
return ndirties;
}
} while (bh = bh->b_this_page, bh != head);
+
+ unlock_page(page);
}
pagevec_release(&pvec);
cond_resched();
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 569/578] can: ems_pci: move ASIX AX99100 ids to pci_ids.h
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (567 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 568/578] nilfs2: protect access to buffers with no active references Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 570/578] serial: 8250_pci: add support for ASIX AX99100 Greg Kroah-Hartman
` (17 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiaqing Zhao, Andy Shevchenko,
Bjorn Helgaas, Marc Kleine-Budde, Tomita Moeko
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
commit 3029ad91335353a70feb42acd24d580d70ab258b upstream.
Move PCI Vendor and Device ID of ASIX AX99100 PCIe to Multi I/O
Controller to pci_ids.h for its serial and parallel port driver
support in subsequent patches.
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Marc Kleine-Budde <mkl@pengutronix.de>
Link: https://lore.kernel.org/r/20230724083933.3173513-3-jiaqing.zhao@linux.intel.com
[Moeko: Drop changes in drivers/net/can/sja1000/ems_pci.c]
Signed-off-by: Tomita Moeko <tomitamoeko@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/pci_ids.h | 4 ++++
1 file changed, 4 insertions(+)
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -1754,6 +1754,10 @@
#define PCI_SUBDEVICE_ID_AT_2700FX 0x2701
#define PCI_SUBDEVICE_ID_AT_2701FX 0x2703
+#define PCI_VENDOR_ID_ASIX 0x125b
+#define PCI_DEVICE_ID_ASIX_AX99100 0x9100
+#define PCI_DEVICE_ID_ASIX_AX99100_LB 0x9110
+
#define PCI_VENDOR_ID_ESS 0x125d
#define PCI_DEVICE_ID_ESS_ESS1968 0x1968
#define PCI_DEVICE_ID_ESS_ESS1978 0x1978
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 570/578] serial: 8250_pci: add support for ASIX AX99100
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (568 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 569/578] can: ems_pci: move ASIX AX99100 ids to pci_ids.h Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 571/578] parport_pc: " Greg Kroah-Hartman
` (16 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiaqing Zhao, Andy Shevchenko,
Tomita Moeko
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
commit 0b32216557ce3b2a468d1282d99b428bf72ff532 upstream.
Each of the 4 PCI functions on ASIX AX99100 PCIe to Multi I/O
Controller can be configured as a single-port serial port controller.
The subvendor id is 0x1000 when configured as serial port and MSI
interrupts are supported.
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20230724083933.3173513-4-jiaqing.zhao@linux.intel.com
Signed-off-by: Tomita Moeko <tomitamoeko@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_pci.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/tty/serial/8250/8250_pci.c
+++ b/drivers/tty/serial/8250/8250_pci.c
@@ -66,6 +66,8 @@ static const struct pci_device_id pci_us
0xA000, 0x1000) },
{ PCI_DEVICE_SUB(PCI_VENDOR_ID_NETMOS, PCI_DEVICE_ID_NETMOS_9922,
0xA000, 0x1000) },
+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_ASIX, PCI_DEVICE_ID_ASIX_AX99100,
+ 0xA000, 0x1000) },
{ PCI_DEVICE_SUB(PCI_VENDOR_ID_HP_3PAR, PCI_DEVICE_ID_HPE_PCI_SERIAL,
PCI_ANY_ID, PCI_ANY_ID) },
{ }
@@ -5890,6 +5892,14 @@ static const struct pci_device_id serial
{ PCI_VENDOR_ID_NETMOS, PCI_DEVICE_ID_NETMOS_9865,
0xA000, 0x3004,
0, 0, pbn_b0_bt_4_115200 },
+
+ /*
+ * ASIX AX99100 PCIe to Multi I/O Controller
+ */
+ { PCI_VENDOR_ID_ASIX, PCI_DEVICE_ID_ASIX_AX99100,
+ 0xA000, 0x1000,
+ 0, 0, pbn_b0_1_115200 },
+
/* Intel CE4100 */
{ PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_CE4100_UART,
PCI_ANY_ID, PCI_ANY_ID, 0, 0,
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 571/578] parport_pc: add support for ASIX AX99100
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (569 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 570/578] serial: 8250_pci: add support for ASIX AX99100 Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 572/578] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Greg Kroah-Hartman
` (15 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiaqing Zhao, Andy Shevchenko,
Sudip Mukherjee, Tomita Moeko
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
commit 16aae4c64600a6319a6f10dbff833fa198bf9599 upstream.
The PCI function 2 on ASIX AX99100 PCIe to Multi I/O Controller can be
configured as a single-port parallel port controller. The subvendor id
is 0x2000 when configured as parallel port. It supports IEEE-1284 EPP /
ECP with its ECR on BAR1.
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Link: https://lore.kernel.org/r/20230724083933.3173513-5-jiaqing.zhao@linux.intel.com
Signed-off-by: Tomita Moeko <tomitamoeko@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/parport/parport_pc.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/parport/parport_pc.c
+++ b/drivers/parport/parport_pc.c
@@ -2612,6 +2612,7 @@ enum parport_pc_pci_cards {
netmos_9815,
netmos_9901,
netmos_9865,
+ asix_ax99100,
quatech_sppxp100,
wch_ch382l,
brainboxes_uc146,
@@ -2678,6 +2679,7 @@ static struct parport_pc_pci {
/* netmos_9815 */ { 2, { { 0, 1 }, { 2, 3 }, } },
/* netmos_9901 */ { 1, { { 0, -1 }, } },
/* netmos_9865 */ { 1, { { 0, -1 }, } },
+ /* asix_ax99100 */ { 1, { { 0, 1 }, } },
/* quatech_sppxp100 */ { 1, { { 0, 1 }, } },
/* wch_ch382l */ { 1, { { 2, -1 }, } },
/* brainboxes_uc146 */ { 1, { { 3, -1 }, } },
@@ -2770,6 +2772,9 @@ static const struct pci_device_id parpor
0xA000, 0x1000, 0, 0, netmos_9865 },
{ PCI_VENDOR_ID_NETMOS, PCI_DEVICE_ID_NETMOS_9865,
0xA000, 0x2000, 0, 0, netmos_9865 },
+ /* ASIX AX99100 PCIe to Multi I/O Controller */
+ { PCI_VENDOR_ID_ASIX, PCI_DEVICE_ID_ASIX_AX99100,
+ 0xA000, 0x2000, 0, 0, asix_ax99100 },
/* Quatech SPPXP-100 Parallel port PCI ExpressCard */
{ PCI_VENDOR_ID_QUATECH, PCI_DEVICE_ID_QUATECH_SPPXP_100,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, quatech_sppxp100 },
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 572/578] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (570 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 571/578] parport_pc: " Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 573/578] netdevsim: print human readable IP address Greg Kroah-Hartman
` (14 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Florian Fainelli,
Eric Dumazet, Jakub Kicinski, Wenshan Lan,
syzbot+d81bcd883824180500c8
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vladimir Oltean <vladimir.oltean@nxp.com>
commit 844f104790bd69c2e4dbb9ee3eba46fde1fcea7b upstream.
After the blamed commit, we started doing this dereference for every
NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.
static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev)
{
struct dsa_user_priv *p = netdev_priv(dev);
return p->dp;
}
Which is obviously bogus, because not all net_devices have a netdev_priv()
of type struct dsa_user_priv. But struct dsa_user_priv is fairly small,
and p->dp means dereferencing 8 bytes starting with offset 16. Most
drivers allocate that much private memory anyway, making our access not
fault, and we discard the bogus data quickly afterwards, so this wasn't
caught.
But the dummy interface is somewhat special in that it calls
alloc_netdev() with a priv size of 0. So every netdev_priv() dereference
is invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event
with a VLAN as its new upper:
$ ip link add dummy1 type dummy
$ ip link add link dummy1 name dummy1.100 type vlan id 100
[ 43.309174] ==================================================================
[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8
[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374
[ 43.330058]
[ 43.342436] Call trace:
[ 43.366542] dsa_user_prechangeupper+0x30/0xe8
[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8
[ 43.375768] notifier_call_chain+0xa4/0x210
[ 43.379985] raw_notifier_call_chain+0x24/0x38
[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8
[ 43.389120] netdev_upper_dev_link+0x70/0xa8
[ 43.393424] register_vlan_dev+0x1bc/0x310
[ 43.397554] vlan_newlink+0x210/0x248
[ 43.401247] rtnl_newlink+0x9fc/0xe30
[ 43.404942] rtnetlink_rcv_msg+0x378/0x580
Avoid the kernel oops by dereferencing after the type check, as customary.
Fixes: 4c3f80d22b2e ("net: dsa: walk through all changeupper notifier functions")
Reported-and-tested-by: syzbot+d81bcd883824180500c8@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/0000000000001d4255060e87545c@google.com/
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20240110003354.2796778-1-vladimir.oltean@nxp.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Wenshan Lan <jetlan9@163.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/dsa/slave.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/net/dsa/slave.c
+++ b/net/dsa/slave.c
@@ -2592,13 +2592,14 @@ EXPORT_SYMBOL_GPL(dsa_slave_dev_check);
static int dsa_slave_changeupper(struct net_device *dev,
struct netdev_notifier_changeupper_info *info)
{
- struct dsa_port *dp = dsa_slave_to_port(dev);
struct netlink_ext_ack *extack;
int err = NOTIFY_DONE;
+ struct dsa_port *dp;
if (!dsa_slave_dev_check(dev))
return err;
+ dp = dsa_slave_to_port(dev);
extack = netdev_notifier_info_to_extack(&info->info);
if (netif_is_bridge_master(info->upper_dev)) {
@@ -2652,11 +2653,13 @@ static int dsa_slave_changeupper(struct
static int dsa_slave_prechangeupper(struct net_device *dev,
struct netdev_notifier_changeupper_info *info)
{
- struct dsa_port *dp = dsa_slave_to_port(dev);
+ struct dsa_port *dp;
if (!dsa_slave_dev_check(dev))
return NOTIFY_DONE;
+ dp = dsa_slave_to_port(dev);
+
if (netif_is_bridge_master(info->upper_dev) && !info->linking)
dsa_port_pre_bridge_leave(dp, info->upper_dev);
else if (netif_is_lag_master(info->upper_dev) && !info->linking)
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 573/578] netdevsim: print human readable IP address
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (571 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 572/578] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 574/578] selftests: rtnetlink: update netdevsim ipsec output format Greg Kroah-Hartman
` (13 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Simon Horman, Hangbin Liu,
Jakub Kicinski, Harshit Mogalapalli
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hangbin Liu <liuhangbin@gmail.com>
commit c71bc6da6198a6d88df86094f1052bb581951d65 upstream.
Currently, IPSec addresses are printed in hexadecimal format, which is
not user-friendly. e.g.
# cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
SA count=2 tx=20
sa[0] rx ipaddr=0x00000000 00000000 00000000 0100a8c0
sa[0] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[0] key=0x3167608a ca4f1397 43565909 941fa627
sa[1] tx ipaddr=0x00000000 00000000 00000000 00000000
sa[1] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[1] key=0x3167608a ca4f1397 43565909 941fa627
This patch updates the code to print the IPSec address in a human-readable
format for easier debug. e.g.
# cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
SA count=4 tx=40
sa[0] tx ipaddr=0.0.0.0
sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[0] key=0x3167608a ca4f1397 43565909 941fa627
sa[1] rx ipaddr=192.168.0.1
sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[1] key=0x3167608a ca4f1397 43565909 941fa627
sa[2] tx ipaddr=::
sa[2] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[2] key=0x3167608a ca4f1397 43565909 941fa627
sa[3] rx ipaddr=2000::1
sa[3] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[3] key=0x3167608a ca4f1397 43565909 941fa627
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Link: https://patch.msgid.link/20241010040027.21440-2-liuhangbin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/netdevsim/ipsec.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net/netdevsim/ipsec.c
@@ -39,10 +39,14 @@ static ssize_t nsim_dbg_netdev_ops_read(
if (!sap->used)
continue;
- p += scnprintf(p, bufsize - (p - buf),
- "sa[%i] %cx ipaddr=0x%08x %08x %08x %08x\n",
- i, (sap->rx ? 'r' : 't'), sap->ipaddr[0],
- sap->ipaddr[1], sap->ipaddr[2], sap->ipaddr[3]);
+ if (sap->xs->props.family == AF_INET6)
+ p += scnprintf(p, bufsize - (p - buf),
+ "sa[%i] %cx ipaddr=%pI6c\n",
+ i, (sap->rx ? 'r' : 't'), &sap->ipaddr);
+ else
+ p += scnprintf(p, bufsize - (p - buf),
+ "sa[%i] %cx ipaddr=%pI4\n",
+ i, (sap->rx ? 'r' : 't'), &sap->ipaddr[3]);
p += scnprintf(p, bufsize - (p - buf),
"sa[%i] spi=0x%08x proto=0x%x salt=0x%08x crypt=%d\n",
i, be32_to_cpu(sap->xs->id.spi),
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 574/578] selftests: rtnetlink: update netdevsim ipsec output format
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (572 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 573/578] netdevsim: print human readable IP address Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 575/578] ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Greg Kroah-Hartman
` (12 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hangbin Liu, Stanislav Fomichev,
Jakub Kicinski, Harshit Mogalapalli
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hangbin Liu <liuhangbin@gmail.com>
commit 3ec920bb978ccdc68a7dfb304d303d598d038cb1 upstream.
After the netdevsim update to use human-readable IP address formats for
IPsec, we can now use the source and destination IPs directly in testing.
Here is the result:
# ./rtnetlink.sh -t kci_test_ipsec_offload
PASS: ipsec_offload
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Acked-by: Stanislav Fomichev <sdf@fomichev.me>
Link: https://patch.msgid.link/20241010040027.21440-4-liuhangbin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/net/rtnetlink.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/tools/testing/selftests/net/rtnetlink.sh
+++ b/tools/testing/selftests/net/rtnetlink.sh
@@ -813,10 +813,10 @@ kci_test_ipsec_offload()
# does driver have correct offload info
diff $sysfsf - << EOF
SA count=2 tx=3
-sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
+sa[0] tx ipaddr=$dstip
sa[0] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
sa[0] key=0x34333231 38373635 32313039 36353433
-sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0
+sa[1] rx ipaddr=$srcip
sa[1] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
sa[1] key=0x34333231 38373635 32313039 36353433
EOF
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 575/578] ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (573 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 574/578] selftests: rtnetlink: update netdevsim ipsec output format Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 576/578] f2fs: fix to wait dio completion Greg Kroah-Hartman
` (11 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Romain Naour, Kevin Hilman
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Romain Naour <romain.naour@skf.com>
commit c1472ec1dc4419d0bae663c1a1e6cb98dc7881ad upstream.
A bus_dma_limit was added for l3 bus by commit cfb5d65f2595
("ARM: dts: dra7: Add bus_dma_limit for L3 bus") to fix an issue
observed only with SATA on DRA7-EVM with 4GB RAM and CONFIG_ARM_LPAE
enabled.
Since kernel 5.13, the SATA issue can be reproduced again following
the SATA node move from L3 bus to L4_cfg in commit 8af15365a368
("ARM: dts: Configure interconnect target module for dra7 sata").
Fix it by adding an empty dma-ranges property to l4_cfg and
segment@100000 nodes (parent device tree node of SATA controller) to
inherit the 2GB dma ranges limit from l3 bus node.
Note: A similar fix was applied for PCIe controller by commit
90d4d3f4ea45 ("ARM: dts: dra7: Fix bus_dma_limit for PCIe").
Fixes: 8af15365a368 ("ARM: dts: Configure interconnect target module for dra7 sata").
Link: https://lore.kernel.org/linux-omap/c583e1bb-f56b-4489-8012-ce742e85f233@smile.fr/
Cc: stable@vger.kernel.org # 5.13
Signed-off-by: Romain Naour <romain.naour@skf.com>
Link: https://lore.kernel.org/r/20241115102537.1330300-1-romain.naour@smile.fr
Signed-off-by: Kevin Hilman <khilman@baylibre.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/dra7-l4.dtsi | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/arm/boot/dts/dra7-l4.dtsi
+++ b/arch/arm/boot/dts/dra7-l4.dtsi
@@ -12,6 +12,7 @@
ranges = <0x00000000 0x4a000000 0x100000>, /* segment 0 */
<0x00100000 0x4a100000 0x100000>, /* segment 1 */
<0x00200000 0x4a200000 0x100000>; /* segment 2 */
+ dma-ranges;
segment@0 { /* 0x4a000000 */
compatible = "simple-pm-bus";
@@ -557,6 +558,7 @@
<0x0007e000 0x0017e000 0x001000>, /* ap 124 */
<0x00059000 0x00159000 0x001000>, /* ap 125 */
<0x0005a000 0x0015a000 0x001000>; /* ap 126 */
+ dma-ranges;
target-module@2000 { /* 0x4a102000, ap 27 3c.0 */
compatible = "ti,sysc";
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 576/578] f2fs: fix to wait dio completion
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (574 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 575/578] ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 577/578] drm/amd/display: Add NULL pointer check for kzalloc Greg Kroah-Hartman
` (10 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chao Yu, Jaegeuk Kim, Alva Lan
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <chao@kernel.org>
commit 96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d upstream.
It should wait all existing dio write IOs before block removal,
otherwise, previous direct write IO may overwrite data in the
block which may be reused by other inode.
Cc: stable@vger.kernel.org
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Alva Lan <alvalan9@foxmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/file.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -1048,6 +1048,13 @@ int f2fs_setattr(struct user_namespace *
return err;
}
+ /*
+ * wait for inflight dio, blocks should be removed after
+ * IO completion.
+ */
+ if (attr->ia_size < old_size)
+ inode_dio_wait(inode);
+
f2fs_down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
filemap_invalidate_lock(inode->i_mapping);
@@ -1880,6 +1887,12 @@ static long f2fs_fallocate(struct file *
if (ret)
goto out;
+ /*
+ * wait for inflight dio, blocks should be removed after IO
+ * completion.
+ */
+ inode_dio_wait(inode);
+
if (mode & FALLOC_FL_PUNCH_HOLE) {
if (offset >= inode->i_size)
goto out;
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 577/578] drm/amd/display: Add NULL pointer check for kzalloc
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (575 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 576/578] f2fs: fix to wait dio completion Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 578/578] x86/i8253: Disable PIT timer 0 when not in use Greg Kroah-Hartman
` (9 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alex Hung, Wayne Lin, Hersen Wu,
Alex Deucher, Wenshan Lan
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hersen Wu <hersenxs.wu@amd.com>
commit 8e65a1b7118acf6af96449e1e66b7adbc9396912 upstream.
[Why & How]
Check return pointer of kzalloc before using it.
Reviewed-by: Alex Hung <alex.hung@amd.com>
Acked-by: Wayne Lin <wayne.lin@amd.com>
Signed-off-by: Hersen Wu <hersenxs.wu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Wenshan Lan <jetlan9@163.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c | 8 ++++++++
drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 8 ++++++++
drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 3 +++
drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 5 +++++
drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c | 5 +++++
drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c | 2 ++
drivers/gpu/drm/amd/display/dc/dcn316/dcn316_resource.c | 2 ++
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 5 +++++
drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c | 2 ++
9 files changed, 40 insertions(+)
--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c
+++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c
@@ -568,11 +568,19 @@ void dcn3_clk_mgr_construct(
dce_clock_read_ss_info(clk_mgr);
clk_mgr->base.bw_params = kzalloc(sizeof(*clk_mgr->base.bw_params), GFP_KERNEL);
+ if (!clk_mgr->base.bw_params) {
+ BREAK_TO_DEBUGGER();
+ return;
+ }
/* need physical address of table to give to PMFW */
clk_mgr->wm_range_table = dm_helpers_allocate_gpu_mem(clk_mgr->base.ctx,
DC_MEM_ALLOC_TYPE_GART, sizeof(WatermarksExternal_t),
&clk_mgr->wm_range_table_addr);
+ if (!clk_mgr->wm_range_table) {
+ BREAK_TO_DEBUGGER();
+ return;
+ }
}
void dcn3_clk_mgr_destroy(struct clk_mgr_internal *clk_mgr)
--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c
+++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c
@@ -816,11 +816,19 @@ void dcn32_clk_mgr_construct(
clk_mgr->smu_present = false;
clk_mgr->base.bw_params = kzalloc(sizeof(*clk_mgr->base.bw_params), GFP_KERNEL);
+ if (!clk_mgr->base.bw_params) {
+ BREAK_TO_DEBUGGER();
+ return;
+ }
/* need physical address of table to give to PMFW */
clk_mgr->wm_range_table = dm_helpers_allocate_gpu_mem(clk_mgr->base.ctx,
DC_MEM_ALLOC_TYPE_GART, sizeof(WatermarksExternal_t),
&clk_mgr->wm_range_table_addr);
+ if (!clk_mgr->wm_range_table) {
+ BREAK_TO_DEBUGGER();
+ return;
+ }
}
void dcn32_clk_mgr_destroy(struct clk_mgr_internal *clk_mgr)
--- a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c
@@ -2062,6 +2062,9 @@ bool dcn30_validate_bandwidth(struct dc
BW_VAL_TRACE_COUNT();
+ if (!pipes)
+ goto validate_fail;
+
DC_FP_START();
out = dcn30_internal_validate_bw(dc, context, pipes, &pipe_cnt, &vlevel, fast_validate, true);
DC_FP_END();
--- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c
@@ -1324,6 +1324,8 @@ static struct hpo_dp_link_encoder *dcn31
/* allocate HPO link encoder */
hpo_dp_enc31 = kzalloc(sizeof(struct dcn31_hpo_dp_link_encoder), GFP_KERNEL);
+ if (!hpo_dp_enc31)
+ return NULL; /* out of memory */
hpo_dp_link_encoder31_construct(hpo_dp_enc31, ctx, inst,
&hpo_dp_link_enc_regs[inst],
@@ -1773,6 +1775,9 @@ bool dcn31_validate_bandwidth(struct dc
BW_VAL_TRACE_COUNT();
+ if (!pipes)
+ goto validate_fail;
+
DC_FP_START();
out = dcn30_internal_validate_bw(dc, context, pipes, &pipe_cnt, &vlevel, fast_validate, true);
DC_FP_END();
--- a/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c
@@ -1372,6 +1372,8 @@ static struct hpo_dp_link_encoder *dcn31
/* allocate HPO link encoder */
hpo_dp_enc31 = kzalloc(sizeof(struct dcn31_hpo_dp_link_encoder), GFP_KERNEL);
+ if (!hpo_dp_enc31)
+ return NULL; /* out of memory */
hpo_dp_link_encoder31_construct(hpo_dp_enc31, ctx, inst,
&hpo_dp_link_enc_regs[inst],
@@ -1743,6 +1745,9 @@ bool dcn314_validate_bandwidth(struct dc
BW_VAL_TRACE_COUNT();
+ if (!pipes)
+ goto validate_fail;
+
if (filter_modes_for_single_channel_workaround(dc, context))
goto validate_fail;
--- a/drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c
@@ -1325,6 +1325,8 @@ static struct hpo_dp_link_encoder *dcn31
/* allocate HPO link encoder */
hpo_dp_enc31 = kzalloc(sizeof(struct dcn31_hpo_dp_link_encoder), GFP_KERNEL);
+ if (!hpo_dp_enc31)
+ return NULL; /* out of memory */
hpo_dp_link_encoder31_construct(hpo_dp_enc31, ctx, inst,
&hpo_dp_link_enc_regs[inst],
--- a/drivers/gpu/drm/amd/display/dc/dcn316/dcn316_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn316/dcn316_resource.c
@@ -1322,6 +1322,8 @@ static struct hpo_dp_link_encoder *dcn31
/* allocate HPO link encoder */
hpo_dp_enc31 = kzalloc(sizeof(struct dcn31_hpo_dp_link_encoder), GFP_KERNEL);
+ if (!hpo_dp_enc31)
+ return NULL; /* out of memory */
hpo_dp_link_encoder31_construct(hpo_dp_enc31, ctx, inst,
&hpo_dp_link_enc_regs[inst],
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c
@@ -1310,6 +1310,8 @@ static struct hpo_dp_link_encoder *dcn32
/* allocate HPO link encoder */
hpo_dp_enc31 = kzalloc(sizeof(struct dcn31_hpo_dp_link_encoder), GFP_KERNEL);
+ if (!hpo_dp_enc31)
+ return NULL; /* out of memory */
#undef REG_STRUCT
#define REG_STRUCT hpo_dp_link_enc_regs
@@ -1855,6 +1857,9 @@ bool dcn32_validate_bandwidth(struct dc
BW_VAL_TRACE_COUNT();
+ if (!pipes)
+ goto validate_fail;
+
DC_FP_START();
out = dcn32_internal_validate_bw(dc, context, pipes, &pipe_cnt, &vlevel, fast_validate);
DC_FP_END();
--- a/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c
@@ -1296,6 +1296,8 @@ static struct hpo_dp_link_encoder *dcn32
/* allocate HPO link encoder */
hpo_dp_enc31 = kzalloc(sizeof(struct dcn31_hpo_dp_link_encoder), GFP_KERNEL);
+ if (!hpo_dp_enc31)
+ return NULL; /* out of memory */
#undef REG_STRUCT
#define REG_STRUCT hpo_dp_link_enc_regs
^ permalink raw reply [flat|nested] 591+ messages in thread
* [PATCH 6.1 578/578] x86/i8253: Disable PIT timer 0 when not in use
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (576 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 577/578] drm/amd/display: Add NULL pointer check for kzalloc Greg Kroah-Hartman
@ 2025-02-19 8:29 ` Greg Kroah-Hartman
2025-02-19 10:24 ` [PATCH 6.1 000/578] 6.1.129-rc1 review Pavel Machek
` (8 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Greg Kroah-Hartman @ 2025-02-19 8:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Woodhouse, Thomas Gleixner,
Michael Kelley
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Woodhouse <dwmw@amazon.co.uk>
commit 70e6b7d9ae3c63df90a7bba7700e8d5c300c3c60 upstream.
Leaving the PIT interrupt running can cause noticeable steal time for
virtual guests. The VMM generally has a timer which toggles the IRQ input
to the PIC and I/O APIC, which takes CPU time away from the guest. Even
on real hardware, running the counter may use power needlessly (albeit
not much).
Make sure it's turned off if it isn't going to be used.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Michael Kelley <mhkelley@outlook.com>
Link: https://lore.kernel.org/all/20240802135555.564941-1-dwmw2@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/i8253.c | 11 +++++++++--
drivers/clocksource/i8253.c | 13 +++++++++----
include/linux/i8253.h | 1 +
3 files changed, 19 insertions(+), 6 deletions(-)
--- a/arch/x86/kernel/i8253.c
+++ b/arch/x86/kernel/i8253.c
@@ -8,6 +8,7 @@
#include <linux/timex.h>
#include <linux/i8253.h>
+#include <asm/hypervisor.h>
#include <asm/apic.h>
#include <asm/hpet.h>
#include <asm/time.h>
@@ -39,9 +40,15 @@ static bool __init use_pit(void)
bool __init pit_timer_init(void)
{
- if (!use_pit())
+ if (!use_pit()) {
+ /*
+ * Don't just ignore the PIT. Ensure it's stopped, because
+ * VMMs otherwise steal CPU time just to pointlessly waggle
+ * the (masked) IRQ.
+ */
+ clockevent_i8253_disable();
return false;
-
+ }
clockevent_i8253_init(true);
global_clock_event = &i8253_clockevent;
return true;
--- a/drivers/clocksource/i8253.c
+++ b/drivers/clocksource/i8253.c
@@ -108,11 +108,8 @@ int __init clocksource_i8253_init(void)
#endif
#ifdef CONFIG_CLKEVT_I8253
-static int pit_shutdown(struct clock_event_device *evt)
+void clockevent_i8253_disable(void)
{
- if (!clockevent_state_oneshot(evt) && !clockevent_state_periodic(evt))
- return 0;
-
raw_spin_lock(&i8253_lock);
outb_p(0x30, PIT_MODE);
@@ -123,6 +120,14 @@ static int pit_shutdown(struct clock_eve
}
raw_spin_unlock(&i8253_lock);
+}
+
+static int pit_shutdown(struct clock_event_device *evt)
+{
+ if (!clockevent_state_oneshot(evt) && !clockevent_state_periodic(evt))
+ return 0;
+
+ clockevent_i8253_disable();
return 0;
}
--- a/include/linux/i8253.h
+++ b/include/linux/i8253.h
@@ -24,6 +24,7 @@ extern raw_spinlock_t i8253_lock;
extern bool i8253_clear_counter_on_shutdown;
extern struct clock_event_device i8253_clockevent;
extern void clockevent_i8253_init(bool oneshot);
+extern void clockevent_i8253_disable(void);
extern void setup_pit_timer(void);
^ permalink raw reply [flat|nested] 591+ messages in thread
* Re: [PATCH 6.1 000/578] 6.1.129-rc1 review
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (577 preceding siblings ...)
2025-02-19 8:29 ` [PATCH 6.1 578/578] x86/i8253: Disable PIT timer 0 when not in use Greg Kroah-Hartman
@ 2025-02-19 10:24 ` Pavel Machek
2025-02-19 11:18 ` Peter Schneider
` (7 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Pavel Machek @ 2025-02-19 10:24 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, hargar, broonie
[-- Attachment #1: Type: text/plain, Size: 660 bytes --]
Hi!
> This is the start of the stable review cycle for the 6.1.129 release.
> There are 578 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
CIP testing did not find any problems here:
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-6.1.y
Tested-by: Pavel Machek (CIP) <pavel@denx.de>
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Erika Unter
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 591+ messages in thread
* Re: [PATCH 6.1 000/578] 6.1.129-rc1 review
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (578 preceding siblings ...)
2025-02-19 10:24 ` [PATCH 6.1 000/578] 6.1.129-rc1 review Pavel Machek
@ 2025-02-19 11:18 ` Peter Schneider
2025-02-19 18:30 ` [PATCH 6.1] " Hardik Garg
` (6 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Peter Schneider @ 2025-02-19 11:18 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, hargar, broonie
Am 19.02.2025 um 09:20 schrieb Greg Kroah-Hartman:
> This is the start of the stable review cycle for the 6.1.129 release.
> There are 578 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
Builds, boots and works on my 2-socket Ivy Bridge Xeon E5-2697 v2 server. No dmesg
oddities or regressions found.
Tested-by: Peter Schneider <pschneider1968@googlemail.com>
Beste Grüße,
Peter Schneider
--
Climb the mountain not to plant your flag, but to embrace the challenge,
enjoy the air and behold the view. Climb it so you can see the world,
not so the world can see you. -- David McCullough Jr.
OpenPGP: 0xA3828BD796CCE11A8CADE8866E3A92C92C3FF244
Download: https://www.peters-netzplatz.de/download/pschneider1968_pub.asc
https://keys.mailvelope.com/pks/lookup?op=get&search=pschneider1968@googlemail.com
https://keys.mailvelope.com/pks/lookup?op=get&search=pschneider1968@gmail.com
^ permalink raw reply [flat|nested] 591+ messages in thread
* Re: [PATCH 6.1 557/578] drm/tidss: Clear the interrupt status for interrupts being disabled
2025-02-19 8:29 ` [PATCH 6.1 557/578] drm/tidss: Clear the interrupt status for interrupts being disabled Greg Kroah-Hartman
@ 2025-02-19 17:26 ` Jon Cormier
0 siblings, 0 replies; 591+ messages in thread
From: Jon Cormier @ 2025-02-19 17:26 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, Devarsh Thakkar, Aradhya Bhatia, Tomi Valkeinen
On Wed, Feb 19, 2025 at 4:33 AM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> 6.1-stable review patch. If anyone has any objections, please let me know.
Looks good to me
>
> ------------------
>
> From: Devarsh Thakkar <devarsht@ti.com>
>
> commit 361a2ebb5cad211732ec3c5d962de49b21895590 upstream.
>
> The driver does not touch the irqstatus register when it is disabling
> interrupts. This might cause an interrupt to trigger for an interrupt
> that was just disabled.
>
> To fix the issue, clear the irqstatus registers right after disabling
> the interrupts.
>
> Fixes: 32a1795f57ee ("drm/tidss: New driver for TI Keystone platform Display SubSystem")
> Cc: stable@vger.kernel.org
> Reported-by: Jonathan Cormier <jcormier@criticallink.com>
> Closes: https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1394222/am625-issue-about-tidss-rcu_preempt-self-detected-stall-on-cpu/5424479#5424479
> Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
> [Tomi: mostly rewrote the patch]
> Reviewed-by: Jonathan Cormier <jcormier@criticallink.com>
> Tested-by: Jonathan Cormier <jcormier@criticallink.com>
> Reviewed-by: Aradhya Bhatia <aradhya.bhatia@linux.dev>
> Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
> Link: https://patchwork.freedesktop.org/patch/msgid/20241021-tidss-irq-fix-v1-5-82ddaec94e4a@ideasonboard.com
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
> drivers/gpu/drm/tidss/tidss_dispc.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> --- a/drivers/gpu/drm/tidss/tidss_dispc.c
> +++ b/drivers/gpu/drm/tidss/tidss_dispc.c
> @@ -599,7 +599,7 @@ void dispc_k2g_set_irqenable(struct disp
> {
> dispc_irq_t old_mask = dispc_k2g_read_irqenable(dispc);
>
> - /* clear the irqstatus for newly enabled irqs */
> + /* clear the irqstatus for irqs that will be enabled */
> dispc_k2g_clear_irqstatus(dispc, (mask ^ old_mask) & mask);
>
> dispc_k2g_vp_set_irqenable(dispc, 0, mask);
> @@ -607,6 +607,9 @@ void dispc_k2g_set_irqenable(struct disp
>
> dispc_write(dispc, DISPC_IRQENABLE_SET, (1 << 0) | (1 << 7));
>
> + /* clear the irqstatus for irqs that were disabled */
> + dispc_k2g_clear_irqstatus(dispc, (mask ^ old_mask) & old_mask);
> +
> /* flush posted write */
> dispc_k2g_read_irqenable(dispc);
> }
> @@ -738,7 +741,7 @@ static void dispc_k3_set_irqenable(struc
>
> old_mask = dispc_k3_read_irqenable(dispc);
>
> - /* clear the irqstatus for newly enabled irqs */
> + /* clear the irqstatus for irqs that will be enabled */
> dispc_k3_clear_irqstatus(dispc, (old_mask ^ mask) & mask);
>
> for (i = 0; i < dispc->feat->num_vps; ++i) {
> @@ -763,6 +766,9 @@ static void dispc_k3_set_irqenable(struc
> if (main_disable)
> dispc_write(dispc, DISPC_IRQENABLE_CLR, main_disable);
>
> + /* clear the irqstatus for irqs that were disabled */
> + dispc_k3_clear_irqstatus(dispc, (old_mask ^ mask) & old_mask);
> +
> /* Flush posted writes */
> dispc_read(dispc, DISPC_IRQENABLE_SET);
> }
>
>
--
Jonathan Cormier
Senior Software Engineer
Voice: 315.425.4045 x222
http://www.CriticalLink.com
6712 Brooklawn Parkway, Syracuse, NY 13211
^ permalink raw reply [flat|nested] 591+ messages in thread
* Re: [PATCH 6.1 556/578] drm/tidss: Fix issue in irq handling causing irq-flood issue
2025-02-19 8:29 ` [PATCH 6.1 556/578] drm/tidss: Fix issue in irq handling causing irq-flood issue Greg Kroah-Hartman
@ 2025-02-19 17:27 ` Jon Cormier
0 siblings, 0 replies; 591+ messages in thread
From: Jon Cormier @ 2025-02-19 17:27 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, Bin Liu, Devarsh Thakkar, Aradhya Bhatia,
Tomi Valkeinen
On Wed, Feb 19, 2025 at 4:32 AM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> 6.1-stable review patch. If anyone has any objections, please let me know.
Looks good to me
>
>
> ------------------
>
> From: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
>
> commit 44b6730ab53ef04944fbaf6da0e77397531517b7 upstream.
>
> It has been observed that sometimes DSS will trigger an interrupt and
> the top level interrupt (DISPC_IRQSTATUS) is not zero, but the VP and
> VID level interrupt-statuses are zero.
>
> As the top level irqstatus is supposed to tell whether we have VP/VID
> interrupts, the thinking of the driver authors was that this particular
> case could never happen. Thus the driver only clears the DISPC_IRQSTATUS
> bits which has corresponding interrupts in VP/VID status. So when this
> issue happens, the driver will not clear DISPC_IRQSTATUS, and we get an
> interrupt flood.
>
> It is unclear why the issue happens. It could be a race issue in the
> driver, but no such race has been found. It could also be an issue with
> the HW. However a similar case can be easily triggered by manually
> writing to DISPC_IRQSTATUS_RAW. This will forcibly set a bit in the
> DISPC_IRQSTATUS and trigger an interrupt, and as the driver never clears
> the bit, we get an interrupt flood.
>
> To fix the issue, always clear DISPC_IRQSTATUS. The concern with this
> solution is that if the top level irqstatus is the one that triggers the
> interrupt, always clearing DISPC_IRQSTATUS might leave some interrupts
> unhandled if VP/VID interrupt statuses have bits set. However, testing
> shows that if any of the irqstatuses is set (i.e. even if
> DISPC_IRQSTATUS == 0, but a VID irqstatus has a bit set), we will get an
> interrupt.
>
> Co-developed-by: Bin Liu <b-liu@ti.com>
> Signed-off-by: Bin Liu <b-liu@ti.com>
> Co-developed-by: Devarsh Thakkar <devarsht@ti.com>
> Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
> Co-developed-by: Jonathan Cormier <jcormier@criticallink.com>
> Signed-off-by: Jonathan Cormier <jcormier@criticallink.com>
> Fixes: 32a1795f57ee ("drm/tidss: New driver for TI Keystone platform Display SubSystem")
> Cc: stable@vger.kernel.org
> Tested-by: Jonathan Cormier <jcormier@criticallink.com>
> Reviewed-by: Aradhya Bhatia <aradhya.bhatia@linux.dev>
> Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
> Link: https://patchwork.freedesktop.org/patch/msgid/20241021-tidss-irq-fix-v1-1-82ddaec94e4a@ideasonboard.com
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
> drivers/gpu/drm/tidss/tidss_dispc.c | 12 ++++--------
> 1 file changed, 4 insertions(+), 8 deletions(-)
>
> --- a/drivers/gpu/drm/tidss/tidss_dispc.c
> +++ b/drivers/gpu/drm/tidss/tidss_dispc.c
> @@ -679,24 +679,20 @@ static
> void dispc_k3_clear_irqstatus(struct dispc_device *dispc, dispc_irq_t clearmask)
> {
> unsigned int i;
> - u32 top_clear = 0;
>
> for (i = 0; i < dispc->feat->num_vps; ++i) {
> - if (clearmask & DSS_IRQ_VP_MASK(i)) {
> + if (clearmask & DSS_IRQ_VP_MASK(i))
> dispc_k3_vp_write_irqstatus(dispc, i, clearmask);
> - top_clear |= BIT(i);
> - }
> }
> for (i = 0; i < dispc->feat->num_planes; ++i) {
> - if (clearmask & DSS_IRQ_PLANE_MASK(i)) {
> + if (clearmask & DSS_IRQ_PLANE_MASK(i))
> dispc_k3_vid_write_irqstatus(dispc, i, clearmask);
> - top_clear |= BIT(4 + i);
> - }
> }
> if (dispc->feat->subrev == DISPC_K2G)
> return;
>
> - dispc_write(dispc, DISPC_IRQSTATUS, top_clear);
> + /* always clear the top level irqstatus */
> + dispc_write(dispc, DISPC_IRQSTATUS, dispc_read(dispc, DISPC_IRQSTATUS));
>
> /* Flush posted writes */
> dispc_read(dispc, DISPC_IRQSTATUS);
>
>
--
Jonathan Cormier
Senior Software Engineer
Voice: 315.425.4045 x222
http://www.CriticalLink.com
6712 Brooklawn Parkway, Syracuse, NY 13211
^ permalink raw reply [flat|nested] 591+ messages in thread
* Re: [PATCH 6.1] 6.1.129-rc1 review
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (579 preceding siblings ...)
2025-02-19 11:18 ` Peter Schneider
@ 2025-02-19 18:30 ` Hardik Garg
2025-02-20 10:38 ` Greg KH
2025-02-19 20:13 ` [PATCH 6.1 000/578] " Slade Watkins
` (5 subsequent siblings)
586 siblings, 1 reply; 591+ messages in thread
From: Hardik Garg @ 2025-02-19 18:30 UTC (permalink / raw)
To: gregkh
Cc: akpm, broonie, conor, f.fainelli, hargar, jonathanh, linux-kernel,
linux, lkft-triage, patches, patches, pavel, rwarsow, shuah, srw,
stable, sudipm.mukherjee, torvalds
The kernel, bpf tool, and kselftest builds fine for v6.1.129-rc1 on x86 Azure VM.
perf build fails with the following error:
CC util/trace-event-parse.o
util/namespaces.c: In function 'nsinfo__set_in_pidns':
util/namespaces.c:247:9: error: implicit declaration of function 'RC_CHK_ACCESS' [-Werror=implicit-function-declaration]
247 | RC_CHK_ACCESS(nsi)->in_pidns = true;
| ^~~~~~~~~~~~~
util/namespaces.c:247:27: error: invalid type argument of '->' (have 'int')
247 | RC_CHK_ACCESS(nsi)->in_pidns = true;
| ^~
cc1: all warnings being treated as errors
make[5]: *** [/home/hgarg2/upstream-kernel/linux-stable-rc/tools/build/Makefile.build:97: util/namespaces.o] Error 1
make[5]: *** Waiting for unfinished jobs....
CC tests/unit_number__scnprintf.o
Tested-by: Hardik Garg <hargar@linux.microsoft.com>
Thanks,
Hardik
^ permalink raw reply [flat|nested] 591+ messages in thread
* Re: [PATCH 6.1 000/578] 6.1.129-rc1 review
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (580 preceding siblings ...)
2025-02-19 18:30 ` [PATCH 6.1] " Hardik Garg
@ 2025-02-19 20:13 ` Slade Watkins
2025-02-19 22:34 ` Ron Economos
` (4 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Slade Watkins @ 2025-02-19 20:13 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, rwarsow, conor, hargar, broonie
On Wed, Feb 19, 2025 at 4:05 AM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.1.129 release.
> There are 578 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
Hi Greg,
No regressions or any sort of issues to speak of. Builds fine on my
x86_64 test machine.
Tested-by: Slade Watkins <srw@sladewatkins.net>
All the best,
Slade
^ permalink raw reply [flat|nested] 591+ messages in thread
* Re: [PATCH 6.1 000/578] 6.1.129-rc1 review
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (581 preceding siblings ...)
2025-02-19 20:13 ` [PATCH 6.1 000/578] " Slade Watkins
@ 2025-02-19 22:34 ` Ron Economos
2025-02-19 23:08 ` Mark Brown
` (3 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Ron Economos @ 2025-02-19 22:34 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, hargar, broonie
On 2/19/25 00:20, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.1.129 release.
> There are 578 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Feb 2025 08:25:11 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.129-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos <re@w6rz.net>
^ permalink raw reply [flat|nested] 591+ messages in thread
* Re: [PATCH 6.1 000/578] 6.1.129-rc1 review
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (582 preceding siblings ...)
2025-02-19 22:34 ` Ron Economos
@ 2025-02-19 23:08 ` Mark Brown
2025-02-19 23:29 ` Jon Hunter
` (2 subsequent siblings)
586 siblings, 0 replies; 591+ messages in thread
From: Mark Brown @ 2025-02-19 23:08 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, hargar
[-- Attachment #1: Type: text/plain, Size: 348 bytes --]
On Wed, Feb 19, 2025 at 09:20:04AM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.1.129 release.
> There are 578 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
Reviewed-by: Mark Brown <broonie@kernel.org>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 591+ messages in thread
* Re: [PATCH 6.1 000/578] 6.1.129-rc1 review
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (583 preceding siblings ...)
2025-02-19 23:08 ` Mark Brown
@ 2025-02-19 23:29 ` Jon Hunter
2025-02-20 9:16 ` Naresh Kamboju
2025-02-20 16:15 ` Shuah Khan
586 siblings, 0 replies; 591+ messages in thread
From: Jon Hunter @ 2025-02-19 23:29 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, hargar, broonie,
linux-tegra, stable
On Wed, 19 Feb 2025 09:20:04 +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.1.129 release.
> There are 578 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Feb 2025 08:25:11 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.129-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v6.1:
10 builds: 10 pass, 0 fail
26 boots: 26 pass, 0 fail
115 tests: 115 pass, 0 fail
Linux version: 6.1.129-rc1-ga377a8af64e7
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
tegra20-ventana, tegra210-p2371-2180,
tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
^ permalink raw reply [flat|nested] 591+ messages in thread
* Re: [PATCH 6.1 000/578] 6.1.129-rc1 review
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (584 preceding siblings ...)
2025-02-19 23:29 ` Jon Hunter
@ 2025-02-20 9:16 ` Naresh Kamboju
2025-02-20 16:15 ` Shuah Khan
586 siblings, 0 replies; 591+ messages in thread
From: Naresh Kamboju @ 2025-02-20 9:16 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, hargar, broonie
On Wed, 19 Feb 2025 at 14:35, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.1.129 release.
> There are 578 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Feb 2025 08:25:11 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.129-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
## Build
* kernel: 6.1.129-rc1
* git: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
* git commit: a377a8af64e7b08203073eef8cb7633b9c1b9af0
* git describe: v6.1.128-579-ga377a8af64e7
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.1.y/build/v6.1.128-579-ga377a8af64e7
## Test Regressions (compared to v6.1.126-65-gc5148ca733b3)
## Metric Regressions (compared to v6.1.126-65-gc5148ca733b3)
## Test Fixes (compared to v6.1.126-65-gc5148ca733b3)
## Metric Fixes (compared to v6.1.126-65-gc5148ca733b3)
## Test result summary
total: 29597, pass: 22716, fail: 1253, skip: 5516, xfail: 112
## Build Summary
* arc: 5 total, 5 passed, 0 failed
* arm: 133 total, 133 passed, 0 failed
* arm64: 20 total, 20 passed, 0 failed
* i386: 26 total, 22 passed, 4 failed
* mips: 24 total, 24 passed, 0 failed
* parisc: 3 total, 3 passed, 0 failed
* powerpc: 31 total, 30 passed, 1 failed
* riscv: 9 total, 9 passed, 0 failed
* s390: 11 total, 11 passed, 0 failed
* sh: 12 total, 10 passed, 2 failed
* sparc: 6 total, 6 passed, 0 failed
* x86_64: 32 total, 32 passed, 0 failed
## Test suites summary
* boot
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-exec
* kselftest-fpu
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-kcmp
* kselftest-membarrier
* kselftest-memfd
* kselftest-mincore
* kselftest-mqueue
* kselftest-net
* kselftest-net-mptcp
* kselftest-openat2
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-seccomp
* kselftest-sigaltstack
* kselftest-size
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user_events
* kselftest-vDSO
* kselftest-x86
* kunit
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-build-clang
* log-parser-build-gcc
* log-parser-test
* ltp-capability
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-crypto
* ltp-cve
* ltp-fcntl-locktests
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-hugetlb
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-pty
* ltp-sched
* ltp-smoke
* ltp-syscalls
* ltp-tracing
* perf
* rcutorture
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 591+ messages in thread
* Re: [PATCH 6.1] 6.1.129-rc1 review
2025-02-19 18:30 ` [PATCH 6.1] " Hardik Garg
@ 2025-02-20 10:38 ` Greg KH
0 siblings, 0 replies; 591+ messages in thread
From: Greg KH @ 2025-02-20 10:38 UTC (permalink / raw)
To: Hardik Garg
Cc: akpm, broonie, conor, f.fainelli, hargar, jonathanh, linux-kernel,
linux, lkft-triage, patches, patches, pavel, rwarsow, shuah, srw,
stable, sudipm.mukherjee, torvalds
On Wed, Feb 19, 2025 at 10:30:28AM -0800, Hardik Garg wrote:
> The kernel, bpf tool, and kselftest builds fine for v6.1.129-rc1 on x86 Azure VM.
>
> perf build fails with the following error:
> CC util/trace-event-parse.o
> util/namespaces.c: In function 'nsinfo__set_in_pidns':
> util/namespaces.c:247:9: error: implicit declaration of function 'RC_CHK_ACCESS' [-Werror=implicit-function-declaration]
> 247 | RC_CHK_ACCESS(nsi)->in_pidns = true;
> | ^~~~~~~~~~~~~
> util/namespaces.c:247:27: error: invalid type argument of '->' (have 'int')
> 247 | RC_CHK_ACCESS(nsi)->in_pidns = true;
> | ^~
> cc1: all warnings being treated as errors
> make[5]: *** [/home/hgarg2/upstream-kernel/linux-stable-rc/tools/build/Makefile.build:97: util/namespaces.o] Error 1
> make[5]: *** Waiting for unfinished jobs....
> CC tests/unit_number__scnprintf.o
>
>
> Tested-by: Hardik Garg <hargar@linux.microsoft.com>
Ugh, I'm just going to drop all perf patches from 6.1.y for now.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 591+ messages in thread
* Re: [PATCH 6.1 000/578] 6.1.129-rc1 review
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
` (585 preceding siblings ...)
2025-02-20 9:16 ` Naresh Kamboju
@ 2025-02-20 16:15 ` Shuah Khan
586 siblings, 0 replies; 591+ messages in thread
From: Shuah Khan @ 2025-02-20 16:15 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, hargar, broonie, Shuah Khan
On 2/19/25 01:20, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.1.129 release.
> There are 578 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Feb 2025 08:25:11 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.129-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 591+ messages in thread
end of thread, other threads:[~2025-02-20 16:15 UTC | newest]
Thread overview: 591+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-19 8:20 [PATCH 6.1 000/578] 6.1.129-rc1 review Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 001/578] powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 002/578] afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 003/578] afs: Fix directory format encoding struct Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 004/578] fs: fix proc_handler for sysctl_nr_open Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 005/578] block: retry call probe after request_module in blk_request_module Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 006/578] nbd: dont allow reconnect after disconnect Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 007/578] pstore/blk: trivial typo fixes Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 008/578] nvme: Add error check for xa_store in nvme_get_effects_log Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 009/578] selftests/powerpc: Fix argument order to timer_sub() Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 010/578] partitions: ldm: remove the initial kernel-doc notation Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 011/578] select: Fix unbalanced user_access_end() Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 012/578] afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 013/578] sched/psi: Use task->psi_flags to clear in CPU migration Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 014/578] sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 015/578] drm/msm/dp: set safe_to_exit_level before printing it Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 016/578] drm/etnaviv: Fix page property being used for non writecombine buffers Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 017/578] HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 018/578] drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 019/578] drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 020/578] drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 021/578] drm/rockchip: vop2: Set YUV/RGB overlay mode Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 022/578] drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 023/578] drm/rockchip: vop2: Fix the windows switch between different layers Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 024/578] drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 025/578] OPP: Rearrange entries in pm_opp.h Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 026/578] OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 027/578] OPP: Introduce dev_pm_opp_get_freq_indexed() API Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 028/578] OPP: Add dev_pm_opp_find_freq_exact_indexed() Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 029/578] OPP: Reuse dev_pm_opp_get_freq_indexed() Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 030/578] OPP: add index check to assert to avoid buffer overflow in _read_freq() Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 031/578] OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 032/578] drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 033/578] genirq: Make handle_enforce_irqctx() unconditionally available Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 034/578] ipmi: ipmb: Add check devm_kasprintf() returned value Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 035/578] wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 036/578] wifi: rtlwifi: do not complete firmware loading needlessly Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 037/578] wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 038/578] wifi: rtlwifi: wait for firmware loading before releasing memory Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 039/578] wifi: rtlwifi: fix init_sw_vars leak when probe fails Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 040/578] wifi: rtlwifi: usb: fix workqueue " Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 041/578] wifi: wcn36xx: fix channel survey memory allocation size Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 042/578] net_sched: sch_sfq: annotate data-races around q->perturb_period Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 043/578] net_sched: sch_sfq: handle bigger packets Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 044/578] net_sched: sch_sfq: dont allow 1 packet limit Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 045/578] spi: zynq-qspi: Add check for clk_enable() Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 046/578] dt-bindings: mmc: controller: clarify the address-cells description Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 047/578] dt-bindings: leds: class-multicolor: Fix path to color definitions Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 048/578] wifi: rtlwifi: remove unused timer and related code Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 049/578] wifi: rtlwifi: remove unused dualmac control leftovers Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 050/578] wifi: rtlwifi: remove unused check_buddy_priv Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 051/578] wifi: rtlwifi: destroy workqueue at rtl_deinit_core Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 052/578] wifi: rtlwifi: fix memory leaks and invalid access at probe error path Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 053/578] wifi: rtlwifi: pci: wait for firmware loading before releasing memory Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 054/578] HID: multitouch: fix support for Goodix PID 0x01e9 Greg Kroah-Hartman
2025-02-19 8:20 ` [PATCH 6.1 055/578] regulator: dt-bindings: mt6315: Drop regulator-compatible property Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 056/578] ACPI: fan: cleanup resources in the error path of .probe() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 057/578] cpupower: fix TSC MHz calculation Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 058/578] dt-bindings: mfd: bd71815: Fix rsense and typos Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 059/578] leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 060/578] inetpeer: remove create argument of inet_getpeer_v[46]() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 061/578] inetpeer: remove create argument of inet_getpeer() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 062/578] inetpeer: update inetpeer timestamp in inet_getpeer() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 063/578] inetpeer: do not get a refcount " Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 064/578] pwm: stm32-lp: Add check for clk_enable() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 065/578] cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 066/578] clk: imx8mp: Fix clkout1/2 support Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 067/578] team: prevent adding a device which is already a team device lower Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 068/578] regulator: of: Implement the unwind path of of_regulator_match() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 069/578] ax25: rcu protect dev->ax25_ptr Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 070/578] OPP: OF: Fix an OF node leak in _opp_add_static_v2() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 071/578] clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 072/578] HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 073/578] mfd: syscon: Remove extern from function prototypes Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 074/578] mfd: syscon: Add of_syscon_register_regmap() API Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 075/578] mfd: syscon: Use scoped variables with memory allocators to simplify error paths Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 076/578] mfd: syscon: Fix race in device_node_get_regmap() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 077/578] samples/landlock: Fix possible NULL dereference in parse_path() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 078/578] wifi: wlcore: fix unbalanced pm_runtime calls Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 079/578] wifi: mac80211: prohibit deactivating all links Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 080/578] wifi: mac80211: Fix common size calculation for ML element Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 081/578] net/smc: fix data error when recvmsg with MSG_PEEK flag Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 082/578] landlock: Handle weird files Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 083/578] wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 084/578] wifi: mt76: mt7921: fix using incorrect group cipher after disconnection Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 085/578] wifi: mt76: mt7915: fix register mapping Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 086/578] cpufreq: ACPI: Fix max-frequency computation Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 087/578] selftests: timers: clocksource-switch: Adapt progress to kselftest framework Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 088/578] selftests: harness: fix printing of mismatch values in __EXPECT() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 089/578] wifi: cfg80211: Handle specific BSSID in 6GHz scanning Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 090/578] wifi: cfg80211: adjust allocation of colocated AP data Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 091/578] clk: analogbits: Fix incorrect calculation of vco rate delta Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 092/578] pwm: stm32: Add check for clk_enable() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 093/578] selftests/landlock: Fix error message Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 094/578] net: let net.core.dev_weight always be non-zero Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 095/578] net/mlxfw: Drop hard coded max FW flash image size Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 096/578] net: avoid race between device unregistration and ethnl ops Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 097/578] net: sched: Disallow replacing of child qdisc from one parent to another Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 098/578] netfilter: nft_flow_offload: update tcp state flags under lock Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 099/578] net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 100/578] tcp_cubic: fix incorrect HyStart round start detection Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 101/578] net/rose: prevent integer overflows in rose_setsockopt() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 102/578] libbpf: dont adjust USDT semaphore address if .stapsdt.base addr is missing Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 103/578] tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 104/578] libbpf: Fix segfault due to libelf functions not setting errno Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 105/578] ASoC: sun4i-spdif: Add clock multiplier settings Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 106/578] perf header: Fix one memory leakage in process_bpf_btf() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 107/578] perf header: Fix one memory leakage in process_bpf_prog_info() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 108/578] perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 109/578] ASoC: renesas: rz-ssi: Use only the proper amount of dividers Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 110/578] ktest.pl: Remove unused declarations in run_bisect_test function Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 111/578] crypto: hisilicon/sec2 - optimize the error return process Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 112/578] crypto: hisilicon/sec2 - fix for aead icv error Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 113/578] crypto: hisilicon/sec2 - fix for aead invalid authsize Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 114/578] crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() Greg Kroah-Hartman
2025-02-19 8:21 ` [PATCH 6.1 115/578] padata: fix sysfs store callback check Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 116/578] perf top: Dont complain about lack of vmlinux when not resolving some kernel samples Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 117/578] perf namespaces: Introduce nsinfo__set_in_pidns() Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 118/578] perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 119/578] ASoC: Intel: avs: Fix theoretical infinite loop Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 120/578] perf report: Fix misleading help message about --demangle Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 121/578] pinctrl: stm32: set default gpio line names using pin names Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 122/578] pinctrl: stm32: Add check for devm_kcalloc Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 123/578] pinctrl: stm32: check devm_kasprintf() returned value Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 124/578] pinctrl: stm32: Add check for clk_enable() Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 125/578] bpf: Send signals asynchronously if !preemptible Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 126/578] bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 127/578] ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 128/578] padata: fix UAF in padata_reorder Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 129/578] padata: add pd get/put refcnt helper Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 130/578] padata: avoid UAF for reorder_work Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 131/578] smb: client: fix oops due to unset link speed Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 132/578] soc: atmel: fix device_node release in atmel_soc_device_init() Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 133/578] ARM: at91: pm: change BU Power Switch to automatic mode Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 134/578] arm64: dts: mt8183: set DMIC one-wire mode on Damu Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 135/578] arm64: dts: mediatek: mt8516: fix GICv2 range Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 136/578] arm64: dts: mediatek: mt8516: fix wdt irq type Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 137/578] arm64: dts: mediatek: mt8516: add i2c clock-div property Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 138/578] arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 139/578] RDMA/mlx4: Avoid false error about access to uninitialized gids array Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 140/578] rdma/cxgb4: Prevent potential integer overflow on 32bit Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 141/578] arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 142/578] arm64: dts: mediatek: mt8173-elm: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 143/578] arm64: dts: mediatek: mt8192-asurada: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 144/578] arm64: dts: mediatek: mt8195-cherry: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 145/578] arm64: dts: mediatek: mt8195-demo: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 146/578] arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 147/578] arm64: dts: mediatek: mt8173-evb: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 148/578] arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 149/578] arm64: dts: mediatek: mt8183: willow: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 150/578] RDMA/srp: Fix error handling in srp_add_port Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 151/578] memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 152/578] arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 153/578] arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 154/578] arm64: dts: qcom: msm8996: Fix up USB3 interrupts Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 155/578] arm64: dts: qcom: msm8994: Describe USB interrupts Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 156/578] arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 157/578] arm64: dts: qcom: msm8916: correct sleep clock frequency Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 158/578] arm64: dts: qcom: msm8994: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 159/578] arm64: dts: qcom: sc7280: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 160/578] arm64: dts: qcom: sm6125: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 161/578] arm64: dts: qcom: sm8250: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 162/578] arm64: dts: qcom: sm8350: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 163/578] arm64: dts: qcom: sm8450: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 164/578] arm64: dts: ti: k3-am62: Remove duplicate GICR reg Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 165/578] arm64: dts: ti: k3-am62a: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 166/578] arm64: dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 167/578] arm64: dts: qcom: sc7180-idp: use just "port" in panel Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 168/578] arm64: dts: qcom: sc7180-trogdor-quackingstick: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 169/578] arm64: dts: qcom: sc7180-trogdor-wormdingler: " Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 170/578] arm64: dts: qcom: sc7180: Dont enable lpass clocks by default Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 171/578] arm64: dts: qcom: sc7180: Drop redundant disable in mdp Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 172/578] arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 173/578] arm64: dts: qcom: pm6150l: add temp sensor and thermal zone config Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 174/578] arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays Greg Kroah-Hartman
2025-02-19 8:22 ` [PATCH 6.1 175/578] arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 176/578] arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 177/578] arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 178/578] dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 179/578] arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 180/578] arm64: dts: qcom: sm8250: " Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 181/578] ARM: dts: mediatek: mt7623: fix IR nodename Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 182/578] fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 183/578] RDMA/mlx5: Fix indirect mkey ODP page count Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 184/578] of: reserved-memory: Do not make kmemleak ignore freed address Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 185/578] efi: sysfb_efi: fix W=1 warnings when EFI is not set Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 186/578] RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 187/578] iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 188/578] media: rc: iguanair: handle timeouts Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 189/578] media: lmedm04: Handle errors for lme2510_int_read Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 190/578] PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 191/578] media: marvell: Add check for clk_enable() Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 192/578] media: i2c: imx412: Add missing newline to prints Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 193/578] media: i2c: ov9282: Correct the exposure offset Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 194/578] media: mipi-csis: Add check for clk_enable() Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 195/578] media: camif-core: " Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 196/578] media: uvcvideo: Propagate buf->error to userspace Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 197/578] mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 198/578] mtd: hyperbus: hbmc-am654: fix an OF node reference leak Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 199/578] staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 200/578] PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 201/578] PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 202/578] PCI: epf-test: Simplify DMA support checks Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 203/578] PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 204/578] scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 205/578] scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 206/578] ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 207/578] module: Extend the preempt disabled section in dereference_symbol_descriptor() Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 208/578] serial: 8250: Adjust the timeout for FIFO mode Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 209/578] NFSv4.2: fix COPY_NOTIFY xdr buf size calculation Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 210/578] NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 211/578] tools/bootconfig: Fix the wrong format specifier Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 212/578] xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 213/578] dmaengine: ti: edma: fix OF node reference leaks in edma_driver Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 214/578] rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 215/578] ubifs: skip dumping tnc tree when zroot is null Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 216/578] regulator: core: Add missing newline character Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 217/578] net: hns3: fix oops when unload drivers paralleling Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 218/578] gpio: mxc: remove dead code after switch to DT-only Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 219/578] net: fec: implement TSO descriptor cleanup Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 220/578] ipmr: do not call mr_mfc_uses_dev() for unres entries Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 221/578] PM: hibernate: Add error handling for syscore_suspend() Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 222/578] iavf: allow changing VLAN state without calling PF Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 223/578] net: rose: fix timer races against user threads Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 224/578] net: netdevsim: try to close UDP port harness races Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 225/578] vxlan: Fix uninit-value in vxlan_vnifilter_dump() Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 226/578] net: davicom: fix UAF in dm9000_drv_remove Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 227/578] perf trace: Fix runtime error of index out of bounds Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 228/578] bgmac: reduce max frame size to support just MTU 1500 Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 229/578] net: sh_eth: Fix missing rtnl lock in suspend/resume path Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 230/578] net: hsr: fix fill_frame_info() regression vs VLAN packets Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 231/578] genksyms: fix memory leak when the same symbol is added from source Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 232/578] genksyms: fix memory leak when the same symbol is read from *.symref file Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 233/578] ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 234/578] kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST Greg Kroah-Hartman
2025-02-19 8:23 ` [PATCH 6.1 235/578] kconfig: add warn-unknown-symbols sanity check Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 236/578] kconfig: require a space after # for valid input Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 237/578] kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 238/578] kconfig: deduplicate code " Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 239/578] kconfig: WERROR unmet symbol dependency Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 240/578] kconfig: fix memory leak in sym_warn_unmet_dep() Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 241/578] hexagon: fix using plain integer as NULL pointer warning in cmpxchg Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 242/578] hexagon: Fix unbalanced spinlock in die() Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 243/578] f2fs: Introduce linear search for dentries Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 244/578] NFSD: Reset cb_seq_status after NFS4ERR_DELAY Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 245/578] kbuild: switch from lz4c to lz4 for compression Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 246/578] netfilter: nf_tables: reject mismatching sum of field_len with set key length Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 247/578] nvme: fix metadata handling in nvme-passthrough Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 248/578] drm/amd/display: fix double free issue during amdgpu module unload Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 249/578] ktest.pl: Check kernelrelease return in get_version Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 250/578] ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 251/578] net: usb: rtl8150: enable basic endpoint checking Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 252/578] usb: xhci: Fix NULL pointer dereference on certain command aborts Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 253/578] drivers/card_reader/rtsx_usb: Restore interrupt based detection Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 254/578] usb: gadget: f_tcm: Fix Get/SetInterface return value Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 255/578] usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 256/578] usb: dwc3: core: Defer the probe until USB power supply ready Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 257/578] usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 258/578] usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 259/578] mptcp: consolidate suboption status Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 260/578] mptcp: handle fastopen disconnect correctly Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 261/578] remoteproc: core: Fix ida_free call while not allocated Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 262/578] media: uvcvideo: Fix double free in error path Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 263/578] usb: gadget: f_tcm: Dont free command immediately Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 264/578] staging: media: max96712: fix kernel oops when removing module Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 265/578] media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 266/578] btrfs: output the reason for open_ctree() failure Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 267/578] ptp: Properly handle compat ioctls Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 268/578] s390: Add -std=gnu11 to decompressor and purgatory CFLAGS Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 269/578] pinctrl: stm32: fix array read out of bound Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 270/578] btrfs: fix use-after-free when attempting to join an aborted transaction Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 271/578] arm64/mm: Ensure adequate HUGE_MAX_HSTATE Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 272/578] exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 273/578] btrfs: fix data race when accessing the inodes disk_i_size at btrfs_drop_extents() Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 274/578] btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 275/578] sched: Dont try to catch up excess steal time Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 276/578] lockdep: Fix upper limit for LOCKDEP_*_BITS configs Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 277/578] x86/amd_nb: Restrict init function to AMD-based systems Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 278/578] drm/virtio: New fence for every plane update Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 279/578] printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 280/578] drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 281/578] drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 282/578] drm/bridge: it6505: fix HDCP Bstatus check Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 283/578] drm/bridge: it6505: fix HDCP encryption when R0 ready Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 284/578] drm/bridge: it6505: fix HDCP CTS compare V matching Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 285/578] safesetid: check size of policy writes Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 286/578] tun: fix group permission check Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 287/578] mmc: core: Respect quirk_max_rate for non-UHS SDIO card Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 288/578] wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 289/578] tomoyo: dont emit warning in tomoyo_write_control() Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 290/578] mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 291/578] HID: Wacom: Add PCI Wacom device support Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 292/578] net/mlx5: use do_aux_work for PHC overflow checks Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 293/578] wifi: brcmfmac: Check the return value of of_property_read_string_index() Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 294/578] wifi: iwlwifi: avoid memory leak Greg Kroah-Hartman
2025-02-19 8:24 ` [PATCH 6.1 295/578] i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 296/578] APEI: GHES: Have GHES honor the panic= setting Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 297/578] Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 298/578] net: wwan: iosm: Fix hibernation by re-binding the driver around it Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 299/578] mmc: sdhci-msm: Correctly set the load for the regulator Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 300/578] tipc: re-order conditions in tipc_crypto_key_rcv() Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 301/578] selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 302/578] x86/kexec: Allocate PGD for x86_64 transition page tables separately Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 303/578] iommu/arm-smmu-v3: Clean up more on probe failure Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 304/578] platform/x86: int3472: Check for adev == NULL Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 305/578] ASoC: soc-pcm: dont use soc_pcm_ret() on .prepare callback Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 306/578] ASoC: amd: Add ACPI dependency to fix build error Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 307/578] Input: allocate keycode for phone linking Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 308/578] platform/x86: acer-wmi: Ignore AC events Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 309/578] KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map() Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 310/578] KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 311/578] KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 312/578] KVM: e500: always restore irqs Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 313/578] usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning void Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 314/578] usb: chipidea: ci_hdrc_imx: decrement devices refcount in .remove() and in the error path of .probe() Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 315/578] net/ncsi: Add NC-SI 1.2 Get MC MAC Address command Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 316/578] net/ncsi: fix locking in Get MAC Address handling Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 317/578] gpio: xilinx: Convert to immutable irq_chip Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 318/578] gpio: xilinx: Convert gpio_lock to raw spinlock Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 319/578] xfs: report realtime block quota limits on realtime directories Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 320/578] xfs: dont over-report free space or inodes in statvfs Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 321/578] nvme: handle connectivity loss in nvme_set_queue_count Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 322/578] firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 323/578] gpu: drm_dp_cec: fix broken CEC adapter properties check Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 324/578] tg3: Disable tg3 PCIe AER on system reboot Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 325/578] udp: gso: do not drop small packets when PMTU reduces Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 326/578] gpio: pca953x: Improve interrupt support Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 327/578] net: atlantic: fix warning during hot unplug Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 328/578] net: rose: lock the socket in rose_bind() Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 329/578] x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 330/578] x86/xen: add FRAME_END to xen_hypercall_hvm() Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 331/578] ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 332/578] netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 333/578] tun: revert fix group permission check Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 334/578] net: sched: Fix truncation of offloaded action statistics Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 335/578] cpufreq: s3c64xx: Fix compilation warning Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 336/578] leds: lp8860: Write full EEPROM, not only half of it Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 337/578] ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 338/578] drm/modeset: Handle tiled displays in pan_display_atomic Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 339/578] smb: client: change lease epoch type from unsigned int to __u16 Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 340/578] s390/futex: Fix FUTEX_OP_ANDN implementation Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 341/578] m68k: vga: Fix I/O defines Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 342/578] fs/proc: do_task_stat: Fix ESP not readable during coredump Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 343/578] binfmt_flat: Fix integer overflow bug on 32 bit systems Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 344/578] drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 345/578] arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 346/578] KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 347/578] KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 348/578] ksmbd: fix integer overflows on 32 bit systems Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 349/578] drm/amd/pm: Mark MM activity as unsupported Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 350/578] Revert "drm/amd/display: Use HW lock mgr for PSR1" Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 351/578] drm/i915/guc: Debug print LRC state entries only if the context is pinned Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 352/578] drm/komeda: Add check for komeda_get_layer_fourcc_list() Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 353/578] drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 354/578] Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Greg Kroah-Hartman
2025-02-19 8:25 ` [PATCH 6.1 355/578] Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 356/578] clk: sunxi-ng: a100: enable MMC clock reparenting Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 357/578] clk: qcom: clk-alpha-pll: fix alpha mode configuration Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 358/578] clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 359/578] clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 360/578] clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 361/578] clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 362/578] blk-cgroup: Fix class @block_classs subsystem refcount leakage Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 363/578] efi: libstub: Use -std=gnu11 to fix build with GCC 15 Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 364/578] perf bench: Fix undefined behavior in cmpworker() Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 365/578] scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 366/578] of: Correct child specifier used as input of the 2nd nexus node Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 367/578] of: Fix of_find_node_opts_by_path() handling of alias+path+options Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 368/578] of: reserved-memory: Fix using wrong number of cells to get property alignment Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 369/578] HID: hid-sensor-hub: dont use stale platform-data on remove Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 370/578] wifi: rtlwifi: rtl8821ae: Fix media status report Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 371/578] wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 372/578] usb: gadget: f_tcm: Translate error to sense Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 373/578] usb: gadget: f_tcm: Decrement command ref count on cleanup Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 374/578] usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 375/578] usb: gadget: f_tcm: Dont prepare BOT write request twice Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 376/578] ASoC: acp: Support microphone from Lenovo Go S Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 377/578] soc: qcom: socinfo: Avoid out of bounds read of serial number Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 378/578] serial: sh-sci: Drop __initdata macro for port_cfg Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 379/578] serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 380/578] MIPS: Loongson64: remove ROM Size unit in boardinfo Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 381/578] powerpc/pseries/eeh: Fix get PE state translation Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 382/578] dm-crypt: dont update io->sector after kcryptd_crypt_write_io_submit() Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 383/578] dm-crypt: track tag_offset in convert_context Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 384/578] mips/math-emu: fix emulation of the prefx instruction Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 385/578] block: dont revert iter for -EIOCBQUEUED Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 386/578] Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 387/578] ALSA: hda/realtek: Enable headset mic on Positivo C6400 Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 388/578] ALSA: hda: Fix headset detection failure due to unstable sort Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 389/578] arm64: tegra: Fix Tegra234 PCIe interrupt-map Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 390/578] PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 391/578] nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 392/578] nvme-pci: Add TUXEDO IBP Gen9 " Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 393/578] scsi: qla2xxx: Move FCE Trace buffer allocation to user control Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 394/578] scsi: storvsc: Set correct data length for sending SCSI command without payload Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 395/578] kbuild: Move -Wenum-enum-conversion to W=2 Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 396/578] x86/boot: Use -std=gnu11 to fix build with GCC 15 Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 397/578] arm64: dts: qcom: sm6350: Fix ADSP memory length Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 398/578] arm64: dts: qcom: sm6350: Fix MPSS " Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 399/578] arm64: dts: qcom: sm8350: " Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 400/578] arm64: dts: qcom: sm8450: " Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 401/578] crypto: qce - fix priority to be less than ARMv8 CE Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 402/578] arm64: tegra: Disable Tegra234 sce-fabric node Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 403/578] xfs: Add error handling for xfs_reflink_cancel_cow_range Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 404/578] ACPI: PRM: Remove unnecessary strict handler address checks Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 405/578] rv: Reset per-task monitors also for idle tasks Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 406/578] kfence: skip __GFP_THISNODE allocations on NUMA systems Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 407/578] media: ccs: Clean up parsed CCS static data on parse failure Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 408/578] iio: light: as73211: fix channel handling in only-color triggered buffer Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 409/578] soc: qcom: smem_state: fix missing of_node_put in error path Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 410/578] media: mc: fix endpoint iteration Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 411/578] media: ov5640: fix get_light_freq on auto Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 412/578] media: ccs: Fix CCS static data parsing for large block sizes Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 413/578] media: ccs: Fix cleanup order in ccs_probe() Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 414/578] media: uvcvideo: Fix event flags in uvc_ctrl_send_events Greg Kroah-Hartman
2025-02-19 8:26 ` [PATCH 6.1 415/578] media: uvcvideo: Remove redundant NULL assignment Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 416/578] mm: kmemleak: fix upper boundary check for physical address objects Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 417/578] ata: libata-sff: Ensure that we cannot write outside the allocated buffer Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 418/578] crypto: qce - fix goto jump in error path Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 419/578] crypto: qce - unregister previously registered algos " Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 420/578] nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 421/578] nvmem: core: improve range check for nvmem_cell_write() Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 422/578] io_uring/net: dont retry connect operation on EPOLLERR Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 423/578] vfio/platform: check the bounds of read/write syscalls Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 424/578] selftests: mptcp: connect: -f: no reconnect Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 425/578] pnfs/flexfiles: retry getting layout segment for reads Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 426/578] ocfs2: fix incorrect CPU endianness conversion causing mount failure Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 427/578] ocfs2: handle a symlink read error correctly Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 428/578] nilfs2: fix possible int overflows in nilfs_fiemap() Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 429/578] mailbox: tegra-hsp: Clear mailbox before using message Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 430/578] NFC: nci: Add bounds checking in nci_hci_create_pipe() Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 431/578] i3c: master: Fix missing ret assignment in set_speed() Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 432/578] irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 433/578] mtd: onenand: Fix uninitialized retlen in do_otp_read() Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 434/578] misc: fastrpc: Deregister device nodes properly in error scenarios Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 435/578] misc: fastrpc: Fix registered buffer page address Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 436/578] misc: fastrpc: Fix copy buffer page size Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 437/578] net/ncsi: wait for the last response to Deselect Package before configuring channel Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 438/578] net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 439/578] rtla/osnoise: Distinguish missing workload option Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 440/578] rtla: Add trace_instance_stop Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 441/578] rtla/timerlat_hist: Stop timerlat tracer on signal Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 442/578] rtla/timerlat_top: " Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 443/578] pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 444/578] ptp: Ensure info->enable callback is always set Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 445/578] rtc: zynqmp: Fix optional clock name property Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 446/578] io_uring: fix multishots with selected buffers Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 447/578] io_uring: fix io_req_prep_async with provided buffers Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 448/578] io_uring/rw: commit provided buffer state on async Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 449/578] MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 450/578] net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 451/578] gpio: xilinx: remove excess kernel doc Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 452/578] ocfs2: check dir i_size in ocfs2_find_entry Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 453/578] cachefiles: Fix NULL pointer dereference in object->file Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 454/578] mptcp: pm: only set fullmesh for subflow endp Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 455/578] mptcp: prevent excessive coalescing on receive Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 456/578] tty: xilinx_uartps: split sysrq handling Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 457/578] maple_tree: fix static analyser cppcheck issue Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 458/578] maple_tree: simplify split calculation Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 459/578] pps: Fix a use-after-free Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 460/578] Revert "btrfs: avoid monopolizing a core when activating a swap file" Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 461/578] btrfs: avoid monopolizing a core when activating a swap file Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 462/578] nfsd: clear acl_access/acl_default after releasing them Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 463/578] NFSD: fix hang in nfsd4_shutdown_callback Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 464/578] pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 465/578] HID: multitouch: Add NULL check in mt_input_configured Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 466/578] HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 467/578] ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 468/578] ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 469/578] vrf: use RCU protection in l3mdev_l3_out() Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 470/578] vxlan: check vxlan_vnigroup_init() return value Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 471/578] team: better TEAM_OPTION_TYPE_STRING validation Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 472/578] arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 473/578] cgroup: Remove steal time from usage_usec Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 474/578] drm/i915/selftests: avoid using uninitialized context Greg Kroah-Hartman
2025-02-19 8:27 ` [PATCH 6.1 475/578] gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 476/578] gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 477/578] gpio: bcm-kona: Add missing newline to dev_err format string Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 478/578] xen/swiotlb: relax alignment requirements Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 479/578] xen: remove a confusing comment on auto-translated guest I/O Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 480/578] x86/xen: allow larger contiguous memory regions in PV guests Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 481/578] RDMA/efa: Reset device on probe failure Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 482/578] fbdev: omap: use threaded IRQ for LCD DMA Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 483/578] media: cxd2841er: fix 64-bit division on gcc-9 Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 484/578] media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 485/578] PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 486/578] PCI: switchtec: Add Microchip PCI100X device IDs Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 487/578] scsi: ufs: bsg: Set bsg_queue to NULL after removal Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 488/578] rtla/timerlat_hist: Abort event processing on second signal Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 489/578] rtla/timerlat_top: " Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 490/578] vfio/pci: Enable iowrite64 and ioread64 for vfio pci Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 491/578] Grab mm lock before grabbing pt lock Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 492/578] selftests: gpio: gpio-sim: Fix missing chip disablements Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 493/578] x86/mm/tlb: Only trim the mm_cpumask once a second Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 494/578] orangefs: fix a oob in orangefs_debug_write Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 495/578] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 496/578] batman-adv: fix panic during interface removal Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 497/578] batman-adv: Ignore neighbor throughput metrics in error case Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 498/578] batman-adv: Drop unmanaged ELP metric worker Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 499/578] drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 500/578] KVM: x86: Reject Hyper-Vs SEND_IPI hypercalls if local APIC isnt in-kernel Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 501/578] KVM: nSVM: Enter guest mode before initializing nested NPT MMU Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 502/578] perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 503/578] usb: dwc3: Fix timeout issue during controller enter/exit from halt state Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 504/578] usb: roles: set switch registered flag early on Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 505/578] usb: gadget: udc: renesas_usb3: Fix compiler warning Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 506/578] usb: dwc2: gadget: remove of_node reference upon udc_stop Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 507/578] USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 508/578] usb: core: fix pipe creation for get_bMaxPacketSize0 Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 509/578] USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 510/578] USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 511/578] usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 512/578] USB: hub: Ignore non-compliant devices with too many configs or interfaces Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 513/578] USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 514/578] usb: cdc-acm: Check control transfer buffer size before access Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 515/578] usb: cdc-acm: Fix handling of oversized fragments Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 516/578] USB: serial: option: add MeiG Smart SLM828 Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 517/578] USB: serial: option: add Telit Cinterion FN990B compositions Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 518/578] USB: serial: option: fix Telit Cinterion FN990A name Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 519/578] USB: serial: option: drop MeiG Smart defines Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 520/578] can: ctucanfd: handle skb allocation failure Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 521/578] can: c_can: fix unbalanced runtime PM disable in error path Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 522/578] can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 523/578] alpha: make stack 16-byte aligned (most cases) Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 524/578] efi: Avoid cold plugged memory for placing the kernel Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 525/578] cgroup: fix race between fork and cgroup.kill Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 526/578] serial: 8250: Fix fifo underflow on flush Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 527/578] alpha: align stack for page fault and user unaligned trap handlers Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 528/578] gpiolib: acpi: Add a quirk for Acer Nitro ANV14 Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 529/578] gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 530/578] partitions: mac: fix handling of bogus partition table Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 531/578] regmap-irq: Add missing kfree() Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 532/578] arm64: Handle .ARM.attributes section in linker scripts Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 533/578] mmc: mtk-sd: Fix register settings for hs400(es) mode Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 534/578] mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Greg Kroah-Hartman
2025-02-19 8:28 ` [PATCH 6.1 535/578] btrfs: fix hole expansion when writing at an offset beyond EOF Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 536/578] clocksource: Use pr_info() for "Checking clocksource synchronization" message Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 537/578] clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 538/578] ipv4: add RCU protection to ip4_dst_hoplimit() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 539/578] net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 540/578] net: add dev_net_rcu() helper Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 541/578] ipv4: use RCU protection in ipv4_default_advmss() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 542/578] ipv4: use RCU protection in rt_is_expired() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 543/578] ipv4: use RCU protection in inet_select_addr() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 544/578] net: ipv4: Cache pmtu for all packet paths if multipath enabled Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 545/578] ipv4: use RCU protection in __ip_rt_update_pmtu() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 546/578] ipv4: icmp: convert to dev_net_rcu() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 547/578] flow_dissector: use RCU protection to fetch dev_net() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 548/578] ipv6: use RCU protection in ip6_default_advmss() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 549/578] ndisc: use RCU protection in ndisc_alloc_skb() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 550/578] neighbour: delete redundant judgment statements Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 551/578] neighbour: use RCU protection in __neigh_notify() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 552/578] arp: use RCU protection in arp_xmit() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 553/578] openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 554/578] ndisc: extend RCU protection in ndisc_send_skb() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 555/578] ipv6: mcast: add RCU protection to mld_newpack() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 556/578] drm/tidss: Fix issue in irq handling causing irq-flood issue Greg Kroah-Hartman
2025-02-19 17:27 ` Jon Cormier
2025-02-19 8:29 ` [PATCH 6.1 557/578] drm/tidss: Clear the interrupt status for interrupts being disabled Greg Kroah-Hartman
2025-02-19 17:26 ` Jon Cormier
2025-02-19 8:29 ` [PATCH 6.1 558/578] drm/v3d: Stop active perfmon if it is being destroyed Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 559/578] kdb: Do not assume write() callback available Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 560/578] x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 561/578] iommu: Return right value in iommu_sva_bind_device() Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 562/578] arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 563/578] mm: gup: fix infinite loop within __get_longterm_locked Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 564/578] alpha: replace hardcoded stack offsets with autogenerated ones Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 565/578] i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 566/578] nilfs2: do not output warnings when clearing dirty buffers Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 567/578] nilfs2: do not force clear folio if buffer is referenced Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 568/578] nilfs2: protect access to buffers with no active references Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 569/578] can: ems_pci: move ASIX AX99100 ids to pci_ids.h Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 570/578] serial: 8250_pci: add support for ASIX AX99100 Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 571/578] parport_pc: " Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 572/578] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 573/578] netdevsim: print human readable IP address Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 574/578] selftests: rtnetlink: update netdevsim ipsec output format Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 575/578] ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 576/578] f2fs: fix to wait dio completion Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 577/578] drm/amd/display: Add NULL pointer check for kzalloc Greg Kroah-Hartman
2025-02-19 8:29 ` [PATCH 6.1 578/578] x86/i8253: Disable PIT timer 0 when not in use Greg Kroah-Hartman
2025-02-19 10:24 ` [PATCH 6.1 000/578] 6.1.129-rc1 review Pavel Machek
2025-02-19 11:18 ` Peter Schneider
2025-02-19 18:30 ` [PATCH 6.1] " Hardik Garg
2025-02-20 10:38 ` Greg KH
2025-02-19 20:13 ` [PATCH 6.1 000/578] " Slade Watkins
2025-02-19 22:34 ` Ron Economos
2025-02-19 23:08 ` Mark Brown
2025-02-19 23:29 ` Jon Hunter
2025-02-20 9:16 ` Naresh Kamboju
2025-02-20 16:15 ` Shuah Khan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).