October 2022 - Linux-stable-mirror

[PATCH] ext4: fix a NULL pointer when validating an inode bitmap

by Luís Henriques

It's possible to hit a NULL pointer exception while accessing the sb->s_group_info in ext4_validate_inode_bitmap(), when calling ext4_get_group_info(). EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended EXT4-fs error (device loop0): ext4_clear_blocks:866: inode #32: comm mount: attempt to clear invalid blocks 16777450 len 1 EXT4-fs error (device loop0): ext4_free_branches:1012: inode #32: comm mount: invalid indirect mapped block 1258291200 (level 1) EXT4-fs error (device loop0): ext4_free_branches:1012: inode #32: comm mount: invalid indirect mapped block 7379847 (level 2) BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:ext4_read_inode_bitmap+0x21b/0x5a0 ... Call Trace: <TASK> ext4_free_inode+0x172/0x5c0 ext4_evict_inode+0x4a5/0x730 evict+0xc1/0x1c0 ext4_setup_system_zone+0x2ea/0x380 ext4_fill_super+0x249f/0x3910 ? ext4_reconfigure+0x880/0x880 ? snprintf+0x49/0x60 ? ext4_reconfigure+0x880/0x880 get_tree_bdev+0x169/0x260 vfs_get_tree+0x16/0x70 path_mount+0x77d/0xa30 __x64_sys_mount+0x101/0x140 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Fix the issue by adding an extra NULL check. And, while there, also ensure the right error code (-EFSCORRUPTED) is propagated to user-space. EUCLEAN is more informative than ENOMEM. CC: stable(a)vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=216541 Signed-off-by: Luís Henriques <lhenriques(a)suse.de> --- fs/ext4/ext4.h | 17 ++++++++++------- fs/ext4/ialloc.c | 2 +- fs/ext4/indirect.c | 14 ++++++++++++-- 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 3bf9a6926798..91317f592999 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -3323,13 +3323,16 @@ static inline struct ext4_group_info *ext4_get_group_info(struct super_block *sb, ext4_group_t group) { - struct ext4_group_info **grp_info; - long indexv, indexh; - BUG_ON(group >= EXT4_SB(sb)->s_groups_count); - indexv = group >> (EXT4_DESC_PER_BLOCK_BITS(sb)); - indexh = group & ((EXT4_DESC_PER_BLOCK(sb)) - 1); - grp_info = sbi_array_rcu_deref(EXT4_SB(sb), s_group_info, indexv); - return grp_info[indexh]; + struct ext4_group_info **grp_info; + long indexv, indexh; + + BUG_ON(group >= EXT4_SB(sb)->s_groups_count); + if (!EXT4_SB(sb)->s_group_info) + return NULL; + indexv = group >> (EXT4_DESC_PER_BLOCK_BITS(sb)); + indexh = group & ((EXT4_DESC_PER_BLOCK(sb)) - 1); + grp_info = sbi_array_rcu_deref(EXT4_SB(sb), s_group_info, indexv); + return grp_info[indexh]; } /* diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c index 208b87ce8858..0e8d35d05b69 100644 --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c @@ -91,7 +91,7 @@ static int ext4_validate_inode_bitmap(struct super_block *sb, if (buffer_verified(bh)) return 0; - if (EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) + if (!grp || EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) return -EFSCORRUPTED; ext4_lock_group(sb, block_group); diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c index 860fc5119009..e5ac5c2363df 100644 --- a/fs/ext4/indirect.c +++ b/fs/ext4/indirect.c @@ -148,6 +148,7 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth, struct super_block *sb = inode->i_sb; Indirect *p = chain; struct buffer_head *bh; + unsigned int key; int ret = -EIO; *err = 0; @@ -156,9 +157,18 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth, if (!p->key) goto no_block; while (--depth) { - bh = sb_getblk(sb, le32_to_cpu(p->key)); + key = le32_to_cpu(p->key); + bh = sb_getblk(sb, key); if (unlikely(!bh)) { - ret = -ENOMEM; + /* + * sb_getblk() masks different errors by always + * returning NULL. Let's distinguish at least the case + * where the block is out of range. + */ + if (key > ext4_blocks_count(EXT4_SB(sb)->s_es)) + ret = -EFSCORRUPTED; + else + ret = -ENOMEM; goto failure; }

12 months

3
14
0 0

[PATCH 4.9 00/42] 4.9.328-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.328 release. There are 42 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 15 Sep 2022 14:03:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.328-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.328-rc1 NeilBrown <neilb(a)suse.de> SUNRPC: use _bh spinlocking on ->transport_lock Yang Ling <gnaygnil(a)gmail.com> MIPS: loongson32: ls1c: Fix hang during startup Johan Hovold <johan+linaro(a)kernel.org> usb: dwc3: fix PHY disable sequence Toke Høiland-Jørgensen <toke(a)toke.dk> sch_sfb: Also store skb len before calling child enqueue Neal Cardwell <ncardwell(a)google.com> tcp: fix early ETIMEDOUT after spurious non-SACK RTO Dan Carpenter <dan.carpenter(a)oracle.com> tipc: fix shift wrapping bug in map_get() Toke Høiland-Jørgensen <toke(a)toke.dk> sch_sfb: Don't assume the skb is still around after enqueueing to child David Leadbeater <dgl(a)dgl.cx> netfilter: nf_conntrack_irc: Fix forged IP logic Harsh Modi <harshmodi(a)google.com> netfilter: br_netfilter: Drop dst references before setting. Isaac J. Manjarres <isaacmanjarres(a)google.com> driver core: Don't probe devices after bus_type.match() probe deferral Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> scsi: mpt3sas: Fix use-after-free warning Dongxiang Ke <kdx.glider(a)gmail.com> ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() Pattara Teerapong <pteerapong(a)chromium.org> ALSA: aloop: Fix random zeros in capture data when using jiffies timer Tasos Sahanidis <tasos(a)tasossah.com> ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() Yang Yingliang <yangyingliang(a)huawei.com> fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() Helge Deller <deller(a)gmx.de> parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines Li Qiong <liqiong(a)nfschina.com> parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() Zhenneng Li <lizhenneng(a)kylinos.cn> drm/radeon: add a force flush to delay work when radeon Yee Lee <yee.lee(a)mediatek.com> Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" Linus Torvalds <torvalds(a)linux-foundation.org> fs: only do a memory barrier for the first set_buffer_uptodate() Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix data-race at module auto-loading Takashi Iwai <tiwai(a)suse.de> ALSA: seq: oss: Fix data-race for max_midi_devs access Miquel Raynal <miquel.raynal(a)bootlin.com> net: mac802154: Fix a condition in the receive path Siddh Raman Pant <code(a)siddh.me> wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS Alan Stern <stern(a)rowland.harvard.edu> USB: core: Prevent nested device-reset calls Josh Poimboeuf <jpoimboe(a)kernel.org> s390: fix nospec table alignments Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages Witold Lipieta <witold.lipieta(a)thaumatec.com> usb-storage: Add ignore-residue quirk for NXP PN7462AU Thierry GUIBERT <thierry.guibert(a)croix-rouge.fr> USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode Yan Xinyu <sdlyyxy(a)bupt.edu.cn> USB: serial: option: add support for OPPO R11 diag port Johan Hovold <johan(a)kernel.org> USB: serial: cp210x: add Decagon UCA device id Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add grace period after xHC start to prevent premature runtime suspend. Armin Wolf <W_Armin(a)gmx.de> hwmon: (gpio-fan) Fix array out of bounds access Niek Nooijens <niek.nooijens(a)omron.com> USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id Helge Deller <deller(a)gmx.de> vt: Clear selection before changing the font Dan Carpenter <dan.carpenter(a)oracle.com> staging: rtl8712: fix use after free bugs Shenwei Wang <shenwei.wang(a)nxp.com> serial: fsl_lpuart: RS485 RTS polariy is inverse Dan Carpenter <dan.carpenter(a)oracle.com> wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask Letu Ren <fantasquex(a)gmail.com> fbdev: fb_pm2fb: Avoid potential divide by zero error ------------- Diffstat: Makefile | 4 +-- arch/mips/loongson32/ls1c/board.c | 1 - arch/parisc/kernel/head.S | 43 +++++++++++++++++++++++++++- arch/s390/include/asm/hugetlb.h | 6 ++-- arch/s390/kernel/vmlinux.lds.S | 1 + arch/x86/include/asm/pmc_atom.h | 6 ++-- arch/x86/platform/atom/pmc_atom.c | 2 +- drivers/base/dd.c | 10 +++++++ drivers/gpu/drm/radeon/radeon_device.c | 3 ++ drivers/hwmon/gpio-fan.c | 3 ++ drivers/parisc/ccio-dma.c | 11 +++++-- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- drivers/staging/rtl8712/rtl8712_cmd.c | 36 ----------------------- drivers/tty/serial/fsl_lpuart.c | 4 +-- drivers/tty/vt/vt.c | 12 +++++--- drivers/usb/class/cdc-acm.c | 3 ++ drivers/usb/core/hub.c | 10 +++++++ drivers/usb/dwc3/core.c | 20 ++++++------- drivers/usb/gadget/function/storage_common.c | 6 ++-- drivers/usb/host/xhci-hub.c | 11 +++++++ drivers/usb/host/xhci.c | 4 ++- drivers/usb/host/xhci.h | 2 +- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/ftdi_sio.c | 2 ++ drivers/usb/serial/ftdi_sio_ids.h | 6 ++++ drivers/usb/serial/option.c | 11 +++++++ drivers/usb/storage/unusual_devs.h | 7 +++++ drivers/video/fbdev/chipsfb.c | 1 + drivers/video/fbdev/pm2fb.c | 5 ++++ include/linux/buffer_head.h | 11 +++++++ include/linux/usb.h | 2 ++ mm/kmemleak.c | 8 +++--- net/bridge/br_netfilter_hooks.c | 2 ++ net/bridge/br_netfilter_ipv6.c | 1 + net/ipv4/tcp_input.c | 25 +++++++++++----- net/mac80211/ibss.c | 4 +++ net/mac802154/rx.c | 2 +- net/netfilter/nf_conntrack_irc.c | 5 ++-- net/sched/sch_sfb.c | 13 +++++---- net/sunrpc/xprt.c | 4 +-- net/tipc/monitor.c | 2 +- net/wireless/debugfs.c | 3 +- sound/core/seq/oss/seq_oss_midi.c | 2 ++ sound/core/seq/seq_clientmgr.c | 12 ++++---- sound/drivers/aloop.c | 7 +++-- sound/pci/emu10k1/emupcm.c | 2 +- sound/usb/stream.c | 2 +- 47 files changed, 236 insertions(+), 104 deletions(-)

12 months

7
49
0 0

Re: [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively

by Shakeel Butt

On Wed, Oct 26, 2022 at 11:44 AM Michele Jr De Candia <mdecandia(a)gmail.com> wrote: > > Hi Greg, > sorry for the confusion. > > I'm running a container-based app on top of Ubuntu Linux 20.04 and linux kernel 5.4 always updated with latest patches. > > Updating from 5.4.210 to 5.4.211 we faced the hang up issue and searching for the cause we have tested that > hangup occurs only with this patch > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… > > While understanding root cause, wt the moment we reverted it and hang up does not occurs (actually we are running 5.4.219 without that patch). > > Michele > Hi Michele, can you try the latest upstream kernel and see if the issue repro ther? Also is it possible to provide a simplified repro of the issue? Shakeel

1 year

3
2
0 0

[PATCH 2/5] pwm: jz4740: Fix pin level of disabled TCU2 channels, part 2

by Paul Cercueil

After commit a020f22a4ff5 ("pwm: jz4740: Make PWM start with the active part"), the trick to set duty > period to properly shut down TCU2 channels did not work anymore, because of the polarity inversion. Address this issue by restoring the proper polarity before disabling the channels. Fixes: a020f22a4ff5 ("pwm: jz4740: Make PWM start with the active part") Signed-off-by: Paul Cercueil <paul(a)crapouillou.net> Cc: stable(a)vger.kernel.org --- drivers/pwm/pwm-jz4740.c | 62 ++++++++++++++++++++++++++-------------- 1 file changed, 40 insertions(+), 22 deletions(-) diff --git a/drivers/pwm/pwm-jz4740.c b/drivers/pwm/pwm-jz4740.c index 228eb104bf1e..65462a0052af 100644 --- a/drivers/pwm/pwm-jz4740.c +++ b/drivers/pwm/pwm-jz4740.c @@ -97,6 +97,19 @@ static int jz4740_pwm_enable(struct pwm_chip *chip, struct pwm_device *pwm) return 0; } +static void jz4740_pwm_set_polarity(struct jz4740_pwm_chip *jz, + unsigned int hwpwm, + enum pwm_polarity polarity) +{ + unsigned int value = 0; + + if (polarity == PWM_POLARITY_INVERSED) + value = TCU_TCSR_PWM_INITL_HIGH; + + regmap_update_bits(jz->map, TCU_REG_TCSRc(hwpwm), + TCU_TCSR_PWM_INITL_HIGH, value); +} + static void jz4740_pwm_disable(struct pwm_chip *chip, struct pwm_device *pwm) { struct jz4740_pwm_chip *jz = to_jz4740(chip); @@ -130,6 +143,7 @@ static int jz4740_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm, unsigned long long tmp = 0xffffull * NSEC_PER_SEC; struct clk *clk = pwm_get_chip_data(pwm); unsigned long period, duty; + enum pwm_polarity polarity; long rate; int err; @@ -169,6 +183,9 @@ static int jz4740_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm, if (duty >= period) duty = period - 1; + /* Restore regular polarity before disabling the channel. */ + jz4740_pwm_set_polarity(jz4740, pwm->hwpwm, state->polarity); + jz4740_pwm_disable(chip, pwm); err = clk_set_rate(clk, rate); @@ -190,29 +207,30 @@ static int jz4740_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm, regmap_update_bits(jz4740->map, TCU_REG_TCSRc(pwm->hwpwm), TCU_TCSR_PWM_SD, TCU_TCSR_PWM_SD); - /* - * Set polarity. - * - * The PWM starts in inactive state until the internal timer reaches the - * duty value, then becomes active until the timer reaches the period - * value. In theory, we should then use (period - duty) as the real duty - * value, as a high duty value would otherwise result in the PWM pin - * being inactive most of the time. - * - * Here, we don't do that, and instead invert the polarity of the PWM - * when it is active. This trick makes the PWM start with its active - * state instead of its inactive state. - */ - if ((state->polarity == PWM_POLARITY_NORMAL) ^ state->enabled) - regmap_update_bits(jz4740->map, TCU_REG_TCSRc(pwm->hwpwm), - TCU_TCSR_PWM_INITL_HIGH, 0); - else - regmap_update_bits(jz4740->map, TCU_REG_TCSRc(pwm->hwpwm), - TCU_TCSR_PWM_INITL_HIGH, - TCU_TCSR_PWM_INITL_HIGH); - - if (state->enabled) + if (state->enabled) { + /* + * Set polarity. + * + * The PWM starts in inactive state until the internal timer + * reaches the duty value, then becomes active until the timer + * reaches the period value. In theory, we should then use + * (period - duty) as the real duty value, as a high duty value + * would otherwise result in the PWM pin being inactive most of + * the time. + * + * Here, we don't do that, and instead invert the polarity of + * the PWM when it is active. This trick makes the PWM start + * with its active state instead of its inactive state. + */ + if (state->polarity == PWM_POLARITY_NORMAL) + polarity = PWM_POLARITY_INVERSED; + else + polarity = PWM_POLARITY_NORMAL; + + jz4740_pwm_set_polarity(jz4740, pwm->hwpwm, polarity); + jz4740_pwm_enable(chip, pwm); + } return 0; } -- 2.35.1

1 year

3
9
0 0

[PATCH] ext4: Add extend check to prevent BUG() in ext4_es_end

by Tadeusz Struk

Syzbot reported an issue with ext4 extents. The reproducer creates a corrupted ext4 fs image in memory, and mounts it as a loop device. It invokes the ext4_cache_extents() and ext4_find_extent(), which eventually triggers a BUG() in ext4_es_end() causing a kernel crash. It triggers on mainline, and every kernel version back to v4.14. Add a call ext4_ext_check_inode() in ext4_find_extent() to prevent the crash. To: "Theodore Ts'o" <tytso(a)mit.edu> Cc: "Andreas Dilger" <adilger.kernel(a)dilger.ca> Cc: <linux-ext4(a)vger.kernel.org> Cc: <linux-kernel(a)vger.kernel.org> Cc: <stable(a)vger.kernel.org> Link: https://syzkaller.appspot.com/bug?id=641e7a4b900015c5d7a729d6cc1fba7a928a88… Reported-by: syzbot+a22dc4b0744ac658ed9b(a)syzkaller.appspotmail.com Signed-off-by: Tadeusz Struk <tadeusz.struk(a)linaro.org> --- fs/ext4/extents.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 5235974126bd..c7b5a11e1abc 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -897,6 +897,12 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block, goto err; } + ret = ext4_ext_check_inode(inode); + if (ret) { + EXT4_ERROR_INODE(inode, "inode has invalid extent"); + goto err; + } + if (path) { ext4_ext_drop_refs(path); if (depth > path[0].p_maxdepth) { -- 2.37.3

1 year

2
2
0 0

[PATCH v2] mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()

by Alexander A Sverdlin

From: Alexander Sverdlin <alexander.sverdlin(a)nokia.com> Erase can be zeroed in spi_nor_parse_4bait() or spi_nor_init_non_uniform_erase_map(). In practice it happened with mt25qu256a, which supports 4K, 32K, 64K erases with 3b address commands, but only 4K and 64K erase with 4b address commands. Fixes: dc92843159a7 ("mtd: spi-nor: fix erase_type array to indicate current map conf") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)nokia.com> --- Changes in v2: erase->opcode -> erase->size drivers/mtd/spi-nor/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/mtd/spi-nor/core.c b/drivers/mtd/spi-nor/core.c index 88dd090..183ea9d 100644 --- a/drivers/mtd/spi-nor/core.c +++ b/drivers/mtd/spi-nor/core.c @@ -1400,6 +1400,8 @@ spi_nor_find_best_erase_type(const struct spi_nor_erase_map *map, continue; erase = &map->erase_type[i]; + if (!erase->size) + continue; /* Alignment is not mandatory for overlaid regions */ if (region->offset & SNOR_OVERLAID_REGION && -- 2.10.2

1 year

4
5
0 0

[PATCH v4] PM/devfreq: governor: Add a private governor_data for governor

by Kant Fan

The member void *data in the structure devfreq can be overwrite by governor_userspace. For example: 1. The device driver assigned the devfreq governor to simple_ondemand by the function devfreq_add_device() and init the devfreq member void *data to a pointer of a static structure devfreq_simple_ondemand_data by the function devfreq_add_device(). 2. The user changed the devfreq governor to userspace by the command "echo userspace > /sys/class/devfreq/.../governor". 3. The governor userspace alloced a dynamic memory for the struct userspace_data and assigend the member void *data of devfreq to this memory by the function userspace_init(). 4. The user changed the devfreq governor back to simple_ondemand by the command "echo simple_ondemand > /sys/class/devfreq/.../governor". 5. The governor userspace exited and assigned the member void *data in the structure devfreq to NULL by the function userspace_exit(). 6. The governor simple_ondemand fetched the static information of devfreq_simple_ondemand_data in the function devfreq_simple_ondemand_func() but the member void *data of devfreq was assigned to NULL by the function userspace_exit(). 7. The information of upthreshold and downdifferential is lost and the governor simple_ondemand can't work correctly. The member void *data in the structure devfreq is designed for a static pointer used in a governor and inited by the function devfreq_add_device(). This patch add an element named governor_data in the devfreq structure which can be used by a governor(E.g userspace) who want to assign a private data to do some private things. Fixes: ce26c5bb9569 ("PM / devfreq: Add basic governors") Cc: stable(a)vger.kernel.org # 5.10+ Reviewed-by: Chanwoo Choi <cwchoi00(a)gmail.com> Acked-by: MyungJoo Ham <myungjoo.ham(a)samsung.com> Signed-off-by: Kant Fan <kant(a)allwinnertech.com> --- drivers/devfreq/devfreq.c | 6 ++---- drivers/devfreq/governor_userspace.c | 12 ++++++------ include/linux/devfreq.h | 7 ++++--- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index 63347a5ae599..8c5f6f7fca11 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c @@ -776,8 +776,7 @@ static void remove_sysfs_files(struct devfreq *devfreq, * @dev: the device to add devfreq feature. * @profile: device-specific profile to run devfreq. * @governor_name: name of the policy to choose frequency. - * @data: private data for the governor. The devfreq framework does not - * touch this value. + * @data: devfreq driver pass to governors, governor should not change it. */ struct devfreq *devfreq_add_device(struct device *dev, struct devfreq_dev_profile *profile, @@ -1011,8 +1010,7 @@ static void devm_devfreq_dev_release(struct device *dev, void *res) * @dev: the device to add devfreq feature. * @profile: device-specific profile to run devfreq. * @governor_name: name of the policy to choose frequency. - * @data: private data for the governor. The devfreq framework does not - * touch this value. + * @data: devfreq driver pass to governors, governor should not change it. * * This function manages automatically the memory of devfreq device using device * resource management and simplify the free operation for memory of devfreq diff --git a/drivers/devfreq/governor_userspace.c b/drivers/devfreq/governor_userspace.c index ab9db7adb3ad..d69672ccacc4 100644 --- a/drivers/devfreq/governor_userspace.c +++ b/drivers/devfreq/governor_userspace.c @@ -21,7 +21,7 @@ struct userspace_data { static int devfreq_userspace_func(struct devfreq *df, unsigned long *freq) { - struct userspace_data *data = df->data; + struct userspace_data *data = df->governor_data; if (data->valid) *freq = data->user_frequency; @@ -40,7 +40,7 @@ static ssize_t set_freq_store(struct device *dev, struct device_attribute *attr, int err = 0; mutex_lock(&devfreq->lock); - data = devfreq->data; + data = devfreq->governor_data; sscanf(buf, "%lu", &wanted); data->user_frequency = wanted; @@ -60,7 +60,7 @@ static ssize_t set_freq_show(struct device *dev, int err = 0; mutex_lock(&devfreq->lock); - data = devfreq->data; + data = devfreq->governor_data; if (data->valid) err = sprintf(buf, "%lu\n", data->user_frequency); @@ -91,7 +91,7 @@ static int userspace_init(struct devfreq *devfreq) goto out; } data->valid = false; - devfreq->data = data; + devfreq->governor_data = data; err = sysfs_create_group(&devfreq->dev.kobj, &dev_attr_group); out: @@ -107,8 +107,8 @@ static void userspace_exit(struct devfreq *devfreq) if (devfreq->dev.kobj.sd) sysfs_remove_group(&devfreq->dev.kobj, &dev_attr_group); - kfree(devfreq->data); - devfreq->data = NULL; + kfree(devfreq->governor_data); + devfreq->governor_data = NULL; } static int devfreq_userspace_handler(struct devfreq *devfreq, diff --git a/include/linux/devfreq.h b/include/linux/devfreq.h index 34aab4dd336c..4dc7cda4fd46 100644 --- a/include/linux/devfreq.h +++ b/include/linux/devfreq.h @@ -152,8 +152,8 @@ struct devfreq_stats { * @max_state: count of entry present in the frequency table. * @previous_freq: previously configured frequency value. * @last_status: devfreq user device info, performance statistics - * @data: Private data of the governor. The devfreq framework does not - * touch this. + * @data: devfreq driver pass to governors, governor should not change it. + * @governor_data: private data for governors, devfreq core doesn't touch it. * @user_min_freq_req: PM QoS minimum frequency request from user (via sysfs) * @user_max_freq_req: PM QoS maximum frequency request from user (via sysfs) * @scaling_min_freq: Limit minimum frequency requested by OPP interface @@ -193,7 +193,8 @@ struct devfreq { unsigned long previous_freq; struct devfreq_dev_status last_status; - void *data; /* private data for governors */ + void *data; + void *governor_data; struct dev_pm_qos_request user_min_freq_req; struct dev_pm_qos_request user_max_freq_req; -- 2.29.0

1 year

2
1
0 0

[PATCH v2 1/2] iommu/amd: Fix ivrs_acpihid cmdline parsing code

by Kim Phillips

The second (UID) strcmp in acpi_dev_hid_uid_match considers "0" and "00" different, which can prevent device registration. Have the AMD IOMMU driver's ivrs_acpihid parsing code remove any leading zeroes to make the UID strcmp succeed. Now users can safely specify "AMDxxxxx:00" or "AMDxxxxx:0" and expect the same behaviour. Fixes: ca3bf5d47cec ("iommu/amd: Introduces ivrs_acpihid kernel parameter") Signed-off-by: Kim Phillips <kim.phillips(a)amd.com> Cc: stable(a)vger.kernel.org Cc: Suravee Suthikulpanit <Suravee.Suthikulpanit(a)amd.com> Cc: Joerg Roedel <jroedel(a)suse.de> --- v2: no changes drivers/iommu/amd/init.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index fdc642362c14..ef0e1a4b5a11 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -3471,6 +3471,13 @@ static int __init parse_ivrs_acpihid(char *str) return 1; } + /* + * Ignore leading zeroes after ':', so e.g., AMDI0095:00 + * will match AMDI0095:0 in the second strcmp in acpi_dev_hid_uid_match + */ + while (*uid == '0' && *(uid + 1)) + uid++; + i = early_acpihid_map_size++; memcpy(early_acpihid_map[i].hid, hid, strlen(hid)); memcpy(early_acpihid_map[i].uid, uid, strlen(uid)); -- 2.34.1

1 year

2
3
0 0

[PATCH] nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf

by Karol Herbst

It is a bit unlcear to us why that's helping, but it does and unbreaks suspend/resume on a lot of GPUs without any known drawbacks. Cc: stable(a)vger.kernel.org # v5.15+ Closes: https://gitlab.freedesktop.org/drm/nouveau/-/issues/156 Signed-off-by: Karol Herbst <kherbst(a)redhat.com> --- drivers/gpu/drm/nouveau/nouveau_bo.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/gpu/drm/nouveau/nouveau_bo.c b/drivers/gpu/drm/nouveau/nouveau_bo.c index 35bb0bb3fe61..126b3c6e12f9 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bo.c +++ b/drivers/gpu/drm/nouveau/nouveau_bo.c @@ -822,6 +822,15 @@ nouveau_bo_move_m2mf(struct ttm_buffer_object *bo, int evict, if (ret == 0) { ret = nouveau_fence_new(chan, false, &fence); if (ret == 0) { + /* TODO: figure out a better solution here + * + * wait on the fence here explicitly as going through + * ttm_bo_move_accel_cleanup somehow doesn't seem to do it. + * + * Without this the operation can timeout and we'll fallback to a + * software copy, which might take several minutes to finish. + */ + nouveau_fence_wait(fence, false, false); ret = ttm_bo_move_accel_cleanup(bo, &fence->base, evict, false, -- 2.37.1

1 year

4
6
0 0

[PATCH v2] usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1

by Pawel Laszczak

Patch modifies the TD_SIZE in TRB before ZLP TRB. The TD_SIZE in TRB before ZLP TRB must be set to 1 to force processing ZLP TRB by controller. cc: <stable(a)vger.kernel.org> Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v2: - returned value for last TRB must be 0 drivers/usb/cdns3/cdnsp-ring.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index 04dfcaa08dc4..aa79bce89d8a 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -1769,8 +1769,13 @@ static u32 cdnsp_td_remainder(struct cdnsp_device *pdev, /* One TRB with a zero-length data packet. */ if (!more_trbs_coming || (transferred == 0 && trb_buff_len == 0) || - trb_buff_len == td_total_len) + trb_buff_len == td_total_len) { + /* Before ZLP driver needs set TD_SIZE=1. */ + if (more_trbs_coming) + return 1; + return 0; + } maxp = usb_endpoint_maxp(preq->pep->endpoint.desc); total_packet_count = DIV_ROUND_UP(td_total_len, maxp); -- 2.25.1

1 year

3
8
0 0

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2022