March 2023 - Linux-stable-mirror

[PATCH 5.4] firmware: arm_scmi: Fix device node validation for mailbox transport

by Cristian Marussi

commit 2ab4f4018cb6b8010ca5002c3bdc37783b5d28c2 upstream. When mailboxes are used as a transport it is possible to setup the SCMI transport layer, depending on the underlying channels configuration, to use one or two mailboxes, associated, respectively, to one or two, distinct, shared memory areas: any other combination should be treated as invalid. Add more strict checking of SCMI mailbox transport device node descriptors. Fixes: fbc4d81ad285 ("firmware: arm_scmi: refactor in preparation to support per-protocol channels") Cc: <stable(a)vger.kernel.org> # 5.4 Signed-off-by: Cristian Marussi <cristian.marussi(a)arm.com> Link: https://lore.kernel.org/r/20230307162324.891866-1-cristian.marussi@arm.com Signed-off-by: Sudeep Holla <sudeep.holla(a)arm.com> [Cristian: backported to v5.4] Signed-off-by: Cristian Marussi <cristian.marussi(a)arm.com> --- Backporting just trivially adapting to v5.4 context. --- drivers/firmware/arm_scmi/driver.c | 37 ++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c index f0b055bc027c..9dae841b6167 100644 --- a/drivers/firmware/arm_scmi/driver.c +++ b/drivers/firmware/arm_scmi/driver.c @@ -737,6 +737,39 @@ static int scmi_mailbox_check(struct device_node *np, int idx) idx, NULL); } +static int scmi_mailbox_chan_validate(struct device *cdev) +{ + int num_mb, num_sh, ret = 0; + struct device_node *np = cdev->of_node; + + num_mb = of_count_phandle_with_args(np, "mboxes", "#mbox-cells"); + num_sh = of_count_phandle_with_args(np, "shmem", NULL); + /* Bail out if mboxes and shmem descriptors are inconsistent */ + if (num_mb <= 0 || num_sh > 2 || num_mb != num_sh) { + dev_warn(cdev, "Invalid channel descriptor for '%s'\n", + of_node_full_name(np)); + return -EINVAL; + } + + if (num_sh > 1) { + struct device_node *np_tx, *np_rx; + + np_tx = of_parse_phandle(np, "shmem", 0); + np_rx = of_parse_phandle(np, "shmem", 1); + /* SCMI Tx and Rx shared mem areas have to be distinct */ + if (!np_tx || !np_rx || np_tx == np_rx) { + dev_warn(cdev, "Invalid shmem descriptor for '%s'\n", + of_node_full_name(np)); + ret = -EINVAL; + } + + of_node_put(np_tx); + of_node_put(np_rx); + } + + return ret; +} + static int scmi_mbox_chan_setup(struct scmi_info *info, struct device *dev, int prot_id, bool tx) { @@ -760,6 +793,10 @@ static int scmi_mbox_chan_setup(struct scmi_info *info, struct device *dev, goto idr_alloc; } + ret = scmi_mailbox_chan_validate(dev); + if (ret) + return ret; + cinfo = devm_kzalloc(info->dev, sizeof(*cinfo), GFP_KERNEL); if (!cinfo) return -ENOMEM; -- 2.34.1

1 year, 5 months

1
0
0 0

[PATCH] fs: drop peer group ids under namespace lock

by Christian Brauner

When cleaning up peer group ids in the failure path we need to make sure to hold on to the namespace lock. Otherwise another thread might just turn the mount from a shared into a non-shared mount concurrently. Reported-by: syzbot+8ac3859139c685c4f597(a)syzkaller.appspotmail.com Link: https://lore.kernel.org/lkml/00000000000088694505f8132d77@google.com Fixes: 2a1867219c7b ("fs: add mount_setattr()") Cc: stable(a)vger.kernel.org # 5.12+ Signed-off-by: Christian Brauner <brauner(a)kernel.org> --- fs/namespace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namespace.c b/fs/namespace.c index bc0f15257b49..6836e937ee61 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -4183,9 +4183,9 @@ static int do_mount_setattr(struct path *path, struct mount_kattr *kattr) unlock_mount_hash(); if (kattr->propagation) { - namespace_unlock(); if (err) cleanup_group_ids(mnt, NULL); + namespace_unlock(); } return err; --- base-commit: 197b6b60ae7bc51dd0814953c562833143b292aa change-id: 20230330-vfs-mount_setattr-propagation-fix-363b7c59d7fb

1 year, 5 months

1
1
0 0

Re: linux-5.15.105 broke /dev/sd* naming (probing)

by Ilari Jääskeläinen

I am fairly certain that CentOS 9 Stream GNOME mounted it without UUID, though. pe, 2023-03-31 kello 09:35 +0000, David Laight kirjoitti: > From: Ilari Jääskeläinen > > Sent: 31 March 2023 10:09 > > > > I am afraid I cant do that. I already almost wiped my root > > partition by > > accident because of this flaw. > > Always mount filsystems by uuid, not device name. > > David > > - > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, > MK1 1PT, UK > Registration No: 1397386 (Wales)

1 year, 5 months

1
0
0 0

Re: linux-5.15.105 broke /dev/sd* naming (probing)

by Ilari Jääskeläinen

roger that. good advice. thanks. pe, 2023-03-31 kello 09:35 +0000, David Laight kirjoitti: > From: Ilari Jääskeläinen > > Sent: 31 March 2023 10:09 > > > > I am afraid I cant do that. I already almost wiped my root > > partition by > > accident because of this flaw. > > Always mount filsystems by uuid, not device name. > > David > > - > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, > MK1 1PT, UK > Registration No: 1397386 (Wales)

1 year, 5 months

1
0
0 0

Can I confide in you

by Miss Sarah Arabian

Please can I trust you?. I need your assistance to help me to invest my inheritance fund in your country and to help me to come over to your country for the betterment of my life and continue my education. I will be happy to hear from you, then I will give you more details. Best regards, Miss Sarah Arabian

1 year, 5 months

1
0
0 0

[PATCH] media: ov8856: Do not check for for module version

by Ricardo Ribalda

It the device is probed in non-zero ACPI D state, the module identification is delayed until the first streamon. The module identification has two parts: deviceID and version. To rea the version we have to enable OTP read. This cannot be done during streamon, becase it modifies REG_MODE_SELECT. Since the driver has the same behaviour for all the module versions, do not read the module version from the sensor's OTP. Cc: stable(a)vger.kernel.org Fixes: 0e014f1a8d54 ("media: ov8856: support device probe in non-zero ACPI D state") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- To: Dongchun Zhu <dongchun.zhu(a)mediatek.com> To: Mauro Carvalho Chehab <mchehab(a)kernel.org> To: Sakari Ailus <sakari.ailus(a)linux.intel.com> To: Bingbu Cao <bingbu.cao(a)intel.com> Cc: Max Staudt <mstaudt(a)chromium.org> Cc: Jimmy Su <jimmy.su(a)intel.com> Cc: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> Cc: linux-media(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org --- drivers/media/i2c/ov8856.c | 40 ---------------------------------------- 1 file changed, 40 deletions(-) diff --git a/drivers/media/i2c/ov8856.c b/drivers/media/i2c/ov8856.c index cf8384e09413..b5c7881383ca 100644 --- a/drivers/media/i2c/ov8856.c +++ b/drivers/media/i2c/ov8856.c @@ -1709,46 +1709,6 @@ static int ov8856_identify_module(struct ov8856 *ov8856) return -ENXIO; } - ret = ov8856_write_reg(ov8856, OV8856_REG_MODE_SELECT, - OV8856_REG_VALUE_08BIT, OV8856_MODE_STREAMING); - if (ret) - return ret; - - ret = ov8856_write_reg(ov8856, OV8856_OTP_MODE_CTRL, - OV8856_REG_VALUE_08BIT, OV8856_OTP_MODE_AUTO); - if (ret) { - dev_err(&client->dev, "failed to set otp mode"); - return ret; - } - - ret = ov8856_write_reg(ov8856, OV8856_OTP_LOAD_CTRL, - OV8856_REG_VALUE_08BIT, - OV8856_OTP_LOAD_CTRL_ENABLE); - if (ret) { - dev_err(&client->dev, "failed to enable load control"); - return ret; - } - - ret = ov8856_read_reg(ov8856, OV8856_MODULE_REVISION, - OV8856_REG_VALUE_08BIT, &val); - if (ret) { - dev_err(&client->dev, "failed to read module revision"); - return ret; - } - - dev_info(&client->dev, "OV8856 revision %x (%s) at address 0x%02x\n", - val, - val == OV8856_2A_MODULE ? "2A" : - val == OV8856_1B_MODULE ? "1B" : "unknown revision", - client->addr); - - ret = ov8856_write_reg(ov8856, OV8856_REG_MODE_SELECT, - OV8856_REG_VALUE_08BIT, OV8856_MODE_STANDBY); - if (ret) { - dev_err(&client->dev, "failed to exit streaming mode"); - return ret; - } - ov8856->identified = true; return 0; --- base-commit: 9fd6ba5420ba2b637d1ecc6de8613ec8b9c87e5a change-id: 20230323-ov8856-otp-112f3cdc74b1 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 year, 5 months

2
1
0 0

[PATCH] drm/i915: Fix context runtime accounting

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> When considering whether to mark one context as stopped and another as started we need to look at whether the previous and new _contexts_ are different and not just requests. Otherwise the software tracked context start time was incorrectly updated to the most recent lite-restore time- stamp, which was in some cases resulting in active time going backward, until the context switch (typically the hearbeat pulse) would synchronise with the hardware tracked context runtime. Easiest use case to observe this behaviour was with a full screen clients with close to 100% engine load. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Fixes: bb6287cb1886 ("drm/i915: Track context current active time") Cc: <stable(a)vger.kernel.org> # v5.19+ --- drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c index 1bbe6708d0a7..750326434677 100644 --- a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c +++ b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c @@ -2018,6 +2018,8 @@ process_csb(struct intel_engine_cs *engine, struct i915_request **inactive) * inspecting the queue to see if we need to resumbit. */ if (*prev != *execlists->active) { /* elide lite-restores */ + struct intel_context *prev_ce = NULL, *active_ce = NULL; + /* * Note the inherent discrepancy between the HW runtime, * recorded as part of the context switch, and the CPU @@ -2029,9 +2031,15 @@ process_csb(struct intel_engine_cs *engine, struct i915_request **inactive) * and correct overselves later when updating from HW. */ if (*prev) - lrc_runtime_stop((*prev)->context); + prev_ce = (*prev)->context; if (*execlists->active) - lrc_runtime_start((*execlists->active)->context); + active_ce = (*execlists->active)->context; + if (prev_ce != active_ce) { + if (prev_ce) + lrc_runtime_stop(prev_ce); + if (active_ce) + lrc_runtime_start(active_ce); + } new_timeslice(execlists); } -- 2.37.2

1 year, 5 months

2
2
0 0

[PATCH v5 08/10] mtd: spi-nor: core: Update flash's current address mode when changing address mode

by Tudor Ambarus

The bug was obswerved while reading code. There are not many users of addr_mode_nbytes. Anyway, we should update the flash's current address mode when changing the address mode, fix it. We don't care for now about the set_4byte_addr_mode(nor, false) from spi_nor_restore(), as it is used at driver remove and shutdown. Fixes: d7931a215063 ("mtd: spi-nor: core: Track flash's internal address mode") Signed-off-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> Cc: stable(a)vger.kernel.org --- drivers/mtd/spi-nor/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/spi-nor/core.c b/drivers/mtd/spi-nor/core.c index 0517a61975e4..4f0d90d3dad5 100644 --- a/drivers/mtd/spi-nor/core.c +++ b/drivers/mtd/spi-nor/core.c @@ -3135,6 +3135,7 @@ static int spi_nor_quad_enable(struct spi_nor *nor) static int spi_nor_init(struct spi_nor *nor) { + struct spi_nor_flash_parameter *params = nor->params; int err; err = spi_nor_octal_dtr_enable(nor, true); @@ -3176,9 +3177,10 @@ static int spi_nor_init(struct spi_nor *nor) */ WARN_ONCE(nor->flags & SNOR_F_BROKEN_RESET, "enabling reset hack; may not recover from unexpected reboots\n"); - err = nor->params->set_4byte_addr_mode(nor, true); + err = params->set_4byte_addr_mode(nor, true); if (err && err != -ENOTSUPP) return err; + params->addr_mode_nbytes = 4; } return 0; -- 2.40.0.348.gf938b09366-goog

1 year, 5 months

1
0
0 0

[PATCH v9 1/4] reiserfs: Add security prefix to xattr name in reiserfs_security_write()

by Roberto Sassu

From: Roberto Sassu <roberto.sassu(a)huawei.com> Reiserfs sets a security xattr at inode creation time in two stages: first, it calls reiserfs_security_init() to obtain the xattr from active LSMs; then, it calls reiserfs_security_write() to actually write that xattr. Unfortunately, it seems there is a wrong expectation that LSMs provide the full xattr name in the form 'security.<suffix>'. However, LSMs always provided just the suffix, causing reiserfs to not write the xattr at all (if the suffix is shorter than the prefix), or to write an xattr with the wrong name. Add a temporary buffer in reiserfs_security_write(), and write to it the full xattr name, before passing it to reiserfs_xattr_set_handle(). Since the 'security.' prefix is always prepended, remove the name length check. Cc: stable(a)vger.kernel.org # v2.6.x Fixes: 57fe60df6241 ("reiserfs: add atomic addition of selinux attributes during inode creation") Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> --- fs/reiserfs/xattr_security.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c index 6bffdf9a4fd..b0c354ab113 100644 --- a/fs/reiserfs/xattr_security.c +++ b/fs/reiserfs/xattr_security.c @@ -95,11 +95,13 @@ int reiserfs_security_write(struct reiserfs_transaction_handle *th, struct inode *inode, struct reiserfs_security_handle *sec) { + char xattr_name[XATTR_NAME_MAX + 1]; int error; - if (strlen(sec->name) < sizeof(XATTR_SECURITY_PREFIX)) - return -EINVAL; - error = reiserfs_xattr_set_handle(th, inode, sec->name, sec->value, + snprintf(xattr_name, sizeof(xattr_name), "%s%s", XATTR_SECURITY_PREFIX, + sec->name); + + error = reiserfs_xattr_set_handle(th, inode, xattr_name, sec->value, sec->length, XATTR_CREATE); if (error == -ENODATA || error == -EOPNOTSUPP) error = 0; -- 2.25.1

1 year, 5 months

2
2
0 0

[PATCH v1] usb: typec: altmodes/displayport: Fix configure initial pin assignment

by RD Babiera

While determining the initial pin assignment to be sent in the configure message, using the DP_PIN_ASSIGN_DP_ONLY_MASK mask causes the DFP_U to send both Pin Assignment C and E when both are supported by the DFP_U and UFP_U. The spec (Table 5-7 DFP_U Pin Assignment Selection Mandates, VESA DisplayPort Alt Mode Standard v2.0) indicates that the DFP_U never selects Pin Assignment E when Pin Assignment C is offered. Update the DP_PIN_ASSIGN_DP_ONLY_MASK conditional to intially select only Pin Assignment C if it is available. Fixes: 0e3bb7d6894d ("usb: typec: Add driver for DisplayPort alternate mode") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> --- drivers/usb/typec/altmodes/displayport.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/usb/typec/altmodes/displayport.c b/drivers/usb/typec/altmodes/displayport.c index 662cd043b50e..8f3e884222ad 100644 --- a/drivers/usb/typec/altmodes/displayport.c +++ b/drivers/usb/typec/altmodes/displayport.c @@ -112,8 +112,12 @@ static int dp_altmode_configure(struct dp_altmode *dp, u8 con) if (dp->data.status & DP_STATUS_PREFER_MULTI_FUNC && pin_assign & DP_PIN_ASSIGN_MULTI_FUNC_MASK) pin_assign &= DP_PIN_ASSIGN_MULTI_FUNC_MASK; - else if (pin_assign & DP_PIN_ASSIGN_DP_ONLY_MASK) + else if (pin_assign & DP_PIN_ASSIGN_DP_ONLY_MASK) { pin_assign &= DP_PIN_ASSIGN_DP_ONLY_MASK; + /* Default to pin assign C if available */ + if (pin_assign & BIT(DP_PIN_ASSIGN_C)) + pin_assign = BIT(DP_PIN_ASSIGN_C); + } if (!pin_assign) return -EINVAL; base-commit: 97318d6427f62b723c89f4150f8f48126ef74961 -- 2.40.0.348.gf938b09366-goog

1 year, 5 months

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2023