November 2024 - Linux-stable-mirror

[PATCH v4] regmap: detach regmap from dev on regmap_exit

by Cosmin Tanislav

At the end of __regmap_init(), if dev is not NULL, regmap_attach_dev() is called, which adds a devres reference to the regmap, to be able to retrieve a dev's regmap by name using dev_get_regmap(). When calling regmap_exit, the opposite does not happen, and the reference is kept until the dev is detached. Add a regmap_detach_dev() function and call it in regmap_exit() to make sure that the devres reference is not kept. Cc: stable(a)vger.kernel.org Fixes: 72b39f6f2b5a ("regmap: Implement dev_get_regmap()") Signed-off-by: Cosmin Tanislav <demonsingur(a)gmail.com> --- V2: * switch to static function V3: * move inter-version changelog after --- V4: * remove mention of exporting the regmap_detach_dev() function diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c index 53131a7ede0a6..e3e2afc2c83c6 100644 --- a/drivers/base/regmap/regmap.c +++ b/drivers/base/regmap/regmap.c @@ -598,6 +598,17 @@ int regmap_attach_dev(struct device *dev, struct regmap *map, } EXPORT_SYMBOL_GPL(regmap_attach_dev); +static int dev_get_regmap_match(struct device *dev, void *res, void *data); + +static int regmap_detach_dev(struct device *dev, struct regmap *map) +{ + if (!dev) + return 0; + + return devres_release(dev, dev_get_regmap_release, + dev_get_regmap_match, (void *)map->name); +} + static enum regmap_endian regmap_get_reg_endian(const struct regmap_bus *bus, const struct regmap_config *config) { @@ -1445,6 +1456,7 @@ void regmap_exit(struct regmap *map) { struct regmap_async *async; + regmap_detach_dev(map->dev, map); regcache_exit(map); regmap_debugfs_exit(map); -- 2.47.0

1 month

2
1
0 0

[PATCH v3] regmap: detach regmap from dev on regmap_exit

by Cosmin Tanislav

At the end of __regmap_init(), if dev is not NULL, regmap_attach_dev() is called, which adds a devres reference to the regmap, to be able to retrieve a dev's regmap by name using dev_get_regmap(). When calling regmap_exit, the opposite does not happen, and the reference is kept until the dev is detached. Add a regmap_detach_dev() function, export it and call it in regmap_exit(), to make sure that the devres reference is not kept. Fixes: 72b39f6f2b5a ("regmap: Implement dev_get_regmap()") Signed-off-by: Cosmin Tanislav <demonsingur(a)gmail.com> --- V2: * switch to static function V3: * move inter-version changelog after --- drivers/base/regmap/regmap.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c index 53131a7ede0a6..e3e2afc2c83c6 100644 --- a/drivers/base/regmap/regmap.c +++ b/drivers/base/regmap/regmap.c @@ -598,6 +598,17 @@ int regmap_attach_dev(struct device *dev, struct regmap *map, } EXPORT_SYMBOL_GPL(regmap_attach_dev); +static int dev_get_regmap_match(struct device *dev, void *res, void *data); + +static int regmap_detach_dev(struct device *dev, struct regmap *map) +{ + if (!dev) + return 0; + + return devres_release(dev, dev_get_regmap_release, + dev_get_regmap_match, (void *)map->name); +} + static enum regmap_endian regmap_get_reg_endian(const struct regmap_bus *bus, const struct regmap_config *config) { @@ -1445,6 +1456,7 @@ void regmap_exit(struct regmap *map) { struct regmap_async *async; + regmap_detach_dev(map->dev, map); regcache_exit(map); regmap_debugfs_exit(map); -- 2.47.0

1 month

3
2
0 0

[PATCH 6.1 00/73] 6.1.119-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.119 release. There are 73 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 22 Nov 2024 12:57:58 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.119-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.119-rc1 Michal Luczaj <mhal(a)rbox.co> net: Make copy_safe_from_sockptr() match documentation Eli Billauer <eli.billauer(a)gmail.com> char: xillybus: Fix trivial bug with mutex Mikulas Patocka <mpatocka(a)redhat.com> parisc: fix a possible DMA corruption Damien Le Moal <dlemoal(a)kernel.org> null_blk: Fix return value of nullb_device_power_store() Yu Kuai <yukuai3(a)huawei.com> null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> null_blk: Remove usage of the deprecated ida_simple_xx() API Eli Billauer <eli.billauer(a)gmail.com> char: xillybus: Prevent use-after-free due to race condition Lin.Cao <lincao12(a)amd.com> drm/amd: check num of link levels when update pcie param Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: resolve faulty mmap_region() error path behaviour Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: unconditionally close VMAs on error Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: avoid unsafe VMA hook invocation when error arises on mmap hook Andrew Morton <akpm(a)linux-foundation.org> mm: revert "mm: shmem: fix data-race in shmem_getattr()" Wei Fang <wei.fang(a)nxp.com> net: fec: remove .ndo_poll_controller to avoid deadlocks Vladimir Oltean <vladimir.oltean(a)nxp.com> net/sched: taprio: extend minimum interval restriction to entire cycle too Chen Hanxiao <chenhx.fnst(a)fujitsu.com> ipvs: properly dereference pe in ip_vs_add_service Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: fix uninitialized values during inode evict Eric Dumazet <edumazet(a)google.com> nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies Eric Dumazet <edumazet(a)google.com> net: add copy_safe_from_sockptr() helper Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potencial out-of-bounds when buffer offset is invalid Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: use _rcu variant under rcu_read_lock Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: drop lookup_by_id in lookup_addr Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: hold pm lock when deleting entry Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: update local address flags when setting it Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add userspace_pm_lookup_addr_by_id helper Geliang Tang <geliang.tang(a)suse.com> mptcp: define more local variables sk Paolo Abeni <pabeni(a)redhat.com> mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never decrement pending_async_copies on error Chuck Lever <chuck.lever(a)oracle.com> NFSD: Initialize struct nfsd4_copy earlier Chuck Lever <chuck.lever(a)oracle.com> NFSD: Limit the number of concurrent async COPY operations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Async COPY result needs to return a write verifier Dai Ngo <dai.ngo(a)oracle.com> NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Dan Carpenter <dan.carpenter(a)linaro.org> cxl/pci: fix error code in __cxl_hdm_decode_init() Jiri Olsa <jolsa(a)kernel.org> lib/buildid: Fix build ID parsing logic Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix not validating setsockopt user input Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Additional check in ntfs_file_release Umang Jain <umang.jain(a)ideasonboard.com> staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Get the rid off struct vchiq_2835_state Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> drm/amd: Fix initialization mistake for NBIO 7.7.0 Francesco Dolcini <francesco.dolcini(a)toradex.com> drm/bridge: tc358768: Fix DSI command tx Andre Przywara <andre.przywara(a)arm.com> mmc: sunxi-mmc: Fix A100 compatible description Aurelien Jarno <aurelien(a)aurel32.net> Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix UBSAN warning in ocfs2_verify_volume() Maksym Glubokiy <maxgl.kernel(a)gmail.com> ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed Clevo platform headset Mic issue Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Sean Christopherson <seanjc(a)google.com> KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Sean Christopherson <seanjc(a)google.com> KVM: x86: Unconditionally set irr_pending when updating APICv state Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> ima: fix buffer overrun in ima_eventdigest_init_common Xiaoguang Wang <lege.wang(a)jaguarmicro.com> vp_vdpa: fix id_table array not null terminated error Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix PA offset with unaligned starting iotlb map Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: uncache inode which has failed entering the group Jinjiang Tu <tujinjiang(a)huawei.com> mm: fix NULL pointer dereference in alloc_pages_bulk_noprof Baoquan He <bhe(a)redhat.com> x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y Harith G <harith.g(a)alifsemi.com> ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels Hangbin Liu <liuhangbin(a)gmail.com> bonding: add ns target multicast address to slave device Wei Fang <wei.fang(a)nxp.com> samples: pktgen: correct dev to DEV Alexandre Ferrieux <alexandre.ferrieux(a)gmail.com> net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes. Pedro Tammela <pctammela(a)mojatatu.com> net/sched: cls_u32: replace int refcounts with proper refcounts Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix calling mgmt_device_connected Lukas Bulwahn <lukas.bulwahn(a)gmail.com> Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS Michal Luczaj <mhal(a)rbox.co> virtio/vsock: Fix accept_queue memory leak Moshe Shemesh <moshe(a)nvidia.com> net/mlx5e: CT: Fix null-ptr-deref in add rule err flow Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: kTLS, Fix incorrect page refcounting Mark Bloch <mbloch(a)nvidia.com> net/mlx5: fs, lock FTE when checking if active Paolo Abeni <pabeni(a)redhat.com> mptcp: error out earlier on disconnect Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop: Fix a dereferenced before check warning Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix tx_bytes calculation Jakub Kicinski <kuba(a)kernel.org> netlink: terminate outstanding dump on socket close ------------- Diffstat: Makefile | 4 +- arch/arm/kernel/head.S | 8 +- arch/arm/mm/mmu.c | 34 +++-- arch/arm64/include/asm/mman.h | 10 +- arch/parisc/Kconfig | 1 + arch/parisc/include/asm/cache.h | 11 +- arch/x86/kvm/lapic.c | 29 ++-- arch/x86/kvm/vmx/nested.c | 30 +++- arch/x86/kvm/vmx/vmx.c | 6 +- arch/x86/mm/ioremap.c | 6 +- drivers/block/null_blk/main.c | 45 ++++-- drivers/char/xillybus/xillybus_class.c | 7 +- drivers/char/xillybus/xillyusb.c | 22 ++- drivers/cxl/core/pci.c | 2 +- drivers/gpu/drm/amd/amdgpu/nbio_v7_7.c | 6 + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 3 + drivers/gpu/drm/bridge/tc358768.c | 21 ++- drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 8 +- drivers/media/dvb-core/dvbdev.c | 15 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sunxi-mmc.c | 6 +- drivers/net/bonding/bond_main.c | 16 +- drivers/net/bonding/bond_options.c | 82 ++++++++++- drivers/net/ethernet/freescale/fec_main.c | 26 ---- drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 2 +- .../ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 19 ++- drivers/net/ethernet/vertexcom/mse102x.c | 4 +- .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 25 +--- drivers/vdpa/mlx5/core/mr.c | 8 +- drivers/vdpa/virtio_pci/vp_vdpa.c | 10 +- fs/9p/vfs_inode.c | 23 +-- fs/nfsd/netns.h | 1 + fs/nfsd/nfs4proc.c | 36 +++-- fs/nfsd/nfs4state.c | 1 + fs/nfsd/xdr4.h | 1 + fs/nilfs2/btnode.c | 2 - fs/nilfs2/gcinode.c | 4 +- fs/nilfs2/mdt.c | 1 - fs/nilfs2/page.c | 2 +- fs/ntfs3/file.c | 12 +- fs/ocfs2/resize.c | 2 + fs/ocfs2/super.c | 13 +- fs/smb/server/smb2misc.c | 26 +++- fs/smb/server/smb2pdu.c | 48 +++--- include/linux/mman.h | 7 +- include/linux/sockptr.h | 27 ++++ include/net/bond_options.h | 2 + lib/buildid.c | 2 +- mm/internal.h | 19 +++ mm/mmap.c | 120 ++++++++------- mm/nommu.c | 9 +- mm/page_alloc.c | 3 +- mm/shmem.c | 5 - mm/util.c | 33 +++++ net/bluetooth/hci_core.c | 2 - net/bluetooth/hci_event.c | 163 --------------------- net/bluetooth/iso.c | 32 ++-- net/mptcp/pm_netlink.c | 15 +- net/mptcp/pm_userspace.c | 77 ++++++---- net/mptcp/protocol.c | 16 +- net/netfilter/ipvs/ip_vs_ctl.c | 10 +- net/netlink/af_netlink.c | 31 +--- net/netlink/af_netlink.h | 2 - net/nfc/llcp_sock.c | 12 +- net/sched/cls_u32.c | 54 ++++--- net/sched/sch_taprio.c | 10 +- net/vmw_vsock/virtio_transport_common.c | 8 + samples/pktgen/pktgen_sample01_simple.sh | 2 +- security/integrity/ima/ima_template_lib.c | 14 +- sound/pci/hda/patch_realtek.c | 3 + .../tc-testing/tc-tests/qdiscs/taprio.json | 22 +++ 72 files changed, 763 insertions(+), 587 deletions(-)

1 month

14
90
0 0

[PATCH AUTOSEL 4.19 01/21] drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()

by Sasha Levin

From: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> [ Upstream commit a1e2da6a5072f8abe5b0feaa91a5bcd9dc544a04 ] It is possible, although unlikely, that an integer overflow will occur when the result of radeon_get_ib_value() is shifted to the left. Avoid it by casting one of the operands to larger data type (u64). Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Signed-off-by: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/radeon/r600_cs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/radeon/r600_cs.c b/drivers/gpu/drm/radeon/r600_cs.c index b6bdfb3f4a7f7..580ca4f753531 100644 --- a/drivers/gpu/drm/radeon/r600_cs.c +++ b/drivers/gpu/drm/radeon/r600_cs.c @@ -2104,7 +2104,7 @@ static int r600_packet3_check(struct radeon_cs_parser *p, return -EINVAL; } - offset = radeon_get_ib_value(p, idx+1) << 8; + offset = (u64)radeon_get_ib_value(p, idx+1) << 8; if (offset != track->vgt_strmout_bo_offset[idx_value]) { DRM_ERROR("bad STRMOUT_BASE_UPDATE, bo offset does not match: 0x%llx, 0x%x\n", offset, track->vgt_strmout_bo_offset[idx_value]); -- 2.43.0

1 month

2
21
0 0

[PATCH 0/9] media: uvcvideo: Implement Granular Power Saving

by Ricardo Ribalda

Right now we power-up the device when a user open() the device and we power it off when the last user close() the first video node. This behaviour affects the power consumption of the device is multiple use cases, such as: - Polling the privacy gpio - udev probing the device This patchset introduces a more granular power saving behaviour where the camera is only awaken when needed. It is compatible with asynchronous controls. While developing this patchset, two bugs were found. The patchset has been developed so these fixes can be taken independently. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Ricardo Ribalda (9): media: uvcvideo: Do not set an async control owned by other fh media: uvcvideo: Remove dangling pointers media: uvcvideo: Keep streaming state in the file handle media: uvcvideo: Move usb_autopm_(get|put)_interface to status_get media: uvcvideo: Add a uvc_status guard media: uvcvideo: Increase/decrease the PM counter per IOCTL media: uvcvideo: Make power management granular media: uvcvideo: Do not turn on the camera for some ioctls media: uvcvideo: Remove duplicated cap/out code drivers/media/usb/uvc/uvc_ctrl.c | 52 +++++++++- drivers/media/usb/uvc/uvc_status.c | 38 +++++++- drivers/media/usb/uvc/uvc_v4l2.c | 190 +++++++++++++++---------------------- drivers/media/usb/uvc/uvcvideo.h | 6 ++ 4 files changed, 166 insertions(+), 120 deletions(-) --- base-commit: 72ad4ff638047bbbdf3232178fea4bec1f429319 change-id: 20241126-uvc-granpower-ng-069185a6d474 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 month

2
4
0 0

[PATCH AUTOSEL 5.10 1/6] media: v4l: Add luma 16-bit interlaced pixel format

by Sasha Levin

From: Dmitry Perchanov <dmitry.perchanov(a)intel.com> [ Upstream commit a8f2cdd27d114ed6c3354a0e39502e6d56215804 ] The formats added by this patch are: V4L2_PIX_FMT_Y16I Interlaced lumina format primary use in RealSense Depth cameras with stereo stream for left and right image sensors. Signed-off-by: Dmitry Perchanov <dmitry.perchanov(a)intel.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Link: https://lore.kernel.org/r/568efbd75290e286b8ad9e7347b5f43745121020.camel@in… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../userspace-api/media/v4l/pixfmt-y16i.rst | 73 +++++++++++++++++++ .../userspace-api/media/v4l/yuv-formats.rst | 1 + drivers/media/v4l2-core/v4l2-ioctl.c | 1 + include/uapi/linux/videodev2.h | 1 + 4 files changed, 76 insertions(+) create mode 100644 Documentation/userspace-api/media/v4l/pixfmt-y16i.rst diff --git a/Documentation/userspace-api/media/v4l/pixfmt-y16i.rst b/Documentation/userspace-api/media/v4l/pixfmt-y16i.rst new file mode 100644 index 0000000000000..74ba9e910a38f --- /dev/null +++ b/Documentation/userspace-api/media/v4l/pixfmt-y16i.rst @@ -0,0 +1,73 @@ +.. SPDX-License-Identifier: GFDL-1.1-no-invariants-or-later + +.. _V4L2-PIX-FMT-Y16I: + +************************** +V4L2_PIX_FMT_Y16I ('Y16I') +************************** + +Interleaved grey-scale image, e.g. from a stereo-pair + + +Description +=========== + +This is a grey-scale image with a depth of 16 bits per pixel, but with pixels +from 2 sources interleaved and unpacked. Each pixel is stored in a 16-bit word +in the little-endian order. The first pixel is from the left source. + +**Pixel unpacked representation.** +Left/Right pixels 16-bit unpacked - 16-bit for each interleaved pixel. + +.. flat-table:: + :header-rows: 0 + :stub-columns: 0 + + * - Y'\ :sub:`0L[7:0]` + - Y'\ :sub:`0L[15:8]` + - Y'\ :sub:`0R[7:0]` + - Y'\ :sub:`0R[15:8]` + +**Byte Order.** +Each cell is one byte. + +.. flat-table:: + :header-rows: 0 + :stub-columns: 0 + + * - start + 0: + - Y'\ :sub:`00Llow` + - Y'\ :sub:`00Lhigh` + - Y'\ :sub:`00Rlow` + - Y'\ :sub:`00Rhigh` + - Y'\ :sub:`01Llow` + - Y'\ :sub:`01Lhigh` + - Y'\ :sub:`01Rlow` + - Y'\ :sub:`01Rhigh` + * - start + 8: + - Y'\ :sub:`10Llow` + - Y'\ :sub:`10Lhigh` + - Y'\ :sub:`10Rlow` + - Y'\ :sub:`10Rhigh` + - Y'\ :sub:`11Llow` + - Y'\ :sub:`11Lhigh` + - Y'\ :sub:`11Rlow` + - Y'\ :sub:`11Rhigh` + * - start + 16: + - Y'\ :sub:`20Llow` + - Y'\ :sub:`20Lhigh` + - Y'\ :sub:`20Rlow` + - Y'\ :sub:`20Rhigh` + - Y'\ :sub:`21Llow` + - Y'\ :sub:`21Lhigh` + - Y'\ :sub:`21Rlow` + - Y'\ :sub:`21Rhigh` + * - start + 24: + - Y'\ :sub:`30Llow` + - Y'\ :sub:`30Lhigh` + - Y'\ :sub:`30Rlow` + - Y'\ :sub:`30Rhigh` + - Y'\ :sub:`31Llow` + - Y'\ :sub:`31Lhigh` + - Y'\ :sub:`31Rlow` + - Y'\ :sub:`31Rhigh` diff --git a/Documentation/userspace-api/media/v4l/yuv-formats.rst b/Documentation/userspace-api/media/v4l/yuv-formats.rst index 4a05a105a9e6c..d49e47137466b 100644 --- a/Documentation/userspace-api/media/v4l/yuv-formats.rst +++ b/Documentation/userspace-api/media/v4l/yuv-formats.rst @@ -35,6 +35,7 @@ to brightness information. pixfmt-y16-be pixfmt-y8i pixfmt-y12i + pixfmt-y16i pixfmt-uv8 pixfmt-yuyv pixfmt-uyvy diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c index 6d6d30dbbe68b..97f61e564babf 100644 --- a/drivers/media/v4l2-core/v4l2-ioctl.c +++ b/drivers/media/v4l2-core/v4l2-ioctl.c @@ -1303,6 +1303,7 @@ static void v4l_fill_fmtdesc(struct v4l2_fmtdesc *fmt) case V4L2_PIX_FMT_Y10P: descr = "10-bit Greyscale (MIPI Packed)"; break; case V4L2_PIX_FMT_Y8I: descr = "Interleaved 8-bit Greyscale"; break; case V4L2_PIX_FMT_Y12I: descr = "Interleaved 12-bit Greyscale"; break; + case V4L2_PIX_FMT_Y16I: descr = "Interleaved 16-bit Greyscale"; break; case V4L2_PIX_FMT_Z16: descr = "16-bit Depth"; break; case V4L2_PIX_FMT_INZI: descr = "Planar 10:16 Greyscale Depth"; break; case V4L2_PIX_FMT_CNF4: descr = "4-bit Depth Confidence (Packed)"; break; diff --git a/include/uapi/linux/videodev2.h b/include/uapi/linux/videodev2.h index 1bbd81f031fe0..579beac6f4754 100644 --- a/include/uapi/linux/videodev2.h +++ b/include/uapi/linux/videodev2.h @@ -735,6 +735,7 @@ struct v4l2_pix_format { #define V4L2_PIX_FMT_S5C_UYVY_JPG v4l2_fourcc('S', '5', 'C', 'I') /* S5C73M3 interleaved UYVY/JPEG */ #define V4L2_PIX_FMT_Y8I v4l2_fourcc('Y', '8', 'I', ' ') /* Greyscale 8-bit L/R interleaved */ #define V4L2_PIX_FMT_Y12I v4l2_fourcc('Y', '1', '2', 'I') /* Greyscale 12-bit L/R interleaved */ +#define V4L2_PIX_FMT_Y16I v4l2_fourcc('Y', '1', '6', 'I') /* Greyscale 16-bit L/R interleaved */ #define V4L2_PIX_FMT_Z16 v4l2_fourcc('Z', '1', '6', ' ') /* Depth data 16-bit */ #define V4L2_PIX_FMT_MT21C v4l2_fourcc('M', 'T', '2', '1') /* Mediatek compressed block mode */ #define V4L2_PIX_FMT_INZI v4l2_fourcc('I', 'N', 'Z', 'I') /* Intel Planar Greyscale 10-bit and Depth 16-bit */ -- 2.43.0

1 month

2
7
0 0

[PATCH v3 0/8] media: uvcvideo: Implement the Privacy GPIO as a evdev

by Ricardo Ribalda

Some notebooks have a button to disable the camera (not to be mistaken with the mechanical cover). This is a standard GPIO linked to the camera via the ACPI table. 4 years ago we added support for this button in UVC via the Privacy control. This has three issues: - If the camera has its own privacy control, it will be masked. - We need to power-up the camera to read the privacy control gpio. - Other drivers have not followed this approach and have used evdev. We tried to fix the power-up issues implementing "granular power saving" but it has been more complicated than anticipated... This patchset implements the Privacy GPIO as a evdev. The first patch of this set is already in Laurent's tree... but I include it to get some CI coverage. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Changes in v3: - CodeStyle (Thanks Sakari) - Re-implement as input device - Make the code depend on UVC_INPUT_EVDEV - Link to v2: https://lore.kernel.org/r/20241108-uvc-subdev-v2-0-85d8a051a3d3@chromium.org Changes in v2: - Rebase on top of https://patchwork.linuxtv.org/project/linux-media/patch/20241106-uvc-crashr… - Create uvc_gpio_cleanup and uvc_gpio_deinit - Refactor quirk: do not disable irq - Change define number for MEDIA_ENT_F_GPIO - Link to v1: https://lore.kernel.org/r/20241031-uvc-subdev-v1-0-a68331cedd72@chromium.org --- Ricardo Ribalda (8): media: uvcvideo: Fix crash during unbind if gpio unit is in use media: uvcvideo: Factor out gpio functions to its own file media: uvcvideo: Re-implement privacy GPIO as an input device Revert "media: uvcvideo: Allow entity-defined get_info and get_cur" media: uvcvideo: Create ancillary link for GPIO subdevice media: v4l2-core: Add new MEDIA_ENT_F_GPIO media: uvcvideo: Use MEDIA_ENT_F_GPIO for the GPIO entity media: uvcvideo: Introduce UVC_QUIRK_PRIVACY_DURING_STREAM .../userspace-api/media/mediactl/media-types.rst | 4 + drivers/media/usb/uvc/Kconfig | 2 +- drivers/media/usb/uvc/Makefile | 3 + drivers/media/usb/uvc/uvc_ctrl.c | 40 +----- drivers/media/usb/uvc/uvc_driver.c | 112 +--------------- drivers/media/usb/uvc/uvc_entity.c | 21 ++- drivers/media/usb/uvc/uvc_gpio.c | 144 +++++++++++++++++++++ drivers/media/usb/uvc/uvc_status.c | 13 +- drivers/media/usb/uvc/uvc_video.c | 4 + drivers/media/usb/uvc/uvcvideo.h | 31 +++-- drivers/media/v4l2-core/v4l2-async.c | 3 +- include/uapi/linux/media.h | 1 + 12 files changed, 223 insertions(+), 155 deletions(-) --- base-commit: 1b3bb4d69f20be5931abc18a6dbc24ff687fa780 change-id: 20241030-uvc-subdev-89f4467a00b5 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 month

3
17
0 0

[PATCH AUTOSEL 5.10 1/2] uprobes: sanitiize xol_free_insn_slot()

by Sasha Levin

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit c7b4133c48445dde789ed30b19ccb0448c7593f7 ] 1. Clear utask->xol_vaddr unconditionally, even if this addr is not valid, xol_free_insn_slot() should never return with utask->xol_vaddr != NULL. 2. Add a comment to explain why do we need to validate slot_addr. 3. Simplify the validation above. We can simply check offset < PAGE_SIZE, unsigned underflows are fine, it should work if slot_addr < area->vaddr. 4. Kill the unnecessary "slot_nr >= UINSNS_PER_PAGE" check, slot_nr must be valid if offset < PAGE_SIZE. The next patches will cleanup this function even more. Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Link: https://lore.kernel.org/r/20240929144235.GA9471@redhat.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/events/uprobes.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 1ea2c1f311261..220d5f4a57e6b 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1634,8 +1634,8 @@ static unsigned long xol_get_insn_slot(struct uprobe *uprobe) static void xol_free_insn_slot(struct task_struct *tsk) { struct xol_area *area; - unsigned long vma_end; unsigned long slot_addr; + unsigned long offset; if (!tsk->mm || !tsk->mm->uprobes_state.xol_area || !tsk->utask) return; @@ -1644,24 +1644,21 @@ static void xol_free_insn_slot(struct task_struct *tsk) if (unlikely(!slot_addr)) return; + tsk->utask->xol_vaddr = 0; area = tsk->mm->uprobes_state.xol_area; - vma_end = area->vaddr + PAGE_SIZE; - if (area->vaddr <= slot_addr && slot_addr < vma_end) { - unsigned long offset; - int slot_nr; - - offset = slot_addr - area->vaddr; - slot_nr = offset / UPROBE_XOL_SLOT_BYTES; - if (slot_nr >= UINSNS_PER_PAGE) - return; + offset = slot_addr - area->vaddr; + /* + * slot_addr must fit into [area->vaddr, area->vaddr + PAGE_SIZE). + * This check can only fail if the "[uprobes]" vma was mremap'ed. + */ + if (offset < PAGE_SIZE) { + int slot_nr = offset / UPROBE_XOL_SLOT_BYTES; clear_bit(slot_nr, area->bitmap); atomic_dec(&area->slot_count); smp_mb__after_atomic(); /* pairs with prepare_to_wait() */ if (waitqueue_active(&area->wq)) wake_up(&area->wq); - - tsk->utask->xol_vaddr = 0; } } -- 2.43.0

1 month

2
2
0 0

[PATCH AUTOSEL 5.10 1/5] s390/cpum_sf: Handle CPU hotplug remove during sampling

by Sasha Levin

From: Thomas Richter <tmricht(a)linux.ibm.com> [ Upstream commit a0bd7dacbd51c632b8e2c0500b479af564afadf3 ] CPU hotplug remove handling triggers the following function call sequence: CPUHP_AP_PERF_S390_SF_ONLINE --> s390_pmu_sf_offline_cpu() ... CPUHP_AP_PERF_ONLINE --> perf_event_exit_cpu() The s390 CPUMF sampling CPU hotplug handler invokes: s390_pmu_sf_offline_cpu() +--> cpusf_pmu_setup() +--> setup_pmc_cpu() +--> deallocate_buffers() This function de-allocates all sampling data buffers (SDBs) allocated for that CPU at event initialization. It also clears the PMU_F_RESERVED bit. The CPU is gone and can not be sampled. With the event still being active on the removed CPU, the CPU event hotplug support in kernel performance subsystem triggers the following function calls on the removed CPU: perf_event_exit_cpu() +--> perf_event_exit_cpu_context() +--> __perf_event_exit_context() +--> __perf_remove_from_context() +--> event_sched_out() +--> cpumsf_pmu_del() +--> cpumsf_pmu_stop() +--> hw_perf_event_update() to stop and remove the event. During removal of the event, the sampling device driver tries to read out the remaining samples from the sample data buffers (SDBs). But they have already been freed (and may have been re-assigned). This may lead to a use after free situation in which case the samples are most likely invalid. In the best case the memory has not been reassigned and still contains valid data. Remedy this situation and check if the CPU is still in reserved state (bit PMU_F_RESERVED set). In this case the SDBs have not been released an contain valid data. This is always the case when the event is removed (and no CPU hotplug off occured). If the PMU_F_RESERVED bit is not set, the SDB buffers are gone. Signed-off-by: Thomas Richter <tmricht(a)linux.ibm.com> Reviewed-by: Hendrik Brueckner <brueckner(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/s390/kernel/perf_cpum_sf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/s390/kernel/perf_cpum_sf.c b/arch/s390/kernel/perf_cpum_sf.c index a9e05f4d0a483..fc45f123f3bdc 100644 --- a/arch/s390/kernel/perf_cpum_sf.c +++ b/arch/s390/kernel/perf_cpum_sf.c @@ -1896,7 +1896,9 @@ static void cpumsf_pmu_stop(struct perf_event *event, int flags) event->hw.state |= PERF_HES_STOPPED; if ((flags & PERF_EF_UPDATE) && !(event->hw.state & PERF_HES_UPTODATE)) { - hw_perf_event_update(event, 1); + /* CPU hotplug off removes SDBs. No samples to extract. */ + if (cpuhw->flags & PMU_F_RESERVED) + hw_perf_event_update(event, 1); event->hw.state |= PERF_HES_UPTODATE; } perf_pmu_enable(event->pmu); -- 2.43.0

1 month

2
5
0 0

[PATCH AUTOSEL 4.19 1/2] s390/cpum_sf: Handle CPU hotplug remove during sampling

by Sasha Levin

From: Thomas Richter <tmricht(a)linux.ibm.com> [ Upstream commit a0bd7dacbd51c632b8e2c0500b479af564afadf3 ] CPU hotplug remove handling triggers the following function call sequence: CPUHP_AP_PERF_S390_SF_ONLINE --> s390_pmu_sf_offline_cpu() ... CPUHP_AP_PERF_ONLINE --> perf_event_exit_cpu() The s390 CPUMF sampling CPU hotplug handler invokes: s390_pmu_sf_offline_cpu() +--> cpusf_pmu_setup() +--> setup_pmc_cpu() +--> deallocate_buffers() This function de-allocates all sampling data buffers (SDBs) allocated for that CPU at event initialization. It also clears the PMU_F_RESERVED bit. The CPU is gone and can not be sampled. With the event still being active on the removed CPU, the CPU event hotplug support in kernel performance subsystem triggers the following function calls on the removed CPU: perf_event_exit_cpu() +--> perf_event_exit_cpu_context() +--> __perf_event_exit_context() +--> __perf_remove_from_context() +--> event_sched_out() +--> cpumsf_pmu_del() +--> cpumsf_pmu_stop() +--> hw_perf_event_update() to stop and remove the event. During removal of the event, the sampling device driver tries to read out the remaining samples from the sample data buffers (SDBs). But they have already been freed (and may have been re-assigned). This may lead to a use after free situation in which case the samples are most likely invalid. In the best case the memory has not been reassigned and still contains valid data. Remedy this situation and check if the CPU is still in reserved state (bit PMU_F_RESERVED set). In this case the SDBs have not been released an contain valid data. This is always the case when the event is removed (and no CPU hotplug off occured). If the PMU_F_RESERVED bit is not set, the SDB buffers are gone. Signed-off-by: Thomas Richter <tmricht(a)linux.ibm.com> Reviewed-by: Hendrik Brueckner <brueckner(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/s390/kernel/perf_cpum_sf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/s390/kernel/perf_cpum_sf.c b/arch/s390/kernel/perf_cpum_sf.c index c7f94b5d93968..e51babd0bbc10 100644 --- a/arch/s390/kernel/perf_cpum_sf.c +++ b/arch/s390/kernel/perf_cpum_sf.c @@ -1772,7 +1772,9 @@ static void cpumsf_pmu_stop(struct perf_event *event, int flags) event->hw.state |= PERF_HES_STOPPED; if ((flags & PERF_EF_UPDATE) && !(event->hw.state & PERF_HES_UPTODATE)) { - hw_perf_event_update(event, 1); + /* CPU hotplug off removes SDBs. No samples to extract. */ + if (cpuhw->flags & PMU_F_RESERVED) + hw_perf_event_update(event, 1); event->hw.state |= PERF_HES_UPTODATE; } perf_pmu_enable(event->pmu); -- 2.43.0

1 month

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2024