February 2024 - Linux-stable-mirror

[PATCH v3] usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group

by RD Babiera

The DisplayPort driver's sysfs nodes may be present to the userspace before typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns NULL in those cases. Remove manual sysfs node creation in favor of adding attribute group as default for devices bound to the driver. The ATTRIBUTE_GROUPS() macro is not used here otherwise the path to the sysfs nodes is no longer compliant with the ABI. Fixes: 0e3bb7d6894d ("usb: typec: Add driver for DisplayPort alternate mode") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> --- Changes from v1: * Moved sysfs node creation instead of NULL checking dev_get_drvdata(). Changes from v2: * Removed manual sysfs node creation, now added as default device group in driver. --- drivers/usb/typec/altmodes/displayport.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/usb/typec/altmodes/displayport.c b/drivers/usb/typec/altmodes/displayport.c index 5a80776c7255..94e1b43a862d 100644 --- a/drivers/usb/typec/altmodes/displayport.c +++ b/drivers/usb/typec/altmodes/displayport.c @@ -702,16 +702,21 @@ static ssize_t hpd_show(struct device *dev, struct device_attribute *attr, char } static DEVICE_ATTR_RO(hpd); -static struct attribute *dp_altmode_attrs[] = { +static struct attribute *displayport_attrs[] = { &dev_attr_configuration.attr, &dev_attr_pin_assignment.attr, &dev_attr_hpd.attr, NULL }; -static const struct attribute_group dp_altmode_group = { +static const struct attribute_group displayport_group = { .name = "displayport", - .attrs = dp_altmode_attrs, + .attrs = displayport_attrs, +}; + +static const struct attribute_group *displayport_groups[] = { + &displayport_group, + NULL, }; int dp_altmode_probe(struct typec_altmode *alt) @@ -720,7 +725,6 @@ int dp_altmode_probe(struct typec_altmode *alt) struct typec_altmode *plug = typec_altmode_get_plug(alt, TYPEC_PLUG_SOP_P); struct fwnode_handle *fwnode; struct dp_altmode *dp; - int ret; /* FIXME: Port can only be DFP_U. */ @@ -731,10 +735,6 @@ int dp_altmode_probe(struct typec_altmode *alt) DP_CAP_PIN_ASSIGN_DFP_D(alt->vdo))) return -ENODEV; - ret = sysfs_create_group(&alt->dev.kobj, &dp_altmode_group); - if (ret) - return ret; - dp = devm_kzalloc(&alt->dev, sizeof(*dp), GFP_KERNEL); if (!dp) return -ENOMEM; @@ -777,7 +777,6 @@ void dp_altmode_remove(struct typec_altmode *alt) { struct dp_altmode *dp = typec_altmode_get_drvdata(alt); - sysfs_remove_group(&alt->dev.kobj, &dp_altmode_group); cancel_work_sync(&dp->work); typec_altmode_put_plug(dp->plug_prime); @@ -803,6 +802,7 @@ static struct typec_altmode_driver dp_altmode_driver = { .driver = { .name = "typec_displayport", .owner = THIS_MODULE, + .dev_groups = displayport_groups, }, }; module_typec_altmode_driver(dp_altmode_driver); base-commit: a560a5672826fc1e057068bda93b3d4c98d037a2 -- 2.44.0.rc1.240.g4c46232300-goog

11 months, 3 weeks

2
1
0 0

[PATCH v2] usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices

by Badhri Jagan Sridharan

While commit 69f89168b310 ("usb: typec: tpcm: Fix issues with power being removed during reset") fixes the boot issues for bus powered devices such as LibreTech Renegade Elite/Firefly, it trades off the CC pins NOT being Hi-Zed during errory recovery (i.e PORT_RESET) for devices which are NOT bus powered(a.k.a self powered). This change Hi-Zs the CC pins only for self powered devices, thus preventing brown out for bus powered devices Adhering to spec is gaining more importance due to the Common charger initiative enforced by the European Union. Quoting from the spec: 4.5.2.2.2.1 ErrorRecovery State Requirements The port shall not drive VBUS or VCONN, and shall present a high-impedance to ground (above zOPEN) on its CC1 and CC2 pins. Hi-Zing the CC pins is the inteded behavior for PORT_RESET. CC pins are set to default state after tErrorRecovery in PORT_RESET_WAIT_OFF. 4.5.2.2.2.2 Exiting From ErrorRecovery State A Sink shall transition to Unattached.SNK after tErrorRecovery. A Source shall transition to Unattached.SRC after tErrorRecovery. Fixes: 69f89168b310 ("usb: typec: tpcm: Fix issues with power being removed during reset") Cc: stable(a)vger.kernel.org Cc: Mark Brown <broonie(a)kernel.org> Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- Changes since V1: * Fix CC for linux stable --- drivers/usb/typec/tcpm/tcpm.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index c9a78f55ca48..bbe1381232eb 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5593,8 +5593,11 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); - tcpm_set_cc(port, tcpm_default_state(port) == SNK_UNATTACHED ? - TYPEC_CC_RD : tcpm_rp_cc(port)); + if (port->self_powered) + tcpm_set_cc(port, TYPEC_CC_OPEN); + else + tcpm_set_cc(port, tcpm_default_state(port) == SNK_UNATTACHED ? + TYPEC_CC_RD : tcpm_rp_cc(port)); tcpm_set_state(port, PORT_RESET_WAIT_OFF, PD_T_ERROR_RECOVERY); break; base-commit: a560a5672826fc1e057068bda93b3d4c98d037a2 -- 2.44.0.rc1.240.g4c46232300-goog

11 months, 3 weeks

3
2
0 0

[PATCH AUTOSEL 5.15 1/9] RDMA/mlx5: Fix fortify source warning while accessing Eth segment

by Sasha Levin

From: Leon Romanovsky <leonro(a)nvidia.com> [ Upstream commit 4d5e86a56615cc387d21c629f9af8fb0e958d350 ] ------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2) WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy [last unloaded: mlx_compat(OE)] CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7 RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8 R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80 FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? show_regs+0x72/0x90 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] ? __warn+0x8d/0x160 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] ? report_bug+0x1bb/0x1d0 ? handle_bug+0x46/0x90 ? exc_invalid_op+0x19/0x80 ? asm_exc_invalid_op+0x1b/0x20 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib] ipoib_send+0x2ec/0x770 [ib_ipoib] ipoib_start_xmit+0x5a0/0x770 [ib_ipoib] dev_hard_start_xmit+0x8e/0x1e0 ? validate_xmit_skb_list+0x4d/0x80 sch_direct_xmit+0x116/0x3a0 __dev_xmit_skb+0x1fd/0x580 __dev_queue_xmit+0x284/0x6b0 ? _raw_spin_unlock_irq+0xe/0x50 ? __flush_work.isra.0+0x20d/0x370 ? push_pseudo_header+0x17/0x40 [ib_ipoib] neigh_connected_output+0xcd/0x110 ip_finish_output2+0x179/0x480 ? __smp_call_single_queue+0x61/0xa0 __ip_finish_output+0xc3/0x190 ip_finish_output+0x2e/0xf0 ip_output+0x78/0x110 ? __pfx_ip_finish_output+0x10/0x10 ip_local_out+0x64/0x70 __ip_queue_xmit+0x18a/0x460 ip_queue_xmit+0x15/0x30 __tcp_transmit_skb+0x914/0x9c0 tcp_write_xmit+0x334/0x8d0 tcp_push_one+0x3c/0x60 tcp_sendmsg_locked+0x2e1/0xac0 tcp_sendmsg+0x2d/0x50 inet_sendmsg+0x43/0x90 sock_sendmsg+0x68/0x80 sock_write_iter+0x93/0x100 vfs_write+0x326/0x3c0 ksys_write+0xbd/0xf0 ? do_syscall_64+0x69/0x90 __x64_sys_write+0x19/0x30 do_syscall_64+0x59/0x90 ? do_user_addr_fault+0x1d0/0x640 ? exit_to_user_mode_prepare+0x3b/0xd0 ? irqentry_exit_to_user_mode+0x9/0x20 ? irqentry_exit+0x43/0x50 ? exc_page_fault+0x92/0x1b0 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7fc03ad14a37 Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 RSP: 002b:00007ffdf8697fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000008024 RCX: 00007fc03ad14a37 RDX: 0000000000008024 RSI: 0000556f46bd8270 RDI: 0000000000000003 RBP: 0000556f46bb1800 R08: 0000000000007fe3 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 0000556f46bc66b0 R14: 000000000000000a R15: 0000556f46bb2f50 </TASK> ---[ end trace 0000000000000000 ]--- Link: https://lore.kernel.org/r/8228ad34bd1a25047586270f7b1fb4ddcd046282.17064339… Signed-off-by: Leon Romanovsky <leonro(a)nvidia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/mlx5/wr.c | 2 +- include/linux/mlx5/qp.h | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/hw/mlx5/wr.c b/drivers/infiniband/hw/mlx5/wr.c index 8841620af82f1..b81d282fb0d52 100644 --- a/drivers/infiniband/hw/mlx5/wr.c +++ b/drivers/infiniband/hw/mlx5/wr.c @@ -128,7 +128,7 @@ static void set_eth_seg(const struct ib_send_wr *wr, struct mlx5_ib_qp *qp, */ copysz = min_t(u64, *cur_edge - (void *)eseg->inline_hdr.start, left); - memcpy(eseg->inline_hdr.start, pdata, copysz); + memcpy(eseg->inline_hdr.data, pdata, copysz); stride = ALIGN(sizeof(struct mlx5_wqe_eth_seg) - sizeof(eseg->inline_hdr.start) + copysz, 16); *size += stride / 16; diff --git a/include/linux/mlx5/qp.h b/include/linux/mlx5/qp.h index 61e48d459b23c..693d758f2f1c9 100644 --- a/include/linux/mlx5/qp.h +++ b/include/linux/mlx5/qp.h @@ -261,7 +261,10 @@ struct mlx5_wqe_eth_seg { union { struct { __be16 sz; - u8 start[2]; + union { + u8 start[2]; + DECLARE_FLEX_ARRAY(u8, data); + }; } inline_hdr; struct { __be16 type; -- 2.43.0

11 months, 3 weeks

2
9
0 0

[PATCH v2 0/7] sparc32: build fixes for all{yes,mod}config builds

by Sam Ravnborg via B4 Relay

This is a small set of patches that address build breakage with allyesconfig / allmodconfig. This solves some, but not all, build breakage. The parport fix depends on the previous patch, the rest are independent fixes. With v2 there is a extra patch that drops ZONE_DMA support. It does not fix any build failure, but a nice cleanup. Cc: Miquel Raynal <miquel.raynal(a)bootlin.com> To: Maciej W. Rozycki <macro(a)orcam.me.uk> To: <sparclinux(a)vger.kernel.org> Cc: <linux-parport(a)lists.infradead.org> Cc: David S. Miller <davem(a)davemloft.net> To: Andreas Larsson <andreas(a)gaisler.com> To: Randy Dunlap <rdunlap(a)infradead.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: <linux-kernel(a)vger.kernel.org> Changes in v2: - Added r-b/tested by (thanks to Randy and Maciej) - Dropped patch for uhci-grlib.c as it is already upstream (Randy) - Added a few Fixes (Maciej) - Fixed commit message when dropping GENERIC_ISA_DMA (Maciej) - Added new patch that drop ZONE_DMA (Maciej) - Added new patch to fix section mismatch error In an allmodconfig build I see a lot of: modpost: "__udelay" [module] has no CRC! Similar for a handful of other symbols. Any hint how to get rid of them would be nice. I have tried to add the prototype to asm-prototypes.h with no luck. On top of this the link fails, but I assume this the kernel that grows too big which is no surprise. - Link to v1: https://lore.kernel.org/r/20240223-sam-fix-sparc32-all-builds-v1-0-5c60fd5c… --- Sam Ravnborg (7): sparc32: Use generic cmpdi2/ucmpdi2 variants sparc32: Fix build with trapbase mtd: maps: sun_uflash: Declare uflash_devinit static sparc32: Do not select ZONE_DMA sparc32: Do not select GENERIC_ISA_DMA sparc32: Fix parport build with sparc32 sparc32: Fix section mismatch in leon_pci_grpci arch/sparc/Kconfig | 7 +- arch/sparc/include/asm/parport.h | 259 +----------------------------------- arch/sparc/include/asm/parport_64.h | 256 +++++++++++++++++++++++++++++++++++ arch/sparc/kernel/irq_32.c | 6 +- arch/sparc/kernel/kernel.h | 8 +- arch/sparc/kernel/kgdb_32.c | 4 +- arch/sparc/kernel/leon_pci_grpci1.c | 2 +- arch/sparc/kernel/leon_pci_grpci2.c | 2 +- arch/sparc/kernel/leon_smp.c | 6 +- arch/sparc/kernel/setup_32.c | 4 +- arch/sparc/lib/Makefile | 4 +- arch/sparc/lib/cmpdi2.c | 28 ---- arch/sparc/lib/ucmpdi2.c | 20 --- arch/sparc/mm/srmmu.c | 1 - drivers/mtd/maps/sun_uflash.c | 2 +- 15 files changed, 284 insertions(+), 325 deletions(-) --- base-commit: 626db6ee8ee1edac206610db407114aa83b53fd3 change-id: 20240223-sam-fix-sparc32-all-builds-0a0403d6e1b3 Best regards, -- Sam Ravnborg <sam(a)ravnborg.org>

11 months, 4 weeks

4
4
0 0

[PATCH 6.1 000/219] 6.1.77-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.77 release. There are 219 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 05 Feb 2024 03:51:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.77-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.77-rc1 Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: remove print in bond_verify_device_path Praveen Kaligineedi <pkaligineedi(a)google.com> gve: Fix use-after-free vulnerability Huacai Chen <chenhuacai(a)kernel.org> LoongArch/smp: Call rcutree_report_cpu_starting() at tlb_init() Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/dsi: Enable runtime PM Jonathan Gray <jsg(a)jsg.id.au> Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again" Marco Elver <elver(a)google.com> mm, kmsan: fix infinite recursion due to RCU critical section Huang Shijie <shijie(a)os.amperecomputing.com> arm64: irq: set the correct node for shadow call stack Benjamin Poirier <bpoirier(a)nvidia.com> selftests: bonding: Check initial state Benjamin Poirier <bpoirier(a)nvidia.com> selftests: team: Add missing config options Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path Paolo Abeni <pabeni(a)redhat.com> selftests: net: fix available tunnels detection Eric Dumazet <edumazet(a)google.com> af_unix: fix lockdep positive in sk_diag_dump_icons() Zhipeng Lu <alexious(a)zju.edu.cn> net: ipv4: fix a memleak in ip_setup_cork Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV Ryan Schaefer <ryanschf(a)amazon.com> netfilter: conntrack: correct window scaling with retransmitted SYN Matthias May <Matthias.May(a)westermo.com> selftests: net: add missing config for GENEVE Linus Lüssing <linus.luessing(a)c0d3.blue> bridge: mcast: fix disabled snooping after long uptime Eric Dumazet <edumazet(a)google.com> llc: call sock_orphan() at release time Helge Deller <deller(a)kernel.org> ipv6: Ensure natural alignment of const ipv6 loopback and router addresses Michal Vokáč <michal.vokac(a)ysoft.com> net: dsa: qca8k: fix illegal usage of GPIO Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor overtemp event handling Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor returning internal error codes Eric Dumazet <edumazet(a)google.com> tcp: add sanity checks to rx zerocopy Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix port configuration when using SGMII interface Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipmr: fix kernel panic when forwarding mcast packets Eric Dumazet <edumazet(a)google.com> ipv4: raw: add drop reasons Eric Dumazet <edumazet(a)google.com> ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() Paolo Abeni <pabeni(a)redhat.com> selftests: net: give more time for GRO aggregation Su Hui <suhui(a)nfschina.com> HID: hidraw: fix a problem of memory leak in hidraw_release() Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Romain Naour <romain.naour(a)skf.com> regulator: ti-abb: don't use devm_platform_ioremap_resource_byname for shared interrupt register Su Hui <suhui(a)nfschina.com> scsi: isci: Fix an error code problem in isci_io_request_build() Stephen Rothwell <sfr(a)canb.auug.org.au> drm: using mul_u32_u32() requires linux/math64.h Edward Adam Davis <eadavis(a)qq.com> wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update Peter Zijlstra <peterz(a)infradead.org> perf: Fix the nr_addr_filters fix Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' Wenchao Hao <haowenchao2(a)huawei.com> ceph: fix invalid pointer access if get_quota_realm return ERR_PTR Xiubo Li <xiubli(a)redhat.com> ceph: fix deadlock or deadcode of misusing dget() Venky Shankar <vshankar(a)redhat.com> ceph: reinitialize mds feature bit even when session in open Ming Lei <ming.lei(a)redhat.com> blk-mq: fix IO hang from sbitmap wakeup race Zhu Yanjun <yanjun.zhu(a)linux.dev> virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix lock dependency warning with srcu Felix Kuehling <felix.kuehling(a)amd.com> drm/amdkfd: Fix lock dependency warning Ian Rogers <irogers(a)google.com> libsubcmd: Fix memory leak in uniq() Hans de Goede <hdegoede(a)redhat.com> misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback David Howells <dhowells(a)redhat.com> 9p: Fix initialisation of netfs_inode for 9p Bjorn Helgaas <bhelgaas(a)google.com> PCI/AER: Decode Requester ID when no error info found Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix 64GT/s effective data rate calculation Yu-Che Cheng <giver(a)chromium.org> spmi: mediatek: Fix UAF on device remove Max Kellermann <max.kellermann(a)ionos.com> fs/kernfs/dir: obey S_ISGID Adrian Reber <areber(a)redhat.com> tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE Jo Van Bulck <jo.vanbulck(a)cs.kuleuven.be> selftests/sgx: Fix linker script asserts Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x hub Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: hub: Replace hardcoded quirk value with BIT() macro Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: fix possible null pointer deref during xhci urb enqueue James Clark <james.clark(a)arm.com> perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present Daniel Stodden <dns(a)arista.com> PCI: switchtec: Fix stdev_release() crash after surprise hot remove Guilherme G. Piccoli <gpiccoli(a)igalia.com> PCI: Only override AMD USB controller if required Xiaowu.ding <xiaowu.ding(a)jaguarmicro.com> mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt Peter Robinson <pbrobinson(a)gmail.com> mfd: ti_am335x_tscadc: Fix TI SoC dependencies Oleksandr Tyshchenko <oleksandr_tyshchenko(a)epam.com> xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import Harshit Shah <harshitshah.opendev(a)gmail.com> i3c: master: cdns: Update maximum prescaler value for i2c clock Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix time corruption Nathan Chancellor <nathan(a)kernel.org> um: net: Fix return type of uml_net_start_xmit() Benjamin Berg <benjamin(a)sipsolutions.net> um: Don't use vfprintf() for os_info() Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Fix naming clash between UML and scheduler Heiner Kallweit <hkallweit1(a)gmail.com> leds: trigger: panic: Don't register panic notifier if creating the trigger failed bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdgpu: Let KFD sync with VM fences Stanley.Yang <Stanley.Yang(a)amd.com> drm/amdgpu: Fix ecc irq enable/disable unpaired Alexander Stein <alexander.stein(a)ew.tq-group.com> clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks Josip Pavic <josip.pavic(a)amd.com> drm/amd/display: make flip_timestamp_in_us a 64-bit variable Werner Fischer <devlists(a)wefi.net> watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() Wang, Beyond <Wang.Beyond(a)amd.com> drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: fix writeback programming for YUV cases Rob Clark <robdclark(a)chromium.org> drm/msm/dpu: Ratelimit framedone timeout msgs Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: For prefetch mode > 0, extend prefetch if possible Kieran Bingham <kieran.bingham(a)ideasonboard.com> media: i2c: imx335: Fix hblank min/max values Su Hui <suhui(a)nfschina.com> media: ddbridge: fix an error code problem in ddb_probe Ming Qian <ming.qian(a)nxp.com> media: amphion: remove mutext lock in condition of wait_event Daniel Vacek <neelx(a)redhat.com> IB/ipoib: Fix mcast list locking Douglas Anderson <dianders(a)chromium.org> drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time Chao Yu <chao(a)kernel.org> f2fs: fix to tag gcing flag on page during block migration Xing Tong Wu <xingtong.wu(a)siemens.com> hwmon: (nct6775) Fix fan speed set failure in automatic mode Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: rkisp1: Fix IRQ disable race issue Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: rkisp1: Store IRQ lines Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: rkisp1: Fix IRQ handler return values Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: rkisp1: Drop IRQF_SHARED Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: Intel: add HDA_ARL PCI ID support Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> PCI: add INTEL_HDA_ARL to pci_ids.h Michael Tretter <m.tretter(a)pengutronix.de> media: rockchip: rga: fix swizzling for RGB formats Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> media: stk1160: Fixed high volume of stk1160_dbg messages Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/mipi-dsi: Fix detach call without attach Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/framebuffer: Fix use of uninitialized variable Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/drm_file: fix use of uninitialized variable Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: Add new dmi entries for acp5x platform Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix write pointers on zoned device after roll forward Meenakshikumar Somasundaram <meenakshikumar.somasundaram(a)amd.com> drm/amd/display: Fix tiled display misalignment Xin Ji <xji(a)analogixsemi.com> drm/bridge: anx7625: Fix Set HPD irq detect window to 2ms Hsin-Yi Wang <hsinyi(a)chromium.org> drm/panel-edp: Add override_edid_mode quirk for generic edp Jack Wang <jinpu.wang(a)ionos.com> RDMA/IPoIB: Fix error code return in ipoib_mcast_join Al Viro <viro(a)zeniv.linux.org.uk> fast_dput(): handle underflows gracefully Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Refer to correct stream index at loops Chao Yu <chao(a)kernel.org> f2fs: fix to check return value of f2fs_reserve_new_block() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure Suman Ghosh <sumang(a)marvell.com> octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry Andrii Staikov <andrii.staikov(a)intel.com> i40e: Fix VF disable behavior to block all traffic Lin Ma <linma(a)zju.edu.cn> bridge: cfm: fix enum typo in br_cc_ccm_tx_parse Wen Gu <guwen(a)linux.alibaba.com> net/smc: disable SEID on non-s390 archs where virtual ISM may be used Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix possible multiple reject send clancy shang <clancy.shang(a)quectel.com> Bluetooth: hci_sync: fix BR/EDR wakeup bug Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: free beacon_ies when overridden from hidden BSS Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() Mingyi Zhang <zhangmingyi5(a)huawei.com> libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices Xianwei Zhao <xianwei.zhao(a)amlogic.com> arm64: dts: amlogic: fix format for s4 uart node Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix pre-shifted bit usage Mao Jinlong <quic_jinlmao(a)quicinc.com> arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property Mao Jinlong <quic_jinlmao(a)quicinc.com> arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property Alex Lyakas <alex.lyakas(a)zadara.com> md: Whenassemble the array, consult the superblock of the freshest device Christoph Hellwig <hch(a)lst.de> block: prevent an integer overflow in bvec_try_merge_hw_page Tobias Waldekranz <tobias(a)waldekranz.com> net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path Igor Russkikh <irusskikh(a)marvell.com> net: atlantic: eliminate double free in error handling logic Ahmed Zaki <ahmed.zaki(a)intel.com> ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Set .phy_attached before notifing phyup event HISI_PHYE_PHY_UP_PM Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23/28: Fix the DMA controller node name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23-sansa: Use preferred i2c-gpios properties Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27-apf27dev: Fix LED name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27: Pass timing0 Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25: Fix the iim compatible string Kees Cook <keescook(a)chromium.org> block/rnbd-srv: Check for unlikely string overflow Shannon Nelson <shannon.nelson(a)amd.com> ionic: bypass firmware cmds when stuck in reset Shannon Nelson <shannon.nelson(a)amd.com> ionic: pass opcode to devcmd_wait Christian Marangi <ansuelsmth(a)gmail.com> net: phy: at803x: fix passing the wrong reference for config_intr Fabio Estevam <festevam(a)denx.de> ARM: dts: imx1: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx: Use flash@0,0 pattern Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27-eukrea: Fix RTC node name Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3036 hdmi ports node Dmitry Antipov <dmantipov(a)yandex.ru> wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() Hou Tao <houtao1(a)huawei.com> bpf: Set uattr->batch.count as zero before batched update or deletion Hannes Reinecke <hare(a)suse.de> scsi: libfc: Fix up timeout error in fc_fcp_rec_error() Hannes Reinecke <hare(a)suse.de> scsi: libfc: Don't schedule abort twice Hou Tao <houtao1(a)huawei.com> bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too early Minsuk Kang <linuxlovemin(a)yonsei.ac.kr> wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix nand-controller #size-cells Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix lcdif compatible Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7d: Fix coresight funnel ports ching Huang <ching2048(a)areca.com.tw> scsi: arcmsr: Support new PCI device IDs 1883 and 1886 Sumit Saxena <sumit.saxena(a)broadcom.com> scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116 Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid two consecutive device resets Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk Ido Schimmel <idosch(a)nvidia.com> PCI: Add no PM reset quirk for NVIDIA Spectrum devices Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible file string name overflow when updating firmware Tanmay Shah <tanmay.shah(a)xilinx.com> soc: xilinx: fix unhandled SGI warning message HariBabu Gattem <haribabu.gattem(a)xilinx.com> soc: xilinx: Fix for call trace due to the usage of smp_processor_id() Yafang Shao <laoar.shao(a)gmail.com> selftests/bpf: Fix issues in setup_classid_environment() Shiji Yang <yangshiji66(a)outlook.com> wifi: rt2x00: correct wrong BBP register in RxDCOC calibration Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix pyperf180 compilation failure with clang18 Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: satisfy compiler by having explicit return in btf test Shiji Yang <yangshiji66(a)outlook.com> wifi: rt2x00: restart beacon queue when hardware reset Baokun Li <libaokun1(a)huawei.com> ext4: avoid online resizing failures due to oversized flex bg Baokun Li <libaokun1(a)huawei.com> ext4: remove unnecessary check from alloc_flex_gd() Baokun Li <libaokun1(a)huawei.com> ext4: unify the type of flexbg_size to unsigned int Ye Bin <yebin10(a)huawei.com> ext4: fix inconsistent between segment fstrim and full fstrim Gabriel Krisman Bertazi <krisman(a)suse.de> ecryptfs: Reject casefold directory inodes Anna Schumaker <Anna.Schumaker(a)Netapp.com> SUNRPC: Fix a suspicious RCU usage warning Heiko Carstens <hca(a)linux.ibm.com> KVM: s390: fix setting of fpc register Heiko Carstens <hca(a)linux.ibm.com> s390/ptrace: handle setting of fpc register correctly Tony Krowiak <akrowiak(a)linux.ibm.com> s390/vfio-ap: fix sysfs status attribute for AP queue devices Arnd Bergmann <arnd(a)arndb.de> arch: consolidate arch_irq_work_raise prototypes Edward Adam Davis <eadavis(a)qq.com> jfs: fix array-index-out-of-bounds in diNewExt Oleg Nesterov <oleg(a)redhat.com> rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() Oleg Nesterov <oleg(a)redhat.com> afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() Oleg Nesterov <oleg(a)redhat.com> afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() Thomas Bourgoin <thomas.bourgoin(a)foss.st.com> crypto: stm32/crc32 - fix parsing list of devices Gao Xiang <xiang(a)kernel.org> erofs: fix ztailpacking for subpage compressed blocks Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix cptvf driver cleanup Weichen Chen <weichen.chen(a)mediatek.com> pstore/ram: Fix crash when setting number of cpus to an odd number Edward Adam Davis <eadavis(a)qq.com> jfs: fix uaf in jfs_evict_inode Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix array-index-out-of-bounds in dbAdjTree Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix slab-out-of-bounds Read in dtSearch Osama Muhammad <osmtendev(a)gmail.com> UBSAN: array-index-out-of-bounds in dtSplitRoot Osama Muhammad <osmtendev(a)gmail.com> FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events Mukesh Ojha <quic_mojha(a)quicinc.com> PM / devfreq: Synchronize devfreq_monitor_[start/stop] Yuntao Wang <ytcoode(a)gmail.com> ACPI: NUMA: Fix the logic of getting the fake_pxm value Prarit Bhargava <prarit(a)redhat.com> ACPI: extlog: fix NULL pointer dereference check Dmitry Antipov <dmantipov(a)yandex.ru> PNP: ACPI: fix fortify warning Yuluo Qiu <qyl27(a)outlook.com> ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop Chris Riches <chris.riches(a)nutanix.com> audit: Send netlink ACK before setting connection in auditd_set Rui Zhang <zr.zhang(a)vivo.com> regulator: core: Only increment use_count when enable_count changes Andrzej Hajda <andrzej.hajda(a)intel.com> debugobjects: Stop accessing objects after releasing hash bucket lock Greg KH <gregkh(a)linuxfoundation.org> perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file Zhiquan Li <zhiquan1.li(a)intel.com> x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel Naveen N Rao <naveen(a)kernel.org> powerpc/lib: Validate size for vector operations Stephen Rothwell <sfr(a)canb.auug.org.au> powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE Jun'ichi Nomura <junichi.nomura(a)nec.com> x86/boot: Ignore NMIs during very early boot Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Fix build error due to is_valid_bugaddr() Mark Rutland <mark.rutland(a)arm.com> drivers/perf: pmuv3: don't expose SW_INCR event in sysfs Huang Shijie <shijie(a)os.amperecomputing.com> arm64: irq: set the correct node for VMAP stack Kunwu Chan <chentao(a)kylinos.cn> powerpc/mm: Fix null-pointer dereference in pgtable_cache_add Dmitry Torokhov <dmitry.torokhov(a)gmail.com> asm-generic: make sparse happy with odd-sized put_unaligned_*() ------------- Diffstat: Documentation/ABI/testing/sysfs-class-net-queues | 22 +-- Documentation/sound/soc/dapm.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/imx1-ads.dts | 2 +- arch/arm/boot/dts/imx1-apf9328.dts | 2 +- arch/arm/boot/dts/imx1.dtsi | 5 +- arch/arm/boot/dts/imx23-sansa.dts | 12 +- arch/arm/boot/dts/imx23.dtsi | 2 +- arch/arm/boot/dts/imx25-eukrea-cpuimx25.dtsi | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-cmo-qvga.dts | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-dvi-svga.dts | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-dvi-vga.dts | 2 +- arch/arm/boot/dts/imx25-pdk.dts | 2 +- arch/arm/boot/dts/imx25.dtsi | 2 +- arch/arm/boot/dts/imx27-apf27dev.dts | 4 +- arch/arm/boot/dts/imx27-eukrea-cpuimx27.dtsi | 4 +- .../boot/dts/imx27-eukrea-mbimxsd27-baseboard.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycore-rdk.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycore-som.dtsi | 2 +- arch/arm/boot/dts/imx27.dtsi | 3 + arch/arm/boot/dts/imx28.dtsi | 2 +- arch/arm/boot/dts/imx7d.dtsi | 3 - arch/arm/boot/dts/imx7s.dtsi | 10 +- arch/arm/boot/dts/rk3036.dtsi | 14 +- arch/arm/include/asm/irq_work.h | 2 - .../boot/dts/amlogic/meson-s4-s805x2-aq222.dts | 4 +- arch/arm64/boot/dts/amlogic/meson-s4.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 21 +++ arch/arm64/boot/dts/qcom/msm8998.dtsi | 32 ++-- arch/arm64/include/asm/irq_work.h | 2 - arch/arm64/kernel/irq.c | 7 +- arch/arm64/kernel/perf_event.c | 6 +- arch/csky/include/asm/irq_work.h | 2 +- arch/loongarch/kernel/smp.c | 1 - arch/loongarch/mm/tlb.c | 16 +- arch/powerpc/include/asm/irq_work.h | 1 - arch/powerpc/include/asm/mmu.h | 4 + arch/powerpc/include/asm/mmzone.h | 8 - arch/powerpc/kernel/traps.c | 2 + arch/powerpc/lib/sstep.c | 10 ++ arch/powerpc/mm/book3s64/pgtable.c | 2 + arch/powerpc/mm/init-common.c | 5 +- arch/powerpc/mm/mmu_decl.h | 5 + arch/riscv/include/asm/irq_work.h | 2 +- arch/s390/include/asm/irq_work.h | 2 - arch/s390/kernel/ptrace.c | 6 +- arch/s390/kvm/kvm-s390.c | 5 - arch/um/drivers/net_kern.c | 2 +- arch/um/include/shared/kern_util.h | 2 +- arch/um/kernel/process.c | 2 +- arch/um/kernel/time.c | 32 +++- arch/um/os-Linux/helper.c | 6 +- arch/um/os-Linux/util.c | 19 +- arch/x86/boot/compressed/ident_map_64.c | 5 + arch/x86/boot/compressed/idt_64.c | 1 + arch/x86/boot/compressed/idt_handlers_64.S | 1 + arch/x86/boot/compressed/misc.h | 1 + arch/x86/include/asm/irq_work.h | 1 - arch/x86/include/asm/kmsan.h | 17 +- arch/x86/kernel/cpu/mce/core.c | 16 ++ block/bio.c | 2 +- block/blk-mq.c | 16 ++ drivers/acpi/acpi_extlog.c | 5 +- drivers/acpi/acpi_video.c | 9 + drivers/acpi/apei/ghes.c | 29 ++- drivers/acpi/numa/srat.c | 4 +- drivers/base/arch_numa.c | 2 +- drivers/block/rnbd/rnbd-srv.c | 19 +- drivers/bluetooth/hci_qca.c | 1 + drivers/clk/hisilicon/clk-hi3620.c | 4 +- drivers/clk/imx/clk-imx8qxp.c | 24 ++- drivers/clk/mmp/clk-of-pxa168.c | 3 + drivers/crypto/marvell/octeontx2/otx2_cptlf.c | 6 +- drivers/crypto/marvell/octeontx2/otx2_cptvf_main.c | 3 + drivers/crypto/stm32/stm32-crc32.c | 2 +- drivers/devfreq/devfreq.c | 24 ++- drivers/gpu/drm/amd/amdgpu/aldebaran.c | 26 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 21 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_sync.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 6 +- drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 4 + drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 5 + drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 4 + drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 42 ++--- drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 24 +-- drivers/gpu/drm/amd/display/dc/core/dc.c | 4 + drivers/gpu/drm/amd/display/dc/dc_hw_types.h | 2 +- .../amd/display/dc/dml/dcn32/display_mode_vba_32.c | 3 + .../dc/dml/dcn32/display_mode_vba_util_32.c | 33 +++- .../dc/dml/dcn32/display_mode_vba_util_32.h | 1 + .../drm/amd/display/modules/power/power_helpers.c | 2 - .../amd/pm/powerplay/hwmgr/process_pptables_v1_0.c | 2 +- drivers/gpu/drm/bridge/analogix/anx7625.c | 51 ++++-- drivers/gpu/drm/bridge/analogix/anx7625.h | 4 + drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/drm_mipi_dsi.c | 17 +- drivers/gpu/drm/exynos/exynos_drm_drv.c | 11 ++ drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 5 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_wb.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 1 + drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 + drivers/gpu/drm/panel/panel-edp.c | 48 ++++- drivers/hid/hidraw.c | 7 +- drivers/hwmon/nct6775-core.c | 7 + drivers/i3c/master/i3c-master-cdns.c | 7 +- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 7 +- drivers/leds/trigger/ledtrig-panic.c | 5 +- drivers/mailbox/arm_mhuv2.c | 3 +- drivers/md/md.c | 54 ++++-- drivers/media/i2c/imx335.c | 4 +- drivers/media/pci/ddbridge/ddbridge-main.c | 2 +- drivers/media/platform/amphion/vpu.h | 3 +- drivers/media/platform/amphion/vpu_cmds.c | 28 +-- drivers/media/platform/amphion/vpu_v4l2.c | 1 + drivers/media/platform/rockchip/rga/rga.c | 15 +- .../media/platform/rockchip/rkisp1/rkisp1-common.h | 11 +- .../media/platform/rockchip/rkisp1/rkisp1-csi.c | 14 +- .../media/platform/rockchip/rkisp1/rkisp1-dev.c | 35 +++- .../media/platform/rockchip/rkisp1/rkisp1-isp.c | 20 ++- drivers/media/usb/stk1160/stk1160-video.c | 5 +- drivers/mfd/Kconfig | 1 + drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 1 + drivers/net/bonding/bond_alb.c | 3 +- drivers/net/dsa/mv88e6xxx/chip.h | 4 +- drivers/net/dsa/mv88e6xxx/serdes.c | 10 +- drivers/net/dsa/mv88e6xxx/serdes.h | 8 +- drivers/net/dsa/qca/qca8k-8xxx.c | 24 ++- drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 28 ++- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 61 ++----- drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 22 +-- drivers/net/ethernet/aquantia/atlantic/aq_vec.c | 23 ++- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 32 ++++ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 1 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 18 +- drivers/net/ethernet/intel/ice/ice_lib.c | 7 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 12 +- drivers/net/ethernet/intel/ice/ice_vsi_vlan_lib.c | 16 +- drivers/net/ethernet/intel/ixgbe/ixgbe_82598.c | 36 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_82599.c | 61 ++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 145 +++++++-------- drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 42 ++--- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.c | 34 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 1 - drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 105 +++++------ drivers/net/ethernet/intel/ixgbe/ixgbe_phy.h | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 43 +---- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 44 ++--- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 149 +++++++-------- .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 13 +- .../net/ethernet/microchip/lan966x/lan966x_port.c | 5 +- .../net/ethernet/pensando/ionic/ionic_bus_pci.c | 4 + drivers/net/ethernet/pensando/ionic/ionic_dev.c | 1 + drivers/net/ethernet/pensando/ionic/ionic_dev.h | 1 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 3 + drivers/net/ethernet/pensando/ionic/ionic_main.c | 22 ++- drivers/net/phy/at803x.c | 6 +- drivers/net/usb/ax88179_178a.c | 2 - drivers/net/virtio_net.c | 9 +- drivers/net/wireless/ath/ath11k/pcic.c | 4 +- drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 5 +- drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 2 +- drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 3 + drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 11 ++ .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 12 ++ .../net/wireless/realtek/rtlwifi/rtl8723ae/phy.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8723be/phy.c | 4 +- drivers/net/wireless/silabs/wfx/sta.c | 42 +++-- drivers/pci/pci.h | 2 +- drivers/pci/pcie/aer.c | 9 +- drivers/pci/quirks.c | 24 ++- drivers/pci/switch/switchtec.c | 25 ++- drivers/pnp/pnpacpi/rsparser.c | 12 +- drivers/regulator/core.c | 56 +++--- drivers/regulator/ti-abb-regulator.c | 22 ++- drivers/s390/crypto/vfio_ap_ops.c | 16 +- drivers/scsi/arcmsr/arcmsr.h | 4 + drivers/scsi/arcmsr/arcmsr_hba.c | 6 + drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/isci/request.c | 2 +- drivers/scsi/libfc/fc_fcp.c | 18 +- drivers/scsi/lpfc/lpfc.h | 1 + drivers/scsi/lpfc/lpfc_init.c | 4 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 3 +- drivers/scsi/mpi3mr/mpi3mr_os.c | 5 +- drivers/scsi/scsi_error.c | 8 +- drivers/scsi/scsi_lib.c | 2 +- drivers/scsi/scsi_priv.h | 2 +- drivers/soc/xilinx/xlnx_event_manager.c | 7 +- drivers/spmi/spmi-mtk-pmif.c | 7 +- drivers/tty/tty_ioctl.c | 4 +- drivers/usb/core/hub.c | 33 +++- drivers/usb/host/xhci.c | 40 +++-- drivers/watchdog/it87_wdt.c | 14 +- drivers/xen/gntdev-dmabuf.c | 50 +++--- fs/9p/v9fs_vfs.h | 1 + fs/9p/vfs_inode.c | 6 +- fs/9p/vfs_inode_dotl.c | 1 + fs/afs/callback.c | 3 +- fs/afs/server.c | 7 +- fs/ceph/caps.c | 9 +- fs/ceph/mds_client.c | 2 +- fs/ceph/quota.c | 39 ++-- fs/dcache.c | 7 +- fs/ecryptfs/inode.c | 8 + fs/erofs/zdata.c | 2 +- fs/ext4/mballoc.c | 11 +- fs/ext4/resize.c | 37 ++-- fs/f2fs/compress.c | 4 +- fs/f2fs/file.c | 2 + fs/f2fs/recovery.c | 25 ++- fs/jfs/jfs_dmap.c | 57 +++--- fs/jfs/jfs_dtree.c | 7 +- fs/jfs/jfs_imap.c | 3 + fs/jfs/jfs_mount.c | 6 +- fs/kernfs/dir.c | 12 ++ fs/pstore/ram.c | 1 + include/asm-generic/numa.h | 2 + include/asm-generic/unaligned.h | 24 +-- include/drm/drm_color_mgmt.h | 1 + include/drm/drm_mipi_dsi.h | 2 + include/linux/irq_work.h | 3 + include/linux/mmzone.h | 6 +- include/linux/pci_ids.h | 1 + include/net/af_unix.h | 20 ++- include/net/ip.h | 2 +- include/net/netfilter/nf_tables.h | 2 + kernel/audit.c | 31 +++- kernel/bpf/helpers.c | 13 +- kernel/bpf/syscall.c | 6 + kernel/events/core.c | 38 ++-- lib/debugobjects.c | 200 ++++++++------------- net/bluetooth/hci_sync.c | 10 +- net/bluetooth/l2cap_core.c | 3 +- net/bridge/br_cfm_netlink.c | 2 +- net/bridge/br_multicast.c | 20 ++- net/bridge/br_private.h | 4 +- net/ipv4/ip_output.c | 12 +- net/ipv4/ip_sockglue.c | 6 +- net/ipv4/ipmr.c | 2 +- net/ipv4/raw.c | 10 +- net/ipv4/tcp.c | 12 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf_core.c | 21 ++- net/ipv6/ip6_tunnel.c | 21 ++- net/llc/af_llc.c | 2 + net/netfilter/nf_conntrack_proto_tcp.c | 10 +- net/netfilter/nf_log.c | 7 +- net/netfilter/nf_tables_api.c | 14 +- net/netfilter/nft_ct.c | 24 +++ net/netfilter/nft_tunnel.c | 1 + net/rxrpc/conn_service.c | 3 +- net/smc/smc_clc.c | 14 ++ net/sunrpc/xprtmultipath.c | 17 +- net/unix/af_unix.c | 14 +- net/unix/diag.c | 2 +- net/wireless/scan.c | 4 + sound/hda/hdac_stream.c | 9 +- sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_conexant.c | 115 +++++++++++- sound/soc/amd/acp-config.c | 15 +- tools/build/feature/test-libopencsd.c | 4 +- tools/lib/bpf/libbpf.c | 2 + tools/lib/subcmd/help.c | 18 +- tools/testing/selftests/bpf/cgroup_helpers.c | 18 +- tools/testing/selftests/bpf/prog_tests/btf.c | 1 + tools/testing/selftests/bpf/progs/pyperf180.c | 22 +++ .../selftests/drivers/net/bonding/lag_lib.sh | 11 ++ tools/testing/selftests/drivers/net/team/config | 4 +- tools/testing/selftests/net/config | 1 + tools/testing/selftests/net/pmtu.sh | 16 +- tools/testing/selftests/net/setup_veth.sh | 2 +- tools/testing/selftests/sgx/test_encl.lds | 6 +- 282 files changed, 2329 insertions(+), 1339 deletions(-)

11 months, 4 weeks

12
235
0 0

Re: [PATCH] cifs: Convert struct fealist away from 1-element array

by Vitaly Chikunov

Greg, Sasha, Can you please backport this commit (below) to a stable 6.1.y tree, it's confirmed be Kees this could cause kernel panic due to false positive strncpy fortify, and this is already happened for some users. Thanks, On Fri, Feb 09, 2024 at 04:02:32PM -0800, Kees Cook wrote: > On Sat, Feb 10, 2024 at 01:13:06AM +0300, Vitaly Chikunov wrote: > > > > On Tue, Feb 14, 2023 at 04:08:39PM -0800, Kees Cook wrote: > > > The kernel is globally removing the ambiguous 0-length and 1-element > > > arrays in favor of flexible arrays, so that we can gain both compile-time > > > and run-time array bounds checking[1]. > > > > > > While struct fealist is defined as a "fake" flexible array (via a > > > 1-element array), it is only used for examination of the first array > > > element. Walking the list is performed separately, so there is no reason > > > to treat the "list" member of struct fealist as anything other than a > > > single entry. Adjust the struct and code to match. > > > > > > Additionally, struct fea uses the "name" member either as a dynamic > > > string, or is manually calculated from the start of the struct. Redefine > > > the member as a flexible array. > > > > > > No machine code output differences are produced after these changes. > > > > > > [1] For lots of details, see both: > > > https://docs.kernel.org/process/deprecated.html#zero-length-and-one-element… > > > https://people.kernel.org/kees/bounded-flexible-arrays-in-c > > > > > > Cc: Steve French <sfrench(a)samba.org> > > > Cc: Paulo Alcantara <pc(a)cjr.nz> > > > Cc: Ronnie Sahlberg <lsahlber(a)redhat.com> > > > Cc: Shyam Prasad N <sprasad(a)microsoft.com> > > > Cc: Tom Talpey <tom(a)talpey.com> > > > Cc: linux-cifs(a)vger.kernel.org > > > Cc: samba-technical(a)lists.samba.org > > > Signed-off-by: Kees Cook <keescook(a)chromium.org> > > > --- > > > fs/cifs/cifspdu.h | 4 ++-- > > > fs/cifs/cifssmb.c | 16 ++++++++-------- > > > 2 files changed, 10 insertions(+), 10 deletions(-) > > > > > > diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h > > > index 623caece2b10..add73be4902c 100644 > > > --- a/fs/cifs/cifspdu.h > > > +++ b/fs/cifs/cifspdu.h > > > @@ -2583,7 +2583,7 @@ struct fea { > > > unsigned char EA_flags; > > > __u8 name_len; > > > __le16 value_len; > > > - char name[1]; > > > + char name[]; > > > /* optionally followed by value */ > > > } __attribute__((packed)); > > > /* flags for _FEA.fEA */ > > > @@ -2591,7 +2591,7 @@ struct fea { > > > > > > struct fealist { > > > __le32 list_len; > > > - struct fea list[1]; > > > + struct fea list; > > > } __attribute__((packed)); > > > > > > /* used to hold an arbitrary blob of data */ > > > diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c > > > index 60dd4e37030a..7c587157d030 100644 > > > --- a/fs/cifs/cifssmb.c > > > +++ b/fs/cifs/cifssmb.c > > > @@ -5787,7 +5787,7 @@ CIFSSMBQAllEAs(const unsigned int xid, struct cifs_tcon *tcon, > > > > > > /* account for ea list len */ > > > list_len -= 4; > > > - temp_fea = ea_response_data->list; > > > + temp_fea = &ea_response_data->list; > > > temp_ptr = (char *)temp_fea; > > > while (list_len > 0) { > > > unsigned int name_len; > > > @@ -5902,7 +5902,7 @@ CIFSSMBSetEA(const unsigned int xid, struct cifs_tcon *tcon, > > > else > > > name_len = strnlen(ea_name, 255); > > > > > > - count = sizeof(*parm_data) + ea_value_len + name_len; > > > + count = sizeof(*parm_data) + 1 + ea_value_len + name_len; > > > pSMB->MaxParameterCount = cpu_to_le16(2); > > > /* BB find max SMB PDU from sess */ > > > pSMB->MaxDataCount = cpu_to_le16(1000); > > > @@ -5926,14 +5926,14 @@ CIFSSMBSetEA(const unsigned int xid, struct cifs_tcon *tcon, > > > byte_count = 3 /* pad */ + params + count; > > > pSMB->DataCount = cpu_to_le16(count); > > > parm_data->list_len = cpu_to_le32(count); > > > - parm_data->list[0].EA_flags = 0; > > > + parm_data->list.EA_flags = 0; > > > /* we checked above that name len is less than 255 */ > > > - parm_data->list[0].name_len = (__u8)name_len; > > > + parm_data->list.name_len = (__u8)name_len; > > > /* EA names are always ASCII */ > > > if (ea_name) > > > - strncpy(parm_data->list[0].name, ea_name, name_len); > > > - parm_data->list[0].name[name_len] = 0; > > > - parm_data->list[0].value_len = cpu_to_le16(ea_value_len); > > > + strncpy(parm_data->list.name, ea_name, name_len); > > > > Could non-applying this patch cause false-positive fortify_panic? > > We got a bug report from user of 6.1.73: > > > > Jan 24 15:15:20 kalt2test.dpt.local kernel: detected buffer overflow in strncpy > > Yes, this seems likely. I would backport this change. > > > Jan 24 15:15:20 kalt2test.dpt.local kernel: ------------[ cut here ]------------ > > Jan 24 15:15:20 kalt2test.dpt.local kernel: kernel BUG at lib/string_helpers.c:1027! > > ... > > Jan 24 15:15:20 kalt2test.dpt.local kernel: Call Trace: > > Jan 24 15:15:20 kalt2test.dpt.local kernel: CIFSSMBSetEA.cold+0xc/0x18 [cifs] > > Jan 24 15:15:20 kalt2test.dpt.local kernel: cifs_xattr_set+0x596/0x690 [cifs] > > Jan 24 15:15:20 kalt2test.dpt.local kernel: __vfs_removexattr+0x52/0x70 > > Jan 24 15:15:20 kalt2test.dpt.local kernel: __vfs_removexattr_locked+0xbc/0x150 > > Jan 24 15:15:20 kalt2test.dpt.local kernel: vfs_removexattr+0x56/0x100 > > Jan 24 15:15:20 kalt2test.dpt.local kernel: removexattr+0x58/0x90 > > Jan 24 15:15:20 kalt2test.dpt.local kernel: __ia32_sys_fremovexattr+0x80/0xa0 > > Jan 24 15:15:20 kalt2test.dpt.local kernel: int80_emulation+0xa9/0x110 > > Jan 24 15:15:20 kalt2test.dpt.local kernel: asm_int80_emulation+0x16/0x20 > > This appears to be a compat call? > > -Kees > > > > > I don't find this patch appled to stable/linux-6.1.y. > > > > Thanks, > > > > ps. (Unfortunately `CIFSSMBSetEA+0xc` address is not resolvable to the > > actual line inside of CIFSSMBSetEA pointing just to the head of it. > > > > (gdb) l *CIFSSMBSetEA+0xc > > 0x6de3c is in CIFSSMBSetEA (fs/smb/client/cifssmb.c:5776). > > 5771 int > > 5772 CIFSSMBSetEA(const unsigned int xid, struct cifs_tcon *tcon, > > 5773 const char *fileName, const char *ea_name, const void *ea_value, > > 5774 const __u16 ea_value_len, const struct nls_table *nls_codepage, > > 5775 struct cifs_sb_info *cifs_sb) > > 5776 { > > 5777 struct smb_com_transaction2_spi_req *pSMB = NULL; > > 5778 struct smb_com_transaction2_spi_rsp *pSMBr = NULL; > > 5779 struct fealist *parm_data; > > 5780 int name_len; > > > > But there is only one strncpy there. > > > > > + parm_data->list.name[name_len] = '\0'; > > > + parm_data->list.value_len = cpu_to_le16(ea_value_len); > > > /* caller ensures that ea_value_len is less than 64K but > > > we need to ensure that it fits within the smb */ > > > > > > @@ -5941,7 +5941,7 @@ CIFSSMBSetEA(const unsigned int xid, struct cifs_tcon *tcon, > > > negotiated SMB buffer size BB */ > > > /* if (ea_value_len > buffer_size - 512 (enough for header)) */ > > > if (ea_value_len) > > > - memcpy(parm_data->list[0].name+name_len+1, > > > + memcpy(parm_data->list.name + name_len + 1, > > > ea_value, ea_value_len); > > > > > > pSMB->TotalDataCount = pSMB->DataCount; > > > -- > > > 2.34.1 > > > > > -- > Kees Cook

11 months, 4 weeks

2
8
0 0

[PATCH v3 2/6] usb: dwc3: gadget: cancel requests instead of release after missed isoc

by Dan Vacura

From: Jeff Vanhoof <qjv001(a)motorola.com> arm-smmu related crashes seen after a Missed ISOC interrupt when no_interrupt=1 is used. This can happen if the hardware is still using the data associated with a TRB after the usb_request's ->complete call has been made. Instead of immediately releasing a request when a Missed ISOC interrupt has occurred, this change will add logic to cancel the request instead where it will eventually be released when the END_TRANSFER command has completed. This logic is similar to some of the cleanup done in dwc3_gadget_ep_dequeue. Fixes: 6d8a019614f3 ("usb: dwc3: gadget: check for Missed Isoc from event status") Cc: <stable(a)vger.kernel.org> Signed-off-by: Jeff Vanhoof <qjv001(a)motorola.com> Co-developed-by: Dan Vacura <w36195(a)motorola.com> Signed-off-by: Dan Vacura <w36195(a)motorola.com> --- V1 -> V3: - no change, new patch in series drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 38 ++++++++++++++++++++++++++------------ 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index 8f9959ba9fd4..9b005d912241 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -943,6 +943,7 @@ struct dwc3_request { #define DWC3_REQUEST_STATUS_DEQUEUED 3 #define DWC3_REQUEST_STATUS_STALLED 4 #define DWC3_REQUEST_STATUS_COMPLETED 5 +#define DWC3_REQUEST_STATUS_MISSED_ISOC 6 #define DWC3_REQUEST_STATUS_UNKNOWN -1 u8 epnum; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 079cd333632e..411532c5c378 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2021,6 +2021,9 @@ static void dwc3_gadget_ep_cleanup_cancelled_requests(struct dwc3_ep *dep) case DWC3_REQUEST_STATUS_STALLED: dwc3_gadget_giveback(dep, req, -EPIPE); break; + case DWC3_REQUEST_STATUS_MISSED_ISOC: + dwc3_gadget_giveback(dep, req, -EXDEV); + break; default: dev_err(dwc->dev, "request cancelled with wrong reason:%d\n", req->status); dwc3_gadget_giveback(dep, req, -ECONNRESET); @@ -3402,21 +3405,32 @@ static bool dwc3_gadget_endpoint_trbs_complete(struct dwc3_ep *dep, struct dwc3 *dwc = dep->dwc; bool no_started_trb = true; - dwc3_gadget_ep_cleanup_completed_requests(dep, event, status); + if (status == -EXDEV) { + struct dwc3_request *tmp; + struct dwc3_request *req; - if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) - goto out; + if (!(dep->flags & DWC3_EP_END_TRANSFER_PENDING)) + dwc3_stop_active_transfer(dep, true, true); - if (!dep->endpoint.desc) - return no_started_trb; + list_for_each_entry_safe(req, tmp, &dep->started_list, list) + dwc3_gadget_move_cancelled_request(req, + DWC3_REQUEST_STATUS_MISSED_ISOC); + } else { + dwc3_gadget_ep_cleanup_completed_requests(dep, event, status); - if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && - list_empty(&dep->started_list) && - (list_empty(&dep->pending_list) || status == -EXDEV)) - dwc3_stop_active_transfer(dep, true, true); - else if (dwc3_gadget_ep_should_continue(dep)) - if (__dwc3_gadget_kick_transfer(dep) == 0) - no_started_trb = false; + if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) + goto out; + + if (!dep->endpoint.desc) + return no_started_trb; + + if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && + list_empty(&dep->started_list) && list_empty(&dep->pending_list)) + dwc3_stop_active_transfer(dep, true, true); + else if (dwc3_gadget_ep_should_continue(dep)) + if (__dwc3_gadget_kick_transfer(dep) == 0) + no_started_trb = false; + } out: /* -- 2.34.1

12 months

3
12
0 0

Fwd: Continuous ACPI errors resulting in high CPU usage by journald

by Bagas Sanjaya

Hi, On Bugzilla, danilrybakov249(a)gmail.com reported stable-specific, ACPI error regression that led into high CPU temperature [1]. He wrote: > Overview: > > After updating from lts v6.6.14-2 to lts v6.6.17-1 noticed high CPU temperature and lag. After running htop noticed that journald was using 30-60% of CPU. Afterwards, tried switching to stable, or lts v6.6.18-1, but encountered the same issue. > > Running journalctl -f gives these lines over and over again: > > Feb 19 21:09:12 danirybe kernel: ACPI Error: Could not disable RealTimeClock events (20230628/evxfevnt-243) > Feb 19 21:09:12 danirybe kernel: ACPI Error: No handler or method for GPE 08, disabling event (20230628/evgpe-839) > Feb 19 21:09:12 danirybe kernel: ACPI Error: No handler or method for GPE 0A, disabling event (20230628/evgpe-839) > Feb 19 21:09:12 danirybe kernel: ACPI Error: No handler or method for GPE 0B, disabling event (20230628/evgpe-839) > Feb 19 21:09:12 danirybe kernel: ACPI Error: No installed handler for fixed event - PM_Timer (0), disabling (20230628/evevent-255) > Feb 19 21:09:12 danirybe kernel: ACPI Error: No installed handler for fixed event - PowerButton (2), disabling (20230628/evevent-255) > Feb 19 21:09:12 danirybe kernel: ACPI Error: No installed handler for fixed event - SleepButton (3), disabling (20230628/evevent-255) > > My system info: > > Laptop model: ASUS VivoBook D540NV-GQ065T > OS: Arch Linux x86_64 > Kernel: 6.6.14-2-lts > WM: sway > CPU: Intel Pentium N420 (4) @ 2.500GHz > GPU1: Intel Apollo Lake [HD Graphics 505] > GPU2: NVIDIA GeForce 920MX > > I've pinned down the commit after which the problem occurs: > > 847e1eb30e269a094da046c08273abe3f3361cf2 is the first bad commit > commit 847e1eb30e269a094da046c08273abe3f3361cf2 > Author: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> > Date: Mon Jan 8 15:20:58 2024 +0900 > > platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe > > commit 5913320eb0b3ec88158cfcb0fa5e996bf4ef681b upstream. > > <snipped>... See Bugzilla for the full thread. Thanks. [1]: https://bugzilla.kernel.org/show_bug.cgi?id=218531 -- An old man doll... just what I always wanted! - Clara

12 months

5
4
0 0

[PATCH] tpm,tpm_tis: Avoid warning splat at shutdown

by Lino Sanfilippo

If interrupts are not activated the work struct 'free_irq_work' is not initialized. This results in a warning splat at module shutdown. Fix this by always initializing the work regardless of whether interrupts are activated or not. cc: stable(a)vger.kernel.org Fixes: 481c2d14627d ("tpm,tpm_tis: Disable interrupts after 1000 unhandled IRQs") Reported-by: Jarkko Sakkinen <jarkko(a)kernel.org> Closes: https://lore.kernel.org/all/CX32RFOMJUQ0.3R4YCL9MDCB96@kernel.org/ Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/char/tpm/tpm_tis_core.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index 1b350412d8a6..64c875657687 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -919,8 +919,6 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask, int rc; u32 int_status; - INIT_WORK(&priv->free_irq_work, tpm_tis_free_irq_func); - rc = devm_request_threaded_irq(chip->dev.parent, irq, NULL, tis_int_handler, IRQF_ONESHOT | flags, dev_name(&chip->dev), chip); @@ -1132,6 +1130,7 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, priv->phy_ops = phy_ops; priv->locality_count = 0; mutex_init(&priv->locality_count_mutex); + INIT_WORK(&priv->free_irq_work, tpm_tis_free_irq_func); dev_set_drvdata(&chip->dev, priv); base-commit: 41bccc98fb7931d63d03f326a746ac4d429c1dd3 -- 2.43.0

12 months

4
7
0 0

[PATCH 25/34] drm/amd/display: Set the power_down_on_boot function pointer to null

by Alex Hung

From: Muhammad Ahmed <ahmed.ahmed(a)amd.com> [WHY] Blackscreen hang @ PC EF000025 when trying to wake up from S0i3. DCN gets powered off due to dc_power_down_on_boot() being called after timeout. [HOW] Setting the power_down_on_boot function pointer to null since we don't expect the function to be called for APU. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Muhammad Ahmed <ahmed.ahmed(a)amd.com> --- drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c index dce620d359a6..d4e0abbef28e 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c @@ -39,7 +39,7 @@ static const struct hw_sequencer_funcs dcn35_funcs = { .program_gamut_remap = dcn30_program_gamut_remap, .init_hw = dcn35_init_hw, - .power_down_on_boot = dcn35_power_down_on_boot, + .power_down_on_boot = NULL, .apply_ctx_to_hw = dce110_apply_ctx_to_hw, .apply_ctx_for_surface = NULL, .program_front_end_for_ctx = dcn20_program_front_end_for_ctx, -- 2.34.1

12 months

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2024