September 2024 - Linux-stable-mirror

[PATCH -fixes] riscv: Fix kernel stack size when KASAN is enabled

by Alexandre Ghiti

We use Kconfig to select the kernel stack size, doubling the default size if KASAN is enabled. But that actually only works if KASAN is selected from the beginning, meaning that if KASAN config is added later (for example using menuconfig), CONFIG_THREAD_SIZE_ORDER won't be updated, keeping the default size, which is not enough for KASAN as reported in [1]. So fix this by moving the logic to compute the right kernel stack into a header. Fixes: a7555f6b62e7 ("riscv: stack: Add config of thread stack size") Reported-by: syzbot+ba9eac24453387a9d502(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000eb301906222aadc2@google.com/ [1] Cc: stable(a)vger.kernel.org Signed-off-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> --- arch/riscv/Kconfig | 3 +-- arch/riscv/include/asm/thread_info.h | 7 ++++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index ccbfd28f4982..b65846d02622 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -759,8 +759,7 @@ config IRQ_STACKS config THREAD_SIZE_ORDER int "Kernel stack size (in power-of-two numbers of page size)" if VMAP_STACK && EXPERT range 0 4 - default 1 if 32BIT && !KASAN - default 3 if 64BIT && KASAN + default 1 if 32BIT default 2 help Specify the Pages of thread stack size (from 4KB to 64KB), which also diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h index fca5c6be2b81..385b43211a71 100644 --- a/arch/riscv/include/asm/thread_info.h +++ b/arch/riscv/include/asm/thread_info.h @@ -13,7 +13,12 @@ #include <linux/sizes.h> /* thread information allocation */ -#define THREAD_SIZE_ORDER CONFIG_THREAD_SIZE_ORDER +#ifdef CONFIG_KASAN +#define KASAN_STACK_ORDER 1 +#else +#define KASAN_STACK_ORDER 0 +#endif +#define THREAD_SIZE_ORDER (CONFIG_THREAD_SIZE_ORDER + KASAN_STACK_ORDER) #define THREAD_SIZE (PAGE_SIZE << THREAD_SIZE_ORDER) /* -- 2.39.2

2 days, 5 hours

1
0
0 0

[PATCH v3] i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition

by Kaixin Wang

In the svc_i3c_master_probe function, &master->hj_work is bound with svc_i3c_master_hj_work, &master->ibi_work is bound with svc_i3c_master_ibi_work. And svc_i3c_master_ibi_work can start the hj_work, svc_i3c_master_irq_handler can start the ibi_work. If we remove the module which will call svc_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | svc_i3c_master_hj_work svc_i3c_master_remove | i3c_master_unregister(&master->base)| device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in svc_i3c_master_remove. Fixes: 0f74f8b6675c ("i3c: Make i3c_master_unregister() return void") Cc: stable(a)vger.kernel.org Signed-off-by: Kaixin Wang <kxwang23(a)m.fudan.edu.cn> Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- v3: - add the tag "Cc: stable(a)vger.kernel.org" in the sign-off area - Link to v2: https://lore.kernel.org/r/20240914154030.180-1-kxwang23@m.fudan.edu.cn v2: - add fixes tag and cc stable, suggested by Frank - add Reviewed-by label from Miquel - Link to v1: https://lore.kernel.org/r/20240911150135.839946-1-kxwang23@m.fudan.edu.cn --- drivers/i3c/master/svc-i3c-master.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index 0a68fd1b81d4..e084ba648b4a 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -1775,6 +1775,7 @@ static void svc_i3c_master_remove(struct platform_device *pdev) { struct svc_i3c_master *master = platform_get_drvdata(pdev); + cancel_work_sync(&master->hj_work); i3c_master_unregister(&master->base); pm_runtime_dont_use_autosuspend(&pdev->dev); -- 2.39.1.windows.1

2 days, 5 hours

3
2
0 0

[PATCH 5.10] mtd: rawnand: mxc: Remove platform data support

by Denis Arefev

From: Fabio Estevam <festevam(a)gmail.com> [ Upstream commit 0f6b791955a6365b5ebe8b6a5b01de69a47ee92e ] i.MX is a devicetree-only platform now and the existing platform data support in this driver was only useful for old non-devicetree platforms. Get rid of the platform data support since it is no longer used. Signed-off-by: Fabio Estevam <festevam(a)gmail.com> Reviewed-by: Sascha Hauer <s.hauer(a)pengutronix.de> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/20201110121908.19400-1-festevam@gmail.com Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- drivers/mtd/nand/raw/Kconfig | 2 +- drivers/mtd/nand/raw/mxc_nand.c | 75 ++-------------------- include/linux/platform_data/mtd-mxc_nand.h | 19 ------ 3 files changed, 5 insertions(+), 91 deletions(-) delete mode 100644 include/linux/platform_data/mtd-mxc_nand.h diff --git a/drivers/mtd/nand/raw/Kconfig b/drivers/mtd/nand/raw/Kconfig index 6c46f25b57e2..58421866bdc3 100644 --- a/drivers/mtd/nand/raw/Kconfig +++ b/drivers/mtd/nand/raw/Kconfig @@ -313,7 +313,7 @@ config MTD_NAND_VF610_NFC config MTD_NAND_MXC tristate "Freescale MXC NAND controller" depends on ARCH_MXC || COMPILE_TEST - depends on HAS_IOMEM + depends on HAS_IOMEM && OF help This enables the driver for the NAND flash controller on the MXC processors. diff --git a/drivers/mtd/nand/raw/mxc_nand.c b/drivers/mtd/nand/raw/mxc_nand.c index 684c51e5e60d..f896364968d8 100644 --- a/drivers/mtd/nand/raw/mxc_nand.c +++ b/drivers/mtd/nand/raw/mxc_nand.c @@ -21,7 +21,6 @@ #include <linux/completion.h> #include <linux/of.h> #include <linux/of_device.h> -#include <linux/platform_data/mtd-mxc_nand.h> #define DRIVER_NAME "mxc_nand" @@ -184,7 +183,6 @@ struct mxc_nand_host { unsigned int buf_start; const struct mxc_nand_devtype_data *devtype_data; - struct mxc_nand_platform_data pdata; }; static const char * const part_probes[] = { @@ -1611,29 +1609,6 @@ static inline int is_imx53_nfc(struct mxc_nand_host *host) return host->devtype_data == &imx53_nand_devtype_data; } -static const struct platform_device_id mxcnd_devtype[] = { - { - .name = "imx21-nand", - .driver_data = (kernel_ulong_t) &imx21_nand_devtype_data, - }, { - .name = "imx27-nand", - .driver_data = (kernel_ulong_t) &imx27_nand_devtype_data, - }, { - .name = "imx25-nand", - .driver_data = (kernel_ulong_t) &imx25_nand_devtype_data, - }, { - .name = "imx51-nand", - .driver_data = (kernel_ulong_t) &imx51_nand_devtype_data, - }, { - .name = "imx53-nand", - .driver_data = (kernel_ulong_t) &imx53_nand_devtype_data, - }, { - /* sentinel */ - } -}; -MODULE_DEVICE_TABLE(platform, mxcnd_devtype); - -#ifdef CONFIG_OF static const struct of_device_id mxcnd_dt_ids[] = { { .compatible = "fsl,imx21-nand", @@ -1655,26 +1630,6 @@ static const struct of_device_id mxcnd_dt_ids[] = { }; MODULE_DEVICE_TABLE(of, mxcnd_dt_ids); -static int mxcnd_probe_dt(struct mxc_nand_host *host) -{ - struct device_node *np = host->dev->of_node; - const struct of_device_id *of_id = - of_match_device(mxcnd_dt_ids, host->dev); - - if (!np) - return 1; - - host->devtype_data = of_id->data; - - return 0; -} -#else -static int mxcnd_probe_dt(struct mxc_nand_host *host) -{ - return 1; -} -#endif - static int mxcnd_attach_chip(struct nand_chip *chip) { struct mtd_info *mtd = nand_to_mtd(chip); @@ -1759,6 +1714,7 @@ static const struct nand_controller_ops mxcnd_controller_ops = { static int mxcnd_probe(struct platform_device *pdev) { + const struct of_device_id *of_id; struct nand_chip *this; struct mtd_info *mtd; struct mxc_nand_host *host; @@ -1800,20 +1756,8 @@ static int mxcnd_probe(struct platform_device *pdev) if (IS_ERR(host->clk)) return PTR_ERR(host->clk); - err = mxcnd_probe_dt(host); - if (err > 0) { - struct mxc_nand_platform_data *pdata = - dev_get_platdata(&pdev->dev); - if (pdata) { - host->pdata = *pdata; - host->devtype_data = (struct mxc_nand_devtype_data *) - pdev->id_entry->driver_data; - } else { - err = -ENODEV; - } - } - if (err < 0) - return err; + of_id = of_match_device(mxcnd_dt_ids, host->dev); + host->devtype_data = of_id->data; if (!host->devtype_data->setup_interface) this->options |= NAND_KEEP_TIMINGS; @@ -1843,14 +1787,6 @@ static int mxcnd_probe(struct platform_device *pdev) this->legacy.select_chip = host->devtype_data->select_chip; - /* NAND bus width determines access functions used by upper layer */ - if (host->pdata.width == 2) - this->options |= NAND_BUSWIDTH_16; - - /* update flash based bbt */ - if (host->pdata.flash_bbt) - this->bbt_options |= NAND_BBT_USE_FLASH; - init_completion(&host->op_completion); host->irq = platform_get_irq(pdev, 0); @@ -1891,9 +1827,7 @@ static int mxcnd_probe(struct platform_device *pdev) goto escan; /* Register the partitions */ - err = mtd_device_parse_register(mtd, part_probes, NULL, - host->pdata.parts, - host->pdata.nr_parts); + err = mtd_device_parse_register(mtd, part_probes, NULL, NULL, 0); if (err) goto cleanup_nand; @@ -1930,7 +1864,6 @@ static struct platform_driver mxcnd_driver = { .name = DRIVER_NAME, .of_match_table = of_match_ptr(mxcnd_dt_ids), }, - .id_table = mxcnd_devtype, .probe = mxcnd_probe, .remove = mxcnd_remove, }; diff --git a/include/linux/platform_data/mtd-mxc_nand.h b/include/linux/platform_data/mtd-mxc_nand.h deleted file mode 100644 index d1230030c6db..000000000000 --- a/include/linux/platform_data/mtd-mxc_nand.h +++ /dev/null @@ -1,19 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-or-later */ -/* - * Copyright 2004-2007 Freescale Semiconductor, Inc. All Rights Reserved. - * Copyright 2008 Sascha Hauer, kernel(a)pengutronix.de - */ - -#ifndef __ASM_ARCH_NAND_H -#define __ASM_ARCH_NAND_H - -#include <linux/mtd/partitions.h> - -struct mxc_nand_platform_data { - unsigned int width; /* data bus width in bytes */ - unsigned int hw_ecc:1; /* 0 if suppress hardware ECC */ - unsigned int flash_bbt:1; /* set to 1 to use a flash based bbt */ - struct mtd_partition *parts; /* partition table */ - int nr_parts; /* size of parts */ -}; -#endif /* __ASM_ARCH_NAND_H */ -- 2.25.1

2 days, 5 hours

1
0
0 0

[PATCH 5.10] Input: adp5588-keys - add support for fw properties

by Denis Arefev

From: Nuno Sá <nuno.sa(a)analog.com> [ Upstream commit 6704a86283b7e79ff7ae36d388466428f6672962 ] Use firmware properties (eg: OF) to get the device specific configuration. This change just replaces the platform data since there was no platform using it and so, it makes no sense having both. Special note to the PULL-UP disable setting that is now supported as part of the gpio subsystem (using 'set_config()' callback). Signed-off-by: Nuno Sá <nuno.sa(a)analog.com> Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Link: https://lore.kernel.org/r/20220829131553.690063-5-nuno.sa@analog.com [In v5.10.226 IRQCHIP_IMMUTABLE is missing, replaced with (1 << 11)] [In v5.10.226 GPIOCHIP_IRQ_RESOURCE_HELPERS is missing, removed, since there is initialization in gpiochip_set_irq_hooks] [In v5.10.226 DEFINE_SIMPLE_DEV_PM_OPS is missing, replaced with static const struct dev_pm_ops] Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> --- drivers/input/keyboard/Kconfig | 3 + drivers/input/keyboard/adp5588-keys.c | 849 ++++++++++++++++---------- include/linux/platform_data/adp5588.h | 171 ------ 3 files changed, 532 insertions(+), 491 deletions(-) delete mode 100644 include/linux/platform_data/adp5588.h diff --git a/drivers/input/keyboard/Kconfig b/drivers/input/keyboard/Kconfig index 3f7a5ff17a9a..9a58f668cd25 100644 --- a/drivers/input/keyboard/Kconfig +++ b/drivers/input/keyboard/Kconfig @@ -40,6 +40,9 @@ config KEYBOARD_ADP5520 config KEYBOARD_ADP5588 tristate "ADP5588/87 I2C QWERTY Keypad and IO Expander" depends on I2C + select GPIOLIB + select GPIOLIB_IRQCHIP + select INPUT_MATRIXKMAP help Say Y here if you want to use a ADP5588/87 attached to your system I2C bus. diff --git a/drivers/input/keyboard/adp5588-keys.c b/drivers/input/keyboard/adp5588-keys.c index 90a59b973d00..b1ce00d638a4 100644 --- a/drivers/input/keyboard/adp5588-keys.c +++ b/drivers/input/keyboard/adp5588-keys.c @@ -8,25 +8,163 @@ * Copyright (C) 2008-2010 Analog Devices Inc. */ -#include <linux/module.h> +#include <linux/bits.h> +#include <linux/delay.h> +#include <linux/errno.h> +#include <linux/gpio/consumer.h> +#include <linux/gpio/driver.h> +#include <linux/i2c.h> +#include <linux/input.h> +#include <linux/input/matrix_keypad.h> #include <linux/interrupt.h> #include <linux/irq.h> -#include <linux/workqueue.h> -#include <linux/errno.h> -#include <linux/pm.h> +#include <linux/ktime.h> +#include <linux/module.h> +#include <linux/mod_devicetable.h> +#include <linux/pinctrl/pinconf-generic.h> #include <linux/platform_device.h> -#include <linux/input.h> -#include <linux/i2c.h> -#include <linux/gpio.h> +#include <linux/pm.h> +#include <linux/regulator/consumer.h> #include <linux/slab.h> +#include <linux/timekeeping.h> + +#define DEV_ID 0x00 /* Device ID */ +#define CFG 0x01 /* Configuration Register1 */ +#define INT_STAT 0x02 /* Interrupt Status Register */ +#define KEY_LCK_EC_STAT 0x03 /* Key Lock and Event Counter Register */ +#define KEY_EVENTA 0x04 /* Key Event Register A */ +#define KEY_EVENTB 0x05 /* Key Event Register B */ +#define KEY_EVENTC 0x06 /* Key Event Register C */ +#define KEY_EVENTD 0x07 /* Key Event Register D */ +#define KEY_EVENTE 0x08 /* Key Event Register E */ +#define KEY_EVENTF 0x09 /* Key Event Register F */ +#define KEY_EVENTG 0x0A /* Key Event Register G */ +#define KEY_EVENTH 0x0B /* Key Event Register H */ +#define KEY_EVENTI 0x0C /* Key Event Register I */ +#define KEY_EVENTJ 0x0D /* Key Event Register J */ +#define KP_LCK_TMR 0x0E /* Keypad Lock1 to Lock2 Timer */ +#define UNLOCK1 0x0F /* Unlock Key1 */ +#define UNLOCK2 0x10 /* Unlock Key2 */ +#define GPIO_INT_STAT1 0x11 /* GPIO Interrupt Status */ +#define GPIO_INT_STAT2 0x12 /* GPIO Interrupt Status */ +#define GPIO_INT_STAT3 0x13 /* GPIO Interrupt Status */ +#define GPIO_DAT_STAT1 0x14 /* GPIO Data Status, Read twice to clear */ +#define GPIO_DAT_STAT2 0x15 /* GPIO Data Status, Read twice to clear */ +#define GPIO_DAT_STAT3 0x16 /* GPIO Data Status, Read twice to clear */ +#define GPIO_DAT_OUT1 0x17 /* GPIO DATA OUT */ +#define GPIO_DAT_OUT2 0x18 /* GPIO DATA OUT */ +#define GPIO_DAT_OUT3 0x19 /* GPIO DATA OUT */ +#define GPIO_INT_EN1 0x1A /* GPIO Interrupt Enable */ +#define GPIO_INT_EN2 0x1B /* GPIO Interrupt Enable */ +#define GPIO_INT_EN3 0x1C /* GPIO Interrupt Enable */ +#define KP_GPIO1 0x1D /* Keypad or GPIO Selection */ +#define KP_GPIO2 0x1E /* Keypad or GPIO Selection */ +#define KP_GPIO3 0x1F /* Keypad or GPIO Selection */ +#define GPI_EM1 0x20 /* GPI Event Mode 1 */ +#define GPI_EM2 0x21 /* GPI Event Mode 2 */ +#define GPI_EM3 0x22 /* GPI Event Mode 3 */ +#define GPIO_DIR1 0x23 /* GPIO Data Direction */ +#define GPIO_DIR2 0x24 /* GPIO Data Direction */ +#define GPIO_DIR3 0x25 /* GPIO Data Direction */ +#define GPIO_INT_LVL1 0x26 /* GPIO Edge/Level Detect */ +#define GPIO_INT_LVL2 0x27 /* GPIO Edge/Level Detect */ +#define GPIO_INT_LVL3 0x28 /* GPIO Edge/Level Detect */ +#define DEBOUNCE_DIS1 0x29 /* Debounce Disable */ +#define DEBOUNCE_DIS2 0x2A /* Debounce Disable */ +#define DEBOUNCE_DIS3 0x2B /* Debounce Disable */ +#define GPIO_PULL1 0x2C /* GPIO Pull Disable */ +#define GPIO_PULL2 0x2D /* GPIO Pull Disable */ +#define GPIO_PULL3 0x2E /* GPIO Pull Disable */ +#define CMP_CFG_STAT 0x30 /* Comparator Configuration and Status Register */ +#define CMP_CONFG_SENS1 0x31 /* Sensor1 Comparator Configuration Register */ +#define CMP_CONFG_SENS2 0x32 /* L2 Light Sensor Reference Level, Output Falling for Sensor 1 */ +#define CMP1_LVL2_TRIP 0x33 /* L2 Light Sensor Hysteresis (Active when Output Rising) for Sensor 1 */ +#define CMP1_LVL2_HYS 0x34 /* L3 Light Sensor Reference Level, Output Falling For Sensor 1 */ +#define CMP1_LVL3_TRIP 0x35 /* L3 Light Sensor Hysteresis (Active when Output Rising) For Sensor 1 */ +#define CMP1_LVL3_HYS 0x36 /* Sensor 2 Comparator Configuration Register */ +#define CMP2_LVL2_TRIP 0x37 /* L2 Light Sensor Reference Level, Output Falling for Sensor 2 */ +#define CMP2_LVL2_HYS 0x38 /* L2 Light Sensor Hysteresis (Active when Output Rising) for Sensor 2 */ +#define CMP2_LVL3_TRIP 0x39 /* L3 Light Sensor Reference Level, Output Falling For Sensor 2 */ +#define CMP2_LVL3_HYS 0x3A /* L3 Light Sensor Hysteresis (Active when Output Rising) For Sensor 2 */ +#define CMP1_ADC_DAT_R1 0x3B /* Comparator 1 ADC data Register1 */ +#define CMP1_ADC_DAT_R2 0x3C /* Comparator 1 ADC data Register2 */ +#define CMP2_ADC_DAT_R1 0x3D /* Comparator 2 ADC data Register1 */ +#define CMP2_ADC_DAT_R2 0x3E /* Comparator 2 ADC data Register2 */ + +#define ADP5588_DEVICE_ID_MASK 0xF + + /* Configuration Register1 */ +#define ADP5588_AUTO_INC BIT(7) +#define ADP5588_GPIEM_CFG BIT(6) +#define ADP5588_OVR_FLOW_M BIT(5) +#define ADP5588_INT_CFG BIT(4) +#define ADP5588_OVR_FLOW_IEN BIT(3) +#define ADP5588_K_LCK_IM BIT(2) +#define ADP5588_GPI_IEN BIT(1) +#define ADP5588_KE_IEN BIT(0) + +/* Interrupt Status Register */ +#define ADP5588_CMP2_INT BIT(5) +#define ADP5588_CMP1_INT BIT(4) +#define ADP5588_OVR_FLOW_INT BIT(3) +#define ADP5588_K_LCK_INT BIT(2) +#define ADP5588_GPI_INT BIT(1) +#define ADP5588_KE_INT BIT(0) + +/* Key Lock and Event Counter Register */ +#define ADP5588_K_LCK_EN BIT(6) +#define ADP5588_LCK21 0x30 +#define ADP5588_KEC GENMASK(3, 0) + +#define ADP5588_MAXGPIO 18 +#define ADP5588_BANK(offs) ((offs) >> 3) +#define ADP5588_BIT(offs) (1u << ((offs) & 0x7)) + +/* Put one of these structures in i2c_board_info platform_data */ -#include <linux/platform_data/adp5588.h> +/* + * 128 so it fits matrix-keymap maximum number of keys when the full + * 10cols * 8rows are used. + */ +#define ADP5588_KEYMAPSIZE 128 + +#define GPI_PIN_ROW0 97 +#define GPI_PIN_ROW1 98 +#define GPI_PIN_ROW2 99 +#define GPI_PIN_ROW3 100 +#define GPI_PIN_ROW4 101 +#define GPI_PIN_ROW5 102 +#define GPI_PIN_ROW6 103 +#define GPI_PIN_ROW7 104 +#define GPI_PIN_COL0 105 +#define GPI_PIN_COL1 106 +#define GPI_PIN_COL2 107 +#define GPI_PIN_COL3 108 +#define GPI_PIN_COL4 109 +#define GPI_PIN_COL5 110 +#define GPI_PIN_COL6 111 +#define GPI_PIN_COL7 112 +#define GPI_PIN_COL8 113 +#define GPI_PIN_COL9 114 + +#define GPI_PIN_ROW_BASE GPI_PIN_ROW0 +#define GPI_PIN_ROW_END GPI_PIN_ROW7 +#define GPI_PIN_COL_BASE GPI_PIN_COL0 +#define GPI_PIN_COL_END GPI_PIN_COL9 + +#define GPI_PIN_BASE GPI_PIN_ROW_BASE +#define GPI_PIN_END GPI_PIN_COL_END + +#define ADP5588_ROWS_MAX (GPI_PIN_ROW7 - GPI_PIN_ROW0 + 1) +#define ADP5588_COLS_MAX (GPI_PIN_COL9 - GPI_PIN_COL0 + 1) + +#define ADP5588_GPIMAPSIZE_MAX (GPI_PIN_END - GPI_PIN_BASE + 1) /* Key Event Register xy */ -#define KEY_EV_PRESSED (1 << 7) -#define KEY_EV_MASK (0x7F) +#define KEY_EV_PRESSED BIT(7) +#define KEY_EV_MASK GENMASK(6, 0) -#define KP_SEL(x) (0xFFFF >> (16 - x)) /* 2^x-1 */ +#define KP_SEL(x) (BIT(x) - 1) /* 2^x-1 */ #define KEYP_MAX_EVENT 10 @@ -36,23 +174,29 @@ * asserted. */ #define WA_DELAYED_READOUT_REVID(rev) ((rev) < 4) +#define WA_DELAYED_READOUT_TIME 25 + +#define ADP5588_INVALID_HWIRQ (~0UL) struct adp5588_kpad { struct i2c_client *client; struct input_dev *input; - struct delayed_work work; + ktime_t irq_time; unsigned long delay; + u32 row_shift; + u32 rows; + u32 cols; + u32 unlock_keys[2]; + int nkeys_unlock; unsigned short keycode[ADP5588_KEYMAPSIZE]; - const struct adp5588_gpi_map *gpimap; - unsigned short gpimapsize; -#ifdef CONFIG_GPIOLIB unsigned char gpiomap[ADP5588_MAXGPIO]; - bool export_gpio; struct gpio_chip gc; struct mutex gpio_lock; /* Protect cached dir, dat_out */ u8 dat_out[3]; u8 dir[3]; -#endif + u8 int_en[3]; + u8 irq_mask[3]; + u8 pull_dis[3]; }; static int adp5588_read(struct i2c_client *client, u8 reg) @@ -70,8 +214,7 @@ static int adp5588_write(struct i2c_client *client, u8 reg, u8 val) return i2c_smbus_write_byte_data(client, reg, val); } -#ifdef CONFIG_GPIOLIB -static int adp5588_gpio_get_value(struct gpio_chip *chip, unsigned off) +static int adp5588_gpio_get_value(struct gpio_chip *chip, unsigned int off) { struct adp5588_kpad *kpad = gpiochip_get_data(chip); unsigned int bank = ADP5588_BANK(kpad->gpiomap[off]); @@ -91,7 +234,7 @@ static int adp5588_gpio_get_value(struct gpio_chip *chip, unsigned off) } static void adp5588_gpio_set_value(struct gpio_chip *chip, - unsigned off, int val) + unsigned int off, int val) { struct adp5588_kpad *kpad = gpiochip_get_data(chip); unsigned int bank = ADP5588_BANK(kpad->gpiomap[off]); @@ -104,13 +247,47 @@ static void adp5588_gpio_set_value(struct gpio_chip *chip, else kpad->dat_out[bank] &= ~bit; - adp5588_write(kpad->client, GPIO_DAT_OUT1 + bank, - kpad->dat_out[bank]); + adp5588_write(kpad->client, GPIO_DAT_OUT1 + bank, kpad->dat_out[bank]); + + mutex_unlock(&kpad->gpio_lock); +} + +static int adp5588_gpio_set_config(struct gpio_chip *chip, unsigned int off, + unsigned long config) +{ + struct adp5588_kpad *kpad = gpiochip_get_data(chip); + unsigned int bank = ADP5588_BANK(kpad->gpiomap[off]); + unsigned int bit = ADP5588_BIT(kpad->gpiomap[off]); + bool pull_disable; + int ret; + + switch (pinconf_to_config_param(config)) { + case PIN_CONFIG_BIAS_PULL_UP: + pull_disable = false; + break; + case PIN_CONFIG_BIAS_DISABLE: + pull_disable = true; + break; + default: + return -EOPNOTSUPP; + } + + mutex_lock(&kpad->gpio_lock); + + if (pull_disable) + kpad->pull_dis[bank] |= bit; + else + kpad->pull_dis[bank] &= bit; + + ret = adp5588_write(kpad->client, GPIO_PULL1 + bank, + kpad->pull_dis[bank]); mutex_unlock(&kpad->gpio_lock); + + return ret; } -static int adp5588_gpio_direction_input(struct gpio_chip *chip, unsigned off) +static int adp5588_gpio_direction_input(struct gpio_chip *chip, unsigned int off) { struct adp5588_kpad *kpad = gpiochip_get_data(chip); unsigned int bank = ADP5588_BANK(kpad->gpiomap[off]); @@ -128,7 +305,7 @@ static int adp5588_gpio_direction_input(struct gpio_chip *chip, unsigned off) } static int adp5588_gpio_direction_output(struct gpio_chip *chip, - unsigned off, int val) + unsigned int off, int val) { struct adp5588_kpad *kpad = gpiochip_get_data(chip); unsigned int bank = ADP5588_BANK(kpad->gpiomap[off]); @@ -145,17 +322,19 @@ static int adp5588_gpio_direction_output(struct gpio_chip *chip, kpad->dat_out[bank] &= ~bit; ret = adp5588_write(kpad->client, GPIO_DAT_OUT1 + bank, - kpad->dat_out[bank]); - ret |= adp5588_write(kpad->client, GPIO_DIR1 + bank, - kpad->dir[bank]); + kpad->dat_out[bank]); + if (ret) + goto out_unlock; + ret = adp5588_write(kpad->client, GPIO_DIR1 + bank, kpad->dir[bank]); + +out_unlock: mutex_unlock(&kpad->gpio_lock); return ret; } -static int adp5588_build_gpiomap(struct adp5588_kpad *kpad, - const struct adp5588_kpad_platform_data *pdata) +static int adp5588_build_gpiomap(struct adp5588_kpad *kpad) { bool pin_used[ADP5588_MAXGPIO]; int n_unused = 0; @@ -163,15 +342,12 @@ static int adp5588_build_gpiomap(struct adp5588_kpad *kpad, memset(pin_used, 0, sizeof(pin_used)); - for (i = 0; i < pdata->rows; i++) + for (i = 0; i < kpad->rows; i++) pin_used[i] = true; - for (i = 0; i < pdata->cols; i++) + for (i = 0; i < kpad->cols; i++) pin_used[i + GPI_PIN_COL_BASE - GPI_PIN_BASE] = true; - for (i = 0; i < kpad->gpimapsize; i++) - pin_used[kpad->gpimap[i].pin - GPI_PIN_BASE] = true; - for (i = 0; i < ADP5588_MAXGPIO; i++) if (!pin_used[i]) kpad->gpiomap[n_unused++] = i; @@ -179,40 +355,106 @@ static int adp5588_build_gpiomap(struct adp5588_kpad *kpad, return n_unused; } +static void adp5588_irq_bus_lock(struct irq_data *d) +{ + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct adp5588_kpad *kpad = gpiochip_get_data(gc); + + mutex_lock(&kpad->gpio_lock); +} + +static void adp5588_irq_bus_sync_unlock(struct irq_data *d) +{ + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct adp5588_kpad *kpad = gpiochip_get_data(gc); + int i; + + for (i = 0; i <= ADP5588_BANK(ADP5588_MAXGPIO); i++) { + if (kpad->int_en[i] ^ kpad->irq_mask[i]) { + kpad->int_en[i] = kpad->irq_mask[i]; + adp5588_write(kpad->client, GPI_EM1 + i, kpad->int_en[i]); + } + } + + mutex_unlock(&kpad->gpio_lock); +} + +static void adp5588_irq_mask(struct irq_data *d) +{ + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct adp5588_kpad *kpad = gpiochip_get_data(gc); + irq_hw_number_t hwirq = irqd_to_hwirq(d); + unsigned long real_irq = kpad->gpiomap[hwirq]; + + kpad->irq_mask[ADP5588_BANK(real_irq)] &= ~ADP5588_BIT(real_irq); + gpiochip_disable_irq(gc, hwirq); +} + +static void adp5588_irq_unmask(struct irq_data *d) +{ + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct adp5588_kpad *kpad = gpiochip_get_data(gc); + irq_hw_number_t hwirq = irqd_to_hwirq(d); + unsigned long real_irq = kpad->gpiomap[hwirq]; + + gpiochip_enable_irq(gc, hwirq); + kpad->irq_mask[ADP5588_BANK(real_irq)] |= ADP5588_BIT(real_irq); +} + +static int adp5588_irq_set_type(struct irq_data *d, unsigned int type) +{ + if (!(type & IRQ_TYPE_EDGE_BOTH)) + return -EINVAL; + + irq_set_handler_locked(d, handle_edge_irq); + + return 0; +} + +static const struct irq_chip adp5588_irq_chip = { + .name = "adp5588", + .irq_mask = adp5588_irq_mask, + .irq_unmask = adp5588_irq_unmask, + .irq_bus_lock = adp5588_irq_bus_lock, + .irq_bus_sync_unlock = adp5588_irq_bus_sync_unlock, + .irq_set_type = adp5588_irq_set_type, + .flags = IRQCHIP_SKIP_SET_WAKE | (1 << 11), +}; + static int adp5588_gpio_add(struct adp5588_kpad *kpad) { struct device *dev = &kpad->client->dev; - const struct adp5588_kpad_platform_data *pdata = dev_get_platdata(dev); - const struct adp5588_gpio_platform_data *gpio_data = pdata->gpio_data; + struct gpio_irq_chip *girq; int i, error; - if (!gpio_data) - return 0; - - kpad->gc.ngpio = adp5588_build_gpiomap(kpad, pdata); + kpad->gc.ngpio = adp5588_build_gpiomap(kpad); if (kpad->gc.ngpio == 0) { dev_info(dev, "No unused gpios left to export\n"); return 0; } - kpad->export_gpio = true; - + kpad->gc.parent = &kpad->client->dev; kpad->gc.direction_input = adp5588_gpio_direction_input; kpad->gc.direction_output = adp5588_gpio_direction_output; kpad->gc.get = adp5588_gpio_get_value; kpad->gc.set = adp5588_gpio_set_value; + kpad->gc.set_config = adp5588_gpio_set_config; kpad->gc.can_sleep = 1; - kpad->gc.base = gpio_data->gpio_start; + kpad->gc.base = -1; kpad->gc.label = kpad->client->name; kpad->gc.owner = THIS_MODULE; - kpad->gc.names = gpio_data->names; + + girq = &kpad->gc.irq; + girq->chip = (struct irq_chip *)&adp5588_irq_chip; + girq->handler = handle_bad_irq; + girq->threaded = true; mutex_init(&kpad->gpio_lock); - error = gpiochip_add_data(&kpad->gc, kpad); + error = devm_gpiochip_add_data(dev, &kpad->gc, kpad); if (error) { - dev_err(dev, "gpiochip_add failed, err: %d\n", error); + dev_err(dev, "gpiochip_add failed: %d\n", error); return error; } @@ -220,82 +462,121 @@ static int adp5588_gpio_add(struct adp5588_kpad *kpad) kpad->dat_out[i] = adp5588_read(kpad->client, GPIO_DAT_OUT1 + i); kpad->dir[i] = adp5588_read(kpad->client, GPIO_DIR1 + i); - } - - if (gpio_data->setup) { - error = gpio_data->setup(kpad->client, - kpad->gc.base, kpad->gc.ngpio, - gpio_data->context); - if (error) - dev_warn(dev, "setup failed, %d\n", error); + kpad->pull_dis[i] = adp5588_read(kpad->client, GPIO_PULL1 + i); } return 0; } -static void adp5588_gpio_remove(struct adp5588_kpad *kpad) +static unsigned long adp5588_gpiomap_get_hwirq(struct device *dev, + const u8 *map, unsigned int gpio, + unsigned int ngpios) { - struct device *dev = &kpad->client->dev; - const struct adp5588_kpad_platform_data *pdata = dev_get_platdata(dev); - const struct adp5588_gpio_platform_data *gpio_data = pdata->gpio_data; - int error; + unsigned int hwirq; - if (!kpad->export_gpio) - return; + for (hwirq = 0; hwirq < ngpios; hwirq++) + if (map[hwirq] == gpio) + return hwirq; - if (gpio_data->teardown) { - error = gpio_data->teardown(kpad->client, - kpad->gc.base, kpad->gc.ngpio, - gpio_data->context); - if (error) - dev_warn(dev, "teardown failed %d\n", error); - } + /* should never happen */ + dev_warn_ratelimited(dev, "could not find the hwirq for gpio(%u)\n", gpio); - gpiochip_remove(&kpad->gc); -} -#else -static inline int adp5588_gpio_add(struct adp5588_kpad *kpad) -{ - return 0; + return ADP5588_INVALID_HWIRQ; } -static inline void adp5588_gpio_remove(struct adp5588_kpad *kpad) +static void adp5588_gpio_irq_handle(struct adp5588_kpad *kpad, int key_val, + int key_press) { + unsigned int irq, gpio = key_val - GPI_PIN_BASE, irq_type; + struct i2c_client *client = kpad->client; + struct irq_data *irqd; + unsigned long hwirq; + + hwirq = adp5588_gpiomap_get_hwirq(&client->dev, kpad->gpiomap, + gpio, kpad->gc.ngpio); + if (hwirq == ADP5588_INVALID_HWIRQ) { + dev_err(&client->dev, "Could not get hwirq for key(%u)\n", key_val); + return; + } + + irq = irq_find_mapping(kpad->gc.irq.domain, hwirq); + if (!irq) + return; + + irqd = irq_get_irq_data(irq); + if (!irqd) { + dev_err(&client->dev, "Could not get irq(%u) data\n", irq); + return; + } + + irq_type = irqd_get_trigger_type(irqd); + + /* + * Default is active low which means key_press is asserted on + * the falling edge. + */ + if ((irq_type & IRQ_TYPE_EDGE_RISING && !key_press) || + (irq_type & IRQ_TYPE_EDGE_FALLING && key_press)) + handle_nested_irq(irq); } -#endif static void adp5588_report_events(struct adp5588_kpad *kpad, int ev_cnt) { - int i, j; + int i; for (i = 0; i < ev_cnt; i++) { - int key = adp5588_read(kpad->client, Key_EVENTA + i); + int key = adp5588_read(kpad->client, KEY_EVENTA + i); int key_val = key & KEY_EV_MASK; + int key_press = key & KEY_EV_PRESSED; if (key_val >= GPI_PIN_BASE && key_val <= GPI_PIN_END) { - for (j = 0; j < kpad->gpimapsize; j++) { - if (key_val == kpad->gpimap[j].pin) { - input_report_switch(kpad->input, - kpad->gpimap[j].sw_evt, - key & KEY_EV_PRESSED); - break; - } - } + /* gpio line used as IRQ source */ + adp5588_gpio_irq_handle(kpad, key_val, key_press); } else { + int row = (key_val - 1) / ADP5588_COLS_MAX; + int col = (key_val - 1) % ADP5588_COLS_MAX; + int code = MATRIX_SCAN_CODE(row, col, kpad->row_shift); + + dev_dbg_ratelimited(&kpad->client->dev, + "report key(%d) r(%d) c(%d) code(%d)\n", + key_val, row, col, kpad->keycode[code]); + input_report_key(kpad->input, - kpad->keycode[key_val - 1], - key & KEY_EV_PRESSED); + kpad->keycode[code], key_press); } } } -static void adp5588_work(struct work_struct *work) +static irqreturn_t adp5588_hard_irq(int irq, void *handle) +{ + struct adp5588_kpad *kpad = handle; + + kpad->irq_time = ktime_get(); + + return IRQ_WAKE_THREAD; +} + +static irqreturn_t adp5588_thread_irq(int irq, void *handle) { - struct adp5588_kpad *kpad = container_of(work, - struct adp5588_kpad, work.work); + struct adp5588_kpad *kpad = handle; struct i2c_client *client = kpad->client; + ktime_t target_time, now; + unsigned long delay; int status, ev_cnt; + /* + * Readout needs to wait for at least 25ms after the notification + * for REVID < 4. + */ + if (kpad->delay) { + target_time = ktime_add_ms(kpad->irq_time, kpad->delay); + now = ktime_get(); + if (ktime_before(now, target_time)) { + delay = ktime_to_us(ktime_sub(target_time, now)); + usleep_range(delay, delay + 1000); + } + } + status = adp5588_read(client, INT_STAT); if (status & ADP5588_OVR_FLOW_INT) /* Unlikely and should never happen */ @@ -308,218 +589,199 @@ static void adp5588_work(struct work_struct *work) input_sync(kpad->input); } } - adp5588_write(client, INT_STAT, status); /* Status is W1C */ -} - -static irqreturn_t adp5588_irq(int irq, void *handle) -{ - struct adp5588_kpad *kpad = handle; - - /* - * use keventd context to read the event fifo registers - * Schedule readout at least 25ms after notification for - * REVID < 4 - */ - schedule_delayed_work(&kpad->work, kpad->delay); + adp5588_write(client, INT_STAT, status); /* Status is W1C */ return IRQ_HANDLED; } -static int adp5588_setup(struct i2c_client *client) +static int adp5588_setup(struct adp5588_kpad *kpad) { - const struct adp5588_kpad_platform_data *pdata = - dev_get_platdata(&client->dev); - const struct adp5588_gpio_platform_data *gpio_data = pdata->gpio_data; + struct i2c_client *client = kpad->client; int i, ret; - unsigned char evt_mode1 = 0, evt_mode2 = 0, evt_mode3 = 0; - ret = adp5588_write(client, KP_GPIO1, KP_SEL(pdata->rows)); - ret |= adp5588_write(client, KP_GPIO2, KP_SEL(pdata->cols) & 0xFF); - ret |= adp5588_write(client, KP_GPIO3, KP_SEL(pdata->cols) >> 8); - - if (pdata->en_keylock) { - ret |= adp5588_write(client, UNLOCK1, pdata->unlock_key1); - ret |= adp5588_write(client, UNLOCK2, pdata->unlock_key2); - ret |= adp5588_write(client, KEY_LCK_EC_STAT, ADP5588_K_LCK_EN); - } + ret = adp5588_write(client, KP_GPIO1, KP_SEL(kpad->rows)); + if (ret) + return ret; - for (i = 0; i < KEYP_MAX_EVENT; i++) - ret |= adp5588_read(client, Key_EVENTA); + ret = adp5588_write(client, KP_GPIO2, KP_SEL(kpad->cols) & 0xFF); + if (ret) + return ret; - for (i = 0; i < pdata->gpimapsize; i++) { - unsigned short pin = pdata->gpimap[i].pin; + ret = adp5588_write(client, KP_GPIO3, KP_SEL(kpad->cols) >> 8); + if (ret) + return ret; - if (pin <= GPI_PIN_ROW_END) { - evt_mode1 |= (1 << (pin - GPI_PIN_ROW_BASE)); - } else { - evt_mode2 |= ((1 << (pin - GPI_PIN_COL_BASE)) & 0xFF); - evt_mode3 |= ((1 << (pin - GPI_PIN_COL_BASE)) >> 8); - } + for (i = 0; i < kpad->nkeys_unlock; i++) { + ret = adp5588_write(client, UNLOCK1 + i, kpad->unlock_keys[i]); + if (ret) + return ret; } - if (pdata->gpimapsize) { - ret |= adp5588_write(client, GPI_EM1, evt_mode1); - ret |= adp5588_write(client, GPI_EM2, evt_mode2); - ret |= adp5588_write(client, GPI_EM3, evt_mode3); + if (kpad->nkeys_unlock) { + ret = adp5588_write(client, KEY_LCK_EC_STAT, ADP5588_K_LCK_EN); + if (ret) + return ret; } - if (gpio_data) { - for (i = 0; i <= ADP5588_BANK(ADP5588_MAXGPIO); i++) { - int pull_mask = gpio_data->pullup_dis_mask; - - ret |= adp5588_write(client, GPIO_PULL1 + i, - (pull_mask >> (8 * i)) & 0xFF); - } + for (i = 0; i < KEYP_MAX_EVENT; i++) { + ret = adp5588_read(client, KEY_EVENTA); + if (ret) + return ret; } - ret |= adp5588_write(client, INT_STAT, - ADP5588_CMP2_INT | ADP5588_CMP1_INT | - ADP5588_OVR_FLOW_INT | ADP5588_K_LCK_INT | - ADP5588_GPI_INT | ADP5588_KE_INT); /* Status is W1C */ + ret = adp5588_write(client, INT_STAT, + ADP5588_CMP2_INT | ADP5588_CMP1_INT | + ADP5588_OVR_FLOW_INT | ADP5588_K_LCK_INT | + ADP5588_GPI_INT | ADP5588_KE_INT); /* Status is W1C */ + if (ret) + return ret; - ret |= adp5588_write(client, CFG, ADP5588_INT_CFG | - ADP5588_OVR_FLOW_IEN | - ADP5588_KE_IEN); + return adp5588_write(client, CFG, ADP5588_INT_CFG | + ADP5588_OVR_FLOW_IEN | ADP5588_KE_IEN); +} + +static int adp5588_fw_parse(struct adp5588_kpad *kpad) +{ + struct i2c_client *client = kpad->client; + int ret, i; - if (ret < 0) { - dev_err(&client->dev, "Write Error\n"); + ret = matrix_keypad_parse_properties(&client->dev, &kpad->rows, + &kpad->cols); + if (ret) return ret; + + if (kpad->rows > ADP5588_ROWS_MAX || kpad->cols > ADP5588_COLS_MAX) { + dev_err(&client->dev, "Invalid nr of rows(%u) or cols(%u)\n", + kpad->rows, kpad->cols); + return -EINVAL; } - return 0; -} + ret = matrix_keypad_build_keymap(NULL, NULL, kpad->rows, kpad->cols, + kpad->keycode, kpad->input); + if (ret) + return ret; -static void adp5588_report_switch_state(struct adp5588_kpad *kpad) -{ - int gpi_stat1 = adp5588_read(kpad->client, GPIO_DAT_STAT1); - int gpi_stat2 = adp5588_read(kpad->client, GPIO_DAT_STAT2); - int gpi_stat3 = adp5588_read(kpad->client, GPIO_DAT_STAT3); - int gpi_stat_tmp, pin_loc; - int i; + kpad->row_shift = get_count_order(kpad->cols); - for (i = 0; i < kpad->gpimapsize; i++) { - unsigned short pin = kpad->gpimap[i].pin; + if (device_property_read_bool(&client->dev, "autorepeat")) + __set_bit(EV_REP, kpad->input->evbit); - if (pin <= GPI_PIN_ROW_END) { - gpi_stat_tmp = gpi_stat1; - pin_loc = pin - GPI_PIN_ROW_BASE; - } else if ((pin - GPI_PIN_COL_BASE) < 8) { - gpi_stat_tmp = gpi_stat2; - pin_loc = pin - GPI_PIN_COL_BASE; - } else { - gpi_stat_tmp = gpi_stat3; - pin_loc = pin - GPI_PIN_COL_BASE - 8; - } + kpad->nkeys_unlock = device_property_count_u32(&client->dev, + "adi,unlock-keys"); + if (kpad->nkeys_unlock <= 0) { + /* so that we don't end up enabling key lock */ + kpad->nkeys_unlock = 0; + return 0; + } + + if (kpad->nkeys_unlock > ARRAY_SIZE(kpad->unlock_keys)) { + dev_err(&client->dev, "number of unlock keys(%d) > (%zu)\n", + kpad->nkeys_unlock, ARRAY_SIZE(kpad->unlock_keys)); + return -EINVAL; + } - if (gpi_stat_tmp < 0) { - dev_err(&kpad->client->dev, - "Can't read GPIO_DAT_STAT switch %d default to OFF\n", - pin); - gpi_stat_tmp = 0; + ret = device_property_read_u32_array(&client->dev, "adi,unlock-keys", + kpad->unlock_keys, + kpad->nkeys_unlock); + if (ret) + return ret; + + for (i = 0; i < kpad->nkeys_unlock; i++) { + /* + * Even though it should be possible (as stated in the datasheet) + * to use GPIs (which are part of the keys event) as unlock keys, + * it was not working at all and was leading to overflow events + * at some point. Hence, for now, let's just allow keys which are + * part of keypad matrix to be used and if a reliable way of + * using GPIs is found, this condition can be removed/lightened. + */ + if (kpad->unlock_keys[i] >= kpad->cols * kpad->rows) { + dev_err(&client->dev, "Invalid unlock key(%d)\n", + kpad->unlock_keys[i]); + return -EINVAL; } - input_report_switch(kpad->input, - kpad->gpimap[i].sw_evt, - !(gpi_stat_tmp & (1 << pin_loc))); + /* + * Firmware properties keys start from 0 but on the device they + * start from 1. + */ + kpad->unlock_keys[i] += 1; } - input_sync(kpad->input); + return 0; } +static void adp5588_disable_regulator(void *reg) +{ + regulator_disable(reg); +} static int adp5588_probe(struct i2c_client *client, const struct i2c_device_id *id) { struct adp5588_kpad *kpad; - const struct adp5588_kpad_platform_data *pdata = - dev_get_platdata(&client->dev); struct input_dev *input; + struct gpio_desc *gpio; + struct regulator *vcc; unsigned int revid; - int ret, i; + int ret; int error; if (!i2c_check_functionality(client->adapter, - I2C_FUNC_SMBUS_BYTE_DATA)) { + I2C_FUNC_SMBUS_BYTE_DATA)) { dev_err(&client->dev, "SMBUS Byte Data not Supported\n"); return -EIO; } - if (!pdata) { - dev_err(&client->dev, "no platform data?\n"); - return -EINVAL; - } - - if (!pdata->rows || !pdata->cols || !pdata->keymap) { - dev_err(&client->dev, "no rows, cols or keymap from pdata\n"); - return -EINVAL; - } + kpad = devm_kzalloc(&client->dev, sizeof(*kpad), GFP_KERNEL); + if (!kpad) + return -ENOMEM; - if (pdata->keymapsize != ADP5588_KEYMAPSIZE) { - dev_err(&client->dev, "invalid keymapsize\n"); - return -EINVAL; - } + input = devm_input_allocate_device(&client->dev); + if (!input) + return -ENOMEM; - if (!pdata->gpimap && pdata->gpimapsize) { - dev_err(&client->dev, "invalid gpimap from pdata\n"); - return -EINVAL; - } + kpad->client = client; + kpad->input = input; - if (pdata->gpimapsize > ADP5588_GPIMAPSIZE_MAX) { - dev_err(&client->dev, "invalid gpimapsize\n"); - return -EINVAL; - } + error = adp5588_fw_parse(kpad); + if (error) + return error; - for (i = 0; i < pdata->gpimapsize; i++) { - unsigned short pin = pdata->gpimap[i].pin; + vcc = devm_regulator_get(&client->dev, "vcc"); + if (IS_ERR(vcc)) + return PTR_ERR(vcc); - if (pin < GPI_PIN_BASE || pin > GPI_PIN_END) { - dev_err(&client->dev, "invalid gpi pin data\n"); - return -EINVAL; - } + error = regulator_enable(vcc); + if (error) + return error; - if (pin <= GPI_PIN_ROW_END) { - if (pin - GPI_PIN_ROW_BASE + 1 <= pdata->rows) { - dev_err(&client->dev, "invalid gpi row data\n"); - return -EINVAL; - } - } else { - if (pin - GPI_PIN_COL_BASE + 1 <= pdata->cols) { - dev_err(&client->dev, "invalid gpi col data\n"); - return -EINVAL; - } - } - } + error = devm_add_action_or_reset(&client->dev, + adp5588_disable_regulator, vcc); + if (error) + return error; - if (!client->irq) { - dev_err(&client->dev, "no IRQ?\n"); - return -EINVAL; - } + gpio = devm_gpiod_get_optional(&client->dev, "reset", GPIOD_OUT_HIGH); + if (IS_ERR(gpio)) + return PTR_ERR(gpio); - kpad = kzalloc(sizeof(*kpad), GFP_KERNEL); - input = input_allocate_device(); - if (!kpad || !input) { - error = -ENOMEM; - goto err_free_mem; + if (gpio) { + fsleep(30); + gpiod_set_value_cansleep(gpio, 0); + fsleep(60); } - kpad->client = client; - kpad->input = input; - INIT_DELAYED_WORK(&kpad->work, adp5588_work); - ret = adp5588_read(client, DEV_ID); - if (ret < 0) { - error = ret; - goto err_free_mem; - } + if (ret < 0) + return ret; - revid = (u8) ret & ADP5588_DEVICE_ID_MASK; + revid = ret & ADP5588_DEVICE_ID_MASK; if (WA_DELAYED_READOUT_REVID(revid)) - kpad->delay = msecs_to_jiffies(30); + kpad->delay = msecs_to_jiffies(WA_DELAYED_READOUT_TIME); input->name = client->name; input->phys = "adp5588-keys/input0"; - input->dev.parent = &client->dev; input_set_drvdata(input, kpad); @@ -528,112 +790,54 @@ static int adp5588_probe(struct i2c_client *client, input->id.product = 0x0001; input->id.version = revid; - input->keycodesize = sizeof(kpad->keycode[0]); - input->keycodemax = pdata->keymapsize; - input->keycode = kpad->keycode; - - memcpy(kpad->keycode, pdata->keymap, - pdata->keymapsize * input->keycodesize); - - kpad->gpimap = pdata->gpimap; - kpad->gpimapsize = pdata->gpimapsize; - - /* setup input device */ - __set_bit(EV_KEY, input->evbit); - - if (pdata->repeat) - __set_bit(EV_REP, input->evbit); - - for (i = 0; i < input->keycodemax; i++) - if (kpad->keycode[i] <= KEY_MAX) - __set_bit(kpad->keycode[i], input->keybit); - __clear_bit(KEY_RESERVED, input->keybit); - - if (kpad->gpimapsize) - __set_bit(EV_SW, input->evbit); - for (i = 0; i < kpad->gpimapsize; i++) - __set_bit(kpad->gpimap[i].sw_evt, input->swbit); - error = input_register_device(input); if (error) { - dev_err(&client->dev, "unable to register input device\n"); - goto err_free_mem; - } - - error = request_irq(client->irq, adp5588_irq, - IRQF_TRIGGER_FALLING, - client->dev.driver->name, kpad); - if (error) { - dev_err(&client->dev, "irq %d busy?\n", client->irq); - goto err_unreg_dev; + dev_err(&client->dev, "unable to register input device: %d\n", + error); + return error; } - error = adp5588_setup(client); + error = adp5588_setup(kpad); if (error) - goto err_free_irq; - - if (kpad->gpimapsize) - adp5588_report_switch_state(kpad); + return error; error = adp5588_gpio_add(kpad); if (error) - goto err_free_irq; + return error; - device_init_wakeup(&client->dev, 1); - i2c_set_clientdata(client, kpad); + error = devm_request_threaded_irq(&client->dev, client->irq, + adp5588_hard_irq, adp5588_thread_irq, + IRQF_TRIGGER_FALLING | IRQF_ONESHOT, + client->dev.driver->name, kpad); + if (error) { + dev_err(&client->dev, "failed to request irq %d: %d\n", + client->irq, error); + return error; + } dev_info(&client->dev, "Rev.%d keypad, irq %d\n", revid, client->irq); return 0; - - err_free_irq: - free_irq(client->irq, kpad); - cancel_delayed_work_sync(&kpad->work); - err_unreg_dev: - input_unregister_device(input); - input = NULL; - err_free_mem: - input_free_device(input); - kfree(kpad); - - return error; } static int adp5588_remove(struct i2c_client *client) { - struct adp5588_kpad *kpad = i2c_get_clientdata(client); - adp5588_write(client, CFG, 0); - free_irq(client->irq, kpad); - cancel_delayed_work_sync(&kpad->work); - input_unregister_device(kpad->input); - adp5588_gpio_remove(kpad); - kfree(kpad); - + /* all resources will be freed by devm */ return 0; } -#ifdef CONFIG_PM static int adp5588_suspend(struct device *dev) { - struct adp5588_kpad *kpad = dev_get_drvdata(dev); - struct i2c_client *client = kpad->client; + struct i2c_client *client = to_i2c_client(dev); disable_irq(client->irq); - cancel_delayed_work_sync(&kpad->work); - - if (device_may_wakeup(&client->dev)) - enable_irq_wake(client->irq); return 0; } static int adp5588_resume(struct device *dev) { - struct adp5588_kpad *kpad = dev_get_drvdata(dev); - struct i2c_client *client = kpad->client; - - if (device_may_wakeup(&client->dev)) - disable_irq_wake(client->irq); + struct i2c_client *client = to_i2c_client(dev); enable_irq(client->irq); @@ -644,7 +848,6 @@ static const struct dev_pm_ops adp5588_dev_pm_ops = { .suspend = adp5588_suspend, .resume = adp5588_resume, }; -#endif static const struct i2c_device_id adp5588_id[] = { { "adp5588-keys", 0 }, @@ -653,12 +856,18 @@ static const struct i2c_device_id adp5588_id[] = { }; MODULE_DEVICE_TABLE(i2c, adp5588_id); +static const struct of_device_id adp5588_of_match[] = { + { .compatible = "adi,adp5588" }, + { .compatible = "adi,adp5587" }, + {} +}; +MODULE_DEVICE_TABLE(of, adp5588_of_match); + static struct i2c_driver adp5588_driver = { .driver = { .name = KBUILD_MODNAME, -#ifdef CONFIG_PM + .of_match_table = adp5588_of_match, .pm = &adp5588_dev_pm_ops, -#endif }, .probe = adp5588_probe, .remove = adp5588_remove, diff --git a/include/linux/platform_data/adp5588.h b/include/linux/platform_data/adp5588.h deleted file mode 100644 index 6d3f7d911a92..000000000000 --- a/include/linux/platform_data/adp5588.h +++ /dev/null @@ -1,171 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-or-later */ -/* - * Analog Devices ADP5588 I/O Expander and QWERTY Keypad Controller - * - * Copyright 2009-2010 Analog Devices Inc. - */ - -#ifndef _ADP5588_H -#define _ADP5588_H - -#define DEV_ID 0x00 /* Device ID */ -#define CFG 0x01 /* Configuration Register1 */ -#define INT_STAT 0x02 /* Interrupt Status Register */ -#define KEY_LCK_EC_STAT 0x03 /* Key Lock and Event Counter Register */ -#define Key_EVENTA 0x04 /* Key Event Register A */ -#define Key_EVENTB 0x05 /* Key Event Register B */ -#define Key_EVENTC 0x06 /* Key Event Register C */ -#define Key_EVENTD 0x07 /* Key Event Register D */ -#define Key_EVENTE 0x08 /* Key Event Register E */ -#define Key_EVENTF 0x09 /* Key Event Register F */ -#define Key_EVENTG 0x0A /* Key Event Register G */ -#define Key_EVENTH 0x0B /* Key Event Register H */ -#define Key_EVENTI 0x0C /* Key Event Register I */ -#define Key_EVENTJ 0x0D /* Key Event Register J */ -#define KP_LCK_TMR 0x0E /* Keypad Lock1 to Lock2 Timer */ -#define UNLOCK1 0x0F /* Unlock Key1 */ -#define UNLOCK2 0x10 /* Unlock Key2 */ -#define GPIO_INT_STAT1 0x11 /* GPIO Interrupt Status */ -#define GPIO_INT_STAT2 0x12 /* GPIO Interrupt Status */ -#define GPIO_INT_STAT3 0x13 /* GPIO Interrupt Status */ -#define GPIO_DAT_STAT1 0x14 /* GPIO Data Status, Read twice to clear */ -#define GPIO_DAT_STAT2 0x15 /* GPIO Data Status, Read twice to clear */ -#define GPIO_DAT_STAT3 0x16 /* GPIO Data Status, Read twice to clear */ -#define GPIO_DAT_OUT1 0x17 /* GPIO DATA OUT */ -#define GPIO_DAT_OUT2 0x18 /* GPIO DATA OUT */ -#define GPIO_DAT_OUT3 0x19 /* GPIO DATA OUT */ -#define GPIO_INT_EN1 0x1A /* GPIO Interrupt Enable */ -#define GPIO_INT_EN2 0x1B /* GPIO Interrupt Enable */ -#define GPIO_INT_EN3 0x1C /* GPIO Interrupt Enable */ -#define KP_GPIO1 0x1D /* Keypad or GPIO Selection */ -#define KP_GPIO2 0x1E /* Keypad or GPIO Selection */ -#define KP_GPIO3 0x1F /* Keypad or GPIO Selection */ -#define GPI_EM1 0x20 /* GPI Event Mode 1 */ -#define GPI_EM2 0x21 /* GPI Event Mode 2 */ -#define GPI_EM3 0x22 /* GPI Event Mode 3 */ -#define GPIO_DIR1 0x23 /* GPIO Data Direction */ -#define GPIO_DIR2 0x24 /* GPIO Data Direction */ -#define GPIO_DIR3 0x25 /* GPIO Data Direction */ -#define GPIO_INT_LVL1 0x26 /* GPIO Edge/Level Detect */ -#define GPIO_INT_LVL2 0x27 /* GPIO Edge/Level Detect */ -#define GPIO_INT_LVL3 0x28 /* GPIO Edge/Level Detect */ -#define Debounce_DIS1 0x29 /* Debounce Disable */ -#define Debounce_DIS2 0x2A /* Debounce Disable */ -#define Debounce_DIS3 0x2B /* Debounce Disable */ -#define GPIO_PULL1 0x2C /* GPIO Pull Disable */ -#define GPIO_PULL2 0x2D /* GPIO Pull Disable */ -#define GPIO_PULL3 0x2E /* GPIO Pull Disable */ -#define CMP_CFG_STAT 0x30 /* Comparator Configuration and Status Register */ -#define CMP_CONFG_SENS1 0x31 /* Sensor1 Comparator Configuration Register */ -#define CMP_CONFG_SENS2 0x32 /* L2 Light Sensor Reference Level, Output Falling for Sensor 1 */ -#define CMP1_LVL2_TRIP 0x33 /* L2 Light Sensor Hysteresis (Active when Output Rising) for Sensor 1 */ -#define CMP1_LVL2_HYS 0x34 /* L3 Light Sensor Reference Level, Output Falling For Sensor 1 */ -#define CMP1_LVL3_TRIP 0x35 /* L3 Light Sensor Hysteresis (Active when Output Rising) For Sensor 1 */ -#define CMP1_LVL3_HYS 0x36 /* Sensor 2 Comparator Configuration Register */ -#define CMP2_LVL2_TRIP 0x37 /* L2 Light Sensor Reference Level, Output Falling for Sensor 2 */ -#define CMP2_LVL2_HYS 0x38 /* L2 Light Sensor Hysteresis (Active when Output Rising) for Sensor 2 */ -#define CMP2_LVL3_TRIP 0x39 /* L3 Light Sensor Reference Level, Output Falling For Sensor 2 */ -#define CMP2_LVL3_HYS 0x3A /* L3 Light Sensor Hysteresis (Active when Output Rising) For Sensor 2 */ -#define CMP1_ADC_DAT_R1 0x3B /* Comparator 1 ADC data Register1 */ -#define CMP1_ADC_DAT_R2 0x3C /* Comparator 1 ADC data Register2 */ -#define CMP2_ADC_DAT_R1 0x3D /* Comparator 2 ADC data Register1 */ -#define CMP2_ADC_DAT_R2 0x3E /* Comparator 2 ADC data Register2 */ - -#define ADP5588_DEVICE_ID_MASK 0xF - - /* Configuration Register1 */ -#define ADP5588_AUTO_INC (1 << 7) -#define ADP5588_GPIEM_CFG (1 << 6) -#define ADP5588_OVR_FLOW_M (1 << 5) -#define ADP5588_INT_CFG (1 << 4) -#define ADP5588_OVR_FLOW_IEN (1 << 3) -#define ADP5588_K_LCK_IM (1 << 2) -#define ADP5588_GPI_IEN (1 << 1) -#define ADP5588_KE_IEN (1 << 0) - -/* Interrupt Status Register */ -#define ADP5588_CMP2_INT (1 << 5) -#define ADP5588_CMP1_INT (1 << 4) -#define ADP5588_OVR_FLOW_INT (1 << 3) -#define ADP5588_K_LCK_INT (1 << 2) -#define ADP5588_GPI_INT (1 << 1) -#define ADP5588_KE_INT (1 << 0) - -/* Key Lock and Event Counter Register */ -#define ADP5588_K_LCK_EN (1 << 6) -#define ADP5588_LCK21 0x30 -#define ADP5588_KEC 0xF - -#define ADP5588_MAXGPIO 18 -#define ADP5588_BANK(offs) ((offs) >> 3) -#define ADP5588_BIT(offs) (1u << ((offs) & 0x7)) - -/* Put one of these structures in i2c_board_info platform_data */ - -#define ADP5588_KEYMAPSIZE 80 - -#define GPI_PIN_ROW0 97 -#define GPI_PIN_ROW1 98 -#define GPI_PIN_ROW2 99 -#define GPI_PIN_ROW3 100 -#define GPI_PIN_ROW4 101 -#define GPI_PIN_ROW5 102 -#define GPI_PIN_ROW6 103 -#define GPI_PIN_ROW7 104 -#define GPI_PIN_COL0 105 -#define GPI_PIN_COL1 106 -#define GPI_PIN_COL2 107 -#define GPI_PIN_COL3 108 -#define GPI_PIN_COL4 109 -#define GPI_PIN_COL5 110 -#define GPI_PIN_COL6 111 -#define GPI_PIN_COL7 112 -#define GPI_PIN_COL8 113 -#define GPI_PIN_COL9 114 - -#define GPI_PIN_ROW_BASE GPI_PIN_ROW0 -#define GPI_PIN_ROW_END GPI_PIN_ROW7 -#define GPI_PIN_COL_BASE GPI_PIN_COL0 -#define GPI_PIN_COL_END GPI_PIN_COL9 - -#define GPI_PIN_BASE GPI_PIN_ROW_BASE -#define GPI_PIN_END GPI_PIN_COL_END - -#define ADP5588_GPIMAPSIZE_MAX (GPI_PIN_END - GPI_PIN_BASE + 1) - -struct adp5588_gpi_map { - unsigned short pin; - unsigned short sw_evt; -}; - -struct adp5588_kpad_platform_data { - int rows; /* Number of rows */ - int cols; /* Number of columns */ - const unsigned short *keymap; /* Pointer to keymap */ - unsigned short keymapsize; /* Keymap size */ - unsigned repeat:1; /* Enable key repeat */ - unsigned en_keylock:1; /* Enable Key Lock feature */ - unsigned short unlock_key1; /* Unlock Key 1 */ - unsigned short unlock_key2; /* Unlock Key 2 */ - const struct adp5588_gpi_map *gpimap; - unsigned short gpimapsize; - const struct adp5588_gpio_platform_data *gpio_data; -}; - -struct i2c_client; /* forward declaration */ - -struct adp5588_gpio_platform_data { - int gpio_start; /* GPIO Chip base # */ - const char *const *names; - unsigned irq_base; /* interrupt base # */ - unsigned pullup_dis_mask; /* Pull-Up Disable Mask */ - int (*setup)(struct i2c_client *client, - unsigned gpio, unsigned ngpio, - void *context); - int (*teardown)(struct i2c_client *client, - unsigned gpio, unsigned ngpio, - void *context); - void *context; -}; - -#endif -- 2.25.1

2 days, 6 hours

1
0
0 0

[PATCH] nvmet: Remove unnecessary check in nvmet_sq_destroy()

by George Rurikov

This fix is mostly cosmetic. Since “ctrl->sqs” is initialized in the same place as “ctrl” (nvmet_alloc_ctrl), in my opinion checking “ctrl->sqs” for 0 in line 814 is redundant. Found by Linux Verification Center (linuxtesting.org) with SVACE. Cc: stable(a)vger.kernel.org Fixes: 64f5e9cdd711 ("nvmet: fix memory leak when removing namespaces and controllers concurrently") Signed-off-by: George Rurikov <g.ryurikov(a)securitycode.ru> --- drivers/nvme/target/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvme/target/core.c b/drivers/nvme/target/core.c index ed2424f8a396..d1b287310265 100644 --- a/drivers/nvme/target/core.c +++ b/drivers/nvme/target/core.c @@ -811,7 +811,7 @@ void nvmet_sq_destroy(struct nvmet_sq *sq) * If this is the admin queue, complete all AERs so that our * queue doesn't have outstanding requests on it. */ - if (ctrl && ctrl->sqs && ctrl->sqs[0] == sq) + if (ctrl && ctrl->sqs[0] == sq) nvmet_async_events_failall(ctrl); percpu_ref_kill_and_confirm(&sq->ref, nvmet_confirm_sq); wait_for_completion(&sq->confirm_done); -- 2.34.1 Заявление о конфиденциальности Данное электронное письмо и любые приложения к нему являются конфиденциальными и предназначены исключительно для адресата. Если Вы не являетесь адресатом данного письма, пожалуйста, уведомите немедленно отправителя, не раскрывайте содержание другим лицам, не используйте его в каких-либо целях, не храните и не копируйте информацию любым способом.

2 days, 8 hours

1
0
0 0

[PATCH 5.10/5.15/6.1] Bluetooth: btbcm: Handle memory allocation failure in btbcm_get_board_name()

by Aleksandr Mishin

No upstream commit exists for this commit. The issue was introduced with commit 63fac3343b99 ("Bluetooth: btbcm: Support per-board firmware variants"). In btbcm_get_board_name() devm_kstrdup() can return NULL due to memory allocation failure. Add NULL return check to prevent NULL dereference. Upstream branch code has been significantly refactored and can't be backported directly. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 63fac3343b99 ("Bluetooth: btbcm: Support per-board firmware variants") Signed-off-by: Aleksandr Mishin <amishin(a)t-argos.ru> --- drivers/bluetooth/btbcm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btbcm.c b/drivers/bluetooth/btbcm.c index de2ea589aa49..6191fd74ab3d 100644 --- a/drivers/bluetooth/btbcm.c +++ b/drivers/bluetooth/btbcm.c @@ -551,6 +551,8 @@ static const char *btbcm_get_board_name(struct device *dev) /* get rid of any '/' in the compatible string */ len = strlen(tmp) + 1; board_type = devm_kzalloc(dev, len, GFP_KERNEL); + if (!board_type) + return NULL; strscpy(board_type, tmp, len); for (i = 0; i < len; i++) { if (board_type[i] == '/') -- 2.30.2

2 days, 9 hours

1
0
0 0

[PATCH 1/2] net: dsa: RCU-protect dsa_ptr in struct net_device

by A. Sverdlin

From: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> There are multiple races of zeroing dsa_ptr in struct net_device (on shutdown/remove) against asynchronous dereferences all over the net code. Widespread pattern is as follows: CPU0 CPU1 if (netdev_uses_dsa()) dev->dsa_ptr = NULL; dev->dsa_ptr->... One of the possible crashes: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 CPU: 0 PID: 12 Comm: ksoftirqd/0 Tainted: G O 6.1.99+ #1 pc : lan9303_rcv lr : lan9303_rcv Call trace: lan9303_rcv dsa_switch_rcv __netif_receive_skb_list_core netif_receive_skb_list_internal napi_gro_receive fec_enet_rx_napi __napi_poll net_rx_action ... RCU-protect dsa_ptr and use rcu_dereference() or rtnl_dereference() depending on the calling context. Rename netdev_uses_dsa() into __netdev_uses_dsa_currently() (assumes ether RCU or RTNL lock held) and netdev_uses_dsa_currently() variants which better reflect the uselessness of the function's return value, which becomes outdated right after the call. Fixes: ee534378f005 ("net: dsa: fix panic when DSA master device unbinds on shutdown") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> --- drivers/net/dsa/mt7530.c | 3 +- drivers/net/dsa/ocelot/felix.c | 3 +- drivers/net/dsa/qca/qca8k-8xxx.c | 3 +- drivers/net/ethernet/broadcom/bcmsysport.c | 8 +- drivers/net/ethernet/mediatek/airoha_eth.c | 2 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 22 +++-- drivers/net/ethernet/mediatek/mtk_ppe.c | 15 ++- include/linux/netdevice.h | 2 +- include/net/dsa.h | 36 +++++-- include/net/dsa_stubs.h | 6 +- net/bridge/br_input.c | 2 +- net/core/dev.c | 3 +- net/core/flow_dissector.c | 19 ++-- net/dsa/conduit.c | 66 ++++++++----- net/dsa/dsa.c | 19 ++-- net/dsa/port.c | 3 +- net/dsa/tag.c | 3 +- net/dsa/tag.h | 19 ++-- net/dsa/tag_8021q.c | 10 +- net/dsa/tag_brcm.c | 2 +- net/dsa/tag_dsa.c | 8 +- net/dsa/tag_qca.c | 10 +- net/dsa/tag_sja1105.c | 22 +++-- net/dsa/user.c | 104 +++++++++++--------- net/ethernet/eth.c | 2 +- 25 files changed, 240 insertions(+), 152 deletions(-) diff --git a/drivers/net/dsa/mt7530.c b/drivers/net/dsa/mt7530.c index ec18e68bf3a8..82d3f1786156 100644 --- a/drivers/net/dsa/mt7530.c +++ b/drivers/net/dsa/mt7530.c @@ -20,6 +20,7 @@ #include <linux/reset.h> #include <linux/gpio/consumer.h> #include <linux/gpio/driver.h> +#include <linux/rtnetlink.h> #include <net/dsa.h> #include "mt7530.h" @@ -3092,7 +3093,7 @@ mt753x_conduit_state_change(struct dsa_switch *ds, const struct net_device *conduit, bool operational) { - struct dsa_port *cpu_dp = conduit->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(conduit->dsa_ptr); struct mt7530_priv *priv = ds->priv; int val = 0; u8 mask; diff --git a/drivers/net/dsa/ocelot/felix.c b/drivers/net/dsa/ocelot/felix.c index 4a705f7333f4..f6bc0ff0c116 100644 --- a/drivers/net/dsa/ocelot/felix.c +++ b/drivers/net/dsa/ocelot/felix.c @@ -21,6 +21,7 @@ #include <linux/of_net.h> #include <linux/pci.h> #include <linux/of.h> +#include <linux/rtnetlink.h> #include <net/pkt_sched.h> #include <net/dsa.h> #include "felix.h" @@ -57,7 +58,7 @@ static int felix_cpu_port_for_conduit(struct dsa_switch *ds, return lag; } - cpu_dp = conduit->dsa_ptr; + cpu_dp = rtnl_dereference(conduit->dsa_ptr); return cpu_dp->index; } diff --git a/drivers/net/dsa/qca/qca8k-8xxx.c b/drivers/net/dsa/qca/qca8k-8xxx.c index f8d8c70642c4..10b4d7e9be2f 100644 --- a/drivers/net/dsa/qca/qca8k-8xxx.c +++ b/drivers/net/dsa/qca/qca8k-8xxx.c @@ -20,6 +20,7 @@ #include <linux/gpio/consumer.h> #include <linux/etherdevice.h> #include <linux/dsa/tag_qca.h> +#include <linux/rtnetlink.h> #include "qca8k.h" #include "qca8k_leds.h" @@ -1754,7 +1755,7 @@ static void qca8k_conduit_change(struct dsa_switch *ds, const struct net_device *conduit, bool operational) { - struct dsa_port *dp = conduit->dsa_ptr; + struct dsa_port *dp = rtnl_dereference(conduit->dsa_ptr); struct qca8k_priv *priv = ds->priv; /* Ethernet MIB/MDIO is only supported for CPU port 0 */ diff --git a/drivers/net/ethernet/broadcom/bcmsysport.c b/drivers/net/ethernet/broadcom/bcmsysport.c index c9faa8540859..bd9bc081346d 100644 --- a/drivers/net/ethernet/broadcom/bcmsysport.c +++ b/drivers/net/ethernet/broadcom/bcmsysport.c @@ -145,7 +145,7 @@ static void bcm_sysport_set_rx_csum(struct net_device *dev, * sure we tell the RXCHK hardware to expect a 4-bytes Broadcom * tag after the Ethernet MAC Source Address. */ - if (netdev_uses_dsa(dev)) + if (__netdev_uses_dsa_currently(dev)) reg |= RXCHK_BRCM_TAG_EN; else reg &= ~RXCHK_BRCM_TAG_EN; @@ -173,7 +173,7 @@ static void bcm_sysport_set_tx_csum(struct net_device *dev, * checksum to be computed correctly when using VLAN HW acceleration, * else it has no effect, so it can always be turned on. */ - if (netdev_uses_dsa(dev)) + if (__netdev_uses_dsa_currently(dev)) reg |= tdma_control_bit(priv, SW_BRCM_TAG); else reg &= ~tdma_control_bit(priv, SW_BRCM_TAG); @@ -1950,7 +1950,7 @@ static inline void gib_set_pad_extension(struct bcm_sysport_priv *priv) reg = gib_readl(priv, GIB_CONTROL); /* Include Broadcom tag in pad extension and fix up IPG_LENGTH */ - if (netdev_uses_dsa(priv->netdev)) { + if (__netdev_uses_dsa_currently(priv->netdev)) { reg &= ~(GIB_PAD_EXTENSION_MASK << GIB_PAD_EXTENSION_SHIFT); reg |= ENET_BRCM_TAG_LEN << GIB_PAD_EXTENSION_SHIFT; } @@ -2299,7 +2299,7 @@ static u16 bcm_sysport_select_queue(struct net_device *dev, struct sk_buff *skb, struct bcm_sysport_tx_ring *tx_ring; unsigned int q, port; - if (!netdev_uses_dsa(dev)) + if (!__netdev_uses_dsa_currently(dev)) return netdev_pick_tx(dev, skb, NULL); /* DSA tagging layer will have configured the correct queue */ diff --git a/drivers/net/ethernet/mediatek/airoha_eth.c b/drivers/net/ethernet/mediatek/airoha_eth.c index 1c5b85a86df1..f7425d393b22 100644 --- a/drivers/net/ethernet/mediatek/airoha_eth.c +++ b/drivers/net/ethernet/mediatek/airoha_eth.c @@ -2255,7 +2255,7 @@ static int airoha_dev_open(struct net_device *dev) if (err) return err; - if (netdev_uses_dsa(dev)) + if (__netdev_uses_dsa_currently(dev)) airoha_fe_set(eth, REG_GDM_INGRESS_CFG(port->id), GDM_STAG_EN_MASK); else diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c index 16ca427cf4c3..82a828349323 100644 --- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c +++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c @@ -24,6 +24,7 @@ #include <linux/pcs/pcs-mtk-lynxi.h> #include <linux/jhash.h> #include <linux/bitfield.h> +#include <linux/rcupdate.h> #include <net/dsa.h> #include <net/dst_metadata.h> #include <net/page_pool/helpers.h> @@ -1375,7 +1376,8 @@ static void mtk_tx_set_dma_desc_v2(struct net_device *dev, void *txd, /* tx checksum offload */ if (info->csum) data |= TX_DMA_CHKSUM_V2; - if (mtk_is_netsys_v3_or_greater(eth) && netdev_uses_dsa(dev)) + if (mtk_is_netsys_v3_or_greater(eth) && + __netdev_uses_dsa_currently(dev)) data |= TX_DMA_SPTAG_V3; } WRITE_ONCE(desc->txd5, data); @@ -2183,7 +2185,7 @@ static int mtk_poll_rx(struct napi_struct *napi, int budget, * hardware treats the MTK special tag as a VLAN and untags it. */ if (mtk_is_netsys_v1(eth) && (trxd.rxd2 & RX_DMA_VTAG) && - netdev_uses_dsa(netdev)) { + __netdev_uses_dsa_currently(netdev)) { unsigned int port = RX_DMA_VPID(trxd.rxd3) & GENMASK(2, 0); if (port < ARRAY_SIZE(eth->dsa_meta) && @@ -3304,7 +3306,7 @@ static void mtk_gdm_config(struct mtk_eth *eth, u32 id, u32 config) val |= config; - if (eth->netdev[id] && netdev_uses_dsa(eth->netdev[id])) + if (eth->netdev[id] && __netdev_uses_dsa_currently(eth->netdev[id])) val |= MTK_GDMA_SPECIAL_TAG; mtk_w32(eth, val, MTK_GDMA_FWD_CFG(id)); @@ -3313,12 +3315,16 @@ static void mtk_gdm_config(struct mtk_eth *eth, u32 id, u32 config) static bool mtk_uses_dsa(struct net_device *dev) { + bool ret = false; #if IS_ENABLED(CONFIG_NET_DSA) - return netdev_uses_dsa(dev) && - dev->dsa_ptr->tag_ops->proto == DSA_TAG_PROTO_MTK; -#else - return false; + struct dsa_port *dp; + + rcu_read_lock(); + dp = rcu_dereference(dev->dsa_ptr); + ret = dp && dp->tag_ops->proto == DSA_TAG_PROTO_MTK; + rcu_read_unlock(); #endif + return ret; } static int mtk_device_event(struct notifier_block *n, unsigned long event, void *ptr) @@ -4482,7 +4488,7 @@ static u16 mtk_select_queue(struct net_device *dev, struct sk_buff *skb, struct mtk_mac *mac = netdev_priv(dev); unsigned int queue = 0; - if (netdev_uses_dsa(dev)) + if (__netdev_uses_dsa_currently(dev)) queue = skb_get_queue_mapping(skb) + 3; else queue = mac->id; diff --git a/drivers/net/ethernet/mediatek/mtk_ppe.c b/drivers/net/ethernet/mediatek/mtk_ppe.c index 0acee405a749..0c78ec90d855 100644 --- a/drivers/net/ethernet/mediatek/mtk_ppe.c +++ b/drivers/net/ethernet/mediatek/mtk_ppe.c @@ -8,6 +8,7 @@ #include <linux/platform_device.h> #include <linux/if_ether.h> #include <linux/if_vlan.h> +#include <linux/rcupdate.h> #include <net/dst_metadata.h> #include <net/dsa.h> #include "mtk_eth_soc.h" @@ -785,9 +786,17 @@ void __mtk_ppe_check_skb(struct mtk_ppe *ppe, struct sk_buff *skb, u16 hash) switch (skb->protocol) { #if IS_ENABLED(CONFIG_NET_DSA) case htons(ETH_P_XDSA): - if (!netdev_uses_dsa(skb->dev) || - skb->dev->dsa_ptr->tag_ops->proto != DSA_TAG_PROTO_MTK) - goto out; + { + struct dsa_port *dp; + bool proto_mtk; + + rcu_read_lock(); + dp = rcu_dereference(skb->dev->dsa_ptr); + proto_mtk = dp && dp->tag_ops->proto == DSA_TAG_PROTO_MTK; + rcu_read_unlock(); + if (!proto_mtk) + goto out; + } if (!skb_metadata_dst(skb)) tag += 4; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 607009150b5f..e645c7eabd42 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -2229,7 +2229,7 @@ struct net_device { struct vlan_info __rcu *vlan_info; #endif #if IS_ENABLED(CONFIG_NET_DSA) - struct dsa_port *dsa_ptr; + struct dsa_port __rcu *dsa_ptr; #endif #if IS_ENABLED(CONFIG_TIPC) struct tipc_bearer __rcu *tipc_ptr; diff --git a/include/net/dsa.h b/include/net/dsa.h index d7a6c2930277..ab2777611e71 100644 --- a/include/net/dsa.h +++ b/include/net/dsa.h @@ -19,6 +19,7 @@ #include <linux/phy.h> #include <linux/platform_data/dsa.h> #include <linux/phylink.h> +#include <linux/rcupdate.h> #include <net/devlink.h> #include <net/switchdev.h> @@ -92,8 +93,9 @@ struct dsa_switch; struct dsa_device_ops { struct sk_buff *(*xmit)(struct sk_buff *skb, struct net_device *dev); struct sk_buff *(*rcv)(struct sk_buff *skb, struct net_device *dev); - void (*flow_dissect)(const struct sk_buff *skb, __be16 *proto, - int *offset); + void (*flow_dissect)(const struct sk_buff *skb, + const struct dsa_port *dp, + __be16 *proto, int *offset); int (*connect)(struct dsa_switch *ds); void (*disconnect)(struct dsa_switch *ds); unsigned int needed_headroom; @@ -1334,14 +1336,29 @@ bool dsa_mdb_present_in_other_db(struct dsa_switch *ds, int port, struct dsa_db db); /* Keep inline for faster access in hot path */ -static inline bool netdev_uses_dsa(const struct net_device *dev) + +/* Must be called under RCU or RTNL lock */ +static inline bool __netdev_uses_dsa_currently(const struct net_device *dev) { #if IS_ENABLED(CONFIG_NET_DSA) - return dev->dsa_ptr && dev->dsa_ptr->rcv; + struct dsa_port *dp = rcu_dereference_rtnl(dev->dsa_ptr); + + return dp && dp->rcv; #endif return false; } +static inline bool netdev_uses_dsa_currently(const struct net_device *dev) +{ + bool ret = false; +#if IS_ENABLED(CONFIG_NET_DSA) + rcu_read_lock(); + ret = __netdev_uses_dsa_currently(dev); + rcu_read_unlock(); +#endif + return ret; +} + /* All DSA tags that push the EtherType to the right (basically all except tail * tags, which don't break dissection) can be treated the same from the * perspective of the flow dissector. @@ -1355,17 +1372,20 @@ static inline bool netdev_uses_dsa(const struct net_device *dev) * that, in __be16 shorts). * * - proto: the value of the real EtherType. + * + * Must be called under RCU read lock (because of dp). */ static inline void dsa_tag_generic_flow_dissect(const struct sk_buff *skb, + const struct dsa_port *dp, __be16 *proto, int *offset) { -#if IS_ENABLED(CONFIG_NET_DSA) - const struct dsa_device_ops *ops = skb->dev->dsa_ptr->tag_ops; - int tag_len = ops->needed_headroom; + int tag_len; + RCU_LOCKDEP_WARN(!rcu_read_lock_any_held(), "no rcu lock held"); + + tag_len = dp->tag_ops->needed_headroom; *offset = tag_len; *proto = ((__be16 *)skb->data)[(tag_len / 2) - 1]; -#endif } void dsa_unregister_switch(struct dsa_switch *ds); diff --git a/include/net/dsa_stubs.h b/include/net/dsa_stubs.h index 6f384897f287..ca899305ba36 100644 --- a/include/net/dsa_stubs.h +++ b/include/net/dsa_stubs.h @@ -22,9 +22,6 @@ static inline int dsa_conduit_hwtstamp_validate(struct net_device *dev, const struct kernel_hwtstamp_config *config, struct netlink_ext_ack *extack) { - if (!netdev_uses_dsa(dev)) - return 0; - /* rtnl_lock() is a sufficient guarantee, because as long as * netdev_uses_dsa() returns true, the dsa_core module is still * registered, and so, dsa_unregister_stubs() couldn't have run. @@ -33,6 +30,9 @@ static inline int dsa_conduit_hwtstamp_validate(struct net_device *dev, */ ASSERT_RTNL(); + if (!__netdev_uses_dsa_currently(dev)) + return 0; + return dsa_stubs->conduit_hwtstamp_validate(dev, config, extack); } diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index ceaa5a89b947..542cfc5678df 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -443,7 +443,7 @@ static rx_handler_result_t br_handle_frame_dummy(struct sk_buff **pskb) rx_handler_func_t *br_get_rx_handler(const struct net_device *dev) { - if (netdev_uses_dsa(dev)) + if (__netdev_uses_dsa_currently(dev)) return br_handle_frame_dummy; return br_handle_frame; diff --git a/net/core/dev.c b/net/core/dev.c index f66e61407883..9ae1c097cbad 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -5568,7 +5568,8 @@ static int __netif_receive_skb_core(struct sk_buff **pskb, bool pfmemalloc, } } - if (unlikely(skb_vlan_tag_present(skb)) && !netdev_uses_dsa(skb->dev)) { + if (unlikely(skb_vlan_tag_present(skb)) && + !__netdev_uses_dsa_currently(skb->dev)) { check_vlan_id: if (skb_vlan_tag_get_id(skb)) { /* Vlan id is non 0 and vlan_do_receive() above couldn't diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 0e638a37aa09..e1523c609bb7 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -1071,25 +1071,30 @@ bool __skb_flow_dissect(const struct net *net, nhoff = skb_network_offset(skb); hlen = skb_headlen(skb); #if IS_ENABLED(CONFIG_NET_DSA) - if (unlikely(skb->dev && netdev_uses_dsa(skb->dev) && - proto == htons(ETH_P_XDSA))) { + if (unlikely(skb->dev && proto == htons(ETH_P_XDSA))) { struct metadata_dst *md_dst = skb_metadata_dst(skb); - const struct dsa_device_ops *ops; + struct dsa_port *dp; int offset = 0; - ops = skb->dev->dsa_ptr->tag_ops; + rcu_read_lock(); + + dp = rcu_dereference(skb->dev->dsa_ptr); /* Only DSA header taggers break flow dissection */ - if (ops->needed_headroom && + if (dp && dp->tag_ops->needed_headroom && (!md_dst || md_dst->type != METADATA_HW_PORT_MUX)) { - if (ops->flow_dissect) - ops->flow_dissect(skb, &proto, &offset); + if (dp->tag_ops->flow_dissect) + dp->tag_ops->flow_dissect(skb, dp, + &proto, &offset); else dsa_tag_generic_flow_dissect(skb, + dp, &proto, &offset); hlen -= offset; nhoff += offset; } + + rcu_read_unlock(); } #endif } diff --git a/net/dsa/conduit.c b/net/dsa/conduit.c index 3dfdb3cb47dc..967770cdf88f 100644 --- a/net/dsa/conduit.c +++ b/net/dsa/conduit.c @@ -9,6 +9,7 @@ #include <linux/ethtool.h> #include <linux/netdevice.h> #include <linux/netlink.h> +#include <linux/rcupdate.h> #include <net/dsa.h> #include "conduit.h" @@ -18,7 +19,7 @@ static int dsa_conduit_get_regs_len(struct net_device *dev) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); const struct ethtool_ops *ops = cpu_dp->orig_ethtool_ops; struct dsa_switch *ds = cpu_dp->ds; int port = cpu_dp->index; @@ -48,7 +49,7 @@ static int dsa_conduit_get_regs_len(struct net_device *dev) static void dsa_conduit_get_regs(struct net_device *dev, struct ethtool_regs *regs, void *data) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); const struct ethtool_ops *ops = cpu_dp->orig_ethtool_ops; struct dsa_switch *ds = cpu_dp->ds; struct ethtool_drvinfo *cpu_info; @@ -84,7 +85,7 @@ static void dsa_conduit_get_ethtool_stats(struct net_device *dev, struct ethtool_stats *stats, uint64_t *data) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); const struct ethtool_ops *ops = cpu_dp->orig_ethtool_ops; struct dsa_switch *ds = cpu_dp->ds; int port = cpu_dp->index; @@ -103,7 +104,7 @@ static void dsa_conduit_get_ethtool_phy_stats(struct net_device *dev, struct ethtool_stats *stats, uint64_t *data) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); const struct ethtool_ops *ops = cpu_dp->orig_ethtool_ops; struct dsa_switch *ds = cpu_dp->ds; int port = cpu_dp->index; @@ -127,7 +128,7 @@ static void dsa_conduit_get_ethtool_phy_stats(struct net_device *dev, static int dsa_conduit_get_sset_count(struct net_device *dev, int sset) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); const struct ethtool_ops *ops = cpu_dp->orig_ethtool_ops; struct dsa_switch *ds = cpu_dp->ds; int count = 0; @@ -150,7 +151,7 @@ static int dsa_conduit_get_sset_count(struct net_device *dev, int sset) static void dsa_conduit_get_strings(struct net_device *dev, uint32_t stringset, uint8_t *data) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); const struct ethtool_ops *ops = cpu_dp->orig_ethtool_ops; struct dsa_switch *ds = cpu_dp->ds; int port = cpu_dp->index; @@ -202,7 +203,7 @@ int __dsa_conduit_hwtstamp_validate(struct net_device *dev, const struct kernel_hwtstamp_config *config, struct netlink_ext_ack *extack) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); struct dsa_switch *ds = cpu_dp->ds; struct dsa_switch_tree *dst; struct dsa_port *dp; @@ -222,7 +223,7 @@ int __dsa_conduit_hwtstamp_validate(struct net_device *dev, static int dsa_conduit_ethtool_setup(struct net_device *dev) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); struct dsa_switch *ds = cpu_dp->ds; struct ethtool_ops *ops; @@ -251,7 +252,7 @@ static int dsa_conduit_ethtool_setup(struct net_device *dev) static void dsa_conduit_ethtool_teardown(struct net_device *dev) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); if (netif_is_lag_master(dev)) return; @@ -267,13 +268,14 @@ static void dsa_conduit_ethtool_teardown(struct net_device *dev) */ static void dsa_conduit_set_promiscuity(struct net_device *dev, int inc) { - const struct dsa_device_ops *ops = dev->dsa_ptr->tag_ops; + const struct dsa_device_ops *ops; + + ASSERT_RTNL(); + ops = rtnl_dereference(dev->dsa_ptr)->tag_ops; if ((dev->priv_flags & IFF_UNICAST_FLT) && !ops->promisc_on_conduit) return; - ASSERT_RTNL(); - dev_set_promiscuity(dev, inc); } @@ -281,10 +283,17 @@ static ssize_t tagging_show(struct device *d, struct device_attribute *attr, char *buf) { struct net_device *dev = to_net_dev(d); - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp; + int ret = 0; + + rcu_read_lock(); + cpu_dp = rcu_dereference(dev->dsa_ptr); + if (cpu_dp) + ret = sysfs_emit(buf, "%s\n", + dsa_tag_protocol_to_str(cpu_dp->tag_ops)); + rcu_read_unlock(); - return sysfs_emit(buf, "%s\n", - dsa_tag_protocol_to_str(cpu_dp->tag_ops)); + return ret; } static ssize_t tagging_store(struct device *d, struct device_attribute *attr, @@ -293,7 +302,7 @@ static ssize_t tagging_store(struct device *d, struct device_attribute *attr, const struct dsa_device_ops *new_tag_ops, *old_tag_ops; const char *end = strchrnul(buf, '\n'), *name; struct net_device *dev = to_net_dev(d); - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp; size_t len = end - buf; int err; @@ -305,13 +314,17 @@ static ssize_t tagging_store(struct device *d, struct device_attribute *attr, if (!name) return -ENOMEM; - old_tag_ops = cpu_dp->tag_ops; new_tag_ops = dsa_tag_driver_get_by_name(name); kfree(name); /* Bad tagger name? */ if (IS_ERR(new_tag_ops)) return PTR_ERR(new_tag_ops); + if (!rtnl_trylock()) + return restart_syscall(); + + cpu_dp = rtnl_dereference(dev->dsa_ptr); + old_tag_ops = cpu_dp->tag_ops; if (new_tag_ops == old_tag_ops) /* Drop the temporarily held duplicate reference, since * the DSA switch tree uses this tagger. @@ -321,6 +334,7 @@ static ssize_t tagging_store(struct device *d, struct device_attribute *attr, err = dsa_tree_change_tag_proto(cpu_dp->ds->dst, new_tag_ops, old_tag_ops); if (err) { + rtnl_unlock(); /* On failure the old tagger is restored, so we don't need the * driver for the new one. */ @@ -331,6 +345,7 @@ static ssize_t tagging_store(struct device *d, struct device_attribute *attr, /* On success we no longer need the module for the old tagging protocol */ out: + rtnl_unlock(); dsa_tag_driver_put(old_tag_ops); return count; } @@ -384,13 +399,11 @@ int dsa_conduit_setup(struct net_device *dev, struct dsa_port *cpu_dp) netdev_warn(dev, "error %d setting MTU to %d to include DSA overhead\n", ret, mtu); - /* If we use a tagging format that doesn't have an ethertype - * field, make sure that all packets from this point on get - * sent to the tag format's receive function. + rcu_assign_pointer(dev->dsa_ptr, cpu_dp); + /* + * No need to synchronize_rcu() here because dsa_ptr in not going away + * before it will be zeroed */ - wmb(); - - dev->dsa_ptr = cpu_dp; dsa_conduit_set_promiscuity(dev, 1); @@ -418,13 +431,12 @@ void dsa_conduit_teardown(struct net_device *dev) dsa_conduit_reset_mtu(dev); dsa_conduit_set_promiscuity(dev, -1); - dev->dsa_ptr = NULL; - /* If we used a tagging format that doesn't have an ethertype * field, make sure that all packets from this point get sent * without the tag and go through the regular receive path. */ - wmb(); + rcu_assign_pointer(dev->dsa_ptr, NULL); + synchronize_rcu(); } int dsa_conduit_lag_setup(struct net_device *lag_dev, struct dsa_port *cpu_dp, @@ -434,7 +446,7 @@ int dsa_conduit_lag_setup(struct net_device *lag_dev, struct dsa_port *cpu_dp, bool conduit_setup = false; int err; - if (!netdev_uses_dsa(lag_dev)) { + if (!__netdev_uses_dsa_currently(lag_dev)) { err = dsa_conduit_setup(lag_dev, cpu_dp); if (err) return err; diff --git a/net/dsa/dsa.c b/net/dsa/dsa.c index 668c729946ea..36b9ebddc8b8 100644 --- a/net/dsa/dsa.c +++ b/net/dsa/dsa.c @@ -976,6 +976,8 @@ static int dsa_tree_bind_tag_proto(struct dsa_switch_tree *dst, /* Since the dsa/tagging sysfs device attribute is per conduit, the assumption * is that all DSA switches within a tree share the same tagger, otherwise * they would have formed disjoint trees (different "dsa,member" values). + * + * Must be called with RTNL lock held. */ int dsa_tree_change_tag_proto(struct dsa_switch_tree *dst, const struct dsa_device_ops *tag_ops, @@ -985,8 +987,7 @@ int dsa_tree_change_tag_proto(struct dsa_switch_tree *dst, struct dsa_port *dp; int err = -EBUSY; - if (!rtnl_trylock()) - return restart_syscall(); + ASSERT_RTNL(); /* At the moment we don't allow changing the tag protocol under * traffic. The rtnl_mutex also happens to serialize concurrent @@ -1011,15 +1012,12 @@ int dsa_tree_change_tag_proto(struct dsa_switch_tree *dst, if (err) goto out_unwind_tagger; - rtnl_unlock(); - return 0; out_unwind_tagger: info.tag_ops = old_tag_ops; dsa_tree_notify(dst, DSA_NOTIFIER_TAG_PROTO, &info); out_unlock: - rtnl_unlock(); return err; } @@ -1027,7 +1025,7 @@ static void dsa_tree_conduit_state_change(struct dsa_switch_tree *dst, struct net_device *conduit) { struct dsa_notifier_conduit_state_info info; - struct dsa_port *cpu_dp = conduit->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(conduit->dsa_ptr); info.conduit = conduit; info.operational = dsa_port_conduit_is_operational(cpu_dp); @@ -1039,7 +1037,7 @@ void dsa_tree_conduit_admin_state_change(struct dsa_switch_tree *dst, struct net_device *conduit, bool up) { - struct dsa_port *cpu_dp = conduit->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(conduit->dsa_ptr); bool notify = false; /* Don't keep track of admin state on LAG DSA conduits, @@ -1062,7 +1060,7 @@ void dsa_tree_conduit_oper_state_change(struct dsa_switch_tree *dst, struct net_device *conduit, bool up) { - struct dsa_port *cpu_dp = conduit->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(conduit->dsa_ptr); bool notify = false; /* Don't keep track of oper state on LAG DSA conduits, @@ -1594,10 +1592,11 @@ void dsa_switch_shutdown(struct dsa_switch *ds) } /* Disconnect from further netdevice notifiers on the conduit, - * since netdev_uses_dsa() will now return false. + * from now on, netdev_uses_dsa_currently() will return false. */ dsa_switch_for_each_cpu_port(dp, ds) - dp->conduit->dsa_ptr = NULL; + rcu_assign_pointer(dp->conduit->dsa_ptr, NULL); + synchronize_rcu(); rtnl_unlock(); out: diff --git a/net/dsa/port.c b/net/dsa/port.c index 25258b33e59e..6220c520d776 100644 --- a/net/dsa/port.c +++ b/net/dsa/port.c @@ -11,6 +11,7 @@ #include <linux/notifier.h> #include <linux/of_mdio.h> #include <linux/of_net.h> +#include <linux/rtnetlink.h> #include "dsa.h" #include "port.h" @@ -1414,7 +1415,7 @@ static int dsa_port_assign_conduit(struct dsa_port *dp, if (err && fail_on_err) return err; - dp->cpu_dp = conduit->dsa_ptr; + dp->cpu_dp = rtnl_dereference(conduit->dsa_ptr); dp->cpu_port_in_lag = netif_is_lag_master(conduit); return 0; diff --git a/net/dsa/tag.c b/net/dsa/tag.c index 79ad105902d9..ba662adecc14 100644 --- a/net/dsa/tag.c +++ b/net/dsa/tag.c @@ -10,6 +10,7 @@ #include <linux/netdevice.h> #include <linux/ptp_classify.h> #include <linux/skbuff.h> +#include <linux/rcupdate.h> #include <net/dsa.h> #include <net/dst_metadata.h> @@ -55,7 +56,7 @@ static int dsa_switch_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *unused) { struct metadata_dst *md_dst = skb_metadata_dst(skb); - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rcu_dereference(dev->dsa_ptr); struct sk_buff *nskb = NULL; struct dsa_user_priv *p; diff --git a/net/dsa/tag.h b/net/dsa/tag.h index d5707870906b..dbb2217d4344 100644 --- a/net/dsa/tag.h +++ b/net/dsa/tag.h @@ -5,6 +5,7 @@ #include <linux/if_vlan.h> #include <linux/list.h> +#include <linux/rcupdate.h> #include <linux/types.h> #include <net/dsa.h> @@ -32,11 +33,14 @@ static inline int dsa_tag_protocol_overhead(const struct dsa_device_ops *ops) static inline struct net_device *dsa_conduit_find_user(struct net_device *dev, int device, int port) { - struct dsa_port *cpu_dp = dev->dsa_ptr; - struct dsa_switch_tree *dst = cpu_dp->dst; + struct dsa_port *cpu_dp; struct dsa_port *dp; - list_for_each_entry(dp, &dst->ports, list) + cpu_dp = rcu_dereference(dev->dsa_ptr); + if (!cpu_dp) + return NULL; + + list_for_each_entry(dp, &cpu_dp->dst->ports, list) if (dp->ds->index == device && dp->index == port && dp->type == DSA_PORT_TYPE_USER) return dp->user; @@ -184,14 +188,17 @@ static inline struct sk_buff *dsa_software_vlan_untag(struct sk_buff *skb) static inline struct net_device * dsa_find_designated_bridge_port_by_vid(struct net_device *conduit, u16 vid) { - struct dsa_port *cpu_dp = conduit->dsa_ptr; - struct dsa_switch_tree *dst = cpu_dp->dst; + struct dsa_port *cpu_dp; struct bridge_vlan_info vinfo; struct net_device *user; struct dsa_port *dp; int err; - list_for_each_entry(dp, &dst->ports, list) { + cpu_dp = rcu_dereference(conduit->dsa_ptr); + if (!cpu_dp) + return NULL; + + list_for_each_entry(dp, &cpu_dp->dst->ports, list) { if (dp->type != DSA_PORT_TYPE_USER) continue; diff --git a/net/dsa/tag_8021q.c b/net/dsa/tag_8021q.c index 3ee53e28ec2e..c9fb4fd2a4cf 100644 --- a/net/dsa/tag_8021q.c +++ b/net/dsa/tag_8021q.c @@ -5,6 +5,7 @@ * primitives for taggers that rely on 802.1Q VLAN tags to use. */ #include <linux/if_vlan.h> +#include <linux/rcupdate.h> #include <linux/dsa/8021q.h> #include "port.h" @@ -474,14 +475,17 @@ EXPORT_SYMBOL_GPL(dsa_8021q_xmit); static struct net_device * dsa_tag_8021q_find_port_by_vbid(struct net_device *conduit, int vbid) { - struct dsa_port *cpu_dp = conduit->dsa_ptr; - struct dsa_switch_tree *dst = cpu_dp->dst; + struct dsa_port *cpu_dp; struct dsa_port *dp; if (WARN_ON(!vbid)) return NULL; - dsa_tree_for_each_user_port(dp, dst) { + cpu_dp = rcu_dereference(conduit->dsa_ptr); + if (!cpu_dp) + return NULL; + + dsa_tree_for_each_user_port(dp, cpu_dp->dst) { if (!dp->bridge) continue; diff --git a/net/dsa/tag_brcm.c b/net/dsa/tag_brcm.c index 8c3c068728e5..c87f16cd959f 100644 --- a/net/dsa/tag_brcm.c +++ b/net/dsa/tag_brcm.c @@ -269,7 +269,7 @@ static struct sk_buff *brcm_leg_tag_rcv(struct sk_buff *skb, return NULL; /* VLAN tag is added by BCM63xx internal switch */ - if (netdev_uses_dsa(skb->dev)) + if (__netdev_uses_dsa_currently(skb->dev)) len += VLAN_HLEN; /* Remove Broadcom tag and update checksum */ diff --git a/net/dsa/tag_dsa.c b/net/dsa/tag_dsa.c index 2a2c4fb61a65..7f5dc8d384c9 100644 --- a/net/dsa/tag_dsa.c +++ b/net/dsa/tag_dsa.c @@ -48,6 +48,7 @@ #include <linux/dsa/mv88e6xxx.h> #include <linux/etherdevice.h> #include <linux/list.h> +#include <linux/rcupdate.h> #include <linux/slab.h> #include "tag.h" @@ -257,14 +258,15 @@ static struct sk_buff *dsa_rcv_ll(struct sk_buff *skb, struct net_device *dev, source_port = (dsa_header[1] >> 3) & 0x1f; if (trunk) { - struct dsa_port *cpu_dp = dev->dsa_ptr; - struct dsa_lag *lag; + struct dsa_port *cpu_dp = rcu_dereference(dev->dsa_ptr); + struct dsa_lag *lag = NULL; /* The exact source port is not available in the tag, * so we inject the frame directly on the upper * team/bond. */ - lag = dsa_lag_by_id(cpu_dp->dst, source_port + 1); + if (cpu_dp) + lag = dsa_lag_by_id(cpu_dp->dst, source_port + 1); skb->dev = lag ? lag->dev : NULL; } else { skb->dev = dsa_conduit_find_user(dev, source_device, diff --git a/net/dsa/tag_qca.c b/net/dsa/tag_qca.c index 0cf61286b426..dbc1f659ed07 100644 --- a/net/dsa/tag_qca.c +++ b/net/dsa/tag_qca.c @@ -5,6 +5,7 @@ #include <linux/etherdevice.h> #include <linux/bitfield.h> +#include <linux/rcupdate.h> #include <net/dsa.h> #include <linux/dsa/tag_qca.h> @@ -36,8 +37,8 @@ static struct sk_buff *qca_tag_xmit(struct sk_buff *skb, struct net_device *dev) static struct sk_buff *qca_tag_rcv(struct sk_buff *skb, struct net_device *dev) { struct qca_tagger_data *tagger_data; - struct dsa_port *dp = dev->dsa_ptr; - struct dsa_switch *ds = dp->ds; + struct dsa_port *dp; + struct dsa_switch *ds; u8 ver, pk_type; __be16 *phdr; int port; @@ -45,6 +46,11 @@ static struct sk_buff *qca_tag_rcv(struct sk_buff *skb, struct net_device *dev) BUILD_BUG_ON(sizeof(struct qca_mgmt_ethhdr) != QCA_HDR_MGMT_HEADER_LEN + QCA_HDR_LEN); + dp = rcu_dereference(dev->dsa_ptr); + if (!dp) + return NULL; + ds = dp->ds; + tagger_data = ds->tagger_data; if (unlikely(!pskb_may_pull(skb, QCA_HDR_LEN))) diff --git a/net/dsa/tag_sja1105.c b/net/dsa/tag_sja1105.c index 3e902af7eea6..0746a7d34178 100644 --- a/net/dsa/tag_sja1105.c +++ b/net/dsa/tag_sja1105.c @@ -5,6 +5,7 @@ #include <linux/dsa/sja1105.h> #include <linux/dsa/8021q.h> #include <linux/packing.h> +#include <linux/rcupdate.h> #include "tag.h" #include "tag_8021q.h" @@ -530,12 +531,13 @@ static struct sk_buff *sja1110_rcv_meta(struct sk_buff *skb, u16 rx_header) int n_ts = SJA1110_RX_HEADER_N_TS(rx_header); struct sja1105_tagger_data *tagger_data; struct net_device *conduit = skb->dev; + struct dsa_switch *ds = NULL; struct dsa_port *cpu_dp; - struct dsa_switch *ds; int i; - cpu_dp = conduit->dsa_ptr; - ds = dsa_switch_find(cpu_dp->dst->index, switch_id); + cpu_dp = rcu_dereference(conduit->dsa_ptr); + if (cpu_dp) + ds = dsa_switch_find(cpu_dp->dst->index, switch_id); if (!ds) { net_err_ratelimited("%s: cannot find switch id %d\n", conduit->name, switch_id); @@ -662,24 +664,26 @@ static struct sk_buff *sja1110_rcv(struct sk_buff *skb, return skb; } -static void sja1105_flow_dissect(const struct sk_buff *skb, __be16 *proto, - int *offset) +static void sja1105_flow_dissect(const struct sk_buff *skb, + const struct dsa_port *dp, + __be16 *proto, int *offset) { /* No tag added for management frames, all ok */ if (unlikely(sja1105_is_link_local(skb))) return; - dsa_tag_generic_flow_dissect(skb, proto, offset); + dsa_tag_generic_flow_dissect(skb, dp, proto, offset); } -static void sja1110_flow_dissect(const struct sk_buff *skb, __be16 *proto, - int *offset) +static void sja1110_flow_dissect(const struct sk_buff *skb, + const struct dsa_port *dp, + __be16 *proto, int *offset) { /* Management frames have 2 DSA tags on RX, so the needed_headroom we * declared is fine for the generic dissector adjustment procedure. */ if (unlikely(sja1105_is_link_local(skb))) - return dsa_tag_generic_flow_dissect(skb, proto, offset); + return dsa_tag_generic_flow_dissect(skb, dp, proto, offset); /* For the rest, there is a single DSA tag, the tag_8021q one */ *offset = VLAN_HLEN; diff --git a/net/dsa/user.c b/net/dsa/user.c index f5adfa1d978a..2afd21e34772 100644 --- a/net/dsa/user.c +++ b/net/dsa/user.c @@ -21,6 +21,7 @@ #include <linux/if_hsr.h> #include <net/dcbnl.h> #include <linux/netpoll.h> +#include <linux/rcupdate.h> #include <linux/string.h> #include "conduit.h" @@ -2839,7 +2840,7 @@ int dsa_user_change_conduit(struct net_device *dev, struct net_device *conduit, return -EOPNOTSUPP; } - if (!netdev_uses_dsa(conduit)) { + if (!__netdev_uses_dsa_currently(conduit)) { NL_SET_ERR_MSG_MOD(extack, "Interface not eligible as DSA conduit"); return -EOPNOTSUPP; @@ -3141,8 +3142,8 @@ static int dsa_lag_conduit_validate(struct net_device *lag_dev, netdev_for_each_lower_dev(lag_dev, lower1, iter1) { netdev_for_each_lower_dev(lag_dev, lower2, iter2) { - if (!netdev_uses_dsa(lower1) || - !netdev_uses_dsa(lower2)) { + if (!__netdev_uses_dsa_currently(lower1) || + !__netdev_uses_dsa_currently(lower2)) { NL_SET_ERR_MSG_MOD(extack, "All LAG ports must be eligible as DSA conduits"); return notifier_from_errno(-EINVAL); @@ -3151,8 +3152,8 @@ static int dsa_lag_conduit_validate(struct net_device *lag_dev, if (lower1 == lower2) continue; - if (!dsa_port_tree_same(lower1->dsa_ptr, - lower2->dsa_ptr)) { + if (!dsa_port_tree_same(rtnl_dereference(lower1->dsa_ptr), + rtnl_dereference(lower2->dsa_ptr))) { NL_SET_ERR_MSG_MOD(extack, "LAG contains DSA conduits of disjoint switch trees"); return notifier_from_errno(-EINVAL); @@ -3169,7 +3170,7 @@ dsa_conduit_prechangeupper_sanity_check(struct net_device *conduit, { struct netlink_ext_ack *extack = netdev_notifier_info_to_extack(&info->info); - if (!netdev_uses_dsa(conduit)) + if (!__netdev_uses_dsa_currently(conduit)) return NOTIFY_DONE; if (!info->linking) @@ -3205,20 +3206,22 @@ dsa_lag_conduit_prechangelower_sanity_check(struct net_device *dev, struct net_device *lower; struct list_head *iter; - if (!netdev_uses_dsa(lag_dev) || !netif_is_lag_master(lag_dev)) + if (!__netdev_uses_dsa_currently(lag_dev) || + !netif_is_lag_master(lag_dev)) return NOTIFY_DONE; if (!info->linking) return NOTIFY_DONE; - if (!netdev_uses_dsa(dev)) { + if (!__netdev_uses_dsa_currently(dev)) { NL_SET_ERR_MSG(extack, "Only DSA conduits can join a LAG DSA conduit"); return notifier_from_errno(-EINVAL); } netdev_for_each_lower_dev(lag_dev, lower, iter) { - if (!dsa_port_tree_same(dev->dsa_ptr, lower->dsa_ptr)) { + if (!dsa_port_tree_same(rtnl_dereference(dev->dsa_ptr), + rtnl_dereference(lower->dsa_ptr))) { NL_SET_ERR_MSG(extack, "Interface is DSA conduit for a different switch tree than this LAG"); return notifier_from_errno(-EINVAL); @@ -3257,7 +3260,8 @@ dsa_bridge_prechangelower_sanity_check(struct net_device *new_lower, extack = netdev_notifier_info_to_extack(&info->info); netdev_for_each_lower_dev(br, lower, iter) { - if (!netdev_uses_dsa(new_lower) && !netdev_uses_dsa(lower)) + if (!__netdev_uses_dsa_currently(new_lower) && + !__netdev_uses_dsa_currently(lower)) continue; if (!netdev_port_same_parent_id(lower, new_lower)) { @@ -3295,7 +3299,7 @@ static int dsa_conduit_lag_join(struct net_device *conduit, struct netdev_lag_upper_info *uinfo, struct netlink_ext_ack *extack) { - struct dsa_port *cpu_dp = conduit->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(conduit->dsa_ptr); struct dsa_switch_tree *dst = cpu_dp->dst; struct dsa_port *dp; int err; @@ -3328,7 +3332,7 @@ static int dsa_conduit_lag_join(struct net_device *conduit, } } - dsa_conduit_lag_teardown(lag_dev, conduit->dsa_ptr); + dsa_conduit_lag_teardown(lag_dev, rtnl_dereference(conduit->dsa_ptr)); return err; } @@ -3336,17 +3340,16 @@ static int dsa_conduit_lag_join(struct net_device *conduit, static void dsa_conduit_lag_leave(struct net_device *conduit, struct net_device *lag_dev) { - struct dsa_port *dp, *cpu_dp = lag_dev->dsa_ptr; + struct dsa_port *dp, *cpu_dp = rtnl_dereference(lag_dev->dsa_ptr); struct dsa_switch_tree *dst = cpu_dp->dst; struct dsa_port *new_cpu_dp = NULL; struct net_device *lower; struct list_head *iter; netdev_for_each_lower_dev(lag_dev, lower, iter) { - if (netdev_uses_dsa(lower)) { - new_cpu_dp = lower->dsa_ptr; + new_cpu_dp = rtnl_dereference(lower->dsa_ptr); + if (new_cpu_dp) break; - } } if (new_cpu_dp) { @@ -3360,8 +3363,11 @@ static void dsa_conduit_lag_leave(struct net_device *conduit, /* Update the index of the virtual CPU port to match the lowest * physical CPU port */ - lag_dev->dsa_ptr = new_cpu_dp; - wmb(); + rcu_assign_pointer(lag_dev->dsa_ptr, new_cpu_dp); + /* + * No need to synchronize_rcu() here because dsa_ptr in not + * going away before it will be zeroed + */ } else { /* If the LAG DSA conduit has no ports left, migrate back all * user ports to the first physical CPU port @@ -3372,7 +3378,7 @@ static void dsa_conduit_lag_leave(struct net_device *conduit, /* This DSA conduit has left its LAG in any case, so let * the CPU port leave the hardware LAG as well */ - dsa_conduit_lag_teardown(lag_dev, conduit->dsa_ptr); + dsa_conduit_lag_teardown(lag_dev, rtnl_dereference(conduit->dsa_ptr)); } static int dsa_conduit_changeupper(struct net_device *dev, @@ -3381,7 +3387,7 @@ static int dsa_conduit_changeupper(struct net_device *dev, struct netlink_ext_ack *extack; int err = NOTIFY_DONE; - if (!netdev_uses_dsa(dev)) + if (!__netdev_uses_dsa_currently(dev)) return err; extack = netdev_notifier_info_to_extack(&info->info); @@ -3464,14 +3470,14 @@ static int dsa_user_netdevice_event(struct notifier_block *nb, err = dsa_port_lag_change(dp, info->lower_state_info); } + dp = rtnl_dereference(dev->dsa_ptr); + if (!dp) + return NOTIFY_OK; + /* Mirror LAG port events on DSA conduits that are in * a LAG towards their respective switch CPU ports */ - if (netdev_uses_dsa(dev)) { - dp = dev->dsa_ptr; - - err = dsa_port_lag_change(dp, info->lower_state_info); - } + err = dsa_port_lag_change(dp, info->lower_state_info); return notifier_from_errno(err); } @@ -3481,39 +3487,41 @@ static int dsa_user_netdevice_event(struct notifier_block *nb, * DSA driver may require the conduit port (and indirectly * the tagger) to be available for some special operation. */ - if (netdev_uses_dsa(dev)) { - struct dsa_port *cpu_dp = dev->dsa_ptr; - struct dsa_switch_tree *dst = cpu_dp->ds->dst; - - /* Track when the conduit port is UP */ - dsa_tree_conduit_oper_state_change(dst, dev, - netif_oper_up(dev)); - - /* Track when the conduit port is ready and can accept - * packet. - * NETDEV_UP event is not enough to flag a port as ready. - * We also have to wait for linkwatch_do_dev to dev_activate - * and emit a NETDEV_CHANGE event. - * We check if a conduit port is ready by checking if the dev - * have a qdisc assigned and is not noop. - */ - dsa_tree_conduit_admin_state_change(dst, dev, - !qdisc_tx_is_noop(dev)); + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); + struct dsa_switch_tree *dst; - return NOTIFY_OK; - } + if (!cpu_dp) + return NOTIFY_DONE; + + dst = cpu_dp->ds->dst; + + /* Track when the conduit port is UP */ + dsa_tree_conduit_oper_state_change(dst, dev, + netif_oper_up(dev)); + + /* Track when the conduit port is ready and can accept + * packet. + * NETDEV_UP event is not enough to flag a port as ready. + * We also have to wait for linkwatch_do_dev to dev_activate + * and emit a NETDEV_CHANGE event. + * We check if a conduit port is ready by checking if the dev + * have a qdisc assigned and is not noop. + */ + dsa_tree_conduit_admin_state_change(dst, dev, + !qdisc_tx_is_noop(dev)); + + return NOTIFY_OK; - return NOTIFY_DONE; } case NETDEV_GOING_DOWN: { struct dsa_port *dp, *cpu_dp; struct dsa_switch_tree *dst; LIST_HEAD(close_list); - if (!netdev_uses_dsa(dev)) + cpu_dp = rtnl_dereference(dev->dsa_ptr); + if (!cpu_dp) return NOTIFY_DONE; - cpu_dp = dev->dsa_ptr; dst = cpu_dp->ds->dst; dsa_tree_conduit_admin_state_change(dst, dev, false); diff --git a/net/ethernet/eth.c b/net/ethernet/eth.c index 4e3651101b86..a05ff82551c3 100644 --- a/net/ethernet/eth.c +++ b/net/ethernet/eth.c @@ -170,7 +170,7 @@ __be16 eth_type_trans(struct sk_buff *skb, struct net_device *dev) * variants has been configured on the receiving interface, * and if so, set skb->protocol without looking at the packet. */ - if (unlikely(netdev_uses_dsa(dev))) + if (unlikely(netdev_uses_dsa_currently(dev))) return htons(ETH_P_XDSA); if (likely(eth_proto_is_802_3(eth->h_proto))) -- 2.46.0

2 days, 9 hours

7
9
0 0

[PATCH 5.10] xhci: check virt_dev is valid before dereferencing it

by Roman Smirnov

From: Mathias Nyman <mathias.nyman(a)linux.intel.com> commit 03ed579d9d51aa018830b0de3e8b463faf6b87db upstream. Check that the xhci_virt_dev structure that we dug out based on a slot_id value from a command completion is valid before dereferencing it. Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20210129130044.206855-7-mathias.nyman@linux.intel… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Roman Smirnov <r.smirnov(a)omp.ru> --- drivers/usb/host/xhci-ring.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index fbb7a5b51ef4..a769803e7d38 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1415,6 +1415,8 @@ static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id, * is not waiting on the configure endpoint command. */ virt_dev = xhci->devs[slot_id]; + if (!virt_dev) + return; ctrl_ctx = xhci_get_input_control_ctx(virt_dev->in_ctx); if (!ctrl_ctx) { xhci_warn(xhci, "Could not get input context, bad type.\n"); @@ -1459,6 +1461,8 @@ static void xhci_handle_cmd_addr_dev(struct xhci_hcd *xhci, int slot_id) struct xhci_slot_ctx *slot_ctx; vdev = xhci->devs[slot_id]; + if (!vdev) + return; slot_ctx = xhci_get_slot_ctx(xhci, vdev->out_ctx); trace_xhci_handle_cmd_addr_dev(slot_ctx); } @@ -1470,13 +1474,15 @@ static void xhci_handle_cmd_reset_dev(struct xhci_hcd *xhci, int slot_id, struct xhci_slot_ctx *slot_ctx; vdev = xhci->devs[slot_id]; + if (!vdev) { + xhci_warn(xhci, "Reset device command completion for disabled slot %u\n", + slot_id); + return; + } slot_ctx = xhci_get_slot_ctx(xhci, vdev->out_ctx); trace_xhci_handle_cmd_reset_dev(slot_ctx); xhci_dbg(xhci, "Completed reset device command.\n"); - if (!xhci->devs[slot_id]) - xhci_warn(xhci, "Reset device command completion " - "for disabled slot %u\n", slot_id); } static void xhci_handle_cmd_nec_get_fw(struct xhci_hcd *xhci, -- 2.34.1

2 days, 9 hours

1
1
0 0

[PATCH] list: Remove duplicated and unused macro list_for_each_reverse

by Zijun Hu

From: Zijun Hu <quic_zijuhu(a)quicinc.com> Remove macro list_for_each_reverse due to below reasons: - it is same as list_for_each_prev. - it is not used by current kernel tree. Fixes: 8bf0cdfac7f8 ("<linux/list.h>: Introduce the list_for_each_reverse() method") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- include/linux/list.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/include/linux/list.h b/include/linux/list.h index 5f4b0a39cf46..29a375889fb8 100644 --- a/include/linux/list.h +++ b/include/linux/list.h @@ -686,14 +686,6 @@ static inline void list_splice_tail_init(struct list_head *list, #define list_for_each(pos, head) \ for (pos = (head)->next; !list_is_head(pos, (head)); pos = pos->next) -/** - * list_for_each_reverse - iterate backwards over a list - * @pos: the &struct list_head to use as a loop cursor. - * @head: the head for your list. - */ -#define list_for_each_reverse(pos, head) \ - for (pos = (head)->prev; pos != (head); pos = pos->prev) - /** * list_for_each_rcu - Iterate over a list in an RCU-safe fashion * @pos: the &struct list_head to use as a loop cursor. --- base-commit: 6a36d828bdef0e02b1e6c12e2160f5b83be6aab5 change-id: 20240916-fix_list-553c447bde0f Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

2 days, 9 hours

2
2
0 0

[PATCH 5.10] xhci: check virt_dev is valid before dereferencing it

by Roman Smirnov

From: Mathias Nyman <mathias.nyman(a)linux.intel.com> commit 03ed579d9d51aa018830b0de3e8b463faf6b87db upstream. Check that the xhci_virt_dev structure that we dug out based on a slot_id value from a command completion is valid before dereferencing it. Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20210129130044.206855-7-mathias.nyman@linux.intel… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Roman Smirnov <r.smirnov(a)omp.ru> --- drivers/usb/host/xhci-ring.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index fbb7a5b51ef4..a769803e7d38 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1415,6 +1415,8 @@ static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id, * is not waiting on the configure endpoint command. */ virt_dev = xhci->devs[slot_id]; + if (!virt_dev) + return; ctrl_ctx = xhci_get_input_control_ctx(virt_dev->in_ctx); if (!ctrl_ctx) { xhci_warn(xhci, "Could not get input context, bad type.\n"); @@ -1459,6 +1461,8 @@ static void xhci_handle_cmd_addr_dev(struct xhci_hcd *xhci, int slot_id) struct xhci_slot_ctx *slot_ctx; vdev = xhci->devs[slot_id]; + if (!vdev) + return; slot_ctx = xhci_get_slot_ctx(xhci, vdev->out_ctx); trace_xhci_handle_cmd_addr_dev(slot_ctx); } @@ -1470,13 +1474,15 @@ static void xhci_handle_cmd_reset_dev(struct xhci_hcd *xhci, int slot_id, struct xhci_slot_ctx *slot_ctx; vdev = xhci->devs[slot_id]; + if (!vdev) { + xhci_warn(xhci, "Reset device command completion for disabled slot %u\n", + slot_id); + return; + } slot_ctx = xhci_get_slot_ctx(xhci, vdev->out_ctx); trace_xhci_handle_cmd_reset_dev(slot_ctx); xhci_dbg(xhci, "Completed reset device command.\n"); - if (!xhci->devs[slot_id]) - xhci_warn(xhci, "Reset device command completion " - "for disabled slot %u\n", slot_id); } static void xhci_handle_cmd_nec_get_fw(struct xhci_hcd *xhci, -- 2.34.1

2 days, 10 hours

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2024