- Linux-stable-mirror - lists.linaro.org

[PATCH] comedi: comedi_test: Fix possible deletion of uninitialized timers

by Ian Abbott

In `waveform_common_attach()`, the two timers `&devpriv->ai_timer` and `&devpriv->ao_timer` are initialized after the allocation of the device private data by `comedi_alloc_devpriv()` and the subdevices by `comedi_alloc_subdevices()`. The function may return with an error between those function calls. In that case, `waveform_detach()` will be called by the Comedi core to clean up. The check that `waveform_detach()` uses to decide whether to delete the timers is incorrect. It only checks that the device private data was allocated, but that does not guarantee that the timers were initialized. It also needs to check that the subdevices were allocated. Fix it. Fixes: 73e0e4dfed4c ("staging: comedi: comedi_test: fix timer lock-up") Cc: <stable(a)vger.kernel.org> # 6.15+ Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> --- Patch fails to apply to kernels before 6.15, requiring backports. --- drivers/comedi/drivers/comedi_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/comedi/drivers/comedi_test.c b/drivers/comedi/drivers/comedi_test.c index 9747e6d1f6eb..7984950f0f99 100644 --- a/drivers/comedi/drivers/comedi_test.c +++ b/drivers/comedi/drivers/comedi_test.c @@ -792,7 +792,7 @@ static void waveform_detach(struct comedi_device *dev) { struct waveform_private *devpriv = dev->private; - if (devpriv) { + if (devpriv && dev->n_subdevices) { timer_delete_sync(&devpriv->ai_timer); timer_delete_sync(&devpriv->ao_timer); } -- 2.47.2

6 days, 5 hours

1
0
0 0

[PATCH 5.10/5.15] mm/hugetlb: fix assertion splat in hugetlb_split()

by Fedor Pchelkin

No upstream commit exists for this patch. The following assertion is firing on 5.10 to 6.1 stable kernels after backport of upstream commit 081056dc00a2 ("mm/hugetlb: unshare page tables during VMA split, not before"): WARNING: CPU: 0 PID: 11489 at include/linux/fs.h:503 i_mmap_assert_write_locked include/linux/fs.h:503 [inline] WARNING: CPU: 0 PID: 11489 at include/linux/fs.h:503 hugetlb_split+0x267/0x300 mm/hugetlb.c:4917 Modules linked in: CPU: 0 PID: 11489 Comm: syz-executor.4 Not tainted 6.1.142-syzkaller-00296-gfd0df5221577 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:i_mmap_assert_write_locked include/linux/fs.h:503 [inline] RIP: 0010:hugetlb_split+0x267/0x300 mm/hugetlb.c:4917 Call Trace: <TASK> __vma_adjust+0xd73/0x1c10 mm/mmap.c:736 vma_adjust include/linux/mm.h:2745 [inline] __split_vma+0x459/0x540 mm/mmap.c:2385 do_mas_align_munmap+0x5f2/0xf10 mm/mmap.c:2497 do_mas_munmap+0x26c/0x2c0 mm/mmap.c:2646 __mmap_region mm/mmap.c:2694 [inline] mmap_region+0x19f/0x1770 mm/mmap.c:2912 do_mmap+0x84b/0xf20 mm/mmap.c:1432 vm_mmap_pgoff+0x1af/0x280 mm/util.c:520 ksys_mmap_pgoff+0x41f/0x5a0 mm/mmap.c:1478 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 RIP: 0033:0x46a269 </TASK> Those branches lack commit ccf1d78d8b86 ("mm/mmap: move vma_prepare before vma_adjust_trans_huge") so the needed locks are taken just after the newly added hugetlb_split(). Adjust the position of vma_adjust_trans_huge() blocks with the lock-taking code. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 081056dc00a2 ("mm/hugetlb: unshare page tables during VMA split, not before") Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- Tested with testcases/kernel/mem/hugetlb/hugemmap suite provided by LTP. For the report see: https://lore.kernel.org/stable/CAG48ez3LqUwXxhRY56tqQCpfGJsJ-GeXFG9FCcTZEBo… mm/mmap.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index 8c188ed3738a..13669a33a515 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -832,16 +832,6 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, } } again: - /* - * Get rid of huge pages and shared page tables straddling the split - * boundary. - */ - vma_adjust_trans_huge(orig_vma, start, end, adjust_next); - if (is_vm_hugetlb_page(orig_vma)) { - hugetlb_split(orig_vma, start); - hugetlb_split(orig_vma, end); - } - if (file) { mapping = file->f_mapping; root = &mapping->i_mmap; @@ -881,6 +871,16 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, vma_interval_tree_remove(next, root); } + /* + * Get rid of huge pages and shared page tables straddling the split + * boundary. + */ + vma_adjust_trans_huge(orig_vma, start, end, adjust_next); + if (is_vm_hugetlb_page(orig_vma)) { + hugetlb_split(orig_vma, start); + hugetlb_split(orig_vma, end); + } + if (start != vma->vm_start) { vma->vm_start = start; start_changed = true; -- 2.50.0

6 days, 6 hours

1
0
0 0

[PATCH 6.1] mm/hugetlb: fix assertion splat in hugetlb_split()

by Fedor Pchelkin

No upstream commit exists for this patch. The following assertion is firing on 5.10 to 6.1 stable kernels after backport of upstream commit 081056dc00a2 ("mm/hugetlb: unshare page tables during VMA split, not before"): WARNING: CPU: 0 PID: 11489 at include/linux/fs.h:503 i_mmap_assert_write_locked include/linux/fs.h:503 [inline] WARNING: CPU: 0 PID: 11489 at include/linux/fs.h:503 hugetlb_split+0x267/0x300 mm/hugetlb.c:4917 Modules linked in: CPU: 0 PID: 11489 Comm: syz-executor.4 Not tainted 6.1.142-syzkaller-00296-gfd0df5221577 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:i_mmap_assert_write_locked include/linux/fs.h:503 [inline] RIP: 0010:hugetlb_split+0x267/0x300 mm/hugetlb.c:4917 Call Trace: <TASK> __vma_adjust+0xd73/0x1c10 mm/mmap.c:736 vma_adjust include/linux/mm.h:2745 [inline] __split_vma+0x459/0x540 mm/mmap.c:2385 do_mas_align_munmap+0x5f2/0xf10 mm/mmap.c:2497 do_mas_munmap+0x26c/0x2c0 mm/mmap.c:2646 __mmap_region mm/mmap.c:2694 [inline] mmap_region+0x19f/0x1770 mm/mmap.c:2912 do_mmap+0x84b/0xf20 mm/mmap.c:1432 vm_mmap_pgoff+0x1af/0x280 mm/util.c:520 ksys_mmap_pgoff+0x41f/0x5a0 mm/mmap.c:1478 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 RIP: 0033:0x46a269 </TASK> Those branches lack commit ccf1d78d8b86 ("mm/mmap: move vma_prepare before vma_adjust_trans_huge") so the needed locks are taken just after the newly added hugetlb_split(). Adjust the position of vma_adjust_trans_huge() blocks with the lock-taking code. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 081056dc00a2 ("mm/hugetlb: unshare page tables during VMA split, not before") Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- Tested with testcases/kernel/mem/hugetlb/hugemmap suite provided by LTP. For the report see: https://lore.kernel.org/stable/CAG48ez3LqUwXxhRY56tqQCpfGJsJ-GeXFG9FCcTZEBo… mm/mmap.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index 0f303dc8425a..941880ed62d7 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -543,8 +543,6 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma, if (mas_preallocate(mas, vma, GFP_KERNEL)) goto nomem; - vma_adjust_trans_huge(vma, start, end, 0); - if (file) { mapping = file->f_mapping; root = &mapping->i_mmap; @@ -562,6 +560,8 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma, vma_interval_tree_remove(vma, root); } + vma_adjust_trans_huge(vma, start, end, 0); + vma->vm_start = start; vma->vm_end = end; vma->vm_pgoff = pgoff; @@ -727,15 +727,6 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, return -ENOMEM; } - /* - * Get rid of huge pages and shared page tables straddling the split - * boundary. - */ - vma_adjust_trans_huge(orig_vma, start, end, adjust_next); - if (is_vm_hugetlb_page(orig_vma)) { - hugetlb_split(orig_vma, start); - hugetlb_split(orig_vma, end); - } if (file) { mapping = file->f_mapping; root = &mapping->i_mmap; @@ -775,6 +766,16 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, vma_interval_tree_remove(next, root); } + /* + * Get rid of huge pages and shared page tables straddling the split + * boundary. + */ + vma_adjust_trans_huge(orig_vma, start, end, adjust_next); + if (is_vm_hugetlb_page(orig_vma)) { + hugetlb_split(orig_vma, start); + hugetlb_split(orig_vma, end); + } + if (start != vma->vm_start) { if ((vma->vm_start < start) && (!insert || (insert->vm_end != start))) { -- 2.50.0

6 days, 6 hours

1
0
0 0

[PATCH v3] wifi: wilc1000: Add error handling for wilc_sdio_cmd52()

by Wentao Liang

The wilc_sdio_read_size() calls wilc_sdio_cmd52() but does not check the return value. This could lead to execution with potentially invalid data if wilc_sdio_cmd52() fails. A proper implementation can be found in wilc_sdio_read_reg(). Add error handling for wilc_sdio_cmd52(). If wilc_sdio_cmd52() fails, log an error message via dev_err(). Fixes: ea5779b4fbc7 ("staging: wilc1000: wilc_sdio_cmd52: pass struct wilc") Cc: stable(a)vger.kernel.org # v4.5 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v3: Remove redundant error log. Fix code error. Fix fixes flag error. v2: Fix code error. drivers/net/wireless/microchip/wilc1000/sdio.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/microchip/wilc1000/sdio.c b/drivers/net/wireless/microchip/wilc1000/sdio.c index 5262c8846c13..d77f88996250 100644 --- a/drivers/net/wireless/microchip/wilc1000/sdio.c +++ b/drivers/net/wireless/microchip/wilc1000/sdio.c @@ -771,6 +771,7 @@ static int wilc_sdio_read_size(struct wilc *wilc, u32 *size) { u32 tmp; struct sdio_cmd52 cmd; + int ret; /** * Read DMA count in words @@ -780,12 +781,16 @@ static int wilc_sdio_read_size(struct wilc *wilc, u32 *size) cmd.raw = 0; cmd.address = WILC_SDIO_INTERRUPT_DATA_SZ_REG; cmd.data = 0; - wilc_sdio_cmd52(wilc, &cmd); + ret = wilc_sdio_cmd52(wilc, &cmd); + if (ret) + return ret; tmp = cmd.data; cmd.address = WILC_SDIO_INTERRUPT_DATA_SZ_REG + 1; cmd.data = 0; - wilc_sdio_cmd52(wilc, &cmd); + ret = wilc_sdio_cmd52(wilc, &cmd); + if (ret) + return ret; tmp |= (cmd.data << 8); *size = tmp; -- 2.42.0.windows.2

6 days, 7 hours

2
1
0 0

FAILED: patch "[PATCH] usb: dwc3: Abort suspend on soft disconnect failure" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 630a1dec3b0eba2a695b9063f1c205d585cbfec9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070816-untoasted-wooing-3f93@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 630a1dec3b0eba2a695b9063f1c205d585cbfec9 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Wed, 28 May 2025 18:03:11 +0800 Subject: [PATCH] usb: dwc3: Abort suspend on soft disconnect failure When dwc3_gadget_soft_disconnect() fails, dwc3_suspend_common() keeps going with the suspend, resulting in a period where the power domain is off, but the gadget driver remains connected. Within this time frame, invoking vbus_event_work() will cause an error as it attempts to access DWC3 registers for endpoint disabling after the power domain has been completely shut down. Abort the suspend sequence when dwc3_gadget_suspend() cannot halt the controller and proceeds with a soft connect. Fixes: 9f8a67b65a49 ("usb: dwc3: gadget: fix gadget suspend/resume") Cc: stable <stable(a)kernel.org> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250528100315.2162699-1-khtsai@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 2bc775a747f2..8002c23a5a02 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2422,6 +2422,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) { u32 reg; int i; + int ret; if (!pm_runtime_suspended(dwc->dev) && !PMSG_IS_AUTO(msg)) { dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & @@ -2440,7 +2441,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) break; - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); dwc3_core_exit(dwc); break; @@ -2475,7 +2478,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); } diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 321361288935..b6b63b530148 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4821,8 +4821,15 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) int ret; ret = dwc3_gadget_soft_disconnect(dwc); - if (ret) - goto err; + /* + * Attempt to reset the controller's state. Likely no + * communication can be established until the host + * performs a port reset. + */ + if (ret && dwc->softconnect) { + dwc3_gadget_soft_connect(dwc); + return -EAGAIN; + } spin_lock_irqsave(&dwc->lock, flags); if (dwc->gadget_driver) @@ -4830,17 +4837,6 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) spin_unlock_irqrestore(&dwc->lock, flags); return 0; - -err: - /* - * Attempt to reset the controller's state. Likely no - * communication can be established until the host - * performs a port reset. - */ - if (dwc->softconnect) - dwc3_gadget_soft_connect(dwc); - - return ret; } int dwc3_gadget_resume(struct dwc3 *dwc)

6 days, 8 hours

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: Abort suspend on soft disconnect failure" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 630a1dec3b0eba2a695b9063f1c205d585cbfec9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070814-edginess-essence-e135@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 630a1dec3b0eba2a695b9063f1c205d585cbfec9 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Wed, 28 May 2025 18:03:11 +0800 Subject: [PATCH] usb: dwc3: Abort suspend on soft disconnect failure When dwc3_gadget_soft_disconnect() fails, dwc3_suspend_common() keeps going with the suspend, resulting in a period where the power domain is off, but the gadget driver remains connected. Within this time frame, invoking vbus_event_work() will cause an error as it attempts to access DWC3 registers for endpoint disabling after the power domain has been completely shut down. Abort the suspend sequence when dwc3_gadget_suspend() cannot halt the controller and proceeds with a soft connect. Fixes: 9f8a67b65a49 ("usb: dwc3: gadget: fix gadget suspend/resume") Cc: stable <stable(a)kernel.org> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250528100315.2162699-1-khtsai@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 2bc775a747f2..8002c23a5a02 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2422,6 +2422,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) { u32 reg; int i; + int ret; if (!pm_runtime_suspended(dwc->dev) && !PMSG_IS_AUTO(msg)) { dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & @@ -2440,7 +2441,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) break; - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); dwc3_core_exit(dwc); break; @@ -2475,7 +2478,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); } diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 321361288935..b6b63b530148 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4821,8 +4821,15 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) int ret; ret = dwc3_gadget_soft_disconnect(dwc); - if (ret) - goto err; + /* + * Attempt to reset the controller's state. Likely no + * communication can be established until the host + * performs a port reset. + */ + if (ret && dwc->softconnect) { + dwc3_gadget_soft_connect(dwc); + return -EAGAIN; + } spin_lock_irqsave(&dwc->lock, flags); if (dwc->gadget_driver) @@ -4830,17 +4837,6 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) spin_unlock_irqrestore(&dwc->lock, flags); return 0; - -err: - /* - * Attempt to reset the controller's state. Likely no - * communication can be established until the host - * performs a port reset. - */ - if (dwc->softconnect) - dwc3_gadget_soft_connect(dwc); - - return ret; } int dwc3_gadget_resume(struct dwc3 *dwc)

6 days, 8 hours

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: Abort suspend on soft disconnect failure" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 630a1dec3b0eba2a695b9063f1c205d585cbfec9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070843-mammal-recapture-b529@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 630a1dec3b0eba2a695b9063f1c205d585cbfec9 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Wed, 28 May 2025 18:03:11 +0800 Subject: [PATCH] usb: dwc3: Abort suspend on soft disconnect failure When dwc3_gadget_soft_disconnect() fails, dwc3_suspend_common() keeps going with the suspend, resulting in a period where the power domain is off, but the gadget driver remains connected. Within this time frame, invoking vbus_event_work() will cause an error as it attempts to access DWC3 registers for endpoint disabling after the power domain has been completely shut down. Abort the suspend sequence when dwc3_gadget_suspend() cannot halt the controller and proceeds with a soft connect. Fixes: 9f8a67b65a49 ("usb: dwc3: gadget: fix gadget suspend/resume") Cc: stable <stable(a)kernel.org> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250528100315.2162699-1-khtsai@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 2bc775a747f2..8002c23a5a02 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2422,6 +2422,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) { u32 reg; int i; + int ret; if (!pm_runtime_suspended(dwc->dev) && !PMSG_IS_AUTO(msg)) { dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & @@ -2440,7 +2441,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) break; - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); dwc3_core_exit(dwc); break; @@ -2475,7 +2478,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); } diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 321361288935..b6b63b530148 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4821,8 +4821,15 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) int ret; ret = dwc3_gadget_soft_disconnect(dwc); - if (ret) - goto err; + /* + * Attempt to reset the controller's state. Likely no + * communication can be established until the host + * performs a port reset. + */ + if (ret && dwc->softconnect) { + dwc3_gadget_soft_connect(dwc); + return -EAGAIN; + } spin_lock_irqsave(&dwc->lock, flags); if (dwc->gadget_driver) @@ -4830,17 +4837,6 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) spin_unlock_irqrestore(&dwc->lock, flags); return 0; - -err: - /* - * Attempt to reset the controller's state. Likely no - * communication can be established until the host - * performs a port reset. - */ - if (dwc->softconnect) - dwc3_gadget_soft_connect(dwc); - - return ret; } int dwc3_gadget_resume(struct dwc3 *dwc)

6 days, 8 hours

1
0
0 0

[PATCH] arm64: dts: qcom: qcm2290: Disable USB SS bus instances in park mode

by Konrad Dybcio

From: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> 2290 was found in the field to also require this quirk, as long & high-bandwidth workloads (e.g. USB ethernet) are consistently able to crash the controller otherwise. The same change has been made for a number of SoCs in [1], but QCM2290 somehow escaped the list (even though the very closely related SM6115 was there). Upon a controller crash, the log would read: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up Add snps,parkmode-disable-ss-quirk to the DWC3 instance in order to prevent the aforementioned breakage. [1] https://lore.kernel.org/all/20240704152848.3380602-1-quic_kriskura@quicinc.… Cc: stable(a)vger.kernel.org Reported-by: Rob Clark <robin.clark(a)oss.qualcomm.com> Fixes: a64a0192b70c ("arm64: dts: qcom: Add initial QCM2290 device tree") Signed-off-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> --- arch/arm64/boot/dts/qcom/qcm2290.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/qcm2290.dtsi b/arch/arm64/boot/dts/qcom/qcm2290.dtsi index fa24b77a31a7504020390522fabb0b783d897366..6b7070dad3df946649660eac1d087c0e8b6fe26d 100644 --- a/arch/arm64/boot/dts/qcom/qcm2290.dtsi +++ b/arch/arm64/boot/dts/qcom/qcm2290.dtsi @@ -1454,6 +1454,7 @@ usb_dwc3: usb@4e00000 { snps,has-lpm-erratum; snps,hird-threshold = /bits/ 8 <0x10>; snps,usb3_lpm_capable; + snps,parkmode-disable-ss-quirk; maximum-speed = "super-speed"; dr_mode = "otg"; usb-role-switch; --- base-commit: 26ffb3d6f02cd0935fb9fa3db897767beee1cb2a change-id: 20250708-topic-2290_usb-6632f12e5cd6 Best regards, -- Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>

6 days, 8 hours

1
0
0 0

[PATCH v3 2/2] PCI: imx6: Correct the epc_features of IMX8MM_EP and IMX8MP_EP

by Richard Zhu

For IMX8MM_EP and IMX8MP_EP, add fixed 256-byte BAR 4 and reserved BAR 5 in imx8m_pcie_epc_features. Fixes: 75c2f26da03f ("PCI: imx6: Add i.MX PCIe EP mode support") Cc: stable(a)vger.kernel.org Signed-off-by: Richard Zhu <hongxing.zhu(a)nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> --- drivers/pci/controller/dwc/pci-imx6.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c index 7d15bcb7c107..9754cc6e09b9 100644 --- a/drivers/pci/controller/dwc/pci-imx6.c +++ b/drivers/pci/controller/dwc/pci-imx6.c @@ -1385,6 +1385,8 @@ static const struct pci_epc_features imx8m_pcie_epc_features = { .msix_capable = false, .bar[BAR_1] = { .type = BAR_RESERVED, }, .bar[BAR_3] = { .type = BAR_RESERVED, }, + .bar[BAR_4] = { .type = BAR_FIXED, .fixed_size = SZ_256, }, + .bar[BAR_5] = { .type = BAR_RESERVED, }, .align = SZ_64K, }; -- 2.37.1

6 days, 9 hours

1
0
0 0

[PATCH v3 1/2] PCI: imx6: Correct the epc_features of IMX8MQ_EP

by Richard Zhu

IMX8MQ_EP has three 64-bit BAR0/2/4 capable and programmable BARs. For IMX8MQ_EP, use imx8q_pcie_epc_features (64-bit BARs 0, 2, 4) instead of imx8m_pcie_epc_features (64-bit BARs 0, 2). Fixes: 75c2f26da03f ("PCI: imx6: Add i.MX PCIe EP mode support") Cc: stable(a)vger.kernel.org Signed-off-by: Richard Zhu <hongxing.zhu(a)nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> --- drivers/pci/controller/dwc/pci-imx6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c index 5a38cfaf989b..7d15bcb7c107 100644 --- a/drivers/pci/controller/dwc/pci-imx6.c +++ b/drivers/pci/controller/dwc/pci-imx6.c @@ -1912,7 +1912,7 @@ static const struct imx_pcie_drvdata drvdata[] = { .mode_mask[0] = IMX6Q_GPR12_DEVICE_TYPE, .mode_off[1] = IOMUXC_GPR12, .mode_mask[1] = IMX8MQ_GPR12_PCIE2_CTRL_DEVICE_TYPE, - .epc_features = &imx8m_pcie_epc_features, + .epc_features = &imx8q_pcie_epc_features, .init_phy = imx8mq_pcie_init_phy, .enable_ref_clk = imx8mm_pcie_enable_ref_clk, }, -- 2.37.1

6 days, 9 hours

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror